tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kern/rescue_reader: Block the rescue mode until the CLI authentication

Browse Source 
This further mitigates potential misuse of the CLI after the
root device has been successfully unlocked via TPM.

Fixes: CVE-2025-4382

Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Maxim Suhanov 2025-02-28 17:00:53 +03:00 committed by Daniel Kiper
parent 4abac0ad5a
commit c448f511e7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
grub-core/kern/rescue_reader.c
View File

@ -79,7 +79,7 @@ void __attribute__ ((noreturn))
grub_rescue_run (void) grub_rescue_run (void)
{ {
/* Stall if the CLI has been disabled */ /* Stall if the CLI has been disabled */
if (grub_is_cli_disabled ()) if (grub_is_cli_disabled () || grub_is_cli_need_auth ())
{ {
grub_printf ("Rescue mode has been disabled...\n"); grub_printf ("Rescue mode has been disabled...\n");