[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 08/15] gdb: If enabled, print line used to load EFI kernel
Re: [PATCH v4 08/15] gdb: If enabled, print line used to load EFI kernel symbols when using gdb_grub script
Thu, 22 Dec 2022 19:17:31 +0100
On Wed, Dec 21, 2022 at 11:57:33AM -0600, Glenn Washburn wrote:
> On Wed, 21 Dec 2022 16:20:17 +0100
> Daniel Kiper <email@example.com> wrote:
> > Adding Robbie...
> > Please CC him next time when you post these patches. I would want to
> > hear his opinion too. Or at least he is aware what is happening
> > here...
> Sure, I CC'd him and Peter on the first couple of ones. But there was
> never had a response in the 4 months since then, so I figured they
> didn't care.
Until somebody ask you to not include themselves in the thread please
CC them. AFAICT many people read emails often, like me, but jump into
discussion when something really important for them is happening.
> > On Thu, Dec 15, 2022 at 11:29:31PM -0600, Glenn Washburn wrote:
> > > If the macro PRINT_GDB_SYM_LOAD_CMD is non-zero, compile code which
Why is this not a flag, like e.g. --enable-mm-debug, for the configure?
> > > will print the command needed to load symbols for the GRUB EFI
> > > kernel. This is needed because EFI firmware determines where to
> > > load the GRUB EFI at runtime, and so the relevant addresses are not
> > > known ahead of time.
> > >
> > > The command is a custom command defined in the gdb_grub GDB script.
> > > So GDB should be started with the script as an argument to the -x
> > > option or sourced into an active GDB session before running the
> > > outputted command.
> > I think this functionality should be disabled when lockdown is
> > enforced, e.g. on UEFI platforms with Secure Boot enabled.
> Since this is off by default and must be enabled at build time, then if
> the builder enabled it, they really did want it, regardless of
> lockdown. What you're worried about seems highly improbable to me (but
> then I don't know the inner workings of the distros). The concern as I
> understand it, is that someone doing an official release of a distro
> which will be secure boot ready will accidentally have this build time
> macro enabled. That's almost inconceivable to me, but I'm curious what
> the others have to say (especially since Robbie posted a similar patch
> that always printed this info as a debug message). Or is it more
> about a regular user signing with their own keys accidentally shooting
> themselves in the foot by forgetting to disable this (after having
> already enabled it) and then some physical attacker getting extra info
> to do an evil maid attack?
I can imagine that a distro builds and signs GRUB with debug embedded and
then somebody in the wild wants to enable this feature to debug a problem.
Of course them cannot rebuild the GRUB image because it is signed. However,
them can disable UEFI Secure Boot and enable debugging. Of course this
probably will not work in all cases but should help solve most problems.
[PATCH v4 09/15] gdb: Conditionally run GDB script logic for dynamically or statically positioned GRUB, Glenn Washburn, 2022/12/16
[PATCH v4 10/15] gdb: Only connect to remote target once when first sourced, Glenn Washburn, 2022/12/16
[PATCH v4 12/15] gdb: Allow running user-defined commands at GRUB start, Glenn Washburn, 2022/12/16
[PATCH v4 13/15] gdb: Add extra early initialization symbols for i386-pc, Glenn Washburn, 2022/12/16
- [PATCH v4 02/15] gdb: Prevent wrapping when writing to .segments.tmp, (continued)
- [PATCH v4 02/15] gdb: Prevent wrapping when writing to .segments.tmp, Glenn Washburn, 2022/12/16
- [PATCH v4 03/15] gdb: If no modules have been loaded, do not try to load module symbols, Glenn Washburn, 2022/12/16
- [PATCH v4 04/15] gdb: Move runtime module loading into runtime_load_module, Glenn Washburn, 2022/12/16
- [PATCH v4 05/15] gdb: Reliably load modules in runtime_load_module, Glenn Washburn, 2022/12/16
- [PATCH v4 06/15] gdb: Add functions to make loading from dynamically positioned targets easier, Glenn Washburn, 2022/12/16
- [PATCH v4 07/15] gdb: Remove Perl dependency for GRUB GDB script, Glenn Washburn, 2022/12/16
- [PATCH v4 08/15] gdb: If enabled, print line used to load EFI kernel symbols when using gdb_grub script, Glenn Washburn, 2022/12/16