From patchwork Wed Nov 14 13:11:38 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Graf <agraf@suse.de>
X-Patchwork-Id: 151072
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5669441ljp;
 Wed, 14 Nov 2018 05:12:12 -0800 (PST)
X-Google-Smtp-Source: AJdET5cI/ALXRdwUf9P863KqRuUP986eifpW+ryd9O6F5WmMxVNPdFRx5QJb5h8B5Ut2+6KRqUWu
X-Received: by 2002:ac8:65c7:: with SMTP id t7mr1591201qto.143.1542201132155; 
 Wed, 14 Nov 2018 05:12:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542201132; cv=none;
 d=google.com; s=arc-20160816;
 b=Ffn5fd6mcaCBEfkV5QMdeb+KWrZoOib/kp/uiEMmLWC31kpTPjV3z2nWuJEdUbke8v
 5wY0Cx2i5+YHGXPB51n3UMulM9DBtX3fXsBi23IR+rkY8DqynKPHv2iDWBEajar0eYoc
 tve7dO1QrtlNEokz+LQgvkhpdicfsX7ffmgsJn85Qzs8coqkJXsm3luG2njNukkeuEGW
 VqXf1kkvZ1BpL3zguJ04coLAXGjRauEcGSUP1GSkyyNisdpr/6FgtfPqm5VLJlU4/M2R
 Df9lDvIKGvfBJaEQ5OyIiLIGq4akVVtP6lcNOsW/Y1pmxV7wBQQDB5ZbwtTUvbzMQsKF
 v+cA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:references:in-reply-to:message-id:date:subject
 :to:from;
 bh=/JOi4s/aURXLsQrEE5by4zgqpb0oC5yFw9TpmO5ztjo=;
 b=0vJdBXRVibBzn6OWdI9z34B4KzJZVuJlIsrVE+T3+H69Zf8dA0Z1e2/Ztv7h/Q1KMw
 wEHfaOoAAv5dqxrYYtVXutZr9UbcHzCIFT7T1grQO6yozZRWojquT8mQLEqle3XB8cGs
 F0iLrJFGgWQ4sMIQL4cuhifE8fLq4GVRdGd5cR9m6+579U7INPHCsmWLC0Xkvir3KesB
 6yKQgrBpzxIcJlv6uKakk4d/94DHCadVbUs/76cpQsbxLerEoFuVlQXNZ3rhmrjKzmZI
 FBkJS5Dh1JmxNn1wr/FfCWZws8T8u4FMXXJ4VzX0UERwsqQLud4J3TSsfLzVP2L3OAgh
 mRoA==
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org"
Return-Path: <grub-devel-bounces+patch=linaro.org@gnu.org>
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 q12si12856337qtk.47.2018.11.14.05.12.11 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Wed, 14 Nov 2018 05:12:12 -0800 (PST)
Received-SPF: pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 2001:4830:134:3::11 as permitted sender)
 smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org"
Received: from localhost ([::1]:60052 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <grub-devel-bounces+patch=linaro.org@gnu.org>)
 id 1gMuxn-0002ex-I4
 for patch@linaro.org; Wed, 14 Nov 2018 08:12:11 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41165)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <agraf@suse.de>) id 1gMuxa-0002cc-0u
 for grub-devel@gnu.org; Wed, 14 Nov 2018 08:12:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <agraf@suse.de>) id 1gMuxX-0006Gu-Uy
 for grub-devel@gnu.org; Wed, 14 Nov 2018 08:11:57 -0500
Received: from mx2.suse.de ([195.135.220.15]:56924 helo=mx1.suse.de)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <agraf@suse.de>) id 1gMuxX-0006Ee-IZ
 for grub-devel@gnu.org; Wed, 14 Nov 2018 08:11:55 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (unknown [195.135.220.254])
 by mx1.suse.de (Postfix) with ESMTP id 59D35B0EC;
 Wed, 14 Nov 2018 13:11:41 +0000 (UTC)
From: Alexander Graf <agraf@suse.de>
To: grub-devel@gnu.org
Subject: [PATCH v2 10/10] fdt: Add device tree file type
Date: Wed, 14 Nov 2018 14:11:38 +0100
Message-Id: <20181114131138.43713-11-agraf@suse.de>
X-Mailer: git-send-email 2.12.3
In-Reply-To: <20181114131138.43713-1-agraf@suse.de>
References: <20181114131138.43713-1-agraf@suse.de>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no
 timestamps) [generic]
X-Received-From: 195.135.220.15
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: "rickchen36 @ gmail . com" <rickchen36@gmail.com>,
 David Abdurachmanov <david.abdurachmanov@gmail.com>, schwab@suse.de, 
 "greentime @ andestech . com" <greentime@andestech.com>,
 leif.lindholm@linaro.org, atish.patra@wdc.com,
 Michael Chang <mchang@suse.com>,
 Alistair Francis <Alistair.Francis@wdc.com>,
 Lukas Auer <lukas.auer@aisec.fraunhofer.de>,
 Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com>
MIME-Version: 1.0
Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org
Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>

We now have signature check logic in grub which allows us to treat
files differently depending on their file type.

Mark a loaded device tree as such and treat it like an overlayed ACPI
table. Both describe hardware, so I suppose their threat level is the
same.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 grub-core/commands/efi/shim_lock.c | 1 +
 grub-core/loader/efi/fdt.c         | 2 +-
 include/grub/file.h                | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

-- 
2.12.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
index 01246b0fc..90dccb0c7 100644
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,
       /* Fall through. */
 
     case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE:
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
 
       return GRUB_ERR_NONE;
diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
index a4c6e8036..d8ebe648e 100644
--- a/grub-core/loader/efi/fdt.c
+++ b/grub-core/loader/efi/fdt.c
@@ -123,7 +123,7 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)),
       return GRUB_ERR_NONE;
     }
 
-  dtb = grub_file_open (argv[0]);
+  dtb = grub_file_open (argv[0], GRUB_FILE_TYPE_DEVICE_TREE);
   if (!dtb)
     goto out;
 
diff --git a/include/grub/file.h b/include/grub/file.h
index 19dda67f6..b8fb13017 100644
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -93,6 +93,8 @@ enum grub_file_type
     GRUB_FILE_TYPE_FILE_ID,
     /* File holding ACPI table.  */
     GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE,
     /* File we intend show to user.  */
     GRUB_FILE_TYPE_CAT,
     GRUB_FILE_TYPE_HEXCAT,