Colin Watson dec8c6a8ac Don't allow insmod when secure boot is enabled. ... Hi, Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine as far as it goes. However, the insmod command is not the only way that modules can be loaded. In particular, the 'normal' command, which implements the usual GRUB menu and the fully-featured command prompt, will implicitly load commands not currently loaded into memory. This permits trivial Secure Boot violations by writing commands implementing whatever you want to do and pointing $prefix at the malicious code. I'm currently test-building this patch (replacing your current grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It moves the check into grub_dl_load_file.		2018-03-29 22:18:52 -04:00
..
api.h	lsefimmap: support persistent memory and other UEFI 2.5 features	2015-12-17 21:00:44 +03:00
console.h	2008-09-24 Robert Millan <rmh@aybabtu.com>	2008-09-24 10:17:56 +00:00
console_control.h	2007-07-22 Yoshinori K. Okuji <okuji@enbug.org>	2007-07-21 23:32:33 +00:00
disk.h	2007-07-22 Yoshinori K. Okuji <okuji@enbug.org>	2007-07-21 23:32:33 +00:00
edid.h	Use EDID on EFI.	2012-03-04 00:48:21 +01:00
efi.h	Don't allow insmod when secure boot is enabled.	2018-03-29 22:18:52 -04:00
graphics_output.h	* grub-core/term/efi/console.c (grub_efi_console_init): Set text mode.	2012-05-26 13:33:34 +02:00
memory.h	* include/grub/efi/memory.h (grub_machine_mmap_iterate):	2011-12-13 14:47:00 +01:00
pci.h	* include/grub/efi/pci.h: New file to define EFI PCI protocols.	2012-02-27 11:42:23 +01:00
pe32.h	Add gcc_struct to all packed structures when compiling with mingw.	2013-12-15 14:14:30 +01:00
uga_draw.h	* include/grub/efi/uga_draw.h (GRUB_EFI_UGA_GLT_MAX): Rename to ...	2010-06-11 22:15:35 +01:00