grub

Clone
Source Code
GIT

468a569 commands: Restrict commands that can load BIOS or DT blobs when locked down

4 files Authored by javierm 3 years ago, Committed by Daniel Kiper 3 years ago,
raw patch tree parent
4 files changed. 16 lines added. 13 lines removed.
docs/grub.texi
file modified
+3 -0
grub-core/commands/efi/loadbios.c
file modified
+8 -8
grub-core/loader/arm/linux.c
file modified
+3 -3
grub-core/loader/efi/fdt.c
file modified
+2 -2 
    commands: Restrict commands that can load BIOS or DT blobs when locked down
    
    There are some more commands that should be restricted when the GRUB is
    locked down. Following is the list of commands and reasons to restrict:
    
      * fakebios:   creates BIOS-like structures for backward compatibility with
                    existing OSes. This should not be allowed when locked down.
    
      * loadbios:   reads a BIOS dump from storage and loads it. This action
                    should not be allowed when locked down.
    
      * devicetree: loads a Device Tree blob and passes it to the OS. It replaces
                    any Device Tree provided by the firmware. This also should
                    not be allowed when locked down.
    
    Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
file modified
+3 -0
file modified
+8 -8
file modified
+3 -3
file modified
+2 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.