gdb: Restrict GDB access when locked down

The gdbstub* commands allow to start and control a GDB stub running on
local host that can be used to connect from a remote debugger. Restrict
this functionality when the GRUB is locked down.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/gdb/gdb.c

@@ -75,19 +75,23 @@ static grub_command_t cmd, cmd_stop, cmd_break;
 GRUB_MOD_INIT (gdb)
 {
   grub_gdb_idtinit ();
-  cmd = grub_register_command ("gdbstub", grub_cmd_gdbstub,
+  cmd = grub_register_command_lockdown ("gdbstub", grub_cmd_gdbstub,
 					N_("PORT"),
-			       /* TRANSLATORS: GDB stub is a small part of
+					/*
-				  GDB functionality running on local host
+					 * TRANSLATORS: GDB stub is a small part of
-				  which allows remote debugger to
+					 * GDB functionality running on local host
-				  connect to it.  */
+					 * which allows remote debugger to
+					 * connect to it.
+					 */
 					N_("Start GDB stub on given port"));
-  cmd_break = grub_register_command ("gdbstub_break", grub_cmd_gdb_break,
+  cmd_break = grub_register_command_lockdown ("gdbstub_break", grub_cmd_gdb_break,
-				     /* TRANSLATORS: this refers to triggering
+					      /*
-					a breakpoint so that the user will land
+					       * TRANSLATORS: this refers to triggering
-					into GDB.  */
+					       * a breakpoint so that the user will land
+					       * into GDB.
+					       */
 					      0, N_("Break into GDB"));
-  cmd_stop = grub_register_command ("gdbstub_stop", grub_cmd_gdbstop,
+  cmd_stop = grub_register_command_lockdown ("gdbstub_stop", grub_cmd_gdbstop,
 					     0, N_("Stop GDB stub"));
 }