[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 6/7] efi: Allow loading multiboot modules without verification
GRUB doesn't do anything with multiboot modules except loading them and passing a pointer to the multiboot kernel. Therefore GRUB itself doesn't need to verify the module. Multiboot modules may contain code that needs to be verified. If this is the case, the expectation is that the multiboot kernel verifies the modules. For example, with Xen, the first multiboot module contains the dom0 kernel binary and Xen verifies it before starting it. Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx> --- grub-core/kern/efi/sb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c index 8d3e413608bb..f76290d65e9f 100644 --- a/grub-core/kern/efi/sb.c +++ b/grub-core/kern/efi/sb.c @@ -171,6 +171,7 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), case GRUB_FILE_TYPE_LOADENV: case GRUB_FILE_TYPE_SAVEENV: case GRUB_FILE_TYPE_VERIFY_SIGNATURE: + case GRUB_FILE_TYPE_MULTIBOOT_MODULE: *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; return GRUB_ERR_NONE; -- 2.43.0
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |