[SECURITY PATCH 110/117] grub-install-common: Add --sbat option

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY PATCH 110/117] grub-install-common: Add --sbat option

From:	Daniel Kiper
Subject:	[SECURITY PATCH 110/117] grub-install-common: Add --sbat option
Date:	Tue, 2 Mar 2021 19:01:57 +0100

From: Dimitri John Ledkov <xnox@ubuntu.com>

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 include/grub/util/install.h |  5 ++++-
 util/grub-install-common.c  | 12 ++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/include/grub/util/install.h b/include/grub/util/install.h
index 3736a16aa..c14985858 100644
--- a/include/grub/util/install.h
+++ b/include/grub/util/install.h
@@ -63,6 +63,8 @@
     /* TRANSLATORS: "embed" is a verb (command description).  "*/      \
   { "pubkey",   'k', N_("FILE"), 0,                                    \
       N_("embed FILE as public key for signature checking"), 0},       \
+  { "sbat", GRUB_INSTALL_OPTIONS_SBAT, N_("FILE"), 0,                  \
+      N_("SBAT metadata"), 0 },                                                
\
   { "verbose", 'v', 0, 0,                                              \
     N_("print verbose messages."), 1 }
 
@@ -122,7 +124,8 @@ enum grub_install_options {
   GRUB_INSTALL_OPTIONS_THEMES_DIRECTORY,
   GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE,
   GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS,
-  GRUB_INSTALL_OPTIONS_DTB
+  GRUB_INSTALL_OPTIONS_DTB,
+  GRUB_INSTALL_OPTIONS_SBAT
 };
 
 extern char *grub_install_source_directory;
diff --git a/util/grub-install-common.c b/util/grub-install-common.c
index 56dcb52bf..89af26c26 100644
--- a/util/grub-install-common.c
+++ b/util/grub-install-common.c
@@ -332,6 +332,7 @@ handle_install_list (struct install_list *il, const char 
*val,
 
 static char **pubkeys;
 static size_t npubkeys;
+static char *sbat;
 static grub_compression_t compression;
 
 int
@@ -362,6 +363,12 @@ grub_install_parse (int key, char *arg)
                          * (npubkeys + 1));
       pubkeys[npubkeys++] = xstrdup (arg);
       return 1;
+    case GRUB_INSTALL_OPTIONS_SBAT:
+      if (sbat)
+       free (sbat);
+
+      sbat = xstrdup (arg);
+      return 1;
 
     case GRUB_INSTALL_OPTIONS_VERBOSITY:
       verbosity++;
@@ -523,9 +530,10 @@ grub_install_make_image_wrap_file (const char *dir, const 
char *prefix,
   grub_util_info ("grub-mkimage --directory '%s' --prefix '%s'"
                  " --output '%s' "
                  " --dtb '%s' "
+                 "--sbat '%s' "
                  "--format '%s' --compression '%s' %s %s\n",
                  dir, prefix,
-                 outname, dtb ? : "", mkimage_target,
+                 outname, dtb ? : "", sbat ? : "", mkimage_target,
                  compnames[compression], note ? "--note" : "", s);
   free (s);
 
@@ -536,7 +544,7 @@ grub_install_make_image_wrap_file (const char *dir, const 
char *prefix,
   grub_install_generate_image (dir, prefix, fp, outname,
                               modules.entries, memdisk_path,
                               pubkeys, npubkeys, config_path, tgt,
-                              note, compression, dtb, NULL);
+                              note, compression, dtb, sbat);
   while (dc--)
     grub_install_pop_module ();
 }
-- 
2.11.0

[Prev in Thread]

Current Thread

[Next in Thread]

[SECURITY PATCH 116/117] templates: Disable the os-prober by default, (continued)
- [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/02
  - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/02
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
- [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 110/117] grub-install-common: Add --sbat option, Daniel Kiper <=
- [SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 111/117] shim_lock: Only skip loading shim_lock verifier with explicit consent, Daniel Kiper, 2021/03/02
- Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, John Paul Adrian Glaubitz, 2021/03/02
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Bruce Dubbs, 2021/03/02
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/02
    - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Neal Gompa, 2021/03/09
    - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/09
- Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Paul Menzel, 2021/03/18
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/22

Prev by Date: [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error
Next by Date: [SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling
Previous by thread: [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error
Next by thread: [SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling
Index(es):
- Date
- Thread