fdt: Treat device tree file type like ACPI

We now have signature check logic in grub which allows us to treat files differently depending on their file type. Treat a loaded device tree like an overlayed ACPI table. Both describe hardware, so I suppose their threat level is the same. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2019-02-12 11:31:08 +01:00 · 2019-02-12 11:31:08 +01:00 · c956126a51
parent f1957dc8a3
commit c956126a51
2 changed files with 3 additions and 2 deletions
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,
      /* Fall through. */

    case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
      *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;

      return GRUB_ERR_NONE;
--- a/include/grub/file.h
+++ b/include/grub/file.h
@ -74,8 +74,6 @@ enum grub_file_type

    GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,

-    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
-
    /* File holding signature.  */
    GRUB_FILE_TYPE_SIGNATURE,
    /* File holding public key to verify signature once.  */
@ -100,6 +98,8 @@ enum grub_file_type
    GRUB_FILE_TYPE_FILE_ID,
    /* File holding ACPI table.  */
    GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
    /* File we intend show to user.  */
    GRUB_FILE_TYPE_CAT,
    GRUB_FILE_TYPE_HEXCAT,