Dimitri John Ledkov 968de8c23c shim_lock: Only skip loading shim_lock verifier with explicit consent ... Commit 32ddc42c (efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled) reintroduced CVE-2020-15705 which previously only existed in the out-of-tree linuxefi patches and was fixed as part of the BootHole patch series. Under Secure Boot enforce loading shim_lock verifier. Allow skipping shim_lock verifier if SecureBoot/MokSBState EFI variables indicate skipping validations, or if GRUB image is built with --disable-shim-lock. Fixes: 132ddc42c (efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled) Fixes: CVE-2020-15705 Fixes: CVE-2021-3418 Reported-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>		2021-03-02 15:54:19 +01:00
..
man	Implement syslinux parser.	2013-12-18 05:28:05 +01:00
autoiso.cfg	* docs/autoiso.cfg: New file.	2013-10-27 20:34:24 +01:00
fdl.texi	2008-03-01 Yoshinori K. Okuji <okuji@enbug.org>	2008-03-01 17:27:51 +00:00
font_char_metrics.png	GRUB developper manual based on existing Internals section and	2011-04-03 15:30:28 +02:00
font_char_metrics.txt	GRUB developper manual based on existing Internals section and	2011-04-03 15:30:28 +02:00
grub-dev.texi	kern: Add lockdown support	2021-03-02 15:54:15 +01:00
grub.cfg	* docs/grub.cfg: Update.	2012-05-04 00:30:15 +02:00
grub.texi	shim_lock: Only skip loading shim_lock verifier with explicit consent	2021-03-02 15:54:19 +01:00
Makefile.am	Fix make dist.	2012-02-28 12:58:57 +01:00
mdate-sh	2008-03-01 Yoshinori K. Okuji <okuji@enbug.org>	2008-03-01 17:27:51 +00:00
osdetect.cfg	* docs/osdetect.cfg: Add isolinux config to detected OSes.	2013-12-18 05:34:17 +01:00
texinfo.tex	remove all trailing whitespace	2009-06-10 21:04:23 +00:00