Age | Commit message (Collapse) | Author |
|
|
|
|
|
This is a follow-up for 9ee051b9c7623
|
|
|
|
According to TCG EFI Protocol Specification for TPM 2.0 family,
all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
internal switch through calling get_event_log() in order to allow
to retrieve the logs from OS runtime.
msekletar:
> I've looked at EDK2 and indeed log entry is added to FinalEventsTable only after
> EFI_TCG2_PROTOCOL.GetEventLog was called[1][2]. Also, same patch was currently
> merged to shim by Peter Jones [3].
[1] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L698
[2] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L824
[3] rhinstaller/shim#64
|
|
'continue' is a fancy no-op here – it only skips through the inner loop,
not the outer one, so entries already in BootOrder get printed twice.
This partially reverts f939cff71577 "bootctl: various coding style
updates".
|
|
In this patch "enabled" and "disabled" is used exclusively, but "enable" and
"disable" forms are need for the following patch.
|
|
|
|
It's a bit easier to read because shorter. Also, most likely a tiny bit faster.
|
|
let's the proper APIs to read the machine ID, and properly check for all
errors.
|
|
|
|
Make sure that we always initialize the return parameter on success, and that
all errors result in an error message, not just some.
|
|
After all, the field is kinda borked.
|
|
We already have tolower() calls there, hence let's unify this at one place.
Also, update the code to only use ASCII operations, so that we don't end up
being locale dependant.
|
|
|
|
This rearranges bootctl a bit, so that it uses the usual verbs parsing
routines, and automatically searches the ESP in /boot, /efi or /boot/efi, thus
increasing compatibility with mainstream distros that insist on /boot/efi.
This also adds minimal support for running bootctl in a container environment:
when run inside a container verification of the ESP via raw block device
access, trusting the container manager to mount the ESP correctly. Moreover,
EFI variables are not accessed when running in the container.
|
|
|
|
|
|
If the ESP is not mounted with "iocharset=ascii", but with "iocharset=utf8"
(which is for example the default in Debian), the file system becomes case
sensitive. This means that a file created as "FooBarBaz" cannot be accessed as
"foobarbaz" since those are then considered different files.
Moreover, a file created as "FooBar" can then also not be accessed as "foobar",
and it also prevents such a file from being created, as both would use the same
8.3 short name "FOOBAR".
Even though the UEFI specification [0] does give the canonical spelling for
the files mentioned above, not all implementations completely conform to that,
so it's possible that those files would already exist, but with a different
spelling, causing subtle bugs when scanning or modifying the ESP.
While the proper fix would of course be that everybody conformed to the
standard, we can work around this problem by just referencing the files by
their 8.3 short names, i.e. using upper case.
Fixes: #3740
[0] <http://www.uefi.org/specifications>, version 2.6, section 3.5.1.1
|
|
|
|
WaitForKeyEx may never return on some UEFI systems depending
on firmware, hardware configuration and the phase of the moon.
Use ConIn->WaitForKey unconditionally instead.
Fixes #3632
|
|
|
|
That function doesn't draw anything on it's own, just returns a string, which
sometimes is more than one character. Also remove "DRAW_" prefix from character
names, TREE_* and ARROW and BLACK_CIRCLE are unambigous on their own, don't
draw anything, and are always used as an argument to special_glyph().
Rename "DASH" to "MDASH", as there's more than one type of dash.
|
|
|
|
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.
Because manually added LoadOptions are not taken into account, these
should be recorded also.
This patch logs and extends a TPM PCR register with the LoadOptions.
This feature can be enabled with configure --enable-tpm
The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
|
|
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
|
|
Fixes #2384
|
|
Sort the includes accoding to the new coding style.
|
|
|
|
|
|
|
|
There are more than enough to deserve their own .c file, hence move them
over.
|
|
string-util.[ch]
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.
This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.
Also touches a few unrelated include files.
|
|
This also allows us to drop build.h from a ton of files, hence do so.
Since we touched the #includes of those files, let's order them properly
according to CODING_STYLE.
|
|
Let's also clean up single-line while and for blocks.
|
|
Let's do this everywhere the same way.
|
|
|
|
|
|
tree-wide: port everything over to fflush_and_check()
|
|
Some places invoked fflush() directly with their own manual error
checking, let's unify all that by using fflush_and_check().
This also unifies the general error paths of fflush()+rename() file
writers.
|
|
|
|
|
|
sd-boot: Show stub cmdline when edit (v2)
|
|
|
|
If Linux efi stub is used, embedded cmdline in efi stub is
not shown. As a result, it is required to rewrite all the
line, if is only required to modify it. This behavior only
happen using Linux efi stub.
This patch allows boot loader to show embedded cmdline when
'e' key is pressed to edit boot loader options.
|
|
If /etc/machine-id is missing (eg., gold images), we should not fail
installing sd-boot. This is a perfectly fine use-case and we should simply
skip installing the default loader config in that case.
|
|
According to os-release(5), VERSION_ID is not mandatory and BUILD_ID only
needs to be unique underneath VERSION_ID. Therefore, assuming a missing
VERSION_ID field means 'empty', we can rely on BUILD_ID to be unique.
Use BUILD_ID if VERSION_ID is not present. This way, rolling-release
distros can still provide a proper os-release entry without crafting
random VERSION_ID strings.
This fixes #186.
|
|
There is no guarantee that the os-release section contains each key only
once, nor any guarantee that all keys are present. Make sure we properly
free memory in both cases.
Not that it matters much, as we're short-living, anyway. But correct code
is always nicer to read..
|
|
sdboot was renamed to systemd-boot
Fixes: e7dd673d1e0a ("gummiboot/sd-boot/systemd-boot: rename galore")
Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
|