proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-21 07:40:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
334c0ef3d0
grub2/grub-core/kern
History
Michael Chang 6d05264eec kern/efi/sb: Add chainloaded image as shim's verifiable object 
While attempting to dual boot Microsoft Windows with UEFI chainloader,
it failed with below error when UEFI Secure Boot was enabled:

  error ../../grub-core/kern/verifiers.c:119:verification requested but
  nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi.

It is a regression, as previously it worked without any problem.

It turns out chainloading PE image has been locked down by commit
578c95298 (kern: Add lockdown support). However, we should consider it
as verifiable object by shim to allow booting in UEFI Secure Boot mode.
The chainloaded PE image could also have trusted signature created by
vendor with their pubkey cert in db. For that matters it's usage should
not be locked down under UEFI Secure Boot, and instead shim should be
allowed to validate a PE binary signature before running it.

Fixes: 578c95298 (kern: Add lockdown support)

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-10 13:49:42 +01:00
..
arm efi: Fix use-after-free in halt/reboot path 2020-07-29 16:55:48 +02:00
arm64 efi: Fix use-after-free in halt/reboot path 2020-07-29 16:55:48 +02:00
coreboot arm-coreboot: Start new port. 2017-05-08 20:53:28 +02:00
efi kern/efi/sb: Add chainloaded image as shim's verifiable object 2021-03-10 13:49:42 +01:00
emu emu: Make grub_free(NULL) safe 2020-07-29 16:55:48 +02:00
generic rtc_get_time_ms.c (grub_rtc_get_time_ms): Avoid division by zero. 2015-01-21 17:42:14 +01:00
i386 i386: Don't include <grub/cpu/linux.h> in coreboot and ieee1275 startup.S 2020-12-11 13:52:18 +01:00
ia64 efi: Fix use-after-free in halt/reboot path 2020-07-29 16:55:48 +02:00
ieee1275 ieee1275: NULL pointer dereference in grub_ieee1275_encode_devname() 2019-04-04 18:34:05 +02:00
mips disk: Rename grub_disk_get_size() to grub_disk_native_sectors() 2020-12-12 01:19:03 +01:00
powerpc Support R_PPC_PLTREL24 2019-03-25 15:08:49 +01:00
riscv efi: Fix use-after-free in halt/reboot path 2020-07-29 16:55:48 +02:00
sparc64 sparc64: #blocks64 disk node method 2018-03-05 15:26:36 +01:00
uboot calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
x86_64 x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32 2018-02-23 22:25:30 +01:00
xen xen: Add basic hooks for PVH in current code 2018-12-12 12:03:27 +01:00
acpi.c Make grub_acpi_find_fadt accessible generically 2016-02-12 11:35:48 +01:00
buffer.c kern/buffer: Add variable sized heap buffer 2021-03-02 15:54:19 +01:00
command.c kern: Add lockdown support 2021-03-02 15:54:15 +01:00
compiler-rt.c mips: Enable __clzdi2() 2020-12-18 23:04:36 +01:00
corecmd.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
device.c Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
disk_common.c disk: Move hardcoded max disk size literal to a GRUB_DISK_MAX_SECTORS in disk.h 2020-12-12 01:19:03 +01:00
disk.c disk: Rename grub_disk_get_size() to grub_disk_native_sectors() 2020-12-12 01:19:03 +01:00
dl.c dl: Only allow unloading modules that are not dependencies 2021-03-02 15:54:15 +01:00
elf.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
elfXX.c kern/elf: fix unintended sign extension 2016-01-09 19:41:26 +03:00
env.c * grub-core/kern/env.c, include/grub/env.h: Change iterator through 2013-03-03 01:34:27 +01:00
err.c * grub-core/kern/misc.c (grub_abort): Make static 2013-10-27 14:13:39 +01:00
file.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
fs.c fs: Fix block lists not being able to address to end of disk sometimes 2020-12-12 01:19:03 +01:00
list.c Remove prio_list. 2012-02-26 22:49:24 +01:00
lockdown.c kern/lockdown: Set a variable if the GRUB is locked down 2021-03-02 15:54:15 +01:00
main.c verifiers: Move verifiers API to kernel image 2021-03-02 15:54:15 +01:00
misc.c kern/misc: Add function to check printf() format against expected format 2021-03-02 15:54:20 +01:00
mm.c kern/mm: Fix grub_debug_calloc() compilation error 2021-03-02 15:54:20 +01:00
parser.c kern/parser: Fix a stack buffer overflow 2021-03-02 15:54:19 +01:00
partition.c kern/partition: Check for NULL before dereferencing input string 2021-03-02 15:54:16 +01:00
rescue_parser.c rescue_parser: restructure code to avoid Coverity false positive 2016-01-09 18:15:27 +03:00
rescue_reader.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
term.c kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys 2020-04-21 22:13:44 +02:00
time.c automake commit without merge history 2010-05-06 11:34:04 +05:30
verifiers.c verifiers: Move verifiers API to kernel image 2021-03-02 15:54:15 +01:00
vga_init.c * grub-core/kern/vga_init.c: Fix compilation on qemu-mips. 2013-08-14 09:50:57 +02:00