From: Glenn Washburn <development@efficientek.com>
To: The development of GNU GRUB <grub-devel@gnu.org>,
Daniel Kiper <dkiper@net-space.pl>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
Glenn Washburn <development@efficientek.com>
Subject: [PATCH v2 0/3] efi: Initialize canary to non-zero value
Date: Mon, 11 Dec 2023 13:27:47 -0600 [thread overview]
Message-ID: <cover.1702321396.git.development@efficientek.com> (raw)
This series extends and improves the previous patch initializing the
stack guard canary. The first patch improves the previous patch by
setting the most significant byte to NULL, which will filter out
string buffer overflow attacks. The second patch allows creation of
the canary at build time from urandom if it exists. This change breaks
reproducible builds, so the third patch allows the canary to be set
from the environment variable SOURCE_DATE_EPOCH if its value is not
empty.
Glenn
Glenn Washburn (3):
efi: Initialize canary to non-zero value
efi: Generate stack protector canary at build time if urandom is
available
efi: Add support for reproducible builds
config.h.in | 2 ++
configure.ac | 22 ++++++++++++++++++++++
grub-core/kern/efi/init.c | 3 ++-
3 files changed, 26 insertions(+), 1 deletion(-)
--
2.34.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next reply other threads:[~2023-12-11 19:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-11 19:27 Glenn Washburn [this message]
2023-12-11 19:27 ` [PATCH v2 1/3] efi: Initialize canary to non-zero value Glenn Washburn
2023-12-13 20:24 ` Daniel Kiper
2023-12-19 6:14 ` Glenn Washburn
2023-12-11 19:27 ` [PATCH v2 2/3] efi: Generate stack protector canary at build time if urandom is available Glenn Washburn
2023-12-11 19:27 ` [PATCH v2 3/3] efi: Add support for reproducible builds Glenn Washburn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1702321396.git.development@efficientek.com \
--to=development@efficientek.com \
--cc=dimitri.ledkov@canonical.com \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.