proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-23 08:25:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
468a5699b2
grub2/grub-core/commands
History
Javier Martinez Canillas 468a5699b2 commands: Restrict commands that can load BIOS or DT blobs when locked down 
There are some more commands that should be restricted when the GRUB is
locked down. Following is the list of commands and reasons to restrict:

  * fakebios:   creates BIOS-like structures for backward compatibility with
                existing OSes. This should not be allowed when locked down.

  * loadbios:   reads a BIOS dump from storage and loads it. This action
                should not be allowed when locked down.

  * devicetree: loads a Device Tree blob and passes it to the OS. It replaces
                any Device Tree provided by the firmware. This also should
                not be allowed when locked down.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:15 +01:00
..
arc Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
efi commands: Restrict commands that can load BIOS or DT blobs when locked down 2021-03-02 15:54:15 +01:00
i386 efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-03-02 15:54:15 +01:00
ieee1275 * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
mips/loongson * grub-core/commands/i386/pc/drivemap.c: Add TRANSLATORS comments. 2012-03-02 15:09:10 +01:00
xen Correct some translatable strings. 2013-12-21 03:03:31 +01:00
acpi.c acpi: Don't register the acpi command when locked down 2021-03-02 15:54:15 +01:00
acpihalt.c acpihalt: add GRUB_ACPI_OPCODE_CREATE_DWORD_FIELD (0x8a) 2016-01-02 21:33:18 +03:00
blocklist.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
boot.c Add new ports: i386-xen and x86_64-xen. This allows running GRUB in 2013-11-09 21:29:11 +01:00
boottime.c Clarify several translatable messages. 2013-12-21 03:21:45 +01:00
cacheinfo.c cacheinfo: Add missing license information. 2015-03-20 11:13:58 +01:00
cat.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
cmp.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
configfile.c * grub-core/commands/configfile.c (GRUB_MOD_INIT): Correct 2012-10-12 15:34:33 +01:00
date.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
echo.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
eval.c * grub-core/script/execute.c (grub_script_execute_sourcecode): Split 2013-06-07 18:40:37 +02:00
extcmd.c kern: Add lockdown support 2021-03-02 15:54:15 +01:00
file32.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file64.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file.c RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
fileXX.c commands/fileXX: Fix remaining memory leak. 2015-01-25 16:36:30 +03:00
gptsync.c gptsync: Add missing device_close. 2015-01-24 20:52:02 +01:00
halt.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
hashsum.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
hdparm.c i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
help.c * include/grub/list.h (FOR_LIST_ELEMENTS_SAFE): New macro. 2012-07-02 11:19:22 +02:00
hexdump.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
iorw.c efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-03-02 15:54:15 +01:00
keylayouts.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
keystatus.c kern/term: Make grub_getkeystatus() helper function available everywhere 2020-04-21 22:08:52 +02:00
legacycfg.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
loadenv.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
ls.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
lsacpi.c * grub-core/commands/lsacpi.c: Fix types on 64-bit platform. 2013-02-06 17:37:29 +01:00
lsmmap.c Translate UEFI persistent memory type 2015-12-15 10:25:34 +03:00
lspci.c Remove nested functions from PCI iterators. 2013-01-13 01:10:41 +00:00
macbless.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
memrw.c efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-03-02 15:54:15 +01:00
menuentry.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
minicmd.c dl: Add support for persistent modules 2018-11-09 13:25:31 +01:00
nativedisk.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
parttool.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
password_pbkdf2.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
password.c Improve gettext support. Stylistic fixes and error handling fixes while 2012-02-08 19:26:01 +01:00
pcidump.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
pgp.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
probe.c probe: Support probing for msdos PARTUUID 2019-10-21 14:00:54 +02:00
read.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
reboot.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
regexp.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
search_file.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_label.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_uuid.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_wrap.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
search.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
setpci.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
sleep.c kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys 2020-04-21 22:13:44 +02:00
smbios.c smbios: Add a --linux argument to apply linux modalias-like filtering 2020-03-10 21:35:02 +01:00
syslinuxcfg.c commands/syslinux: Add missing free. 2015-01-24 21:23:25 +01:00
terminal.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
test.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
testload.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
testspeed.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
time.c Improve string. Gettextize. 2012-02-12 15:25:25 +01:00
tpm.c tpm: Rename function grub_tpm_log_event() to grub_tpm_measure() 2020-05-15 15:37:28 +02:00
tr.c commands/tr: Simplify and fix missing parameter test. 2015-01-24 21:25:42 +01:00
true.c * grub-core/commands/acpihalt.c: Add TRANSLATORS comments. 2012-03-03 12:59:28 +01:00
usbtest.c usbtest: Disable gcc9 -Waddress-of-packed-member 2019-04-23 11:37:08 +02:00
videoinfo.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
videotest.c * grub-core/commands/videotest.c: Reduce flickering and draw 6 squares 2013-05-02 14:34:13 +02:00
wildcard.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
xnu_uuid.c * grub-core/commands/xnu_uuid.c: Remove variable length arrays. 2013-11-12 01:19:34 +01:00