Colin Watson 25850cfd50 Don't allow insmod when secure boot is enabled. ... Hi, Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine as far as it goes. However, the insmod command is not the only way that modules can be loaded. In particular, the 'normal' command, which implements the usual GRUB menu and the fully-featured command prompt, will implicitly load commands not currently loaded into memory. This permits trivial Secure Boot violations by writing commands implementing whatever you want to do and pointing $prefix at the malicious code. I'm currently test-building this patch (replacing your current grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It moves the check into grub_dl_load_file.		2015-04-22 12:47:49 -07:00
..
arm	* grub-core/kern/arm/cache_armv6.S: Remove .arch directive.	2013-12-25 23:31:42 +01:00
arm64	Decrease number of strings to translate.	2013-12-18 07:26:13 +01:00
efi	Don't allow insmod when secure boot is enabled.	2015-04-22 12:47:49 -07:00
emu	Fix build with glibc 2.20	2014-09-15 19:59:27 +04:00
generic	Remove non-functional EFI grub_get_rtc. Put a better fatal message	2012-06-11 20:44:38 +02:00
i386	* grub-core/kern/i386/pc/mmap.c: Fallback to EISA memory map	2014-02-28 10:07:11 +01:00
ia64	* grub-core/kern/ia64/dl.c (grub_arch_dl_relocate_symbols): Add checks	2013-12-11 11:29:35 +01:00
ieee1275	ieee1275: check for IBM pseries emulated machine	2014-03-24 15:44:33 +00:00
mips	* grub-core/kern/mips/arc/init.c (grub_machine_get_bootlocation):	2014-08-25 15:19:48 -07:00
powerpc	* grub-core/kern/powerpc/dl_helper.c (grub_arch_dl_get_tramp_got_size):	2013-12-09 15:43:27 +01:00
sparc64	Implement sparc64 trampolines (needed for sparc64-emu).	2013-12-10 00:01:27 +01:00
uboot	Enable cache on ARM U-Boot port.	2013-12-23 05:01:58 +01:00
x86_64	Support grub-emu on x32 (ILP32 but with x86-64 instruction set)	2014-09-07 23:04:50 +01:00
xen	Remove xen VFB.	2013-12-18 18:43:09 +01:00
command.c	Remove prio_list	2012-02-12 03:52:17 +01:00
corecmd.c	* grub-core/kern/corecmd.c (grub_core_cmd_set): Use grub_env_get	2013-06-07 18:25:19 +02:00
device.c	Remove nested functions from device iterators.	2013-01-20 15:52:15 +00:00
disk.c	* grub-core/kern/disk.c: Fix potential overflow.	2013-12-21 13:23:37 +01:00
disk_common.c	* grub-core/kern/disk_common.c: Clump disk size to 1EiB.	2014-08-10 11:27:36 +02:00
dl.c	Don't allow insmod when secure boot is enabled.	2015-04-22 12:47:49 -07:00
elf.c	Make elfload not use hooks. Opt for flags and iterators instead.	2013-03-02 16:45:57 +01:00
elfXX.c	* grub-core/kern/elfXX.c: Use grub_addr_t rather than long when	2013-12-15 14:33:22 +01:00
env.c	* grub-core/kern/env.c, include/grub/env.h: Change iterator through	2013-03-03 01:34:27 +01:00
err.c	* grub-core/kern/misc.c (grub_abort): Make static	2013-10-27 14:13:39 +01:00
file.c	* grub-core/kern/file.c (grub_file_open): Free file->name on failure.	2013-11-18 02:41:42 +01:00
fs.c	Remove nested functions from filesystem directory iterators.	2013-01-21 01:33:46 +00:00
list.c	Remove prio_list.	2012-02-26 22:49:24 +01:00
main.c	* grub-core/kern/main.c (grub_set_prefix_and_root): Set variable	2013-11-14 15:53:32 +01:00
misc.c	* grub-core/kern/misc.c (__bzero): Don't compile in GRUB_UTIL.	2014-04-20 16:12:41 +02:00
mm.c	* grub-core/kern/mm.c (grub_real_malloc): Decrease cut-off of moving the	2013-11-18 17:41:37 +01:00
parser.c	* grub-core/kern/parser.c (grub_parser_split_cmdline): Remove nested	2013-11-07 02:53:43 +01:00
partition.c	Remove nested functions from device iterators.	2013-01-20 15:52:15 +00:00
rescue_parser.c	Remove nested functions from script reading and parsing.	2013-01-15 12:03:25 +00:00
rescue_reader.c	Remove nested functions from script reading and parsing.	2013-01-15 12:03:25 +00:00
term.c	Lift 255x255 erminal sie restriction to 65535x65535. Also change from	2013-10-19 23:59:32 +02:00
time.c	automake commit without merge history	2010-05-06 11:34:04 +05:30
vga_init.c	* grub-core/kern/vga_init.c: Fix compilation on qemu-mips.	2013-08-14 09:50:57 +02:00