From d983f1b2ef0bda427029c06b8120fe777d692162 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sat, 7 May 2022 22:56:16 +0100 Subject: [PATCH] 0.6.0 --- ...etting-fallback-verbosity-and-norebo.patch | 199 ------------------ mokutil.patches | 1 - mokutil.spec | 12 +- sources | 2 +- 4 files changed, 7 insertions(+), 207 deletions(-) delete mode 100644 0001-mokutil-enable-setting-fallback-verbosity-and-norebo.patch delete mode 100644 mokutil.patches diff --git a/0001-mokutil-enable-setting-fallback-verbosity-and-norebo.patch b/0001-mokutil-enable-setting-fallback-verbosity-and-norebo.patch deleted file mode 100644 index a43a2c1..0000000 --- a/0001-mokutil-enable-setting-fallback-verbosity-and-norebo.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Fri, 3 Dec 2021 14:18:31 +0100 -Subject: [PATCH] mokutil: enable setting fallback verbosity and noreboot mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Having mokutil handle FALLBACK_VERBOSE and FB_NO_REBOOT variables eases -fallback debugging. - -Signed-off-by: Renaud Métrich -(cherry picked from commit 57bc385827e7c0e0c86f30bbfa2d48ca9505537e) ---- - src/mokutil.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- - data/mokutil | 8 +++++++ - man/mokutil.1 | 10 ++++++++ - 3 files changed, 90 insertions(+), 1 deletion(-) - -diff --git a/src/mokutil.c b/src/mokutil.c -index 787b85e..e1bd0e3 100644 ---- a/src/mokutil.c -+++ b/src/mokutil.c -@@ -83,6 +83,8 @@ - #define VERBOSITY (1 << 22) - #define TIMEOUT (1 << 23) - #define LIST_SBAT (1 << 24) -+#define FB_VERBOSITY (1 << 25) -+#define FB_NOREBOOT (1 << 26) - - #define DEFAULT_CRYPT_METHOD SHA512_BASED - #define DEFAULT_SALT_SIZE SHA512_SALT_MAX -@@ -127,6 +129,8 @@ print_help () - printf (" --import-hash \t\t\tImport a hash into MOK or MOKX\n"); - printf (" --delete-hash \t\t\tDelete a hash in MOK or MOKX\n"); - printf (" --set-verbosity \t\tSet the verbosity bit for shim\n"); -+ printf (" --set-fallback-verbosity \t\tSet the verbosity bit for fallback\n"); -+ printf (" --set-fallback-noreboot \t\tPrevent fallback from automatically rebooting\n"); - printf (" --pk\t\t\t\t\tList the keys in PK\n"); - printf (" --kek\t\t\t\t\tList the keys in KEK\n"); - printf (" --db\t\t\t\t\tList the keys in db\n"); -@@ -1672,6 +1676,46 @@ set_verbosity (const uint8_t verbosity) - return 0; - } - -+static int -+set_fallback_verbosity (const uint8_t verbosity) -+{ -+ if (verbosity) { -+ uint32_t attributes = EFI_VARIABLE_NON_VOLATILE -+ | EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | EFI_VARIABLE_RUNTIME_ACCESS; -+ if (efi_set_variable (efi_guid_shim, "FALLBACK_VERBOSE", -+ (uint8_t *)&verbosity, sizeof (verbosity), -+ attributes, S_IRUSR | S_IWUSR) < 0) { -+ fprintf (stderr, "Failed to set FALLBACK_VERBOSE\n"); -+ return -1; -+ } -+ } else { -+ return test_and_delete_mok_var ("FALLBACK_VERBOSE"); -+ } -+ -+ return 0; -+} -+ -+static int -+set_fallback_noreboot (const uint8_t noreboot) -+{ -+ if (noreboot) { -+ uint32_t attributes = EFI_VARIABLE_NON_VOLATILE -+ | EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | EFI_VARIABLE_RUNTIME_ACCESS; -+ if (efi_set_variable (efi_guid_shim, "FB_NO_REBOOT", -+ (uint8_t *)&noreboot, sizeof (noreboot), -+ attributes, S_IRUSR | S_IWUSR) < 0) { -+ fprintf (stderr, "Failed to set FB_NO_REBOOT\n"); -+ return -1; -+ } -+ } else { -+ return test_and_delete_mok_var ("FB_NO_REBOOT"); -+ } -+ -+ return 0; -+} -+ - static inline int - list_db (const DBName db_name) - { -@@ -1707,6 +1751,8 @@ main (int argc, char *argv[]) - unsigned int command = 0; - int use_root_pw = 0; - uint8_t verbosity = 0; -+ uint8_t fb_verbosity = 0; -+ uint8_t fb_noreboot = 0; - DBName db_name = MOK_LIST_RT; - int ret = -1; - int sb_check; -@@ -1747,6 +1793,8 @@ main (int argc, char *argv[]) - {"import-hash", required_argument, 0, 0 }, - {"delete-hash", required_argument, 0, 0 }, - {"set-verbosity", required_argument, 0, 0 }, -+ {"set-fallback-verbosity", required_argument, 0, 0 }, -+ {"set-fallback-noreboot", required_argument, 0, 0 }, - {"pk", no_argument, 0, 0 }, - {"kek", no_argument, 0, 0 }, - {"db", no_argument, 0, 0 }, -@@ -1815,6 +1863,22 @@ main (int argc, char *argv[]) - verbosity = 0; - else - command |= HELP; -+ } else if (strcmp (option, "set-fallback-verbosity") == 0) { -+ command |= FB_VERBOSITY; -+ if (strcmp (optarg, "true") == 0) -+ fb_verbosity = 1; -+ else if (strcmp (optarg, "false") == 0) -+ fb_verbosity = 0; -+ else -+ command |= HELP; -+ } else if (strcmp (option, "set-fallback-noreboot") == 0) { -+ command |= FB_NOREBOOT; -+ if (strcmp (optarg, "true") == 0) -+ fb_noreboot = 1; -+ else if (strcmp (optarg, "false") == 0) -+ fb_noreboot = 0; -+ else -+ command |= HELP; - } else if (strcmp (option, "pk") == 0) { - if (db_name != MOK_LIST_RT) { - command |= HELP; -@@ -1978,7 +2042,8 @@ main (int argc, char *argv[]) - command |= LIST_ENROLLED; - - sb_check = !(command & HELP || command & TEST_KEY || -- command & VERBOSITY || command & TIMEOUT); -+ command & VERBOSITY || command & TIMEOUT || -+ command & FB_VERBOSITY || command & FB_NOREBOOT); - if (sb_check) { - /* Check whether the machine supports Secure Boot or not */ - int rc; -@@ -2100,6 +2165,12 @@ main (int argc, char *argv[]) - case VERBOSITY: - ret = set_verbosity (verbosity); - break; -+ case FB_VERBOSITY: -+ ret = set_fallback_verbosity (fb_verbosity); -+ break; -+ case FB_NOREBOOT: -+ ret = set_fallback_noreboot (fb_noreboot); -+ break; - case TIMEOUT: - ret = set_timeout (timeout); - break; -diff --git a/data/mokutil b/data/mokutil -index cf50606..b6ee859 100755 ---- a/data/mokutil -+++ b/data/mokutil -@@ -24,6 +24,14 @@ _mokutil() - COMPREPLY=( $( compgen -W "true false") ) - return 0 - ;; -+ --set-fallback-verbosity) -+ COMPREPLY=( $( compgen -W "true false") ) -+ return 0 -+ ;; -+ --set-fallback-noreboot) -+ COMPREPLY=( $( compgen -W "true false") ) -+ return 0 -+ ;; - --generate-hash|-g) - COMPREPLY=( $( compgen -o nospace -P= -W "") ) - return 0 -diff --git a/man/mokutil.1 b/man/mokutil.1 -index 11804af..2ea081f 100644 ---- a/man/mokutil.1 -+++ b/man/mokutil.1 -@@ -63,6 +63,10 @@ mokutil \- utility to manipulate machine owner keys - .br - \fBmokutil\fR [--set-verbosity (\fItrue\fR | \fIfalse\fR)] - .br -+\fBmokutil\fR [--set-fallback-verbosity (\fItrue\fR | \fIfalse\fR)] -+.br -+\fBmokutil\fR [--set-fallback-noreboot (\fItrue\fR | \fIfalse\fR)] -+.br - \fBmokutil\fR [--pk] - .br - \fBmokutil\fR [--kek] -@@ -158,6 +162,12 @@ this is not the password hash. - \fB--set-verbosity\fR - Set the SHIM_VERBOSE to make shim more or less verbose - .TP -+\fB--set-fallback-verbosity\fR -+Set the FALLBACK_VERBOSE to make fallback more or less verbose -+.TP -+\fB--set-fallback-noreboot\fR -+Set the FB_NO_REBOOT to prevent fallback from automatically rebooting the system -+.TP - \fB--pk\fR - List the keys in the public Platform Key (PK) - .TP diff --git a/mokutil.patches b/mokutil.patches deleted file mode 100644 index 042bb98..0000000 --- a/mokutil.patches +++ /dev/null @@ -1 +0,0 @@ -Patch0001: 0001-mokutil-enable-setting-fallback-verbosity-and-norebo.patch diff --git a/mokutil.spec b/mokutil.spec index 6aca90e..b2417d8 100644 --- a/mokutil.spec +++ b/mokutil.spec @@ -1,12 +1,11 @@ Name: mokutil -Version: 0.5.0 -Release: 3%{?dist} +Version: 0.6.0 +Release: 1%{?dist} Epoch: 2 Summary: Tool to manage UEFI Secure Boot MoK Keys License: GPLv3+ URL: https://github.com/lcp/mokutil -Source0: https://github.com/lcp/mokutil/archive/%{version}.tar.gz -Source1: mokutil.patches +Source0: https://github.com/lcp/mokutil/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz ExclusiveArch: %{ix86} x86_64 aarch64 %{arm} BuildRequires: autoconf @@ -21,8 +20,6 @@ BuildRequires: openssl-devel Conflicts: shim < 0.8-1%{?dist} Obsoletes: mokutil < 0.2.0 -%include %{SOURCE1} - %description mokutil provides a tool to manage keys for Secure Boot through the MoK ("Machine's Own Keys") mechanism. @@ -46,6 +43,9 @@ mokutil provides a tool to manage keys for Secure Boot through the MoK %{_datadir}/bash-completion/completions/mokutil %changelog +* Sat May 07 2022 Peter Robinson - 2:0.6.0-1 +- Update to 0.6.0 release + * Mon Mar 28 2022 Robbie Harwood - 2:0.5.0-3 - Add ability to change fallback verbose mode diff --git a/sources b/sources index e5d13d0..f53a7ee 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (0.5.0.tar.gz) = 600c142fcc44e33efd307341b814018ef956668790b56d42a523140e81098746d14ae096fc6c93985b3c26bb414b8b6862f59312f2c4bd9d657a11e4becc6ea7 +SHA512 (mokutil-0.6.0.tar.gz) = 11a9d172dba4fbb674e58e5d82cb1dc65a80cff844c0eaebd106b4d4608b24a8207e0cfabf36fe1eedb67f68a8a18db2136c7b62aa3230ac104615e8284dbd7d