On Wed, Nov 14, 2018 at 06:27:39PM +0100, Alexander Graf wrote: > We now have signature check logic in grub which allows us to treat > files differently depending on their file type. > > Mark a loaded device tree as such and treat it like an overlayed ACPI > table. Both describe hardware, so I suppose their threat level is the > same. > > Signed-off-by: Alexander Graf <ag...@suse.de> > --- > grub-core/commands/efi/shim_lock.c | 1 + > grub-core/loader/efi/fdt.c | 2 +- > include/grub/file.h | 2 ++ > 3 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/grub-core/commands/efi/shim_lock.c > b/grub-core/commands/efi/shim_lock.c > index 01246b0fc..90dccb0c7 100644 > --- a/grub-core/commands/efi/shim_lock.c > +++ b/grub-core/commands/efi/shim_lock.c > @@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type, > /* Fall through. */ > > case GRUB_FILE_TYPE_ACPI_TABLE: > + case GRUB_FILE_TYPE_DEVICE_TREE: > *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; > > return GRUB_ERR_NONE; > diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c > index a4c6e8036..d8ebe648e 100644 > --- a/grub-core/loader/efi/fdt.c > +++ b/grub-core/loader/efi/fdt.c > @@ -123,7 +123,7 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ > ((unused)), > return GRUB_ERR_NONE; > } > > - dtb = grub_file_open (argv[0]); > + dtb = grub_file_open (argv[0], GRUB_FILE_TYPE_DEVICE_TREE); > if (!dtb) > goto out; > > diff --git a/include/grub/file.h b/include/grub/file.h > index 19dda67f6..b8fb13017 100644 > --- a/include/grub/file.h > +++ b/include/grub/file.h > @@ -93,6 +93,8 @@ enum grub_file_type > GRUB_FILE_TYPE_FILE_ID, > /* File holding ACPI table. */ > GRUB_FILE_TYPE_ACPI_TABLE, > + /* File holding Device Tree. */ > + GRUB_FILE_TYPE_DEVICE_TREE, > /* File we intend show to user. */ > GRUB_FILE_TYPE_CAT, > GRUB_FILE_TYPE_HEXCAT,
You have to rebase this patch set on latest master. It has GRUB_FILE_TYPE_DEVICE_TREE_IMAGE instead of GRUB_FILE_TYPE_DEVICE_TREE. Please use it. If you wish you can move it behind GRUB_FILE_TYPE_ACPI_TABLE in grub_file_type. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel