[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 6/7] efi: Allow loading multiboot modules without verification
|
From: |
Ross Lagerwall |
|
Subject: |
[PATCH 6/7] efi: Allow loading multiboot modules without verification |
|
Date: |
Wed, 13 Mar 2024 15:07:47 +0000 |
GRUB doesn't do anything with multiboot modules except loading them and
passing a pointer to the multiboot kernel. Therefore GRUB itself doesn't
need to verify the module. Multiboot modules may contain code that needs
to be verified. If this is the case, the expectation is that the
multiboot kernel verifies the modules. For example, with Xen, the first
multiboot module contains the dom0 kernel binary and Xen verifies it
before starting it.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
grub-core/kern/efi/sb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 8d3e413608bb..f76290d65e9f 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -171,6 +171,7 @@ shim_lock_verifier_init (grub_file_t io __attribute__
((unused)),
case GRUB_FILE_TYPE_LOADENV:
case GRUB_FILE_TYPE_SAVEENV:
case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
+ case GRUB_FILE_TYPE_MULTIBOOT_MODULE:
*flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
return GRUB_ERR_NONE;
--
2.43.0
- Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, (continued)
[PATCH 3/7] multiboot2: Add support for the load type header tag, Ross Lagerwall, 2024/03/13
[PATCH 2/7] multiboot2: Allow 64-bit entry tags, Ross Lagerwall, 2024/03/13
[PATCH 4/7] multiboot2: Add PE load support, Ross Lagerwall, 2024/03/13
[PATCH 6/7] efi: Allow loading multiboot modules without verification,
Ross Lagerwall <=
[PATCH 5/7] multiboot2: Add support for 64-bit entry addresses, Ross Lagerwall, 2024/03/13
[PATCH 7/7] verifiers: Verify after decompression, Ross Lagerwall, 2024/03/13