* Doc Improvements - GRUB Stack Protector and NX Support?
@ 2025-08-23 15:35 Andrew Hamilton
2025-08-25 14:19 ` Leo Sandoval via Grub-devel
0 siblings, 1 reply; 3+ messages in thread
From: Andrew Hamilton @ 2025-08-23 15:35 UTC (permalink / raw)
To: The development of GNU GRUB
[-- Attachment #1.1: Type: text/plain, Size: 634 bytes --]
Hello,
I'm taking a pass through updating the GRUB docs prior to the 2.14 and
wanted to make sure the Security section was as complete as possible.
I had some questions I was wondering if anyone knew -
1. I see an option for stack protector during the configure stage, is this
officially supported / known to work?
2. There were some additions to support NX over the last couple years, is
that officially working / supported - and any special things needed to
enable it on a supported platform?
3. Any other new security topics I should try to cover (recent TPM related
improvements already appear to be captured)?
Thanks!
Andrew
[-- Attachment #1.2: Type: text/html, Size: 790 bytes --]
[-- Attachment #2: Type: text/plain, Size: 141 bytes --]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Doc Improvements - GRUB Stack Protector and NX Support?
2025-08-23 15:35 Doc Improvements - GRUB Stack Protector and NX Support? Andrew Hamilton
@ 2025-08-25 14:19 ` Leo Sandoval via Grub-devel
2025-08-25 19:30 ` Andrew Hamilton
0 siblings, 1 reply; 3+ messages in thread
From: Leo Sandoval via Grub-devel @ 2025-08-25 14:19 UTC (permalink / raw)
To: The development of GNU GRUB; +Cc: Leo Sandoval
[-- Attachment #1.1: Type: text/plain, Size: 1182 bytes --]
On Sat, Aug 23, 2025 at 9:36 AM Andrew Hamilton <adhamilt@gmail.com> wrote:
> Hello,
>
> I'm taking a pass through updating the GRUB docs prior to the 2.14 and
> wanted to make sure the Security section was as complete as possible.
>
> I had some questions I was wondering if anyone knew -
> 1. I see an option for stack protector during the configure stage, is this
> officially supported / known to work?
>
my 2 cents: I recently worked on 1 and on strong protection and it seems to
be working fine for UEFI systems. By working I mean the
-fstack-protector-strong gcc flag is there when
--enable-stack-protector=strong is indicated on the configuration step
> 2. There were some additions to support NX over the last couple years, is
> that officially working / supported - and any special things needed to
> enable it on a supported platform?
> 3. Any other new security topics I should try to cover (recent TPM related
> improvements already appear to be captured)?
>
>
> Thanks!
> Andrew
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>
[-- Attachment #1.2: Type: text/html, Size: 1954 bytes --]
[-- Attachment #2: Type: text/plain, Size: 141 bytes --]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Doc Improvements - GRUB Stack Protector and NX Support?
2025-08-25 14:19 ` Leo Sandoval via Grub-devel
@ 2025-08-25 19:30 ` Andrew Hamilton
0 siblings, 0 replies; 3+ messages in thread
From: Andrew Hamilton @ 2025-08-25 19:30 UTC (permalink / raw)
To: The development of GNU GRUB; +Cc: Leo Sandoval
Thank you for the feedback, that helps a lot. I'll try to capture
that in a doc update patch soon-ish.
Sincerely,
Andrew
On Mon, Aug 25, 2025 at 9:53 AM Leo Sandoval via Grub-devel
<grub-devel@gnu.org> wrote:
>
>
>
> On Sat, Aug 23, 2025 at 9:36 AM Andrew Hamilton <adhamilt@gmail.com> wrote:
>>
>> Hello,
>>
>> I'm taking a pass through updating the GRUB docs prior to the 2.14 and wanted to make sure the Security section was as complete as possible.
>>
>> I had some questions I was wondering if anyone knew -
>> 1. I see an option for stack protector during the configure stage, is this officially supported / known to work?
>
>
> my 2 cents: I recently worked on 1 and on strong protection and it seems to be working fine for UEFI systems. By working I mean the -fstack-protector-strong gcc flag is there when --enable-stack-protector=strong is indicated on the configuration step
>
>>
>> 2. There were some additions to support NX over the last couple years, is that officially working / supported - and any special things needed to enable it on a supported platform?
>> 3. Any other new security topics I should try to cover (recent TPM related improvements already appear to be captured)?
>>
>>
>> Thanks!
>> Andrew
>> _______________________________________________
>> Grub-devel mailing list
>> Grub-devel@gnu.org
>> https://lists.gnu.org/mailman/listinfo/grub-devel
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-08-25 19:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-23 15:35 Doc Improvements - GRUB Stack Protector and NX Support? Andrew Hamilton
2025-08-25 14:19 ` Leo Sandoval via Grub-devel
2025-08-25 19:30 ` Andrew Hamilton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).