proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-08-06 02:13:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6d05264eec
grub2/grub-core
History
Michael Chang 6d05264eec kern/efi/sb: Add chainloaded image as shim's verifiable object 
While attempting to dual boot Microsoft Windows with UEFI chainloader,
it failed with below error when UEFI Secure Boot was enabled:

  error ../../grub-core/kern/verifiers.c:119:verification requested but
  nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi.

It is a regression, as previously it worked without any problem.

It turns out chainloading PE image has been locked down by commit
578c95298 (kern: Add lockdown support). However, we should consider it
as verifiable object by shim to allow booting in UEFI Secure Boot mode.
The chainloaded PE image could also have trusted signature created by
vendor with their pubkey cert in db. For that matters it's usage should
not be locked down under UEFI Secure Boot, and instead shim should be
allowed to validate a PE binary signature before running it.

Fixes: 578c95298 (kern: Add lockdown support)

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-10 13:49:42 +01:00
..
boot A workaround for clang problem assembling startup_raw.S 2019-04-08 15:22:10 +10:00
bus usb: Avoid possible out-of-bound accesses caused by malicious devices 2021-03-02 15:54:15 +01:00
commands commands/efi/lsefisystab: Add short text for EFI_RT_PROPERTIES_TABLE_GUID 2021-03-02 17:35:30 +01:00
disk disk/pata: Suppress error message "no device connected" 2021-03-10 13:22:45 +01:00
efiemu calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
font font: Do not load more than one NAME section 2020-07-29 16:55:48 +02:00
fs fs/ext2: Fix a file not found error when a symlink filesize is equal to 60 2021-03-10 13:14:25 +01:00
gdb gdb: Restrict GDB access when locked down 2021-03-02 15:54:15 +01:00
gettext verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gfxmenu gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label 2021-03-02 15:54:20 +01:00
hello * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
hook * grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic 2011-11-11 21:03:49 +01:00
io io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails 2021-03-02 15:54:18 +01:00
kern kern/efi/sb: Add chainloaded image as shim's verifiable object 2021-03-10 13:49:42 +01:00
lib lib/arg: Block repeated short options that require an argument 2021-03-02 15:54:17 +01:00
loader loader/i386/linux: Do not use grub_le_to_cpu32() for relocatable variable 2021-03-02 17:46:13 +01:00
mmap mmap: Fix memory leak when iterating over mapped memory 2021-03-02 15:54:15 +01:00
net net/tftp: Fix dangling memory pointer 2021-03-02 15:54:16 +01:00
normal normal/completion: Fix leaking of memory when processing a completion 2021-03-02 15:54:17 +01:00
osdep disk: Rename grub_disk_get_size() to grub_disk_native_sectors() 2020-12-12 01:19:03 +01:00
partmap mbr: Warn if MBR gap is small and user uses advanced modules 2020-12-12 01:19:03 +01:00
parttool * grub-core/net/http.c: Add TRANSLATORS comments. 2012-03-05 16:42:26 +01:00
script script/execute: Don't crash on a "for" loop with no items 2021-03-02 15:54:17 +01:00
term term/gfxterm: Don't set up a font with glyphs that are too big 2021-03-02 15:54:18 +01:00
tests calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
video video/readers/jpeg: Don't decode data before start of stream 2021-03-02 15:54:18 +01:00
gdb_grub.in * grub-core/gdb_grub.in: Fix overflow and wrong field. 2013-10-14 03:40:20 +02:00
genemuinit.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genemuinitheader.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genmod.sh.in .mod files: Strip annobin annotations and .eh_frame, and their relocations 2018-03-05 14:08:22 +01:00
genmoddep.awk enforcing fixup 2017-08-14 16:27:10 +02:00
gensyminfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00
gensymlist.sh Make 'make check' work on emu. 2013-04-27 02:00:16 +02:00
gentrigtables.c * grub-core/gentrigtables.c: Make tables const. 2013-03-01 11:15:09 +01:00
gmodule.pl.in * grub-core/gmodule.pl.in: Accept newer binutils which output 2014-09-21 18:23:23 +02:00
Makefile.am kern/efi: Add initial stack protector implementation 2021-03-02 15:54:19 +01:00
Makefile.core.def kern/buffer: Add variable sized heap buffer 2021-03-02 15:54:19 +01:00
modinfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00