From patchwork Sun Nov 25 23:38:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 151948 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp4944238ljp; Sun, 25 Nov 2018 15:39:56 -0800 (PST) X-Google-Smtp-Source: AFSGD/UlqnWXpjgfsG6Uvg5omYAx9btXk09qyTyZR7ywMIe3fbkm37QgUZiQgp6aaDgUQJFD+cW8 X-Received: by 2002:a81:3b0f:: with SMTP id i15mr12070358ywa.388.1543189196559; Sun, 25 Nov 2018 15:39:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543189196; cv=none; d=google.com; s=arc-20160816; b=QYrEgCcsN6+YTofDb8BxdNGgz36crLeBj1GXQivwvshu/c6urrGejtR+pCKsFzG0CM OQGC+ZxjPJS6aRlwwJimUTbwD2d76M8NIsVDknwzkZKZX+I0dUXyIz6xqythgElkpllL j97QefItTHrJzElrovLdZVxUX1VckWC5Ajffv01xSNgAHzutfjnwd9s1ws+V6J+XoDab X6JLXzmOmN+pUPkrIcBMMgiHwOzT2J59dydnWbMRm+Qf2wW7eg2ChwRLsj9oG90FpmGv h5LSK8jzL9OjmL5eArwXtXMRZZ587rEAs36Kleq9RuDcrS1i0r+BnyvhBkoIOzgBtwUM tuww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:references:in-reply-to:message-id:date:subject :to:from; bh=CFvt1PnjJbHF8dJ1hIcKr3nemgA2NFBctbQ8qc7hRw8=; b=sCjgnMasKyJkFTilDvR0anh8kPpqF4+ETCKJet5Hl/D9roLT8DGdkRShWTTaNMwVyn mYyKKfnaD654hg7tZvbExdf3kQExEzIg1fK7g0lwiqVrLcUNXbmhS70D5lQ5VNFbt0IP I2UkQ1W5Em1+NkLq5zC4Q0vqYRdl0LEWD1qqV8NNN5vzo14fJO8zzhmpF46x3hk/LAhg 3vr2CAt4kKunq2bgSVX1xX0pGfPQUi3P0jGujdV61HQHdSl4hrhZiWaM7W2w0BdbVCYL cuQUMoOj+0OqpFznG3qOfe4pausE9kMHmwwpp/wzZj85GkeL+lSDA68qNqejk9bzZ8Om 9iXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id w5si16815202ywe.160.2018.11.25.15.39.56 for (version=TLS1 cipher=AES128-SHA bits=128/128); Sun, 25 Nov 2018 15:39:56 -0800 (PST) Received-SPF: pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Received: from localhost ([::1]:33469 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gR40J-0001vC-St for patch@linaro.org; Sun, 25 Nov 2018 18:39:55 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52680) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gR3yq-0000yf-A3 for grub-devel@gnu.org; Sun, 25 Nov 2018 18:38:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gR3yo-0008Uo-6N for grub-devel@gnu.org; Sun, 25 Nov 2018 18:38:24 -0500 Received: from mx2.suse.de ([195.135.220.15]:49618 helo=mx1.suse.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gR3yn-0008UE-W7 for grub-devel@gnu.org; Sun, 25 Nov 2018 18:38:22 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id D947DAF51; Sun, 25 Nov 2018 23:38:18 +0000 (UTC) From: Alexander Graf To: grub-devel@gnu.org Subject: [PATCH v4 10/10] fdt: Treat device tree file type like ACPI Date: Mon, 26 Nov 2018 00:38:15 +0100 Message-Id: <20181125233815.56392-11-agraf@suse.de> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20181125233815.56392-1-agraf@suse.de> References: <20181125233815.56392-1-agraf@suse.de> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 195.135.220.15 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Cc: rickchen36@gmail.com, David Abdurachmanov , Andreas Schwab , greentime , leif.lindholm@linaro.org, atish.patra@wdc.com, Michael Chang , Alistair Francis , Lukas Auer , Paul Walmsley , Bin Meng MIME-Version: 1.0 Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org Sender: "Grub-devel" We now have signature check logic in grub which allows us to treat files differently depending on their file type. Treat a loaded device tree like an overlayed ACPI table. Both describe hardware, so I suppose their threat level is the same. Signed-off-by: Alexander Graf --- v3 -> v4: - Rebase onto current git master --- grub-core/commands/efi/shim_lock.c | 1 + include/grub/file.h | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) -- 2.12.3 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel Acked-by: Leif Lindholm Reviewed-by: Alistair Francis Reviewed-by: Daniel Kiper diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c index 01246b0fc..83568cb2b 100644 --- a/grub-core/commands/efi/shim_lock.c +++ b/grub-core/commands/efi/shim_lock.c @@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type, /* Fall through. */ case GRUB_FILE_TYPE_ACPI_TABLE: + case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; return GRUB_ERR_NONE; diff --git a/include/grub/file.h b/include/grub/file.h index 9aae46355..8c9bf5e5d 100644 --- a/include/grub/file.h +++ b/include/grub/file.h @@ -69,8 +69,6 @@ enum grub_file_type GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE, - GRUB_FILE_TYPE_DEVICE_TREE_IMAGE, - /* File holding signature. */ GRUB_FILE_TYPE_SIGNATURE, /* File holding public key to verify signature once. */ @@ -95,6 +93,8 @@ enum grub_file_type GRUB_FILE_TYPE_FILE_ID, /* File holding ACPI table. */ GRUB_FILE_TYPE_ACPI_TABLE, + /* File holding Device Tree. */ + GRUB_FILE_TYPE_DEVICE_TREE_IMAGE, /* File we intend show to user. */ GRUB_FILE_TYPE_CAT, GRUB_FILE_TYPE_HEXCAT,