No description
25850cfd50
Hi, Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine as far as it goes. However, the insmod command is not the only way that modules can be loaded. In particular, the 'normal' command, which implements the usual GRUB menu and the fully-featured command prompt, will implicitly load commands not currently loaded into memory. This permits trivial Secure Boot violations by writing commands implementing whatever you want to do and pointing $prefix at the malicious code. I'm currently test-building this patch (replacing your current grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It moves the check into grub_dl_load_file. |
||
|---|---|---|
| build-aux | ||
| conf | ||
| docs | ||
| grub-core | ||
| include | ||
| m4 | ||
| po | ||
| tests | ||
| themes/starfield | ||
| unicode | ||
| util | ||
| .gitignore | ||
| ABOUT-NLS | ||
| acinclude.m4 | ||
| AUTHORS | ||
| autogen.sh | ||
| BUGS | ||
| ChangeLog | ||
| config.h.in | ||
| configure.ac | ||
| COPYING | ||
| coreboot.cfg | ||
| geninit.sh | ||
| gentpl.py | ||
| INSTALL | ||
| linguas.sh | ||
| Makefile.am | ||
| Makefile.util.def | ||
| NEWS | ||
| README | ||
| THANKS | ||
| TODO | ||
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. Please look at the GRUB Wiki <http://grub.enbug.org> for testing procedures. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'