main/vaseboot
main
/
vaseboot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
vaseboot/grub-core/kern
History
Colin Watson dec8c6a8ac Don't allow insmod when secure boot is enabled. 
Hi,

Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes.  However, the insmod command is not the only way that
modules can be loaded.  In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory.  This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.

I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct.  It
moves the check into grub_dl_load_file.
 		2018-03-29 22:18:52 -04:00
..
arm Fix thumb compilation with clang. 2017-02-02 00:59:49 +01:00
arm64 Fix mingw compilation. 2017-02-03 13:01:34 +01:00
efi Don't allow insmod when secure boot is enabled. 2018-03-29 22:18:52 -04:00
emu Ensure that grub_reboot doesn't return on emu. 2017-01-27 20:10:23 +00:00
generic rtc_get_time_ms.c (grub_rtc_get_time_ms): Avoid division by zero. 2015-01-21 17:42:14 +01:00
i386 Add wbinvd around bios call. 2016-02-14 08:34:10 +01:00
ia64 Fix remaining cases of gcc 7 fallthrough warning. 2017-04-12 01:42:38 +00:00
ieee1275 ieee1275: fix signed comparison 2016-02-24 18:37:22 +01:00
mips Fix remaining cases of gcc 7 fallthrough warning. 2017-04-12 01:42:38 +00:00
powerpc Remove libgcc dependency. 2015-03-03 20:50:37 +01:00
sparc64 Fix remaining cases of gcc 7 fallthrough warning. 2017-04-12 01:42:38 +00:00
uboot Enable cache on ARM U-Boot port. 2013-12-23 05:01:58 +01:00
x86_64 Support grub-emu on x32 (ILP32 but with x86-64 instruction set) 2014-09-07 23:04:50 +01:00
xen Remove xen VFB. 2013-12-18 18:43:09 +01:00
acpi.c Make grub_acpi_find_fadt accessible generically 2016-02-12 11:35:48 +01:00
command.c Remove prio_list 2012-02-12 03:52:17 +01:00
compiler-rt.c ARM: provide __aeabi_memclr* and __aeabi_memcpy* symbols 2015-07-22 20:40:13 +02:00
corecmd.c * grub-core/kern/corecmd.c (grub_core_cmd_set): Use grub_env_get 2013-06-07 18:25:19 +02:00
device.c Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
disk.c * grub-core/kern/disk.c: Fix potential overflow. 2013-12-21 13:23:37 +01:00
disk_common.c * grub-core/kern/disk_common.c: Clump disk size to 1EiB. 2014-08-10 11:27:36 +02:00
dl.c Don't allow insmod when secure boot is enabled. 2018-03-29 22:18:52 -04:00
elf.c kern/elf: Ignore cast-align warnings 2015-11-09 11:39:30 +01:00
elfXX.c kern/elf: fix unintended sign extension 2016-01-09 19:41:26 +03:00
env.c * grub-core/kern/env.c, include/grub/env.h: Change iterator through 2013-03-03 01:34:27 +01:00
err.c * grub-core/kern/misc.c (grub_abort): Make static 2013-10-27 14:13:39 +01:00
file.c Add comments to code for commit d313218 2015-11-07 13:01:23 +03:00
fs.c Remove nested functions from filesystem directory iterators. 2013-01-21 01:33:46 +00:00
list.c Remove prio_list. 2012-02-26 22:49:24 +01:00
main.c * grub-core/kern/main.c (grub_set_prefix_and_root): Set variable 2013-11-14 15:53:32 +01:00
misc.c Refresh before abort 2016-02-22 19:46:55 +01:00
mm.c mm: Avoid integer overflow. 2016-02-17 18:09:44 +01:00
parser.c kernel: print and reset grub_errno after each embedded config line 2015-12-16 21:20:30 +03:00
partition.c Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
rescue_parser.c rescue_parser: restructure code to avoid Coverity false positive 2016-01-09 18:15:27 +03:00
rescue_reader.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
term.c Lift 255x255 erminal sie restriction to 65535x65535. Also change from 2013-10-19 23:59:32 +02:00
time.c automake commit without merge history 2010-05-06 11:34:04 +05:30
vga_init.c * grub-core/kern/vga_init.c: Fix compilation on qemu-mips. 2013-08-14 09:50:57 +02:00