import mokutil-0.3.0-12.el8

2022-05-04 18:09:20 +00:00 · 2022-05-04 18:09:20 +00:00 · faa8d02e15
parent db98e7d81f
commit faa8d02e15
15 changed files with 253 additions and 91 deletions
--- a/SOURCES/0001-Fix-the-potential-buffer-overflow.patch
+++ b/SOURCES/0001-Fix-the-potential-buffer-overflow.patch
@ -1,7 +1,7 @@
-From 1313fa02a5b2bfe61ee6702696600fc148ec2d6e Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Tue, 4 Nov 2014 15:50:03 +0800
-Subject: [PATCH 01/10] Fix the potential buffer overflow
+Subject: [PATCH] Fix the potential buffer overflow
 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
 ---
@ -9,7 +9,7 @@ Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
 1 file changed, 2 insertions(+), 3 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index 5b34f22fd98..93fb6fabcab 100644
+index 5b34f22..93fb6fa 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -1743,7 +1743,7 @@ set_toggle (const char * VarName, uint32_t state)
@ -31,6 +31,3 @@ index 5b34f22fd98..93fb6fabcab 100644
 	tvar.mok_toggle_state = state;
 -- 
 2.17.1
--- a/SOURCES/0002-Fix-the-32bit-signedness-comparison.patch
+++ b/SOURCES/0002-Fix-the-32bit-signedness-comparison.patch
@ -1,14 +1,14 @@
-From cdb4b6f3bfd6ada6558ddfb889e27150f0841b28 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Mon, 24 Nov 2014 11:38:54 +0800
-Subject: [PATCH 02/10] Fix the 32bit signedness comparison
+Subject: [PATCH] Fix the 32bit signedness comparison
 ---
 src/mokutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index 93fb6fabcab..a7e83f71f0b 100644
+index 93fb6fa..a7e83f7 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -1284,7 +1284,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
@ -29,6 +29,3 @@ index 93fb6fabcab..a7e83f71f0b 100644
 			write_size = write (fd, list[i].mok + offset,
 						list[i].mok_size - offset);
 			if (write_size < 0) {
 -- 
 2.17.1
--- a/SOURCES/0003-Build-with-fshort-wchar-so-toggle-passwords-work-rig.patch
+++ b/SOURCES/0003-Build-with-fshort-wchar-so-toggle-passwords-work-rig.patch
@ -1,8 +1,7 @@
-From 9eb111a7f7b897ba4ae19a68708e010a5c384260 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Fri, 19 Jun 2015 16:53:36 -0400
-Subject: [PATCH 03/10] Build with -fshort-wchar so toggle passwords work
+Subject: [PATCH] Build with -fshort-wchar so toggle passwords work right.
 right.
 This source tree uses:
@ -26,7 +25,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/configure.ac b/configure.ac
-index fe28fb92241..69d412ac633 100644
+index fe28fb9..69d412a 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -37,7 +37,7 @@ else
@ -38,6 +37,3 @@ index fe28fb92241..69d412ac633 100644
 AC_ARG_ENABLE(strict, AS_HELP_STRING([--enable-strict],[Enable strict compilation options]), enable_strict=$enableval,
 		enable_strict=$default_strict)
 -- 
 2.17.1
--- a/SOURCES/0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch
+++ b/SOURCES/0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch
@ -1,7 +1,7 @@
-From ecc8fb0d92f0f453414a98172df22e23fb5893f5 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 16 Jun 2015 17:06:30 -0400
-Subject: [PATCH 04/10] Don't allow sha1 on the mokutil command line.
+Subject: [PATCH] Don't allow sha1 on the mokutil command line.
 Related: rhbz#1115843
@ -11,7 +11,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 2 insertions(+)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index a7e83f71f0b..1fb34f9d3aa 100644
+index a7e83f7..1fb34f9 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -1351,10 +1351,12 @@ identify_hash_type (const char *hash_str, efi_guid_t *type)
@ -27,6 +27,3 @@ index a7e83f71f0b..1fb34f9d3aa 100644
 	case SHA224_DIGEST_LENGTH*2:
 		*type = efi_guid_sha224;
 		hash_size = SHA224_DIGEST_LENGTH;
 -- 
 2.17.1
--- a/SOURCES/0005-Make-all-efi_guid_t-const.patch
+++ b/SOURCES/0005-Make-all-efi_guid_t-const.patch
@ -1,7 +1,7 @@
-From eba569a8e6c33f07042758cbfa1706d7339464e1 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Gary Lin <glin@suse.com>
 Date: Wed, 13 Jan 2016 16:05:21 +0800
-Subject: [PATCH 05/10] Make all efi_guid_t const
+Subject: [PATCH] Make all efi_guid_t const
 All UEFI GUIDs defined in efivar are const. Declare all of them const
 to make gcc happy.
@ -12,7 +12,7 @@ Signed-off-by: Gary Lin <glin@suse.com>
 1 file changed, 9 insertions(+), 9 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index 1fb34f9d3aa..d2c52b4caaf 100644
+index 1fb34f9..d2c52b4 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -200,7 +200,7 @@ efichar_from_char (efi_char16_t *dest, const char *src, size_t dest_len)
@ -82,6 +82,3 @@ index 1fb34f9d3aa..d2c52b4caaf 100644
 		    MokRequest req)
 {
 	uint8_t *authvar_data;
 -- 
 2.17.1
--- a/SOURCES/0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch
+++ b/SOURCES/0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch
@ -1,7 +1,7 @@
-From 951daed3f98e9a3de2bc36cd82525cdbf7595e3e Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 14 Jun 2016 10:19:43 -0400
-Subject: [PATCH 06/10] mokutil: be explicit about file modes in all cases.
+Subject: [PATCH] mokutil: be explicit about file modes in all cases.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -9,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index d2c52b4caaf..d554f6cca21 100644
+index d2c52b4..d554f6c 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -574,7 +574,8 @@ delete_data_from_list (const efi_guid_t *var_guid, const char *var_name,
@ -32,6 +32,3 @@ index d2c52b4caaf..d554f6cca21 100644
 			switch (req) {
 			case ENROLL_MOK:
 				fprintf (stderr, "Failed to enroll new keys\n");
 -- 
 2.17.1
--- a/SOURCES/0007-Add-bash-completion-file.patch
+++ b/SOURCES/0007-Add-bash-completion-file.patch
@ -1,7 +1,7 @@
-From a797a566127f7469d744b2748f98d1fa5ea8d8f9 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 14 Jun 2016 10:20:14 -0400
-Subject: [PATCH 07/10] Add bash completion file.
+Subject: [PATCH] Add bash completion file.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -12,7 +12,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 create mode 100755 data/mokutil
 diff --git a/configure.ac b/configure.ac
-index 69d412ac633..7b52a063df0 100644
+index 69d412a..7b52a06 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -86,6 +86,23 @@ AC_CHECK_FUNCS([memset])
@ -40,7 +40,7 @@ index 69d412ac633..7b52a063df0 100644
                  src/Makefile
 		 man/Makefile])
 diff --git a/Makefile.am b/Makefile.am
-index 9f0d4192515..c17cc4a86d8 100644
+index 9f0d419..c17cc4a 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -1 +1,6 @@
@ -52,7 +52,7 @@ index 9f0d4192515..c17cc4a86d8 100644
 +endif
 diff --git a/data/mokutil b/data/mokutil
 new file mode 100755
-index 00000000000..800b039e7f4
+index 0000000..800b039
 --- /dev/null
 +++ b/data/mokutil
@@ -0,0 +1,37 @@
@ -93,6 +93,3 @@ index 00000000000..800b039e7f4
 +}
 +
 +complete -F _mokutil mokutil
 -- 
 2.17.1
--- a/SOURCES/0008-Fix-typo-in-error-message-when-the-system-lacks-Secu.patch
+++ b/SOURCES/0008-Fix-typo-in-error-message-when-the-system-lacks-Secu.patch
@ -1,8 +1,8 @@
-From b5f004ddbd8ef1f9f1d664d41d5dcc4272621080 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Tyler Hicks <tyhicks@canonical.com>
 Date: Mon, 20 Jun 2016 11:18:17 -0500
-Subject: [PATCH 08/10] Fix typo in error message when the system lacks Secure
+Subject: [PATCH] Fix typo in error message when the system lacks Secure Boot
- Boot support
+ support
 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
 ---
@ -10,7 +10,7 @@ Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index d554f6cca21..27f1292f3a9 100644
+index d554f6c..27f1292 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -2297,7 +2297,7 @@ main (int argc, char *argv[])
@ -22,6 +22,3 @@ index d554f6cca21..27f1292f3a9 100644
 			ret = -1;
 			goto out;
 		}
 -- 
 2.17.1
--- a/SOURCES/0009-list_keys_in_var-check-errno-correctly-not-ret-twice.patch
+++ b/SOURCES/0009-list_keys_in_var-check-errno-correctly-not-ret-twice.patch
@ -1,8 +1,7 @@
-From 2fa167f3905ebee27221fc2b1db4b79e215d8ca0 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 3 Apr 2017 16:33:38 -0400
-Subject: [PATCH 09/10] list_keys_in_var(): check errno correctly, not ret
+Subject: [PATCH] list_keys_in_var(): check errno correctly, not ret twice.
 twice.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -10,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index 27f1292f3a9..0be9e8491fd 100644
+index 27f1292..0be9e84 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -602,7 +602,7 @@ list_keys_in_var (const char *var_name, const efi_guid_t guid)
@ -22,6 +21,3 @@ index 27f1292f3a9..0be9e8491fd 100644
 			printf ("%s is empty\n", var_name);
 			return 0;
 		}
 -- 
 2.17.1
--- a/SOURCES/0010-generate_hash-generate_pw_hash-don-t-use-strlen-for-.patch
+++ b/SOURCES/0010-generate_hash-generate_pw_hash-don-t-use-strlen-for-.patch
@ -1,8 +1,8 @@
-From 57f7c776dca0322fab107460cac71ac4b6e79b9a Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 15 May 2018 11:20:15 -0400
-Subject: [PATCH 10/10] generate_hash() / generate_pw_hash(): don't use
+Subject: [PATCH] generate_hash() / generate_pw_hash(): don't use strlen() for
- strlen() for strncpy bounds
+ strncpy bounds
 New gcc rightly comlplains when we do the following:
@ -21,7 +21,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 22 insertions(+), 11 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index 0be9e8491fd..b5080107600 100644
+index 0be9e84..b508010 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -764,9 +764,10 @@ generate_hash (pw_crypt_t *pw_crypt, char *password, unsigned int pw_len)
@ -96,6 +96,3 @@ index 0be9e8491fd..b5080107600 100644
 	crypt_string = crypt (password, settings);
 	free (password);
 -- 
 2.17.1
--- a/SOURCES/0011-Fix-a-integer-comparison-sign-issue.patch
+++ b/SOURCES/0011-Fix-a-integer-comparison-sign-issue.patch
@ -1,4 +1,4 @@
-From 9292352eb29a4fca41909448799efc524ee3c255 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 25 Jul 2018 10:27:34 -0400
 Subject: [PATCH] Fix a integer comparison sign issue.
@ -16,7 +16,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index d03127abf54..068df0d109c 100644
+index b508010..ac15c73 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -1938,7 +1938,7 @@ generate_pw_hash (const char *input_pw)
@ -28,6 +28,3 @@ index d03127abf54..068df0d109c 100644
 	unsigned int pw_len, salt_size;
 	if (input_pw) {
 -- 
 2.17.1
--- a/SOURCES/0012-initial-mok-variables-code.patch
+++ b/SOURCES/0012-initial-mok-variables-code.patch
@ -1,4 +1,4 @@
-From 678895d781125544df91432861fadcae8d1c7a80 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 17 Aug 2020 14:18:31 -0400
 Subject: [PATCH] initial mok-variables code
@ -12,11 +12,11 @@ Resolves: rhbz#1868820
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
- src/mokutil.c | 177 +++++++++++++++++++++++++++++++++++++++++++-------
+ src/mokutil.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 153 insertions(+), 24 deletions(-)
+ 1 file changed, 151 insertions(+), 24 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
-index b5080107600..d2fcdc9da0e 100644
+index ac15c73..838599c 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -229,6 +229,63 @@ signature_size (const efi_guid_t *hash_type)
@ -238,6 +238,3 @@ index b5080107600..d2fcdc9da0e 100644
 static int
 is_valid_request (const efi_guid_t *type, void *mok, uint32_t mok_size,
 		  MokRequest req)
 -- 
 2.26.2
--- a/SOURCES/0013-mokutil-enable-setting-fallback-verbosity-and-norebo.patch
+++ b/SOURCES/0013-mokutil-enable-setting-fallback-verbosity-and-norebo.patch
@ -0,0 +1,193 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
 Date: Fri, 3 Dec 2021 14:18:31 +0100
 Subject: [PATCH] mokutil: enable setting fallback verbosity and noreboot mode
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Having mokutil handle FALLBACK_VERBOSE and FB_NO_REBOOT variables eases
 fallback debugging.
 Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
 (cherry picked from commit 57bc385827e7c0e0c86f30bbfa2d48ca9505537e)
 (cherry picked from commit 99d3990bdbbca0419dc97133f27d6932b3234224)
 [rharwood: no sb_check, no util renaming]
 (cherry picked from commit 157a0969bdb5e7df152b4241f90b48209c235f2f)
 [rharwood: flags are sparse now]
 ---
 src/mokutil.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 data/mokutil  |  8 +++++++
 man/mokutil.1 | 10 +++++++++
 3 files changed, 88 insertions(+)
 diff --git a/src/mokutil.c b/src/mokutil.c
 index 838599c..1cec4e9 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -83,6 +83,8 @@
 #define IMPORT_HASH        (1 << 21)
 #define DELETE_HASH        (1 << 22)
 #define VERBOSITY          (1 << 23)
 +#define FB_VERBOSITY       (1 << 25)
 +#define FB_NOREBOOT        (1 << 26)
 #define DEFAULT_CRYPT_METHOD SHA512_BASED
 #define DEFAULT_SALT_SIZE    SHA512_SALT_MAX
@@ -152,6 +154,8 @@ print_help ()
 	printf ("  --import-hash <hash>\t\t\tImport a hash into MOK or MOKX\n");
 	printf ("  --delete-hash <hash>\t\t\tDelete a hash in MOK or MOKX\n");
 	printf ("  --set-verbosity <true/false>\t\tSet the verbosity bit for shim\n");
 +	printf ("  --set-fallback-verbosity <true/false>\t\tSet the verbosity bit for fallback\n");
 +	printf ("  --set-fallback-noreboot <true/false>\t\tPrevent fallback from automatically rebooting\n");
 	printf ("  --pk\t\t\t\t\tList the keys in PK\n");
 	printf ("  --kek\t\t\t\t\tList the keys in KEK\n");
 	printf ("  --db\t\t\t\t\tList the keys in db\n");
@@ -2135,6 +2139,46 @@ set_verbosity (uint8_t verbosity)
 	return 0;
 }
 +static int
 +set_fallback_verbosity (const uint8_t verbosity)
 +{
 +	if (verbosity) {
 +		uint32_t attributes = EFI_VARIABLE_NON_VOLATILE
 +				      | EFI_VARIABLE_BOOTSERVICE_ACCESS
 +				      | EFI_VARIABLE_RUNTIME_ACCESS;
 +		if (efi_set_variable (efi_guid_shim, "FALLBACK_VERBOSE",
 +				      (uint8_t *)&verbosity, sizeof (verbosity),
 +				      attributes, S_IRUSR | S_IWUSR) < 0) {
 +			fprintf (stderr, "Failed to set FALLBACK_VERBOSE\n");
 +			return -1;
 +		}
 +	} else {
 +		return test_and_delete_var ("FALLBACK_VERBOSE");
 +	}
 +
 +	return 0;
 +}
 +
 +static int
 +set_fallback_noreboot (const uint8_t noreboot)
 +{
 +	if (noreboot) {
 +		uint32_t attributes = EFI_VARIABLE_NON_VOLATILE
 +				      | EFI_VARIABLE_BOOTSERVICE_ACCESS
 +				      | EFI_VARIABLE_RUNTIME_ACCESS;
 +		if (efi_set_variable (efi_guid_shim, "FB_NO_REBOOT",
 +				      (uint8_t *)&noreboot, sizeof (noreboot),
 +				      attributes, S_IRUSR | S_IWUSR) < 0) {
 +			fprintf (stderr, "Failed to set FB_NO_REBOOT\n");
 +			return -1;
 +		}
 +	} else {
 +		return test_and_delete_var ("FB_NO_REBOOT");
 +	}
 +
 +	return 0;
 +}
 +
 static inline int
 list_db (DBName db_name)
 {
@@ -2169,6 +2213,8 @@ main (int argc, char *argv[])
 	unsigned int command = 0;
 	int use_root_pw = 0;
 	uint8_t verbosity = 0;
 +	uint8_t fb_verbosity = 0;
 +	uint8_t fb_noreboot = 0;
 	DBName db_name = MOK_LIST_RT;
 	int ret = -1;
@@ -2207,6 +2253,8 @@ main (int argc, char *argv[])
 			{"import-hash",        required_argument, 0, 0  },
 			{"delete-hash",        required_argument, 0, 0  },
 			{"set-verbosity",      required_argument, 0, 0  },
 +			{"set-fallback-verbosity", required_argument, 0, 0  },
 +			{"set-fallback-noreboot", required_argument, 0, 0  },
 			{"pk",                 no_argument,       0, 0  },
 			{"kek",                no_argument,       0, 0  },
 			{"db",                 no_argument,       0, 0  },
@@ -2270,6 +2318,22 @@ main (int argc, char *argv[])
 					verbosity = 0;
 				else
 					command |= HELP;
 +			} else if (strcmp (option, "set-fallback-verbosity") == 0) {
 +				command |= FB_VERBOSITY;
 +				if (strcmp (optarg, "true") == 0)
 +					fb_verbosity = 1;
 +				else if (strcmp (optarg, "false") == 0)
 +					fb_verbosity = 0;
 +				else
 +					command |= HELP;
 +			} else if (strcmp (option, "set-fallback-noreboot") == 0) {
 +				command |= FB_NOREBOOT;
 +				if (strcmp (optarg, "true") == 0)
 +					fb_noreboot = 1;
 +				else if (strcmp (optarg, "false") == 0)
 +					fb_noreboot = 0;
 +				else
 +					command |= HELP;
 			} else if (strcmp (option, "pk") == 0) {
 				if (db_name != MOK_LIST_RT) {
 					command |= HELP;
@@ -2557,6 +2621,12 @@ main (int argc, char *argv[])
 		case VERBOSITY:
 			ret = set_verbosity (verbosity);
 			break;
 +		case FB_VERBOSITY:
 +			ret = set_fallback_verbosity (fb_verbosity);
 +			break;
 +		case FB_NOREBOOT:
 +			ret = set_fallback_noreboot (fb_noreboot);
 +			break;
 		default:
 			print_help ();
 			break;
 diff --git a/data/mokutil b/data/mokutil
 index 800b039..af6b6ff 100755
 --- a/data/mokutil
 +++ b/data/mokutil
@@ -24,6 +24,14 @@ _mokutil()
 		COMPREPLY=( $( compgen -W "true false") )
 		return 0
 		;;
 +	--set-fallback-verbosity)
 +		COMPREPLY=( $( compgen -W "true false") )
 +		return 0
 +		;;
 +	--set-fallback-noreboot)
 +		COMPREPLY=( $( compgen -W "true false") )
 +		return 0
 +		;;
 	--generate-hash|-g)
 		COMPREPLY=( $( compgen -o nospace -P= -W "") )
 		return 0
 diff --git a/man/mokutil.1 b/man/mokutil.1
 index 25fe8b4..30dcfb2 100644
 --- a/man/mokutil.1
 +++ b/man/mokutil.1
@@ -65,6 +65,10 @@ mokutil \- utility to manipulate machine owner keys
 .br
 \fBmokutil\fR [--set-verbosity (\fItrue\fR | \fIfalse\fR)]
 .br
 +\fBmokutil\fR [--set-fallback-verbosity (\fItrue\fR | \fIfalse\fR)]
 +.br
 +\fBmokutil\fR [--set-fallback-noreboot (\fItrue\fR | \fIfalse\fR)]
 +.br
 \fBmokutil\fR [--pk]
 .br
 \fBmokutil\fR [--kek]
@@ -161,6 +165,12 @@ this is not the password hash.
 \fB--set-verbosity\fR
 Set the SHIM_VERBOSE to make shim more or less verbose
 .TP
 +\fB--set-fallback-verbosity\fR
 +Set the FALLBACK_VERBOSE to make fallback more or less verbose
 +.TP
 +\fB--set-fallback-noreboot\fR
 +Set the FB_NO_REBOOT to prevent fallback from automatically rebooting the system
 +.TP
 \fB--pk\fR
 List the keys in the public Platform Key (PK)
 .TP
--- a/SOURCES/mokutil.patches
+++ b/SOURCES/mokutil.patches
@ -0,0 +1,13 @@
 Patch0001: 0001-Fix-the-potential-buffer-overflow.patch
 Patch0002: 0002-Fix-the-32bit-signedness-comparison.patch
 Patch0003: 0003-Build-with-fshort-wchar-so-toggle-passwords-work-rig.patch
 Patch0004: 0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch
 Patch0005: 0005-Make-all-efi_guid_t-const.patch
 Patch0006: 0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch
 Patch0007: 0007-Add-bash-completion-file.patch
 Patch0008: 0008-Fix-typo-in-error-message-when-the-system-lacks-Secu.patch
 Patch0009: 0009-list_keys_in_var-check-errno-correctly-not-ret-twice.patch
 Patch0010: 0010-generate_hash-generate_pw_hash-don-t-use-strlen-for-.patch
 Patch0011: 0011-Fix-a-integer-comparison-sign-issue.patch
 Patch0012: 0012-initial-mok-variables-code.patch
 Patch0013: 0013-mokutil-enable-setting-fallback-verbosity-and-norebo.patch
--- a/SPECS/mokutil.spec
+++ b/SPECS/mokutil.spec
@ -1,6 +1,6 @@
 Name:           mokutil
 Version:        0.3.0
-Release:        11%{?dist}
+Release:        12%{?dist}
 Epoch:          1
 Summary:        Tool to manage UEFI Secure Boot MoK Keys
 License:        GPLv3+
@ -9,21 +9,11 @@ ExclusiveArch:  %{ix86} x86_64 aarch64
 BuildRequires:  autoconf automake gnu-efi git openssl-devel openssl
 BuildRequires:  efivar-devel >= 31-1
 Source0:        https://github.com/lcp/mokutil/archive/%{version}.tar.gz
 Source1:        mokutil.patches
 Conflicts:      shim < 0.8-1%{?dist}
 Obsoletes:      mokutil <= 1:0.3.0-1
-Patch0001: 0001-Fix-the-potential-buffer-overflow.patch
+%include %{SOURCE1}
 Patch0002: 0002-Fix-the-32bit-signedness-comparison.patch
 Patch0003: 0003-Build-with-fshort-wchar-so-toggle-passwords-work-rig.patch
 Patch0004: 0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch
 Patch0005: 0005-Make-all-efi_guid_t-const.patch
 Patch0006: 0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch
 Patch0007: 0007-Add-bash-completion-file.patch
 Patch0008: 0008-Fix-typo-in-error-message-when-the-system-lacks-Secu.patch
 Patch0009: 0009-list_keys_in_var-check-errno-correctly-not-ret-twice.patch
 Patch0010: 0010-generate_hash-generate_pw_hash-don-t-use-strlen-for-.patch
 Patch0011: 0011-Fix-a-integer-comparison-sign-issue.patch
 Patch0012: 0012-initial-mok-variables-code.patch
 %description
 mokutil provides a tool to manage keys for Secure Boot through the MoK
@ -58,6 +48,10 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
 %{_datadir}/bash-completion/completions/mokutil
 %changelog
 * Mon Mar 28 2022 Robbie Harwood <rharwood@redhat.com> - 1:0.3.0-12
 - Add ability to set fallback verbose mode
 - Resolves: #2030704
 * Tue Jan 05 2021 Javier Martinez Canillas <javierm@redhat.com> - 0.3.0-11
 - Bump NVR for brew to build the package
  Related: rhbz##1907418