mirror of
https://git.proxmox.com/git/grub2
synced 2025-07-16 04:58:28 +00:00
8f73052885
Now the GRUB can check if it has been locked down and this can be used to prevent executing commands that can be utilized to circumvent the UEFI Secure Boot mechanisms. So, instead of hardcoding a list of modules that have to be disabled, prevent the usage of commands that can be dangerous. This not only allows the commands to be disabled on other platforms, but also properly separate the concerns. Since the shim_lock verifier logic should be only about preventing to run untrusted binaries and not about defining these kind of policies. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
||
|---|---|---|
| .. | ||
| coreboot | ||
| pc | ||
| cmosdump.c | ||
| cmostest.c | ||
| cpuid.c | ||
| rdmsr.c | ||
| wrmsr.c | ||