tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
grub/grub-core/kern
History
Dimitri John Ledkov 968de8c23c shim_lock: Only skip loading shim_lock verifier with explicit consent 
Commit 32ddc42c (efi: Only register shim_lock verifier if shim_lock
protocol is found and SB enabled) reintroduced CVE-2020-15705 which
previously only existed in the out-of-tree linuxefi patches and was
fixed as part of the BootHole patch series.

Under Secure Boot enforce loading shim_lock verifier. Allow skipping
shim_lock verifier if SecureBoot/MokSBState EFI variables indicate
skipping validations, or if GRUB image is built with --disable-shim-lock.

Fixes: 132ddc42c (efi: Only register shim_lock verifier if shim_lock
       protocol is found and SB enabled)
Fixes: CVE-2020-15705
Fixes: CVE-2021-3418

Reported-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:19 +01:00
..
arm
efi: Fix use-after-free in halt/reboot path
2020-07-29 16:55:48 +02:00
arm64
efi: Fix use-after-free in halt/reboot path
2020-07-29 16:55:48 +02:00
coreboot
arm-coreboot: Start new port.
2017-05-08 20:53:28 +02:00
efi
shim_lock: Only skip loading shim_lock verifier with explicit consent
2021-03-02 15:54:19 +01:00
emu
emu: Make grub_free(NULL) safe
2020-07-29 16:55:48 +02:00
generic
rtc_get_time_ms.c (grub_rtc_get_time_ms): Avoid division by zero.
2015-01-21 17:42:14 +01:00
i386
i386: Don't include <grub/cpu/linux.h> in coreboot and ieee1275 startup.S
2020-12-11 13:52:18 +01:00
ia64
efi: Fix use-after-free in halt/reboot path
2020-07-29 16:55:48 +02:00
ieee1275
ieee1275: NULL pointer dereference in grub_ieee1275_encode_devname()
2019-04-04 18:34:05 +02:00
mips
disk: Rename grub_disk_get_size() to grub_disk_native_sectors()
2020-12-12 01:19:03 +01:00
powerpc
Support R_PPC_PLTREL24
2019-03-25 15:08:49 +01:00
riscv
efi: Fix use-after-free in halt/reboot path
2020-07-29 16:55:48 +02:00
sparc64
sparc64: #blocks64 disk node method
2018-03-05 15:26:36 +01:00
uboot
calloc: Use calloc() at most places
2020-07-29 16:55:47 +02:00
x86_64
x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32
2018-02-23 22:25:30 +01:00
xen
xen: Add basic hooks for PVH in current code
2018-12-12 12:03:27 +01:00
acpi.c
Make grub_acpi_find_fadt accessible generically
2016-02-12 11:35:48 +01:00
buffer.c
kern/buffer: Add variable sized heap buffer
2021-03-02 15:54:19 +01:00
command.c
kern: Add lockdown support
2021-03-02 15:54:15 +01:00
compiler-rt.c
mips: Enable __clzdi2()
2020-12-18 23:04:36 +01:00
corecmd.c
Change fs functions to add fs_ prefix
2019-04-09 10:03:29 +10:00
device.c
Remove nested functions from device iterators.
2013-01-20 15:52:15 +00:00
disk_common.c
disk: Move hardcoded max disk size literal to a GRUB_DISK_MAX_SECTORS in disk.h
2020-12-12 01:19:03 +01:00
disk.c
disk: Rename grub_disk_get_size() to grub_disk_native_sectors()
2020-12-12 01:19:03 +01:00
dl.c
dl: Only allow unloading modules that are not dependencies
2021-03-02 15:54:15 +01:00
elf.c
verifiers: File type for fine-grained signature-verification controlling
2018-11-09 13:25:31 +01:00
elfXX.c
kern/elf: fix unintended sign extension
2016-01-09 19:41:26 +03:00
env.c
* grub-core/kern/env.c, include/grub/env.h: Change iterator through
2013-03-03 01:34:27 +01:00
err.c
* grub-core/kern/misc.c (grub_abort): Make static
2013-10-27 14:13:39 +01:00
file.c
Change fs functions to add fs_ prefix
2019-04-09 10:03:29 +10:00
fs.c
fs: Fix block lists not being able to address to end of disk sometimes
2020-12-12 01:19:03 +01:00
list.c
Remove prio_list.
2012-02-26 22:49:24 +01:00
lockdown.c
kern/lockdown: Set a variable if the GRUB is locked down
2021-03-02 15:54:15 +01:00
main.c
verifiers: Move verifiers API to kernel image
2021-03-02 15:54:15 +01:00
misc.c
kern/misc: Always set *end in grub_strtoull()
2021-03-02 15:54:17 +01:00
mm.c
calloc: Make sure we always have an overflow-checking calloc() available
2020-07-29 16:55:47 +02:00
parser.c
kern/parser: Fix a stack buffer overflow
2021-03-02 15:54:19 +01:00
partition.c
kern/partition: Check for NULL before dereferencing input string
2021-03-02 15:54:16 +01:00
rescue_parser.c
rescue_parser: restructure code to avoid Coverity false positive
2016-01-09 18:15:27 +03:00
rescue_reader.c
Remove nested functions from script reading and parsing.
2013-01-15 12:03:25 +00:00
term.c
kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys
2020-04-21 22:13:44 +02:00
time.c
automake commit without merge history
2010-05-06 11:34:04 +05:30
verifiers.c
verifiers: Move verifiers API to kernel image
2021-03-02 15:54:15 +01:00
vga_init.c
* grub-core/kern/vga_init.c: Fix compilation on qemu-mips.
2013-08-14 09:50:57 +02:00