From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1W5eCW-0002O9-3j for mharc-grub-devel@gnu.org; Tue, 21 Jan 2014 11:29:20 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51407) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5eCP-0002N4-Nk for grub-devel@gnu.org; Tue, 21 Jan 2014 11:29:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W5eCK-0001Qq-Uu for grub-devel@gnu.org; Tue, 21 Jan 2014 11:29:13 -0500 Received: from mail-ee0-x229.google.com ([2a00:1450:4013:c00::229]:61161) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5eCK-0001Qe-NW for grub-devel@gnu.org; Tue, 21 Jan 2014 11:29:08 -0500 Received: by mail-ee0-f41.google.com with SMTP id e49so4234714eek.0 for ; Tue, 21 Jan 2014 08:29:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=KmUN+6hCOpsVVPk0X+6x8ODJk0L791Qa9otV9H23SmI=; b=bcSETc97nPb+Rko9RPj93CYi4Khc92v9ekSwNjOTxZK6x9gmukgxTIxtDUdXq/mAov 06q+q9pncQn+wFrBtc7eUDs3h9TFgciYtXPo3EQR1h1yHZkyZ9aVpkihpmU0u9VEg2gv 7JAcNbDMqpcEp9U2tQ7AvBpvSS0K/6zTNgbW1FukeO/6dXTcroU1/myrXYbA+/q5LWlC Qc6yiI+nfIor661fAoyPM9Y+P4RO5DCpyWYUa2HFuO+okiTu3qt0BVDvcuyiEn59Tt5m vTnxXMc7vOZ1Ogl4O/tdF3pOT/T3IT/wSe4CI7lQSMNzBJKWHZfMybj0mvi9dSgmy7lH vJHA== X-Received: by 10.14.202.8 with SMTP id c8mr2088285eeo.88.1390321747942; Tue, 21 Jan 2014 08:29:07 -0800 (PST) Received: from [192.168.42.92] (144-228.197-178.cust.bluewin.ch. [178.197.228.144]) by mx.google.com with ESMTPSA id o47sm16494233eem.21.2014.01.21.08.29.04 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 21 Jan 2014 08:29:07 -0800 (PST) Message-ID: <52DEA04F.6030002@gmail.com> Date: Tue, 21 Jan 2014 17:29:03 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: [PATCH] Add linuxefi module References: <1390260488-18091-1-git-send-email-lkundrak@v3.sk> <20140121202447.66091674@opensuse.site> In-Reply-To: <20140121202447.66091674@opensuse.site> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="scrX248kGPEofskqMK6mNBng4Qjefp8R9" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4013:c00::229 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 16:29:18 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --scrX248kGPEofskqMK6mNBng4Qjefp8R9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 21.01.2014 17:24, Andrey Borzenkov wrote: > =D0=92 Tue, 21 Jan 2014 00:28:08 +0100 > Lubomir Rintel =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >=20 >> =20 >> module =3D { >> + name =3D linuxefi; >> + efi =3D loader/i386/efi/linux.c; >> + efi =3D lib/cmdline.c; >> + enable =3D i386_efi; >> + enable =3D x86_64_efi; >> +}; >> + >=20 > Is it relevant for arm64-efi?=20 >=20 >> +static grub_err_t >> +grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), >> + int argc, char *argv[]) >> +{ >> + grub_file_t file =3D 0; >> + struct linux_kernel_header lh; >> + grub_ssize_t len, start, filelen; >> + void *kernel; >> + >> + grub_dl_ref (my_mod); >> + >> + if (argc =3D=3D 0) >> + { >> + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); >> + goto fail; >> + } >> + >> + file =3D grub_file_open (argv[0]); >> + if (! file) >> + goto fail; >> + >> + filelen =3D grub_file_size (file); >> + >> + kernel =3D grub_malloc(filelen); >> + >> + if (!kernel) >> + { >> + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel = buffer")); >> + goto fail; >> + } >> + >> + if (grub_file_read (file, kernel, filelen) !=3D filelen) >> + { >> + grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"= ), argv[0]); >> + goto fail; >> + } >> + >> + if (! grub_linuxefi_secure_validate (kernel, filelen)) >> + { >> + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signat= ure"), argv[0]); >> + grub_free (kernel); >> + goto fail; >> + } >> + >> + grub_file_seek (file, 0); >> + >> + grub_free(kernel); >> + >=20 > This leaves possibility to modify file after it was verified. It > should continue to use in-memory content.=20 >=20 This part is from RH "Secureboot" patch. Few things are right about that patch. Whatever signature verifications would need to be integrated with signatures framework (I have some scratch in phcoder/file_types) > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >=20 --scrX248kGPEofskqMK6mNBng4Qjefp8R9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iF4EAREKAAYFAlLeoE8ACgkQmBXlbbo5nOsXqQD/dN/7ccfBF6NReHU18OBRkb0K QfJyaHW9+8CqM8lplIEA/jgi8FyKmG9WeLro2+jiDS/+un/EJfPMNYFE7i/FDhM6 =QK8e -----END PGP SIGNATURE----- --scrX248kGPEofskqMK6mNBng4Qjefp8R9--