vbatts/grub - Git - Batts Cloud

vbatts/grub

Fork 0

Commit graph

Author	SHA1	Message	Date
Matthew Garrett	e5ee3e8fa5	Add verity hash passthrough Read the verity hash from the kernel binary and pass it to the running system via the kernel command line	2015-06-23 13:15:53 -07:00
Matthew Garrett	9b669efb38	Fail validation if we can't find shim and Secure Boot is enabled If grub is signed with a key that's in the trusted EFI keyring, an attacker can point a boot entry at grub rather than at shim and grub will fail to locate the shim verification protocol. This would then allow booting an arbitrary kernel image. Fail validation if Secure Boot is enabled and we can't find the shim protocol in order to prevent this.	2015-04-22 12:47:49 -07:00
Matthew Garrett	0de7775230	Add support for linuxefi	2014-11-05 20:40:53 -08:00

Author

SHA1

Message

Date

Matthew Garrett

e5ee3e8fa5

Add verity hash passthrough

Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line

2015-06-23 13:15:53 -07:00

Matthew Garrett

9b669efb38

Fail validation if we can't find shim and Secure Boot is enabled

If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.

2015-04-22 12:47:49 -07:00

Matthew Garrett

0de7775230

Add support for linuxefi

2014-11-05 20:40:53 -08:00

3 commits