From patchwork Thu Mar 28 15:13:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 13608717 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D65F3C54E64 for ; Thu, 28 Mar 2024 15:11:12 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.698957.1091277 (Exim 4.92) (envelope-from ) id 1rprPF-0002MB-Al; Thu, 28 Mar 2024 15:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 698957.1091277; Thu, 28 Mar 2024 15:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprPF-0002M0-7V; Thu, 28 Mar 2024 15:11:05 +0000 Received: by outflank-mailman (input) for mailman id 698957; Thu, 28 Mar 2024 15:11:03 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprPD-0001mV-3O for xen-devel@lists.xenproject.org; Thu, 28 Mar 2024 15:11:03 +0000 Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [2607:f8b0:4864:20::82f]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 63cdc1a3-ed15-11ee-afe3-a90da7624cb6; Thu, 28 Mar 2024 16:11:02 +0100 (CET) Received: by mail-qt1-x82f.google.com with SMTP id d75a77b69052e-43107ccd7b9so5577561cf.3 for ; Thu, 28 Mar 2024 08:11:02 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id cr7-20020a05622a428700b004313f54aaa9sm696300qtb.5.2024.03.28.08.11.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 08:11:00 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 63cdc1a3-ed15-11ee-afe3-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1711638661; x=1712243461; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U2qmXAF7kH+Xo7dcYPNWV07zKXcD5akVAYdTNUPm5Ak=; b=bNoRIdajri1wVAtu80pzggb6o6axyqxWdnp5Bsa62pAuNgE8SvMNaWbtgjX00lXnI5 JcXm3jwPTPuJOdlxjmvFNw3H6JYkg9B1rAgNPISh5hKvZHUMa+0bO4x5GP+Us0RVmfXb a3tDWxrWiG55E38ofCUADCL9vBvt++XjBZBOY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711638661; x=1712243461; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U2qmXAF7kH+Xo7dcYPNWV07zKXcD5akVAYdTNUPm5Ak=; b=WLq9Shx+wr41UPL8YlP+FSeMYrpbIu1ozKHIp1KSBpAyAFpyceuwLySs6SghtaXYua J3JC7CFne5wHVA6oNl4hTwowF3SvfEllllwpHSWbrXiu99gK67JXJbXlDb9Z7vafBaiE Lp04YlAyPnXk3AeAJVYudDMGYeKy/sUeqNlmcicIifWFnGqMqdGJeWWnuQnSB5nX2J+8 sGhu1bSd5yIcGd1Cy31EpSmNRDKk9LrylF/YgIgzET5XZVMdvHWpo0tsE9GGBYQEd5N3 aebN0+V/bMTE5stGVhPXJmboj7pHgRjR5+mFICtTkV0spwb622kz/2iftm8SG9KxJjMf bltQ== X-Gm-Message-State: AOJu0YyepdaONKwYikXJMHD1REyWMuKQUmMi37BoVvCOU0J7Qh6I2boQ jxy1LP0otEu3WLki2zJ94JHlQW2aTYo2+d+mYvZbvrTReazfbJW4d21Qzu4IkQ== X-Google-Smtp-Source: AGHT+IHRgh7LeGuGdwNldABcb1tIrGf4GrwtRM68IhGmhRZqpwgzTkw0Gpe38tSy6CDtLxe8+DQwvA== X-Received: by 2002:ac8:5c8c:0:b0:430:e2cb:9a54 with SMTP id r12-20020ac85c8c000000b00430e2cb9a54mr3266954qta.12.1711638661506; Thu, 28 Mar 2024 08:11:01 -0700 (PDT) From: Ross Lagerwall To: grub-devel@gnu.org Cc: xen-devel@lists.xenproject.org, Ross Lagerwall , Daniel Kiper , Daniel Kiper , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Subject: [PATCH v2 3/3] efi: Allow loading multiboot modules without verification Date: Thu, 28 Mar 2024 15:13:02 +0000 Message-ID: <20240328151302.1451158-4-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240328151302.1451158-1-ross.lagerwall@citrix.com> References: <20240328151302.1451158-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 GRUB doesn't do anything with multiboot modules except loading them and passing a pointer to the multiboot kernel. Therefore GRUB itself doesn't need to verify the module. Multiboot modules may contain code that needs to be verified. If this is the case, the expectation is that the multiboot kernel verifies the modules. For example, with Xen, the first multiboot module contains the dom0 kernel binary and Xen verifies it before starting it. Signed-off-by: Ross Lagerwall --- grub-core/kern/efi/sb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c index 8d3e413608bb..f76290d65e9f 100644 --- a/grub-core/kern/efi/sb.c +++ b/grub-core/kern/efi/sb.c @@ -171,6 +171,7 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), case GRUB_FILE_TYPE_LOADENV: case GRUB_FILE_TYPE_SAVEENV: case GRUB_FILE_TYPE_VERIFY_SIGNATURE: + case GRUB_FILE_TYPE_MULTIBOOT_MODULE: *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; return GRUB_ERR_NONE;