Accepting request 185349 from home:gary_lin:branches:devel:openSUSE:Factory

- Update shim-mokmanager-ui-revamp.patch to include fixes for MokManager + reboot the system after clearing MOK password + fetch more info from X509 name + check the suffix of the key file OBS-URL: https://build.opensuse.org/request/show/185349 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=30
2013-08-01 02:49:52 +00:00 · 2013-08-01 02:49:52 +00:00 · 125b3129ee
commit 125b3129ee
parent 16ab868efc
2 changed files with 235 additions and 8 deletions
--- a/shim-mokmanager-ui-revamp.patch
+++ b/shim-mokmanager-ui-revamp.patch
@ -1,7 +1,7 @@
 From a6436443a82b23de4c5dfe83f3c8389f8b554ad3 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 30 May 2013 14:22:43 +0800
-Subject: [PATCH 1/8] MokManager: Remove the unnecessary string duplication
+Subject: [PATCH 01/11] MokManager: Remove the unnecessary string duplication

 ---
 MokManager.c | 19 ++++++++-----------
@ -82,7 +82,7 @@ index b05a52f..918d96b 100644
 From ef8fdc597fd532cc4c91c3d2ee638ef339002618 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 18 Apr 2013 17:13:12 +0800
-Subject: [PATCH 2/8] MokManager: draw the countdown screen
+Subject: [PATCH 02/11] MokManager: draw the countdown screen

 ---
 MokManager.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@ -173,7 +173,7 @@ index 918d96b..6b8c79b 100644
 From 9ff682d251b3d30fae63c026aa0105c49db7db16 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Wed, 26 Jun 2013 12:23:26 +0800
-Subject: [PATCH 3/8] MokManager: remove the duplicate get_keystroke()
+Subject: [PATCH 03/11] MokManager: remove the duplicate get_keystroke()

 ---
 MokManager.c | 14 +-------------
@ -218,7 +218,7 @@ index 6b8c79b..6555a06 100644
 From 4c9f6b0b2100f5e878d8578db3ee232c20440735 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Wed, 26 Jun 2013 15:21:35 +0800
-Subject: [PATCH 4/8] MokManager: enhance the password prompt
+Subject: [PATCH 04/11] MokManager: enhance the password prompt

 ---
 MokManager.c | 106 +++++++++++++++++++++++++++++++++++++++++++++--------------
@ -429,7 +429,7 @@ index 6555a06..4393aec 100644
 From 6e71cb7900b99482c7b51a6076f8392022ba15a6 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 27 Jun 2013 11:59:09 +0800
-Subject: [PATCH 5/8] Enable openssl bio_printf()
+Subject: [PATCH 05/11] Enable openssl bio_printf()

 bio_printf() was replaced with a dummy function and this made
 several openssl functions useless. This commit adds the print
@ -1330,7 +1330,7 @@ index fb446b6..5a8322d 100644
 From 0b5a0362d6bd3fd1a0721e05353046e387ef2a22 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 27 Jun 2013 12:03:14 +0800
-Subject: [PATCH 6/8] Disable floating points in b_print
+Subject: [PATCH 06/11] Disable floating points in b_print

 The long double declaration will enable SSE and cause a compilation
 error. Disabling everything related to floating points avoids the
@ -1403,7 +1403,7 @@ index 3a87b0e..b8b630c 100644
 From bb29385b30d6958fa99e43bfcf64815ca4bc4a53 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 27 Jun 2013 12:28:08 +0800
-Subject: [PATCH 7/8] MokManager: rearrange the output of MOK info
+Subject: [PATCH 07/11] MokManager: rearrange the output of MOK info

 ---
 MokManager.c | 239 ++++++++++++++++++++---------------------------------------
@ -1758,7 +1758,7 @@ index 4393aec..8b770ff 100644
 From 139e31d514772f7aa74cf130ac1e4f2d548734ca Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 27 Jun 2013 15:04:07 +0800
-Subject: [PATCH 8/8] MokManager: enhance the password prompt for SB state
+Subject: [PATCH 08/11] MokManager: enhance the password prompt for SB state

 ---
 MokManager.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
@ -1862,3 +1862,221 @@ index 8b770ff..b832e40 100644
 -- 
 1.8.1.4

+
+From f6102590b773cef0825eb707a793e70b54b882e9 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 24 Jul 2013 14:39:39 +0800
+Subject: [PATCH 09/11] MokManager: reboot the system after clearing MOK
+ password
+
+---
+ MokManager.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index b832e40..bef4d8c 100644
+--- a/MokManager.c
+++ b/MokManager.c
+@@ -1107,7 +1107,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
+ 
+ 		LibDeleteVariable(L"MokPWStore", &shim_lock_guid);
+ 		LibDeleteVariable(L"MokPW", &shim_lock_guid);
+-		return 0;
+		console_notify(L"The system must now be rebooted");
+		uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0,
+				  NULL);
+		console_notify(L"Failed to reboot");
+		return -1;
+ 	}
+ 
+ 	if (MokPWSize == PASSWORD_CRYPT_SIZE) {
+-- 
+1.8.1.4
+
+
+From 05eeef80e4ae2bac8f0f27a8c1bc6c3869e030ce Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Fri, 26 Jul 2013 12:44:42 +0800
+Subject: [PATCH 10/11] MokManager: fetch more info from X509 name
+
+---
+ MokManager.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 56 insertions(+), 7 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index bef4d8c..911c510 100644
+--- a/MokManager.c
+++ b/MokManager.c
+@@ -14,6 +14,8 @@
+ #define PASSWORD_MIN 1
+ #define SB_PASSWORD_LEN 16
+ 
+#define NAME_LINE_MAX 70
+
+ #ifndef SHIM_VENDOR
+ #define SHIM_VENDOR L"Shim"
+ #endif
+@@ -180,14 +182,61 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
+ 	return list;
+ }
+ 
+-static CHAR16* get_x509_common_name (X509_NAME *X509Name)
+typedef struct {
+	int nid;
+	CHAR16 *name;
+} NidName;
+
+static NidName nidname[] = {
+	{NID_commonName, L"CN"},
+	{NID_organizationName, L"O"},
+	{NID_countryName, L"C"},
+	{NID_stateOrProvinceName, L"ST"},
+	{NID_localityName, L"L"},
+	{-1, NULL}
+};
+
+static CHAR16* get_x509_name (X509_NAME *X509Name)
+ {
+-	char str[80];
+	CHAR16 name[NAME_LINE_MAX+1];
+	CHAR16 part[NAME_LINE_MAX+1];
+	char str[NAME_LINE_MAX];
+	int i, len, rest, first;
+
+	name[0] = '\0';
+	rest = NAME_LINE_MAX;
+	first = 1;
+	for (i = 0; nidname[i].name != NULL; i++) {
+		int add;
+		len = X509_NAME_get_text_by_NID (X509Name, nidname[i].nid,
+						 str, NAME_LINE_MAX);
+		if (len <= 0)
+			continue;
+ 
+-	ZeroMem(str, 80);
+-	X509_NAME_get_text_by_NID (X509Name, NID_commonName, str, 80);
+		if (first)
+			add = len + (int)StrLen(nidname[i].name) + 1;
+		else
+			add = len + (int)StrLen(nidname[i].name) + 3;
+ 
+-	return PoolPrint(L"%a", str);
+		if (add > rest)
+			continue;
+
+		if (first) {
+			SPrint(part, NAME_LINE_MAX * sizeof(CHAR16), L"%s=%a",
+			       nidname[i].name, str);
+		} else {
+			SPrint(part, NAME_LINE_MAX * sizeof(CHAR16), L", %s=%a",
+			       nidname[i].name, str);
+		}
+		StrCat(name, part);
+		rest -= add;
+		first = 0;
+	}
+
+	if (rest >= 0 && rest < NAME_LINE_MAX)
+		return PoolPrint(L"%s", name);
+
+	return NULL;
+ }
+ 
+ static CHAR16* get_x509_time (ASN1_TIME *time)
+@@ -243,14 +292,14 @@ static void show_x509_info (X509 *X509Cert, UINT8 *hash)
+ 
+ 	X509Name = X509_get_issuer_name(X509Cert);
+ 	if (X509Name) {
+-		issuer = get_x509_common_name(X509Name);
+		issuer = get_x509_name(X509Name);
+ 		if (issuer)
+ 			fields++;
+ 	}
+ 
+ 	X509Name = X509_get_subject_name(X509Cert);
+ 	if (X509Name) {
+-		subject = get_x509_common_name(X509Name);
+		subject = get_x509_name(X509Name);
+ 		if (subject)
+ 			fields++;
+ 	}
+-- 
+1.8.1.4
+
+
+From 6d6df739005169333734ee04fc379a28d213ab8c Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Fri, 26 Jul 2013 15:44:49 +0800
+Subject: [PATCH 11/11] MokManager: check the suffix of the key file
+
+---
+ MokManager.c | 39 ++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 38 insertions(+), 1 deletion(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 911c510..604129f 100644
+--- a/MokManager.c
+++ b/MokManager.c
+@@ -1199,7 +1199,7 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
+ 	return -1;
+ }
+ 
+-static UINTN verify_certificate(void *cert, UINTN size)
+static BOOLEAN verify_certificate(void *cert, UINTN size)
+ {
+ 	X509 *X509Cert;
+ 	if (!cert || size == 0)
+@@ -1341,6 +1341,34 @@ static void mok_hash_enroll(void)
+ 	FreePool(data);
+ }
+ 
+static CHAR16 *der_suffix[] = {
+	L".cer",
+	L".der",
+	L".crt",
+	NULL
+};
+
+static BOOLEAN check_der_suffix (CHAR16 *file_name)
+{
+	CHAR16 suffix[5];
+	int i;
+
+	if (!file_name || StrLen(file_name) <= 4)
+		return FALSE;
+
+	suffix[0] = '\0';
+	StrCat(suffix, file_name + StrLen(file_name) - 4);
+
+	StrLwr (suffix);
+	for (i = 0; der_suffix[i] != NULL; i++) {
+		if (StrCmp(suffix, der_suffix[i]) == 0) {
+			return TRUE;
+		}
+	}
+
+	return FALSE;
+}
+
+ static void mok_key_enroll(void)
+ {
+ 	EFI_STATUS efi_status;
+@@ -1362,6 +1390,15 @@ static void mok_key_enroll(void)
+ 	if (!file_name)
+ 		return;
+ 
+	if (!check_der_suffix(file_name)) {
+		console_alertbox((CHAR16 *[]){
+			L"Unsupported Format",
+			L"",
+			L"Only DER encoded certificate (*.cer/der/crt) is supported",
+			NULL});
+		return;
+	}
+
+ 	efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ);
+ 
+ 	if (efi_status != EFI_SUCCESS) {
+-- 
+1.8.1.4
+
--- a/shim.changes
+++ b/shim.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jul 30 07:36:28 UTC 2013 - glin@suse.com
+
+- Update shim-mokmanager-ui-revamp.patch to include fixes for
+  MokManager
+  + reboot the system after clearing MOK password
+  + fetch more info from X509 name
+  + check the suffix of the key file
+
 -------------------------------------------------------------------
 Tue Jul 23 03:55:05 UTC 2013 - glin@suse.com