OXIESEC PANEL
- Current Dir:
/
/
usr
/
lib
/
shim
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
10/28/2024 06:50:42 AM
rwxr-xr-x
📄
BOOTX64.CSV
108 bytes
01/31/2023 11:57:37 AM
rw-r--r--
📄
fbx64.efi
86.23 KB
01/27/2023 09:35:37 PM
rw-r--r--
📄
is-not-revoked
1.58 KB
01/31/2023 11:57:37 AM
rwxr-xr-x
📄
mmx64.efi
840.65 KB
01/27/2023 09:35:37 PM
rw-r--r--
📁
mok
-
05/09/2024 07:13:20 AM
rwxr-xr-x
📄
shimx64.efi
928.6 KB
01/31/2023 11:57:37 AM
rw-r--r--
📄
shimx64.efi.dualsigned
939.84 KB
01/31/2023 11:57:37 AM
rw-r--r--
📄
shimx64.efi.signed
937.96 KB
01/31/2023 11:57:37 AM
rw-r--r--
📄
shimx64.efi.signed.latest
937.96 KB
01/31/2023 11:57:37 AM
rw-r--r--
📄
shimx64.efi.signed.previous
933.26 KB
01/31/2023 11:57:37 AM
rw-r--r--
Editing: is-not-revoked
Close
#!/bin/bash set -e # we need to set lastpipe so we can read the signers into the signers array below shopt -s lastpipe exit=0 quiet="" if [ "$1" = "-q" ]; then quiet=true shift fi compress_type() { local file="$1" magic="$(od -x -N2 "$file" | head -1 | cut -d' ' -f2)" case $magic in 8b1f) echo "gzip" ;; *) echo "none" ;; esac } for signed_binary in "$@"; do if [ ! -e "$signed_binary" ]; then echo "E: $signed_binary: file not found">&2 exit=1 continue fi if [ "$(compress_type "$signed_binary")" = "gzip" ]; then _signed_binary="$(mktemp)" trap 'rm -f "$_signed_binary"' EXIT gunzip < "$signed_binary" > "$_signed_binary" else _signed_binary="$signed_binary" fi sbverify --list "$_signed_binary" | grep subject: | grep -E -o "CN=([^/]|\\/)*" | readarray -t signers if [ -z "$signers" ]; then echo "E: $signed_binary: Could not find signing subject, sbverify output follows:">&2 sbverify --list "$_signed_binary" >&2 exit=1 continue fi for signer in "${signers[@]}"; do revoked=$(grep -xF "$signer" << EOF CN=Canonical Ltd. Secure Boot Signing CN=Canonical Ltd. Secure Boot Signing (2017) CN=Canonical Ltd. Secure Boot Signing (ESM 2018) CN=Canonical Ltd. Secure Boot Signing (2019) CN=Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019) CN=Canonical Ltd. Secure Boot Signing (2021 v1) CN=Canonical Ltd. Secure Boot Signing (2021 v2) CN=Canonical Ltd. Secure Boot Signing (2021 v3) EOF ) || true if [ "$revoked" ]; then if [ -z "$quiet" ]; then echo "E: $signed_binary: revoked key $revoked used">&2 fi exit=1 fi done done exit $exit