grub/grub-core/loader/i386/efi at 9b669efb38a4bd1269fd83dc69ef58cfbd45f7c8 - vbatts/grub - Git

History

Matthew Garrett 9b669efb38 Fail validation if we can't find shim and Secure Boot is enabled If grub is signed with a key that's in the trusted EFI keyring, an attacker can point a boot entry at grub rather than at shim and grub will fail to locate the shim verification protocol. This would then allow booting an arbitrary kernel image. Fail validation if Secure Boot is enabled and we can't find the shim protocol in order to prevent this.	2015-04-22 12:47:49 -07:00
..
linux.c	Fail validation if we can't find shim and Secure Boot is enabled	2015-04-22 12:47:49 -07:00

Matthew Garrett 9b669efb38 Fail validation if we can't find shim and Secure Boot is enabled

If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.

2015-04-22 12:47:49 -07:00

linux.c

Fail validation if we can't find shim and Secure Boot is enabled

2015-04-22 12:47:49 -07:00