From patchwork Mon Jan 28 12:44:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 156729 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp3387142jaa; Mon, 28 Jan 2019 04:46:32 -0800 (PST) X-Google-Smtp-Source: ALg8bN661LyG6R168rWefgVdtlLX5BpknOOnWGf0dCoqQM+rFHx8nRkFWRMWRW8Yw74S5Md6+1MN X-Received: by 2002:a1c:cf82:: with SMTP id f124mr17568184wmg.95.1548679592535; Mon, 28 Jan 2019 04:46:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548679592; cv=none; d=google.com; s=arc-20160816; b=Ke5SFhlx3VEgOirqHheoPtGFDceeNMw+nkkXRxJsGaPastvqTicBfGXSQrSFrGeTK5 lGL9YXeyOrJDcI6BrxPqeSgowLxI1uQYOFpz8U1mJxXgtl5qIb+2pT9zaB2vHd/teqsv Ndwo6kx5MW/zWCOye7BPNIIM4Os2+4WsZTmQbbpbIDhj9VnMWT43qQO2Bb1xre9uSp46 2zVAxklS3X8PsonyQWULMkQxe+Pqb5UuZPtiJctmIhdM/+oJJydbohBVqfsY2mCdwDyD kl/HnjrXTH/TXp8lNKxG/vq6aKDdjpTQJvvgqm2kcUsuMj8YzH5B5bfkLCycTvBHu9/u TjWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:references:in-reply-to:message-id:date:subject :to:from; bh=J9ZMc+68zJWTAcnXsRm/dtl7UIgvX4CIJ6Td0OzV/eM=; b=LclqPLp7XRn96k1VX+VF48GQDpen34Q9a1iR7T2T2lsd17Kwc4tGWScIvnCHpHlBTG vyLxUELIPiaAhifh9Kvb5kZFKlvyy/NvoIj7zaBCvF34ajs8shZZiL/hRuduEeOe4Tbi 6EMcOOn0bITdQuGU0b4EMdMnlGzZUMpmsxpNR5IxYG8lx3DDL7yIVPKsCiaMAQT81n0A wJXTxG3L48KXJNHcAOkDV9NWxcYHV1DJaAQ+httSZvA183+e/ohW5FssQlJ4WOe9xBF5 nsJwoFx05IzG44wU6xfUGRspcsD6gwjYuGXxVCy5+my6OYSH7rsaAxx67Bo0S9Jdbn2t qKyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h14si80668223wrt.183.2019.01.28.04.46.32 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 28 Jan 2019 04:46:32 -0800 (PST) Received-SPF: pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Received: from localhost ([127.0.0.1]:59244 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1go6J5-0000BP-Cf for patch@linaro.org; Mon, 28 Jan 2019 07:46:31 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48986) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1go6Hd-0007QZ-W8 for grub-devel@gnu.org; Mon, 28 Jan 2019 07:45:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1go6Hc-0003bm-EL for grub-devel@gnu.org; Mon, 28 Jan 2019 07:45:01 -0500 Received: from mx2.suse.de ([195.135.220.15]:60080 helo=mx1.suse.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1go6Hc-0003UP-1T for grub-devel@gnu.org; Mon, 28 Jan 2019 07:45:00 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id A85EAAEF5; Mon, 28 Jan 2019 12:44:48 +0000 (UTC) From: Alexander Graf To: grub-devel@gnu.org Subject: [PATCH v5 11/11] fdt: Treat device tree file type like ACPI Date: Mon, 28 Jan 2019 13:44:47 +0100 Message-Id: <20190128124447.81028-12-agraf@suse.de> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20190128124447.81028-1-agraf@suse.de> References: <20190128124447.81028-1-agraf@suse.de> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-Received-From: 195.135.220.15 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Cc: rickchen36@gmail.com, greentime , Andreas Schwab , David Abdurachmanov , leif.lindholm@linaro.org, atish.patra@wdc.com, Michael Chang , Alistair Francis , Lukas Auer , Paul Walmsley , Bin Meng , Daniel Kiper MIME-Version: 1.0 Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org Sender: "Grub-devel" We now have signature check logic in grub which allows us to treat files differently depending on their file type. Treat a loaded device tree like an overlayed ACPI table. Both describe hardware, so I suppose their threat level is the same. Signed-off-by: Alexander Graf Reviewed-by: Daniel Kiper --- v3 -> v4: - Rebase onto current git master --- grub-core/commands/efi/shim_lock.c | 1 + include/grub/file.h | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) -- 2.12.3 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c index 01246b0fc..83568cb2b 100644 --- a/grub-core/commands/efi/shim_lock.c +++ b/grub-core/commands/efi/shim_lock.c @@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type, /* Fall through. */ case GRUB_FILE_TYPE_ACPI_TABLE: + case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; return GRUB_ERR_NONE; diff --git a/include/grub/file.h b/include/grub/file.h index cbbd29465..31567483c 100644 --- a/include/grub/file.h +++ b/include/grub/file.h @@ -74,8 +74,6 @@ enum grub_file_type GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE, - GRUB_FILE_TYPE_DEVICE_TREE_IMAGE, - /* File holding signature. */ GRUB_FILE_TYPE_SIGNATURE, /* File holding public key to verify signature once. */ @@ -100,6 +98,8 @@ enum grub_file_type GRUB_FILE_TYPE_FILE_ID, /* File holding ACPI table. */ GRUB_FILE_TYPE_ACPI_TABLE, + /* File holding Device Tree. */ + GRUB_FILE_TYPE_DEVICE_TREE_IMAGE, /* File we intend show to user. */ GRUB_FILE_TYPE_CAT, GRUB_FILE_TYPE_HEXCAT,