grub/grub-core/loader/i386/efi at 858f7634667f4073d9f24a50e25555efe0093016 - vbatts/grub - Git

History

Matthew Garrett 76fb8e4341 Fix race in EFI validation The Secure Boot code currently reads the kernel from disk, validates the signature and then reads it from disk again. A sufficiently exciting storage device could modify the kernel between these two events and trigger the execution of an untrusted kernel. Avoid re-reading it in order to ensure this isn't a problem, and in the process speed up boot by not reading the kernel twice.	2016-01-05 14:14:54 -08:00
..
linux.c	Fix race in EFI validation	2016-01-05 14:14:54 -08:00

Matthew Garrett 76fb8e4341 Fix race in EFI validation

The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.

2016-01-05 14:14:54 -08:00

linux.c

Fix race in EFI validation

2016-01-05 14:14:54 -08:00