[v6,11/11] fdt: Treat device tree file type like ACPI

Message ID	20190212103108.56963-12-agraf@suse.de
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Alexander Graf <agraf@suse.de> To: grub-devel@gnu.org Subject: [PATCH v6 11/11] fdt: Treat device tree file type like ACPI Date: Tue, 12 Feb 2019 11:31:08 +0100 Message-Id: <20190212103108.56963-12-agraf@suse.de> In-Reply-To: <20190212103108.56963-1-agraf@suse.de> References: <20190212103108.56963-1-agraf@suse.de> Precedence: list Reply-To: The development of GNU GRUB <grub-devel@gnu.org> Cc: "rickchen36 @ gmail . com" <rickchen36@gmail.com>, David Abdurachmanov <david.abdurachmanov@gmail.com>, schwab@suse.de, "greentime @ andestech . com" <greentime@andestech.com>, leif.lindholm@linaro.org, atish.patra@wdc.com, Michael Chang <mchang@suse.com>, Alistair Francis <Alistair.Francis@wdc.com>, Lukas Auer <lukas.auer@aisec.fraunhofer.de>, Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com>, Daniel Kiper <dkiper@net-space.pl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>
Series	Add RISC-V support \| expand [v6,00/11] Add RISC-V support [v6,01/11] efi: Rename armxx to arch [v6,02/11] PE: Add RISC-V definitions [v6,03/11] elf.h: Add RISC-V definitions [v6,04/11] RISC-V: Add setjmp implementation [v6,05/11] RISC-V: Add early startup code [v6,06/11] RISC-V: Add Linux load logic [v6,07/11] RISC-V: Add awareness for RISC-V reloations [v6,08/11] RISC-V: Add auxiliary files [v6,09/11] RISC-V: Add libgcc helpers for clz [v6,10/11] RISC-V: Add to build system [v6,11/11] fdt: Treat device tree file type like ACPI

Message ID

20190212103108.56963-12-agraf@suse.de

State

New

Headers

Received-SPF: pass (google.com: domain of
	grub-devel-bounces+patch=linaro.org@gnu.org designates
	209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
From: Alexander Graf <agraf@suse.de>
To: grub-devel@gnu.org
Subject: [PATCH v6 11/11] fdt: Treat device tree file type like ACPI
Date: Tue, 12 Feb 2019 11:31:08 +0100
Message-Id: <20190212103108.56963-12-agraf@suse.de>
In-Reply-To: <20190212103108.56963-1-agraf@suse.de>
References: <20190212103108.56963-1-agraf@suse.de>
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: "rickchen36 @ gmail . com" <rickchen36@gmail.com>,
	David Abdurachmanov <david.abdurachmanov@gmail.com>, schwab@suse.de, 
	"greentime @ andestech . com" <greentime@andestech.com>,
	leif.lindholm@linaro.org, atish.patra@wdc.com,
	Michael Chang <mchang@suse.com>,
	Alistair Francis <Alistair.Francis@wdc.com>,
	Lukas Auer <lukas.auer@aisec.fraunhofer.de>,
	Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com>, 
	Daniel Kiper <dkiper@net-space.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org
Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>

Series

Add RISC-V support | expand

Commit Message

Alexander Graf Feb. 12, 2019, 10:31 a.m. UTC

We now have signature check logic in grub which allows us to treat
files differently depending on their file type.

Treat a loaded device tree like an overlayed ACPI table.
Both describe hardware, so I suppose their threat level is the same.

Signed-off-by: Alexander Graf <agraf@suse.de>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>


---

v3 -> v4:

  - Rebase onto current git master
---
 grub-core/commands/efi/shim_lock.c | 1 +
 include/grub/file.h                | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

-- 
2.12.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Comments

Alistair Francis Feb. 13, 2019, 12:40 a.m. UTC | #1

On Tue, 2019-02-12 at 11:31 +0100, Alexander Graf wrote:
> We now have signature check logic in grub which allows us to treat

> files differently depending on their file type.

> 

> Treat a loaded device tree like an overlayed ACPI table.

> Both describe hardware, so I suppose their threat level is the same.

> 

> Signed-off-by: Alexander Graf <agraf@suse.de>

> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>


Reviewed-by: Alistair Francis <alistair.francis@wdc.com>


Alistair

> 

> ---

> 

> v3 -> v4:

> 

>   - Rebase onto current git master

> ---

>  grub-core/commands/efi/shim_lock.c | 1 +

>  include/grub/file.h                | 4 ++--

>  2 files changed, 3 insertions(+), 2 deletions(-)

> 

> diff --git a/grub-core/commands/efi/shim_lock.c b/grub-

> core/commands/efi/shim_lock.c

> index 01246b0fc..83568cb2b 100644

> --- a/grub-core/commands/efi/shim_lock.c

> +++ b/grub-core/commands/efi/shim_lock.c

> @@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type

> type,

>        /* Fall through. */

>  

>      case GRUB_FILE_TYPE_ACPI_TABLE:

> +    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:

>        *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;

>  

>        return GRUB_ERR_NONE;

> diff --git a/include/grub/file.h b/include/grub/file.h

> index cbbd29465..31567483c 100644

> --- a/include/grub/file.h

> +++ b/include/grub/file.h

> @@ -74,8 +74,6 @@ enum grub_file_type

>  

>      GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,

>  

> -    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,

> -

>      /* File holding signature.  */

>      GRUB_FILE_TYPE_SIGNATURE,

>      /* File holding public key to verify signature once.  */

> @@ -100,6 +98,8 @@ enum grub_file_type

>      GRUB_FILE_TYPE_FILE_ID,

>      /* File holding ACPI table.  */

>      GRUB_FILE_TYPE_ACPI_TABLE,

> +    /* File holding Device Tree.  */

> +    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,

>      /* File we intend show to user.  */

>      GRUB_FILE_TYPE_CAT,

>      GRUB_FILE_TYPE_HEXCAT,

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
index 01246b0fc..83568cb2b 100644
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -81,6 +81,7 @@  shim_lock_init (grub_file_t io, enum grub_file_type type,
       /* Fall through. */
 
     case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
 
       return GRUB_ERR_NONE;
diff --git a/include/grub/file.h b/include/grub/file.h
index cbbd29465..31567483c 100644
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -74,8 +74,6 @@  enum grub_file_type
 
     GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,
 
-    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
-
     /* File holding signature.  */
     GRUB_FILE_TYPE_SIGNATURE,
     /* File holding public key to verify signature once.  */
@@ -100,6 +98,8 @@  enum grub_file_type
     GRUB_FILE_TYPE_FILE_ID,
     /* File holding ACPI table.  */
     GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
     /* File we intend show to user.  */
     GRUB_FILE_TYPE_CAT,
     GRUB_FILE_TYPE_HEXCAT,

[v6,11/11] fdt: Treat device tree file type like ACPI

Commit Message

Comments

Patch