[v4,10/10] fdt: Treat device tree file type like ACPI

Message ID	20181125233815.56392-11-agraf@suse.de
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; From: Alexander Graf <agraf@suse.de> To: grub-devel@gnu.org Subject: [PATCH v4 10/10] fdt: Treat device tree file type like ACPI Date: Mon, 26 Nov 2018 00:38:15 +0100 Message-Id: <20181125233815.56392-11-agraf@suse.de> In-Reply-To: <20181125233815.56392-1-agraf@suse.de> References: <20181125233815.56392-1-agraf@suse.de> Precedence: list Reply-To: The development of GNU GRUB <grub-devel@gnu.org> Cc: rickchen36@gmail.com, David Abdurachmanov <david.abdurachmanov@gmail.com>, Andreas Schwab <schwab@suse.de>, greentime <greentime@andestech.com>, leif.lindholm@linaro.org, atish.patra@wdc.com, Michael Chang <mchang@suse.com>, Alistair Francis <Alistair.Francis@wdc.com>, Lukas Auer <lukas.auer@aisec.fraunhofer.de>, Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>
Series	Add RISC-V support \| expand [v4,00/10] Add RISC-V support [v4,01/10] efi: Rename armxx to arch [v4,02/10] PE: Add RISC-V definitions [v4,03/10] elf.h: Add RISC-V definitions [v4,04/10] RISC-V: Add setjmp implementation [v4,05/10] RISC-V: Add early startup code [v4,06/10] RISC-V: Add Linux load logic [v4,07/10] RISC-V: Add awareness for RISC-V reloations [v4,08/10] RISC-V: Add auxiliary files [v4,09/10] RISC-V: Add to build system [v4,10/10] fdt: Treat device tree file type like ACPI

Message ID

20181125233815.56392-11-agraf@suse.de

State

Superseded

Headers

Received-SPF: pass (google.com: domain of
	grub-devel-bounces+patch=linaro.org@gnu.org designates
	2001:4830:134:3::11 as permitted sender)
	client-ip=2001:4830:134:3::11; 
From: Alexander Graf <agraf@suse.de>
To: grub-devel@gnu.org
Subject: [PATCH v4 10/10] fdt: Treat device tree file type like ACPI
Date: Mon, 26 Nov 2018 00:38:15 +0100
Message-Id: <20181125233815.56392-11-agraf@suse.de>
In-Reply-To: <20181125233815.56392-1-agraf@suse.de>
References: <20181125233815.56392-1-agraf@suse.de>
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: rickchen36@gmail.com, David Abdurachmanov <david.abdurachmanov@gmail.com>,
	Andreas Schwab <schwab@suse.de>,
	greentime <greentime@andestech.com>, leif.lindholm@linaro.org,
	atish.patra@wdc.com, Michael Chang <mchang@suse.com>,
	Alistair Francis <Alistair.Francis@wdc.com>,
	Lukas Auer <lukas.auer@aisec.fraunhofer.de>,
	Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org
Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>

Series

Add RISC-V support | expand

Commit Message

Alexander Graf Nov. 25, 2018, 11:38 p.m. UTC

We now have signature check logic in grub which allows us to treat
files differently depending on their file type.

Treat a loaded device tree like an overlayed ACPI table.
Both describe hardware, so I suppose their threat level is the same.

Signed-off-by: Alexander Graf <agraf@suse.de>


---

v3 -> v4:

  - Rebase onto current git master
---
 grub-core/commands/efi/shim_lock.c | 1 +
 include/grub/file.h                | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

-- 
2.12.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Comments

Leif Lindholm Nov. 26, 2018, 12:31 p.m. UTC | #1

On Mon, Nov 26, 2018 at 12:38:15AM +0100, Alexander Graf wrote:
> We now have signature check logic in grub which allows us to treat

> files differently depending on their file type.

> 

> Treat a loaded device tree like an overlayed ACPI table.

> Both describe hardware, so I suppose their threat level is the same.

> 

> Signed-off-by: Alexander Graf <agraf@suse.de>


Acked-by: Leif Lindholm <leif.lindholm@linaro.org>


> 

> ---

> 

> v3 -> v4:

> 

>   - Rebase onto current git master

> ---

>  grub-core/commands/efi/shim_lock.c | 1 +

>  include/grub/file.h                | 4 ++--

>  2 files changed, 3 insertions(+), 2 deletions(-)

> 

> diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c

> index 01246b0fc..83568cb2b 100644

> --- a/grub-core/commands/efi/shim_lock.c

> +++ b/grub-core/commands/efi/shim_lock.c

> @@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,

>        /* Fall through. */

>  

>      case GRUB_FILE_TYPE_ACPI_TABLE:

> +    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:

>        *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;

>  

>        return GRUB_ERR_NONE;

> diff --git a/include/grub/file.h b/include/grub/file.h

> index 9aae46355..8c9bf5e5d 100644

> --- a/include/grub/file.h

> +++ b/include/grub/file.h

> @@ -69,8 +69,6 @@ enum grub_file_type

>  

>      GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,

>  

> -    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,

> -

>      /* File holding signature.  */

>      GRUB_FILE_TYPE_SIGNATURE,

>      /* File holding public key to verify signature once.  */

> @@ -95,6 +93,8 @@ enum grub_file_type

>      GRUB_FILE_TYPE_FILE_ID,

>      /* File holding ACPI table.  */

>      GRUB_FILE_TYPE_ACPI_TABLE,

> +    /* File holding Device Tree.  */

> +    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,

>      /* File we intend show to user.  */

>      GRUB_FILE_TYPE_CAT,

>      GRUB_FILE_TYPE_HEXCAT,

> -- 

> 2.12.3

> 


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Alistair Francis Nov. 29, 2018, 11:42 p.m. UTC | #2

On Mon, 2018-11-26 at 00:38 +0100, Alexander Graf wrote:
> We now have signature check logic in grub which allows us to treat

> files differently depending on their file type.

> 

> Treat a loaded device tree like an overlayed ACPI table.

> Both describe hardware, so I suppose their threat level is the same.

> 

> Signed-off-by: Alexander Graf <agraf@suse.de>


Reviewed-by: Alistair Francis <alistair.francis@wdc.com>


Alistair

> 

> ---

> 

> v3 -> v4:

> 

>   - Rebase onto current git master

> ---

>  grub-core/commands/efi/shim_lock.c | 1 +

>  include/grub/file.h                | 4 ++--

>  2 files changed, 3 insertions(+), 2 deletions(-)

> 

> diff --git a/grub-core/commands/efi/shim_lock.c b/grub-

> core/commands/efi/shim_lock.c

> index 01246b0fc..83568cb2b 100644

> --- a/grub-core/commands/efi/shim_lock.c

> +++ b/grub-core/commands/efi/shim_lock.c

> @@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type

> type,

>        /* Fall through. */

>  

>      case GRUB_FILE_TYPE_ACPI_TABLE:

> +    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:

>        *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;

>  

>        return GRUB_ERR_NONE;

> diff --git a/include/grub/file.h b/include/grub/file.h

> index 9aae46355..8c9bf5e5d 100644

> --- a/include/grub/file.h

> +++ b/include/grub/file.h

> @@ -69,8 +69,6 @@ enum grub_file_type

>  

>      GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,

>  

> -    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,

> -

>      /* File holding signature.  */

>      GRUB_FILE_TYPE_SIGNATURE,

>      /* File holding public key to verify signature once.  */

> @@ -95,6 +93,8 @@ enum grub_file_type

>      GRUB_FILE_TYPE_FILE_ID,

>      /* File holding ACPI table.  */

>      GRUB_FILE_TYPE_ACPI_TABLE,

> +    /* File holding Device Tree.  */

> +    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,

>      /* File we intend show to user.  */

>      GRUB_FILE_TYPE_CAT,

>      GRUB_FILE_TYPE_HEXCAT,

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Daniel Kiper Jan. 17, 2019, 12:51 p.m. UTC | #3

On Mon, Nov 26, 2018 at 12:38:15AM +0100, Alexander Graf wrote:
> We now have signature check logic in grub which allows us to treat

> files differently depending on their file type.

>

> Treat a loaded device tree like an overlayed ACPI table.

> Both describe hardware, so I suppose their threat level is the same.

>

> Signed-off-by: Alexander Graf <agraf@suse.de>


Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>


Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
index 01246b0fc..83568cb2b 100644
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -81,6 +81,7 @@  shim_lock_init (grub_file_t io, enum grub_file_type type,
       /* Fall through. */
 
     case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
 
       return GRUB_ERR_NONE;
diff --git a/include/grub/file.h b/include/grub/file.h
index 9aae46355..8c9bf5e5d 100644
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -69,8 +69,6 @@  enum grub_file_type
 
     GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,
 
-    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
-
     /* File holding signature.  */
     GRUB_FILE_TYPE_SIGNATURE,
     /* File holding public key to verify signature once.  */
@@ -95,6 +93,8 @@  enum grub_file_type
     GRUB_FILE_TYPE_FILE_ID,
     /* File holding ACPI table.  */
     GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
     /* File we intend show to user.  */
     GRUB_FILE_TYPE_CAT,
     GRUB_FILE_TYPE_HEXCAT,

[v4,10/10] fdt: Treat device tree file type like ACPI

Commit Message

Comments

Patch