Michael Chang 6d05264eec kern/efi/sb: Add chainloaded image as shim's verifiable object ... While attempting to dual boot Microsoft Windows with UEFI chainloader, it failed with below error when UEFI Secure Boot was enabled: error ../../grub-core/kern/verifiers.c:119:verification requested but nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi. It is a regression, as previously it worked without any problem. It turns out chainloading PE image has been locked down by commit 578c95298 (kern: Add lockdown support). However, we should consider it as verifiable object by shim to allow booting in UEFI Secure Boot mode. The chainloaded PE image could also have trusted signature created by vendor with their pubkey cert in db. For that matters it's usage should not be locked down under UEFI Secure Boot, and instead shim should be allowed to validate a PE binary signature before running it. Fixes: 578c95298 (kern: Add lockdown support) Signed-off-by: Michael Chang <mchang@suse.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>		2021-03-10 13:49:42 +01:00
..
acpi.c	tsc: Use alternative delay sources whenever appropriate.	2015-11-27 11:39:55 +01:00
efi.c	kern/efi: Fix memory leak on failure	2021-03-02 15:54:16 +01:00
fdt.c	efi: Move fdt helper into own file	2016-11-24 10:09:24 +01:00
init.c	kern/efi: Add initial stack protector implementation	2021-03-02 15:54:19 +01:00
mm.c	kern/efi/mm: Fix possible NULL pointer dereference	2021-03-02 15:54:16 +01:00
sb.c	kern/efi/sb: Add chainloaded image as shim's verifiable object	2021-03-10 13:49:42 +01:00