• Home (current)
  • वर्तमान निदेशक => /usr/sbin/
  • सूचना एवं अपलोड
    Info Server
Indian Cyber Force
Folders रचयन्तु सञ्चिकां रचयन्तु RansomWeb लॉगआउट
Current File : //usr/sbin/update-secureboot-policy
#!/bin/sh
set -e

if  test $# = 0                                                 \
    && test x"$SHIM_NOTRIGGER" = x                              \
 && test x"$DPKG_MAINTSCRIPT_PACKAGE" != x                      \
 && dpkg-trigger --check-supported 2>/dev/null
then
        if dpkg-trigger --no-await shim-secureboot-policy; then
                if test x"$SHIM_TRIGGER_DEBUG" != x; then
                        echo "shim: wrapper deferring policy update (trigger activated)"
                fi
                exit 0
        fi
fi

if [ "$(id -u)" -ne 0 ]; then
	echo "$0: Permission denied"
	exit 1
fi

do_enroll=0
do_toggle=0

efivars=/sys/firmware/efi/efivars
secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23

SB_KEY="/var/lib/shim-signed/mok/MOK.der"
SB_PRIV="/var/lib/shim-signed/mok/MOK.priv"

OLD_DKMS_LIST="/var/lib/shim-signed/dkms-list"
NEW_DKMS_LIST="${OLD_DKMS_LIST}.new"

touch $OLD_DKMS_LIST

dkms_list=$(find /var/lib/dkms -maxdepth 1 -type d -print 2>/dev/null \
            | LC_ALL=C sort)
dkms_modules=$(echo "$dkms_list" | wc -l)

. /usr/share/debconf/confmodule

update_dkms_list()
{
    echo "$dkms_list" > $NEW_DKMS_LIST
}

save_dkms_list()
{
    mv "$NEW_DKMS_LIST" "$OLD_DKMS_LIST"
}

clear_new_dkms_list()
{
    rm "$NEW_DKMS_LIST"
}

new_dkms_module()
{
    # handle nvidia module specially because it changed path
    if ! grep -q "/var/lib/dkms/nvidia" "$OLD_DKMS_LIST" && grep -q "/var/lib/dkms/nvidia" "$NEW_DKMS_LIST" ; then
        # nvidia module is newly added
        return 0
    fi

    # return 0 if there is any other new module
    env LC_ALL=C comm -1 -3 $OLD_DKMS_LIST $NEW_DKMS_LIST | grep -q -v "/var/lib/dkms/nvidia"
}

show_dkms_list_changes()
{
    diff -u $OLD_DKMS_LIST $NEW_DKMS_LIST >&2
}

validate_password()
{
    db_capb
    if [ "$key" != "$again" ]; then
        db_fset shim/error/secureboot_key_mismatch seen false
        db_input critical shim/error/secureboot_key_mismatch || true
        STATE=$(($STATE - 2))
    else
        length=$((`echo "$key" | wc -c` - 1))
        if [ $length -lt 8 ] || [ $length -gt 16 ]; then
            db_fset shim/error/bad_secureboot_key seen false
            db_input critical shim/error/bad_secureboot_key || true
            STATE=$(($STATE - 2))
        elif [ $length -ne 0 ]; then
            return 0
        fi
    fi

    return 1
}

clear_passwords()
{
    # Always clear secureboot key.
    db_set shim/secureboot_key ''
    db_fset shim/secureboot_key seen false
    db_set shim/secureboot_key_again ''
    db_fset shim/secureboot_key_again seen false
}

toggle_validation()
{
    local key="$1"
    local again="$2"

    echo "Enabling shim validation."
    printf '%s\n%s\n' "$key" "$again" | mokutil --enable-validation >/dev/null || true
    mokutil --timeout -1 >/dev/null || true
}

enroll_mok()
{
    local key="$1"
    local again="$2"

    echo "Adding '$SB_KEY' to shim:"
    printf '%s\n%s\n' "$key" "$again" | mokutil --import "$SB_KEY" >/dev/null || true
    mokutil --timeout -1 >/dev/null || true
}

do_it()
{
    STATE=1
    db_settitle shim/title/secureboot
    while true; do
        case "$STATE" in
        1)
            db_capb
            db_fset shim/secureboot_explanation seen false
            db_input critical shim/secureboot_explanation || true
            ;;
        2)
            if [ "$do_toggle" -eq 1 ]; then
                # Force no backtracking here; otherwise the GNOME backend
                # might allow it due to displaying the explanation just before.
                # Fixes LP: #1767091
                db_capb
                # Allow the user to skip toggling Secure Boot.
                db_fset shim/enable_secureboot seen false
                db_input critical shim/enable_secureboot || true
                db_go

                db_get shim/enable_secureboot
                if [ "$RET" = "false" ]; then
                    break
                fi
            fi
            ;;
        3)

            db_input critical shim/secureboot_key || true
            seen_key=$RET
            db_input critical shim/secureboot_key_again || true
            ;;
        4)
            db_get shim/secureboot_key
            key="$RET"
            db_get shim/secureboot_key_again
            again="$RET"

            if [ -z "$key$again" ] && echo "$seen_key" | grep -q ^30; then
                echo "Running in non-interactive mode, doing nothing." >&2

                if new_dkms_module; then
                    show_dkms_list_changes
                    clear_new_dkms_list
                    exit 1
                else
                    exit 0
                fi
            fi

            if validate_password; then
                if [ $do_toggle -eq 1 ]; then
                    toggle_validation "$key" "$again"
                fi
                if [ $do_enroll -eq 1 ]; then
                    enroll_mok "$key" "$again"
                fi
                save_dkms_list
            fi

            clear_passwords
            ;;
        *)
            break
            ;;
        esac

        if db_go; then
            STATE=$(($STATE + 1))
        else
            STATE=$(($STATE - 1))
        fi
        db_capb backup
    done
    db_capb
}

validate_actions() {
    # Validate any queued actions before we go try to do them.
    local moksbstatert=0

    if ! [ -d $efivars ]; then
        echo "$efivars not found, aborting." >&2
        exit 0
    fi

    if ! [ -f $efivars/$secureboot_var ] \
        || [ "$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF }')" -ne 1 ]
    then
        echo "Secure Boot not enabled on this system." >&2
        exit 0
    fi

    if [ $dkms_modules -lt 2 ]; then
        echo "No DKMS modules installed." >&2
        exit 0
    fi

    if [ -f /proc/sys/kernel/moksbstate_disabled ]; then
        moksbstatert=$(cat /proc/sys/kernel/moksbstate_disabled 2>/dev/null || echo 0)
    elif [ -f $efivars/$moksbstatert_var ]; then
        # MokSBStateRT set to 1 means validation is disabled
        moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \
                       awk '{ print $NF; }')
    fi

    # We were asked to enroll a key. This only makes sense if validation
    # is enabled.
    if [ $do_enroll -eq 1 ] && [ $moksbstatert -eq 1 ]; then
        do_toggle=1
    fi
}

create_mok()
{
    if [ -e "$SB_KEY" ]; then
        return
    fi

    echo "Generating a new Secure Boot signing key:"
    openssl req -config /usr/lib/shim/mok/openssl.cnf \
        -subj "/CN=`hostname -s | cut -b1-31` Secure Boot Module Signature key" \
        -new -x509 -newkey rsa:2048 \
        -nodes -days 36500 -outform DER \
        -keyout "$SB_PRIV" \
        -out "$SB_KEY"
}

update_dkms_list

case "$1" in
'--enable'|'--disable')
    echo "Please run mokutil directly to change shim validation behavior."
    exit 0
    ;;

'--new-key')
    create_mok
    exit 0
    ;;

'--enroll-key')
    if [ -e "$SB_KEY" ]; then
        if mokutil --test-key "$SB_KEY" | \
                grep -qc 'is not'; then
            do_enroll=1
        fi
    else
        echo "No MOK found."
        exit 1
    fi
    ;;

*)
    echo "update-secureboot-policy: toggle UEFI Secure Boot in shim"
    echo
    echo "\t--new-key\tCreate a new MOK."
    echo "\t--enroll-key\tEnroll the new MOK for this system in shim."
    echo "\t--help\t\tThis help text."
    exit 0

esac

validate_actions

if [ $(($do_toggle + $do_enroll)) -lt 1 ]; then
    echo "Nothing to do."
    exit 0
fi

do_it

exit 0
Frontend Submission – Verilere bak
Menu
  • Top 10

Verilere bak

Follow us
  • facebook
  • twitter
Search
Login
Create
Menu

Verilere bak

Login

You are here:

  1. Home
  2. Frontend Submission

Frontend Submission

  • Story

    Mix text with images and embeds

  • Image

    JPG, PNG or GIF

  • Audio

    MP3 or SoundCloud embed, MixCloud, etc.

  • Video

    MP4 or YouTube embed, Vimeo, Dailymotion, etc.

  • Gallery

    A collection of images

  • Embed

    Facebook post, Twitter status, etc.

  • Link

    External site's link

  • Open list

    Everyone can submit new list items and vote up for the best submission

  • Ranked list

    Everyone can vote up for the best list item

  • Classic list

    A list-based article

  • Meme

    Create a funny pic

  • Trivia quiz

    What do you know about ...?

  • Personality quiz

    What type of person are you?

  • Poll

    One or multiple questions about a subject or person

  • Versus

    A poll where each question has two competing answers

  • Hot or Not

    A poll where each question has two opposite answers

Bir yanıt yazın Yanıtı iptal et

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

  • facebook
  • twitter

© 2017 bring the pixel. Remember to change this

  • Home
  • Contact us
Back to Top
Close
  • Top 10
  • Home
  • Animals
  • Funny
  • WOW
  • WTF
  • Features
  • facebook
  • twitter
Create

Log In

Sign In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Back to Login

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Accept

Add to Collection

  • Public collection title

  • Private collection title

No Collections

Here you'll find all collections you've created before.

Close
of

Processing files…

Hey Friend!
Before You Go…

Get the best viral stories straight into your inbox before everyone else!

Don't worry, we don't spam

Close

Newsletter

Don’t miss out on new posts!

Don't worry, we don't spam

Close