Javier Martinez Canillas
468a5699b2
commands: Restrict commands that can load BIOS or DT blobs when locked down
...
There are some more commands that should be restricted when the GRUB is
locked down. Following is the list of commands and reasons to restrict:
* fakebios: creates BIOS-like structures for backward compatibility with
existing OSes. This should not be allowed when locked down.
* loadbios: reads a BIOS dump from storage and loads it. This action
should not be allowed when locked down.
* devicetree: loads a Device Tree blob and passes it to the OS. It replaces
any Device Tree provided by the firmware. This also should
not be allowed when locked down.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:15 +01:00
Vladimir Serbinenko
ca0a4f689a
verifiers: File type for fine-grained signature-verification controlling
...
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.
This is preparatory patch.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
44bbfa33b8
Propagate the EFI commits to x86-efi specific parts.
2013-12-11 16:11:17 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6
Improve gettext support. Stylistic fixes and error handling fixes while
...
on it.
2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c
* grub-core/commands/acpihalt.c: Gettextized.
...
* grub-core/commands/cacheinfo.c: Likewise.
* grub-core/commands/cmp.c: Likewise.
* grub-core/commands/efi/loadbios.c: Likewise.
* grub-core/commands/gptsync.c: Likewise.
* grub-core/commands/ieee1275/suspend.c: Likewise.
* grub-core/commands/legacycfg.c: Likewise.
* grub-core/commands/memrw.c: Likewise.
* grub-core/commands/minicmd.c: Likewise.
* grub-core/commands/parttool.c: Likewise.
* grub-core/commands/time.c: Likewise.
* grub-core/commands/videoinfo.c: Likewise.
* grub-core/disk/geli.c: Likewise.
* grub-core/disk/i386/pc/biosdisk.c: Likewise.
* grub-core/disk/luks.c: Likewise.
* grub-core/disk/lvm.c: Likewise.
* grub-core/font/font_cmd.c: Likewise.
* grub-core/fs/zfs/zfscrypt.c: Likewise.
* grub-core/fs/zfs/zfsinfo.c: Likewise.
* grub-core/gfxmenu/view.c: Likewise.
* grub-core/kern/emu/hostdisk.c: Likewise.
* grub-core/kern/emu/main.c: Likewise.
* grub-core/kern/emu/misc.c: Likewise.
* grub-core/kern/emu/mm.c: Likewise.
* grub-core/kern/mips/arc/init.c: Likewise.
* grub-core/kern/mips/loongson/init.c: Likewise.
* grub-core/kern/partition.c: Likewise.
* grub-core/lib/i386/halt.c: Likewise.
* grub-core/lib/mips/arc/reboot.c: Likewise.
* grub-core/lib/mips/loongson/reboot.c: Likewise.
* grub-core/loader/i386/pc/chainloader.c: Likewise.
* grub-core/loader/i386/xnu.c: Likewise.
* grub-core/loader/multiboot.c: Likewise.
* grub-core/net/bootp.c: Likewise.
* grub-core/net/net.c: Likewise.
* grub-core/normal/term.c: Likewise.
* grub-core/partmap/bsdlabel.c: Likewise.
* grub-core/parttool/msdospart.c: Likewise.
* grub-core/term/gfxterm.c: Likewise.
* grub-core/term/terminfo.c: Likewise.
* grub-core/video/i386/pc/vbe.c: Likewise.
* util/grub-menulst2cfg.c: Likewise.
* util/grub-mkdevicemap.c: Likewise.
* util/grub-mklayout.c: Likewise.
* util/grub-mkrelpath.c: Likewise.
* util/grub-script-check.c: Likewise.
* util/ieee1275/grub-ofpathname.c: Likewise.
* util/resolve.c: Likewise.
2011-11-11 21:44:56 +01:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6
Implement automatic module license checking according to new GNU
...
guidelines.
* grub-core/kern/dl.c (grub_dl_check_license): New function.
(grub_dl_load_core): Use grub_dl_check_license.
* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
(GRUB_MOD_LICENSE): Likewise.
(GRUB_MOD_DUAL_LICENSE): Likewise.
All modules updated.
2011-04-11 23:01:51 +02:00
BVK Chaitanya
8c41176882
automake commit without merge history
2010-05-06 11:34:04 +05:30
