proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-25 18:29:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
58b77d4069
grub2/grub-core/loader
History
Javier Martinez Canillas 468a5699b2 commands: Restrict commands that can load BIOS or DT blobs when locked down 
There are some more commands that should be restricted when the GRUB is
locked down. Following is the list of commands and reasons to restrict:

  * fakebios:   creates BIOS-like structures for backward compatibility with
                existing OSes. This should not be allowed when locked down.

  * loadbios:   reads a BIOS dump from storage and loads it. This action
                should not be allowed when locked down.

  * devicetree: loads a Device Tree blob and passes it to the OS. It replaces
                any Device Tree provided by the firmware. This also should
                not be allowed when locked down.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:15 +01:00
..
arm commands: Restrict commands that can load BIOS or DT blobs when locked down 2021-03-02 15:54:15 +01:00
arm64 efi: Rename armxx to arch 2019-02-25 11:28:44 +01:00
efi commands: Restrict commands that can load BIOS or DT blobs when locked down 2021-03-02 15:54:15 +01:00
i386 loader/linux: Report the UEFI Secure Boot status to the Linux kernel 2020-12-12 01:19:03 +01:00
ia64/efi verifiers: IA-64 fallout cleanup 2019-03-20 11:38:28 +01:00
mips relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
powerpc/ieee1275 verifiers: PowerPC fallout cleanup 2019-03-20 11:38:28 +01:00
riscv RISC-V: Add Linux load logic 2019-02-25 11:33:06 +01:00
sparc64/ieee1275 arm-uboot, ia64, sparc64: Fix up grub_file_open() calls 2018-11-16 14:42:51 +01:00
aout.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
linux.c linux: Fix integer overflows in initrd size handling 2020-07-29 16:55:48 +02:00
lzss.c Add LZSS Mach-O support (needed for new xnu kernelcache). 2012-02-29 13:26:13 +01:00
macho32.c * grub-core/loader/machoXX.c: Fix compilation on non-i386. 2013-12-17 22:44:46 +01:00
macho64.c * grub-core/loader/machoXX.c: Fix compilation on non-i386. 2013-12-17 22:44:46 +01:00
macho.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
machoXX.c Simplify few strings. 2013-05-07 11:44:15 +02:00
multiboot_elfxx.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
multiboot_mbi2.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
multiboot.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
xnu_resume.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
xnu.c relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow 2020-07-29 16:55:48 +02:00