grub2

mirror of https://git.proxmox.com/git/grub2 synced 2025-10-04 07:50:49 +00:00

History

Luca Boccassi b2c4515a83 Do not overwrite sentinel byte in boot_params, breaks lockdown grub currently copies the entire boot_params, which includes setting sentinel byte to 0xff, which triggers sanitize_boot_params in the kernel which in turn clears various boot_params variables, including the indication that the bootloader chain is verified and thus the kernel disables lockdown mode. According to the information on the Fedora bug tracker, only the information from byte 0x1f1 is necessary, so start copying from there instead. Author: Luca Boccassi <bluca@debian.org> Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360 Forwarded: no Patch-Name: fix-lockdown.patch	2021-09-27 20:09:39 +01:00
..
linux.c	Do not overwrite sentinel byte in boot_params, breaks lockdown	2021-09-27 20:09:39 +01:00

Luca Boccassi b2c4515a83 Do not overwrite sentinel byte in boot_params, breaks lockdown

grub currently copies the entire boot_params, which includes setting
sentinel byte to 0xff, which triggers sanitize_boot_params in the kernel
which in turn clears various boot_params variables, including the
indication that the bootloader chain is verified and thus the kernel
disables lockdown mode.  According to the information on the Fedora bug
tracker, only the information from byte 0x1f1 is necessary, so start
copying from there instead.

Author: Luca Boccassi <bluca@debian.org>
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
Forwarded: no

Patch-Name: fix-lockdown.patch

2021-09-27 20:09:39 +01:00

linux.c

Do not overwrite sentinel byte in boot_params, breaks lockdown

2021-09-27 20:09:39 +01:00