From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1dLLct-0002LR-4n
	for mharc-grub-devel@gnu.org; Wed, 14 Jun 2017 23:39:19 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48716)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prvs=03396d0097=mjg59@cavan.codon.org.uk>)
	id 1dLLcr-0002LC-6W
	for grub-devel@gnu.org; Wed, 14 Jun 2017 23:39:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <prvs=03396d0097=mjg59@cavan.codon.org.uk>)
	id 1dLLcq-0003hX-7K
	for grub-devel@gnu.org; Wed, 14 Jun 2017 23:39:17 -0400
Received: from cavan.codon.org.uk ([2a00:1098:0:80:1000:c:0:1]:51427)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71)
	(envelope-from <prvs=03396d0097=mjg59@cavan.codon.org.uk>)
	id 1dLLcp-0003gp-Tk
	for grub-devel@gnu.org; Wed, 14 Jun 2017 23:39:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codon.org.uk;
	s=63138784; 
	h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
	bh=lahS756VN2KY9VOyEz3PE2ahb89CI0KLkoKPxTeIUEo=; 
	b=SMbiDBY46PxusZ2VfeR/mVaWCR534chvwvVv16aq+yt/2jPMApgKQ5G/NxvwF2zLFzxi2bIZc26nTKJmB2KhgSwkW3YBQph4pIiTETyb6W+kMoNhKM0BrTFqjo4EKl5UYXmF1sMo6YWCZlAJgmBHq5XBF/IYm7jfttoHjbaiA6o=;
Received: from mjg59 by cavan.codon.org.uk with local (Exim 4.84_2)
	(envelope-from <mjg59@cavan.codon.org.uk>) id 1dLLco-0000h7-Fr
	for grub-devel@gnu.org; Thu, 15 Jun 2017 04:39:14 +0100
Date: Thu, 15 Jun 2017 04:39:14 +0100
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: [PATCH 1/3] Move verifiers to the kernel
Message-ID: <20170615033914.GA2433@srcf.ucam.org>
References: <20170615004245.127430-1-mjg59@google.com>
	<20170615004245.127430-2-mjg59@google.com>
	<CAEaD8JP2OnTp+goQMOkw=H0ya-wKTdnbhNbGvkeoAP-htchWEA@mail.gmail.com>
	<20170615014841.GA26702@srcf.ucam.org>
	<CAEaD8JMM8d07jrD0hWWajhGve6ESamPhSF1pm62vJQ6Th3pi+w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAEaD8JMM8d07jrD0hWWajhGve6ESamPhSF1pm62vJQ6Th3pi+w@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk
X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2a00:1098:0:80:1000:c:0:1
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 03:39:18 -0000

On Thu, Jun 15, 2017 at 01:52:14AM +0000, Vladimir 'phcoder' Serbinenko wrote:
> On Thu, Jun 15, 2017, 03:49 Matthew Garrett <mjg59@srcf.ucam.org> wrote:
> >  if you're making the ordering significant,
> > it's far too easy for someone to mess up and end up with an insecure
> > system as a result.
> >
> Adding them would be part of grub-install, not manual by user.

Hm. Is there any way for a module to detect that it's being loaded 
rather than being part of the core, and throw an error in that case?

-- 
Matthew Garrett | mjg59@srcf.ucam.org