proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-16 21:39:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3e8e4c0549
grub2/grub-core/commands
History
Javier Martinez Canillas 3e8e4c0549 acpi: Don't register the acpi command when locked down 
The command is not allowed when lockdown is enforced. Otherwise an
attacker can instruct the GRUB to load an SSDT table to overwrite
the kernel lockdown configuration and later load and execute
unsigned code.

Fixes: CVE-2020-14372

Reported-by: Máté Kukri <km@mkukri.xyz>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:15 +01:00
..
arc Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
efi efi: Move the shim_lock verifier to the GRUB core 2021-03-02 15:54:15 +01:00
i386 efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-03-02 15:54:15 +01:00
ieee1275 * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
mips/loongson * grub-core/commands/i386/pc/drivemap.c: Add TRANSLATORS comments. 2012-03-02 15:09:10 +01:00
xen Correct some translatable strings. 2013-12-21 03:03:31 +01:00
acpi.c acpi: Don't register the acpi command when locked down 2021-03-02 15:54:15 +01:00
acpihalt.c acpihalt: add GRUB_ACPI_OPCODE_CREATE_DWORD_FIELD (0x8a) 2016-01-02 21:33:18 +03:00
blocklist.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
boot.c Add new ports: i386-xen and x86_64-xen. This allows running GRUB in 2013-11-09 21:29:11 +01:00
boottime.c Clarify several translatable messages. 2013-12-21 03:21:45 +01:00
cacheinfo.c cacheinfo: Add missing license information. 2015-03-20 11:13:58 +01:00
cat.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
cmp.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
configfile.c * grub-core/commands/configfile.c (GRUB_MOD_INIT): Correct 2012-10-12 15:34:33 +01:00
date.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
echo.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
eval.c * grub-core/script/execute.c (grub_script_execute_sourcecode): Split 2013-06-07 18:40:37 +02:00
extcmd.c kern: Add lockdown support 2021-03-02 15:54:15 +01:00
file32.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file64.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file.c RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
fileXX.c commands/fileXX: Fix remaining memory leak. 2015-01-25 16:36:30 +03:00
gptsync.c gptsync: Add missing device_close. 2015-01-24 20:52:02 +01:00
halt.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
hashsum.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
hdparm.c i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
help.c * include/grub/list.h (FOR_LIST_ELEMENTS_SAFE): New macro. 2012-07-02 11:19:22 +02:00
hexdump.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
iorw.c efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-03-02 15:54:15 +01:00
keylayouts.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
keystatus.c kern/term: Make grub_getkeystatus() helper function available everywhere 2020-04-21 22:08:52 +02:00
legacycfg.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
loadenv.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
ls.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
lsacpi.c * grub-core/commands/lsacpi.c: Fix types on 64-bit platform. 2013-02-06 17:37:29 +01:00
lsmmap.c Translate UEFI persistent memory type 2015-12-15 10:25:34 +03:00
lspci.c Remove nested functions from PCI iterators. 2013-01-13 01:10:41 +00:00
macbless.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
memrw.c efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-03-02 15:54:15 +01:00
menuentry.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
minicmd.c dl: Add support for persistent modules 2018-11-09 13:25:31 +01:00
nativedisk.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
parttool.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
password_pbkdf2.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
password.c Improve gettext support. Stylistic fixes and error handling fixes while 2012-02-08 19:26:01 +01:00
pcidump.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
pgp.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
probe.c probe: Support probing for msdos PARTUUID 2019-10-21 14:00:54 +02:00
read.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
reboot.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
regexp.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
search_file.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_label.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_uuid.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_wrap.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
search.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
setpci.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
sleep.c kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys 2020-04-21 22:13:44 +02:00
smbios.c smbios: Add a --linux argument to apply linux modalias-like filtering 2020-03-10 21:35:02 +01:00
syslinuxcfg.c commands/syslinux: Add missing free. 2015-01-24 21:23:25 +01:00
terminal.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
test.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
testload.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
testspeed.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
time.c Improve string. Gettextize. 2012-02-12 15:25:25 +01:00
tpm.c tpm: Rename function grub_tpm_log_event() to grub_tpm_measure() 2020-05-15 15:37:28 +02:00
tr.c commands/tr: Simplify and fix missing parameter test. 2015-01-24 21:25:42 +01:00
true.c * grub-core/commands/acpihalt.c: Add TRANSLATORS comments. 2012-03-03 12:59:28 +01:00
usbtest.c usbtest: Disable gcc9 -Waddress-of-packed-member 2019-04-23 11:37:08 +02:00
videoinfo.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
videotest.c * grub-core/commands/videotest.c: Reduce flickering and draw 6 squares 2013-05-02 14:34:13 +02:00
wildcard.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
xnu_uuid.c * grub-core/commands/xnu_uuid.c: Remove variable length arrays. 2013-11-12 01:19:34 +01:00