From 9c70725aec18f6acdc24de6d04e8d67be775a3c3 Mon Sep 17 00:00:00 2001 From: srs5694 Date: Mon, 3 Dec 2012 21:37:23 -0500 Subject: [PATCH] Documentation changes; minor code cleanups. --- NEWS.txt | 17 ++++++++++++++++- docs/refind/configfile.html | 5 +++++ include/PeImage.h | 2 -- include/PeImage2.h | 21 --------------------- refind.conf-sample | 14 ++++++++++++++ refind/config.c | 10 ++++++++-- refind/config.h | 2 ++ refind/global.h | 3 ++- refind/main.c | 23 +++++++++++------------ refind/mok.h | 1 + 10 files changed, 59 insertions(+), 39 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index c721998..e90f0e2 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,13 +1,28 @@ 0.4.8 (??/??/2012): ------------------- +- Added support for using Matthew Garrett's Shim program and its Machine + Owner Keys (MOKs) to extend Secure Boot capabilities. If rEFInd is + launched from Shim on a computer with Secure Boot active, rEFInd will + launch programs signed with either a standard UEFI Secure Boot key or a + MOK. For the moment, this feature works only on x86-64 systems. + +- Added new "dont_scan_files" (aka "don't_scan_files") token for + refind.conf. The effect is similar to dont_scan_dirs, but it creates a + blacklist of filenames within directories rather than directory names. + I'm initially using it to place shim.efi and MokManager.efi in the + blacklist to keep these programs out of the OS list. (MokManager.efi is + scanned separately as a tool; see below.) I've moved checks for + ebounce.efi, GraphicsConsole.efi, and TextMode.efi to this list. (These + three had previously been blacklisted by hard-coding in ScanLoaderDir().) + - Added the directory from which rEFInd launched to dont_scan_dirs. This works around a bug in which rEFInd would show itself as a bogus Windows entry if it's installed as EFI/Microsoft/boot/bootmgfw.efi. - Added support for launching MokManager.efi for managing the Machine Owner Keys (MOKs) maintained by the Shim boot loader developed by Fedora and - SUSE. + SUSE. This program is scanned and presented as a second-row tool. - Added support for Apple's Recovery HD partition: If it's detected, a new icon appears on the second row. This icon can be removed by explicitly diff --git a/docs/refind/configfile.html b/docs/refind/configfile.html index e12dbc0..ce7b893 100644 --- a/docs/refind/configfile.html +++ b/docs/refind/configfile.html @@ -213,6 +213,11 @@ timeout 20 directory path(s) Adds the specified directory or directories to a directory "blacklist"—these directories are not scanned for boot loaders, on any partition. This may be useful to keep duplicate boot loaders out of the menu (say, if EFI/Boot/bootx64.efi is a duplicate of another boot loader); or to keep drivers or utilities out of the boot menu, if you've stored them in a subdirectory of EFI. This option takes precedence over also_scan_dirs; if a directory appears in both lists, it will not be scanned. + + dont_scan_files or don't_scan_files + Filename(s) + Adds the specified filename or filenames to a filename "blacklist"—these files are not included as boot loader options even if they're found on the disk. This is useful to exclude support programs (such as shim.efi and MokManager.efi) and drivers from your OS list. The default value is shim.efi, MokManager.efi, TextMode.efi, ebounce.efi, GraphicsConsole.efi. + scan_all_linux_kernels None diff --git a/include/PeImage.h b/include/PeImage.h index 35487c0..be4043f 100644 --- a/include/PeImage.h +++ b/include/PeImage.h @@ -774,5 +774,3 @@ typedef struct { #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 #endif - -#include "PeImage2.h" diff --git a/include/PeImage2.h b/include/PeImage2.h index 82583ef..d5a19ce 100644 --- a/include/PeImage2.h +++ b/include/PeImage2.h @@ -44,25 +44,4 @@ typedef struct _GNUEFI_PE_COFF_LOADER_IMAGE_CONTEXT { } GNUEFI_PE_COFF_LOADER_IMAGE_CONTEXT; - -// -// Return status codes from the PE/COFF Loader services -// -#define IMAGE_ERROR_SUCCESS 0 -#define IMAGE_ERROR_IMAGE_READ 1 -#define IMAGE_ERROR_INVALID_PE_HEADER_SIGNATURE 2 -#define IMAGE_ERROR_INVALID_MACHINE_TYPE 3 -#define IMAGE_ERROR_INVALID_SUBSYSTEM 4 -#define IMAGE_ERROR_INVALID_IMAGE_ADDRESS 5 -#define IMAGE_ERROR_INVALID_IMAGE_SIZE 6 -#define IMAGE_ERROR_INVALID_SECTION_ALIGNMENT 7 -#define IMAGE_ERROR_SECTION_NOT_LOADED 8 -#define IMAGE_ERROR_FAILED_RELOCATION 9 -#define IMAGE_ERROR_FAILED_ICACHE_FLUSH 10 - -#ifdef __MAKEWITH_GNUEFI -#define RETURN_STATUS EFI_STATUS -typedef UINT64 PHYSICAL_ADDRESS; -#endif - #endif diff --git a/refind.conf-sample b/refind.conf-sample index f9720b8..736afa0 100644 --- a/refind.conf-sample +++ b/refind.conf-sample @@ -134,6 +134,7 @@ timeout 20 # This can help some users who find that some of their disks # (usually external or optical discs) aren't detected initially, # but are detected after pressing Esc. +# The default is 0. # #scan_delay 5 @@ -162,6 +163,19 @@ timeout 20 # #dont_scan_dirs EFI/boot,EFI/Dell +# Files that should NOT be included as EFI boot loaders (on the +# first line of the display). If you're using a boot loader that +# relies on support programs or drivers that are installed alongside +# the main binary or if you want to "blacklist" certain loaders by +# name rather than location, use this option. Note that this will +# NOT prevent certain binaries from showing up in the second-row +# set of tools. Most notably, MokManager.efi is in this blacklist, +# but will show up as a tool if present in certain directories. You +# can control the tools row with the showtools token. +# The default is shim.efi,MokManager.efi,TextMode.efi,ebounce.efi,GraphicsConsole.efi +# +#dont_scan_files shim.efi,MokManager.efi + # Scan for Linux kernels that lack a ".efi" filename extension. This is # useful for better integration with Linux distributions that provide # kernels with EFI stub loaders but that don't give those kernels filenames diff --git a/refind/config.c b/refind/config.c index 3919127..258aa06 100644 --- a/refind/config.c +++ b/refind/config.c @@ -322,7 +322,10 @@ VOID ReadConfig(VOID) if (EFI_ERROR(Status)) return; - GlobalConfig.DontScan = StrDuplicate(SelfDirPath); + MyFreePool(GlobalConfig.DontScanDirs); + GlobalConfig.DontScanDirs = StrDuplicate(SelfDirPath); + MyFreePool(GlobalConfig.DontScanFiles); + GlobalConfig.DontScanFiles = DONT_SCAN_FILES; for (;;) { TokenCount = ReadTokenLine(&File, &TokenList); @@ -370,7 +373,10 @@ VOID ReadConfig(VOID) HandleStrings(TokenList, TokenCount, &(GlobalConfig.AlsoScan)); } else if ((StriCmp(TokenList[0], L"don't_scan_dirs") == 0) || (StriCmp(TokenList[0], L"dont_scan_dirs") == 0)) { - HandleStrings(TokenList, TokenCount, &(GlobalConfig.DontScan)); + HandleStrings(TokenList, TokenCount, &(GlobalConfig.DontScanDirs)); + + } else if ((StriCmp(TokenList[0], L"don't_scan_files") == 0) || (StriCmp(TokenList[0], L"dont_scan_files") == 0)) { + HandleStrings(TokenList, TokenCount, &(GlobalConfig.DontScanFiles)); } else if (StriCmp(TokenList[0], L"scan_driver_dirs") == 0) { HandleStrings(TokenList, TokenCount, &(GlobalConfig.DriverDirs)); diff --git a/refind/config.h b/refind/config.h index a23873c..5e5b042 100644 --- a/refind/config.h +++ b/refind/config.h @@ -74,6 +74,8 @@ typedef struct { #define HIDEUI_FLAG_ARROWS (0x0010) #define HIDEUI_ALL ((0xffff)) +#define DONT_SCAN_FILES L"shim.efi,MokManager.efi,TextMode.efi,ebounce.efi,GraphicsConsole.efi" + EFI_STATUS ReadFile(IN EFI_FILE_HANDLE BaseDir, CHAR16 *FileName, REFIT_FILE *File, UINTN *size); VOID ReadConfig(VOID); VOID ScanUserConfigured(VOID); diff --git a/refind/global.h b/refind/global.h index ac9bc7a..c993b44 100644 --- a/refind/global.h +++ b/refind/global.h @@ -215,7 +215,8 @@ typedef struct { CHAR16 *SelectionBigFileName; CHAR16 *DefaultSelection; CHAR16 *AlsoScan; - CHAR16 *DontScan; + CHAR16 *DontScanDirs; + CHAR16 *DontScanFiles; CHAR16 *DriverDirs; CHAR16 *IconsDir; UINTN ShowTools[NUM_TOOLS]; diff --git a/refind/main.c b/refind/main.c index 180fe7e..d01291d 100644 --- a/refind/main.c +++ b/refind/main.c @@ -73,7 +73,7 @@ #define DRIVER_DIRS L"drivers" #endif -#define MOK_NAMES L"\\EFI\\tools\\MokManager.efi,\\EFI\\redhat\\MokManager.efi" +#define MOK_NAMES L"\\EFI\\tools\\MokManager.efi,\\EFI\\redhat\\MokManager.efi,\\EFI\\ubuntu\\MokManager.efi,\\EFI\\suse\\MokManager" // Filename patterns that identify EFI boot loaders. Note that a single case (either L"*.efi" or // L"*.EFI") is fine for most systems; but Gigabyte's buggy Hybrid EFI does a case-sensitive @@ -97,7 +97,7 @@ static REFIT_MENU_SCREEN MainMenu = { L"Main Menu", NULL, 0, NULL, 0, NULL static REFIT_MENU_SCREEN AboutMenu = { L"About", NULL, 0, NULL, 0, NULL, 0, NULL }; REFIT_CONFIG GlobalConfig = { FALSE, FALSE, 0, 0, 20, 0, 0, GRAPHICS_FOR_OSX, LEGACY_TYPE_MAC, 0, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, {TAG_SHELL, TAG_APPLE_RECOVERY, TAG_MOK_TOOL, TAG_ABOUT, TAG_SHUTDOWN, TAG_REBOOT, 0, 0, 0, 0, 0 }}; // Structure used to hold boot loader filenames and time stamps in @@ -865,17 +865,15 @@ static VOID ScanLoaderDir(IN REFIT_VOLUME *Volume, IN CHAR16 *Path, IN CHAR16 *P struct LOADER_LIST *LoaderList = NULL, *NewLoader; if ((!SelfDirPath || !Path || ((StriCmp(Path, SelfDirPath) == 0) && Volume->DeviceHandle != SelfVolume->DeviceHandle) || - (StriCmp(Path, SelfDirPath) != 0)) && (!IsIn(Path, GlobalConfig.DontScan))) { + (StriCmp(Path, SelfDirPath) != 0)) && (!IsIn(Path, GlobalConfig.DontScanDirs))) { // look through contents of the directory DirIterOpen(Volume->RootDir, Path, &DirIter); while (DirIterNext(&DirIter, 2, Pattern, &DirEntry)) { Extension = FindExtension(DirEntry->FileName); if (DirEntry->FileName[0] == '.' || - StriCmp(DirEntry->FileName, L"TextMode.efi") == 0 || - StriCmp(DirEntry->FileName, L"ebounce.efi") == 0 || - StriCmp(DirEntry->FileName, L"GraphicsConsole.efi") == 0 || StriCmp(Extension, L".icns") == 0 || - StriSubCmp(L"shell", DirEntry->FileName)) + StriSubCmp(L"shell", DirEntry->FileName) || + IsIn(DirEntry->FileName, GlobalConfig.DontScanFiles)) continue; // skip this if (Path) @@ -921,22 +919,23 @@ static VOID ScanEfiFiles(REFIT_VOLUME *Volume) { if ((Volume->RootDir != NULL) && (Volume->VolName != NULL)) { // check for Mac OS X boot loader - if (!IsIn(L"\\System\\Library\\CoreServices", GlobalConfig.DontScan)) { + if (!IsIn(L"\\System\\Library\\CoreServices", GlobalConfig.DontScanDirs)) { StrCpy(FileName, MACOSX_LOADER_PATH); - if (FileExists(Volume->RootDir, FileName)) { + if (FileExists(Volume->RootDir, FileName) && !IsIn(L"boot.efi", GlobalConfig.DontScanFiles)) { AddLoaderEntry(FileName, L"Mac OS X", Volume); } // check for XOM StrCpy(FileName, L"\\System\\Library\\CoreServices\\xom.efi"); - if (FileExists(Volume->RootDir, FileName)) { + if (FileExists(Volume->RootDir, FileName) && !IsIn(L"boot.efi", GlobalConfig.DontScanFiles)) { AddLoaderEntry(FileName, L"Windows XP (XoM)", Volume); } - } // if Mac directory not in GlobalConfig.DontScan list + } // if Mac directory not in GlobalConfig.DontScanDirs list // check for Microsoft boot loader/menu StrCpy(FileName, L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi"); - if (FileExists(Volume->RootDir, FileName) && !IsIn(L"\\EFI\\Microsoft\\Boot", GlobalConfig.DontScan)) { + if (FileExists(Volume->RootDir, FileName) && !IsIn(L"\\EFI\\Microsoft\\Boot", GlobalConfig.DontScanDirs) && + !IsIn(L"bootmgfw.efi", GlobalConfig.DontScanFiles)) { AddLoaderEntry(FileName, L"Microsoft EFI boot", Volume); } diff --git a/refind/mok.h b/refind/mok.h index 5328898..8a19670 100644 --- a/refind/mok.h +++ b/refind/mok.h @@ -1,4 +1,5 @@ #include "../include/PeImage.h" +#include "../include/PeImage2.h" #define SHIM_LOCK_GUID \ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -- 2.39.2