Re: [PATCH] Add linuxefi module

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Add linuxefi module

From:	Vladimir 'φ-coder/phcoder' Serbinenko
Subject:	Re: [PATCH] Add linuxefi module
Date:	Tue, 21 Jan 2014 17:29:03 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0

On 21.01.2014 17:24, Andrey Borzenkov wrote:
> В Tue, 21 Jan 2014 00:28:08 +0100
> Lubomir Rintel <address@hidden> пишет:
> 
>>  
>>  module = {
>> +  name = linuxefi;
>> +  efi = loader/i386/efi/linux.c;
>> +  efi = lib/cmdline.c;
>> +  enable = i386_efi;
>> +  enable = x86_64_efi;
>> +};
>> +
> 
> Is it relevant for arm64-efi? 
> 
>> +static grub_err_t
>> +grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
>> +            int argc, char *argv[])
>> +{
>> +  grub_file_t file = 0;
>> +  struct linux_kernel_header lh;
>> +  grub_ssize_t len, start, filelen;
>> +  void *kernel;
>> +
>> +  grub_dl_ref (my_mod);
>> +
>> +  if (argc == 0)
>> +    {
>> +      grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
>> +      goto fail;
>> +    }
>> +
>> +  file = grub_file_open (argv[0]);
>> +  if (! file)
>> +    goto fail;
>> +
>> +  filelen = grub_file_size (file);
>> +
>> +  kernel = grub_malloc(filelen);
>> +
>> +  if (!kernel)
>> +    {
>> +      grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel 
>> buffer"));
>> +      goto fail;
>> +    }
>> +
>> +  if (grub_file_read (file, kernel, filelen) != filelen)
>> +    {
>> +      grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), 
>> argv[0]);
>> +      goto fail;
>> +    }
>> +
>> +  if (! grub_linuxefi_secure_validate (kernel, filelen))
>> +    {
>> +      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), 
>> argv[0]);
>> +      grub_free (kernel);
>> +      goto fail;
>> +    }
>> +
>> +  grub_file_seek (file, 0);
>> +
>> +  grub_free(kernel);
>> +
> 
> This leaves possibility to modify file after it was verified. It
> should continue to use in-memory content. 
> 
This part is from RH "Secureboot" patch. Few things are right about that
patch. Whatever signature verifications would need to be integrated with
signatures framework (I have some scratch in phcoder/file_types)
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/grub-devel
>

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Add linuxefi module, Lubomir Rintel, 2014/01/20
- Re: [PATCH] Add linuxefi module, SevenBits, 2014/01/20
  - Re: [PATCH] Add linuxefi module, Colin Watson, 2014/01/21
    - Re: [PATCH] Add linuxefi module, Vladimir 'φ-coder/phcoder' Serbinenko, 2014/01/21
    - Re: [PATCH] Add linuxefi module, SevenBits, 2014/01/21
- Re: [PATCH] Add linuxefi module, Andrey Borzenkov, 2014/01/21
  - Re: [PATCH] Add linuxefi module, Vladimir 'φ-coder/phcoder' Serbinenko <=
    - Re: [PATCH] Add linuxefi module, Colin Watson, 2014/01/21
    - Re: [PATCH] Add linuxefi module, Vladimir 'φ-coder/phcoder' Serbinenko, 2014/01/22
  - Re: [PATCH] Add linuxefi module, Matthew Garrett, 2014/01/21
    - Re: [PATCH] Add linuxefi module, Leif Lindholm, 2014/01/21

Prev by Date: Re: [PATCH] Add linuxefi module
Next by Date: Re: [PATCH] add GRUB_WINDOWS_DLLS to make windowsdir to allow shipping runtime files
Previous by thread: Re: [PATCH] Add linuxefi module
Next by thread: Re: [PATCH] Add linuxefi module
Index(es):
- Date
- Thread