From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1W5e8N-0001CR-Ql for mharc-grub-devel@gnu.org; Tue, 21 Jan 2014 11:25:03 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49805) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5e8G-00014N-N9 for grub-devel@gnu.org; Tue, 21 Jan 2014 11:25:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W5e8A-00087j-Oc for grub-devel@gnu.org; Tue, 21 Jan 2014 11:24:56 -0500 Received: from mail-lb0-x22e.google.com ([2a00:1450:4010:c04::22e]:50672) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5e8A-00087R-Gw for grub-devel@gnu.org; Tue, 21 Jan 2014 11:24:50 -0500 Received: by mail-lb0-f174.google.com with SMTP id l4so4535191lbv.33 for ; Tue, 21 Jan 2014 08:24:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=INr2qD/kqkSmZat8lhLNNcOE9CfS6DyyNmY1EQgBS5U=; b=DFco4ZKiZidXk4IA4OFItKZaYCt9JQp/RSk6F3M9WocautWPNatDiYJTdYejBTDHQt ipun3jRaPJJc2LvXDau5vwkEtdumhP9jFq0puXK9T7+8H1zsOT3cHabXfclDFv8mYsrO e1flXuBTKorY6XY2SFgpvWfuzUIv2Sv6Q+YBs4q6rv47FkbpNzOXYI/5OCSfLYQedDZo 1VI4OPk2/O724lJ8Pkvnl5vpjhulg6NJVyFsUMxFzPaEhvZyvO/HDzMRe0aTV5WZxLJk LoocV9qPpTztexwY2twUnvFBmuwv8oQA2OQHl8nxX2M3XGvw8HAI7w4eD/8PVA6zDNU3 fckA== X-Received: by 10.152.3.10 with SMTP id 10mr2712991lay.35.1390321488109; Tue, 21 Jan 2014 08:24:48 -0800 (PST) Received: from opensuse.site (ppp91-76-154-95.pppoe.mtu-net.ru. [91.76.154.95]) by mx.google.com with ESMTPSA id g8sm6075988lae.1.2014.01.21.08.24.47 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Tue, 21 Jan 2014 08:24:47 -0800 (PST) Date: Tue, 21 Jan 2014 20:24:47 +0400 From: Andrey Borzenkov To: The development of GNU GRUB Subject: Re: [PATCH] Add linuxefi module Message-ID: <20140121202447.66091674@opensuse.site> In-Reply-To: <1390260488-18091-1-git-send-email-lkundrak@v3.sk> References: <1390260488-18091-1-git-send-email-lkundrak@v3.sk> X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.22; x86_64-suse-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c04::22e Cc: lkundrak@v3.sk, Matthew Garrett X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 16:25:02 -0000 В Tue, 21 Jan 2014 00:28:08 +0100 Lubomir Rintel пишет: > > module = { > + name = linuxefi; > + efi = loader/i386/efi/linux.c; > + efi = lib/cmdline.c; > + enable = i386_efi; > + enable = x86_64_efi; > +}; > + Is it relevant for arm64-efi? > +static grub_err_t > +grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), > + int argc, char *argv[]) > +{ > + grub_file_t file = 0; > + struct linux_kernel_header lh; > + grub_ssize_t len, start, filelen; > + void *kernel; > + > + grub_dl_ref (my_mod); > + > + if (argc == 0) > + { > + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); > + goto fail; > + } > + > + file = grub_file_open (argv[0]); > + if (! file) > + goto fail; > + > + filelen = grub_file_size (file); > + > + kernel = grub_malloc(filelen); > + > + if (!kernel) > + { > + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); > + goto fail; > + } > + > + if (grub_file_read (file, kernel, filelen) != filelen) > + { > + grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); > + goto fail; > + } > + > + if (! grub_linuxefi_secure_validate (kernel, filelen)) > + { > + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); > + grub_free (kernel); > + goto fail; > + } > + > + grub_file_seek (file, 0); > + > + grub_free(kernel); > + This leaves possibility to modify file after it was verified. It should continue to use in-memory content.