fdt: Treat device tree file type like ACPI
We now have signature check logic in grub which allows us to treat files differently depending on their file type. Treat a loaded device tree like an overlayed ACPI table. Both describe hardware, so I suppose their threat level is the same. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
This commit is contained in:
parent
09d8eedbba
commit
3591313ca9
2 changed files with 3 additions and 2 deletions
|
@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,
|
|||
/* Fall through. */
|
||||
|
||||
case GRUB_FILE_TYPE_ACPI_TABLE:
|
||||
case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
|
||||
*flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
|
||||
|
||||
return GRUB_ERR_NONE;
|
||||
|
|
|
@ -74,8 +74,6 @@ enum grub_file_type
|
|||
|
||||
GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,
|
||||
|
||||
GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
|
||||
|
||||
/* File holding signature. */
|
||||
GRUB_FILE_TYPE_SIGNATURE,
|
||||
/* File holding public key to verify signature once. */
|
||||
|
@ -100,6 +98,8 @@ enum grub_file_type
|
|||
GRUB_FILE_TYPE_FILE_ID,
|
||||
/* File holding ACPI table. */
|
||||
GRUB_FILE_TYPE_ACPI_TABLE,
|
||||
/* File holding Device Tree. */
|
||||
GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
|
||||
/* File we intend show to user. */
|
||||
GRUB_FILE_TYPE_CAT,
|
||||
GRUB_FILE_TYPE_HEXCAT,
|
||||
|
|
Loading…
Reference in a new issue