proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-10-05 00:43:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
14,654 Commits 1 Branch 0 Tags 41 MiB
03d18df312
Commit Graph

8 Commits

Author SHA1 Message Date
Javier Martinez Canillas
3d8afd5799 efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 
Now the GRUB can check if it has been locked down and this can be used to
prevent executing commands that can be utilized to circumvent the UEFI
Secure Boot mechanisms. So, instead of hardcoding a list of modules that
have to be disabled, prevent the usage of commands that can be dangerous.

This not only allows the commands to be disabled on other platforms, but
also properly separate the concerns. Since the shim_lock verifier logic
should be only about preventing to run untrusted binaries and not about
defining these kind of policies.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Patch-Name: 2021-02-security/005-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-disabled-modules-list.patch
 2021-02-27 14:45:57 +00:00
Vladimir 'phcoder' Serbinenko
584b2f8a22 Replace grub_target_addr with more appropriate types. 
* grub-core/commands/efi/fixvideo.c (scan_card): Replace
	grub_target_addr with grub_addr.
	* grub-core/commands/iorw.c (grub_cmd_read): Replace
	grub_target_addr with grub_port.
	(grub_cmd_write): Likewise.
	* grub-core/commands/memrw.c (grub_cmd_read): Replace
	grub_target_addr with grub_addr.
	(grub_cmd_write): Likewise.
	* grub-core/video/efi_uga.c (find_line_len): Likewise.
 2012-02-27 14:13:24 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6 Improve gettext support. Stylistic fixes and error handling fixes while 
on it.
 2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6 Implement automatic module license checking according to new GNU 
guidelines.

	* grub-core/kern/dl.c (grub_dl_check_license): New function.
	(grub_dl_load_core): Use grub_dl_check_license.
	* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
	(GRUB_MOD_LICENSE): Likewise.
	(GRUB_MOD_DUAL_LICENSE): Likewise.
	All modules updated.
 2011-04-11 23:01:51 +02:00
Vladimir 'phcoder' Serbinenko
ed80f7d586 * include/grub/command.h (GRUB_COMMAND_FLAG_CMDLINE): Removed. All 
users updated.
	(GRUB_COMMAND_FLAG_MENU): Likewise.
	(GRUB_COMMAND_FLAG_BOTH): Likewise.
	(GRUB_COMMAND_FLAG_TITLE): Removed.
	(GRUB_COMMAND_FLAG_NO_ECHO): Likewise.
	(GRUB_COMMAND_FLAG_EXTCMD): Moved into enum.
	(GRUB_COMMAND_FLAG_DYNCMD): Likewise.
	(GRUB_COMMAND_FLAG_BLOCKS): Likewise.
	(grub_command_flags_t): New enum. All users updated.
 2010-09-14 23:06:01 +02:00
Vladimir 'phcoder' Serbinenko
0575c7c3ec * grub-core/commands/iorw.c (grub_cmd_read): Declare buf in smallest 
context.
 2010-09-13 20:16:51 +02:00
BVK Chaitanya
928bad4708 merge with mainline 2010-08-26 09:30:11 +05:30
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30