From patchwork Wed Nov 14 17:27:39 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Graf <agraf@suse.de>
X-Patchwork-Id: 151094
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5962777ljp;
 Wed, 14 Nov 2018 09:28:03 -0800 (PST)
X-Google-Smtp-Source: AJdET5fGIqBxTVa5Ctiq9tOIS7kBuTG+tQU9yHaj9oSX/rv4VSf4NpcKYpwnL3KXm+f+QrqRNmE7
X-Received: by 2002:ac8:2df0:: with SMTP id q45mr2726415qta.178.1542216483124; 
 Wed, 14 Nov 2018 09:28:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542216483; cv=none;
 d=google.com; s=arc-20160816;
 b=vpAx6fUb6MC/R1CeD2d/y2gmNV2O1nqnKE3RRGzXAzbk3tbm5e/Fa55x8E7sVNTDy3
 a14PCkK471Grrb5BvR07bNVgDpTJ6Qo7H2vHYuDvhNHDqOPFNnVSWh6XNWwBsggyQz3i
 aZbmg+26vCtAjdNoxLsmM+Scyjitz4lbuaJpO7U5Mwbfj5DwJGSZQkQfuFIzOiGHbq3B
 IC4EKuSFtRkh538Rdx7j30DScJ7vpSuebA650RbSDkefBRKpCTkxL86R2Pr19XaOWrkv
 X53bNYoc2eFNavVAEWE5JHowDQ/BD+R2h3QAbIYykUnmajhtw2lMoLAyBwjEP9zJXJ/1
 2nIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:references:in-reply-to:message-id:date:subject
 :to:from;
 bh=/JOi4s/aURXLsQrEE5by4zgqpb0oC5yFw9TpmO5ztjo=;
 b=qdOA5emaU0yETctENqiVu3N0CAlONeqN3YbD8/gYittGFuZwYOxDwk/RH/59DJowt/
 DqR+9koYh1iOwI8ULtipjcZ+iJyxbepvJ+iGYiQRbiCj59vOxShew93fTsGO3ZgCEnQh
 r4MMVCd1ItOEY1Du/W2NRU4gZ154NtyY4VZNst52JelyRz9MGBTS4ckSqpGeBCVKy6Xy
 FGVuzuBsaxHtcjOPYYtuKhEFQBDNzqKumIaz8azEjyZLHC4Y6KSuAyv4CBl1u3NPGq47
 IanosLZFpQyFjT81ShiZ9ve6TVWsBna65UmMMETUQ/YT/4aNazSvr/zrxSyTQ/WUUPLZ
 TS4A==
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org"
Return-Path: <grub-devel-bounces+patch=linaro.org@gnu.org>
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 x188si9361499qkd.268.2018.11.14.09.28.02 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Wed, 14 Nov 2018 09:28:03 -0800 (PST)
Received-SPF: pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org"
Received: from localhost ([::1]:33491 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <grub-devel-bounces+patch=linaro.org@gnu.org>)
 id 1gMyxO-00057A-J5
 for patch@linaro.org; Wed, 14 Nov 2018 12:28:02 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35235)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <agraf@suse.de>) id 1gMyxF-00056r-C0
 for grub-devel@gnu.org; Wed, 14 Nov 2018 12:27:54 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <agraf@suse.de>) id 1gMyxE-0007gs-0d
 for grub-devel@gnu.org; Wed, 14 Nov 2018 12:27:53 -0500
Received: from mx2.suse.de ([195.135.220.15]:48814 helo=mx1.suse.de)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <agraf@suse.de>) id 1gMyxD-0007eP-Hp
 for grub-devel@gnu.org; Wed, 14 Nov 2018 12:27:51 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
 by mx1.suse.de (Postfix) with ESMTP id 2748DB01D;
 Wed, 14 Nov 2018 17:27:41 +0000 (UTC)
From: Alexander Graf <agraf@suse.de>
To: grub-devel@gnu.org
Subject: [PATCH v3 10/10] fdt: Add device tree file type
Date: Wed, 14 Nov 2018 18:27:39 +0100
Message-Id: <20181114172739.51640-11-agraf@suse.de>
X-Mailer: git-send-email 2.12.3
In-Reply-To: <20181114172739.51640-1-agraf@suse.de>
References: <20181114172739.51640-1-agraf@suse.de>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no
 timestamps) [generic]
X-Received-From: 195.135.220.15
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: "rickchen36 @ gmail . com" <rickchen36@gmail.com>,
 David Abdurachmanov <david.abdurachmanov@gmail.com>, schwab@suse.de, 
 "greentime @ andestech . com" <greentime@andestech.com>,
 leif.lindholm@linaro.org, atish.patra@wdc.com,
 Michael Chang <mchang@suse.com>,
 Alistair Francis <Alistair.Francis@wdc.com>,
 Lukas Auer <lukas.auer@aisec.fraunhofer.de>,
 Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com>
MIME-Version: 1.0
Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org
Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>

We now have signature check logic in grub which allows us to treat
files differently depending on their file type.

Mark a loaded device tree as such and treat it like an overlayed ACPI
table. Both describe hardware, so I suppose their threat level is the
same.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 grub-core/commands/efi/shim_lock.c | 1 +
 grub-core/loader/efi/fdt.c         | 2 +-
 include/grub/file.h                | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

-- 
2.12.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
index 01246b0fc..90dccb0c7 100644
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,
       /* Fall through. */
 
     case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE:
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
 
       return GRUB_ERR_NONE;
diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
index a4c6e8036..d8ebe648e 100644
--- a/grub-core/loader/efi/fdt.c
+++ b/grub-core/loader/efi/fdt.c
@@ -123,7 +123,7 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)),
       return GRUB_ERR_NONE;
     }
 
-  dtb = grub_file_open (argv[0]);
+  dtb = grub_file_open (argv[0], GRUB_FILE_TYPE_DEVICE_TREE);
   if (!dtb)
     goto out;
 
diff --git a/include/grub/file.h b/include/grub/file.h
index 19dda67f6..b8fb13017 100644
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -93,6 +93,8 @@ enum grub_file_type
     GRUB_FILE_TYPE_FILE_ID,
     /* File holding ACPI table.  */
     GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE,
     /* File we intend show to user.  */
     GRUB_FILE_TYPE_CAT,
     GRUB_FILE_TYPE_HEXCAT,