From patchwork Tue Feb 12 10:31:08 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Graf <agraf@suse.de>
X-Patchwork-Id: 158141
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp3665900jaa;
 Tue, 12 Feb 2019 02:33:50 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ial7YW+8GSDDveMHDBZ2p1qrCKsHh1SgGDyxAiDdLaZMUXkXUxfvEB0vlkj6PXEiiDMk09J
X-Received: by 2002:a25:bf92:: with SMTP id l18mr2231300ybk.501.1549967630053; 
 Tue, 12 Feb 2019 02:33:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549967630; cv=none;
 d=google.com; s=arc-20160816;
 b=WX0cHagt9+kNCKd2/mJ3mT9H14jqqS0m4OsHBi5CpFtDo3kyFT738ddleh3BL9EHTe
 lFKXbyv/ZLLFVlZCM+wyTUetmGSCmHNqPGO48Qn3dWXu90rVuhB2ZHEUWyzf56ngTyZd
 ylTSGQ22S+A2yWuYjwG0eRxShdGXCTDWv4TcRtKhw4wGNfsRE95UHB3q226NX7fRqXpm
 +QJ+9BnFVpAG4Lv7D3zahEb932uR91QT0HLY8P5pt8hVop25kPM6rNaJhEiheD2dTo7N
 zAbiuzpJvMD0zsNhbWUHAo/DWK6shFO/qo53lU5WQmn85aU1DaVRsdDmo6LCnCSJEP4D
 6pkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:references:in-reply-to:message-id:date:subject
 :to:from;
 bh=J9ZMc+68zJWTAcnXsRm/dtl7UIgvX4CIJ6Td0OzV/eM=;
 b=GypBUmEb5KXj6Nt5szhCj1ZnPo7SPyFVWiInUUE0MRJ7YEeMrbjvZT6PFRjJZJktG5
 nvuXwbnjtzwKeab8SoQwJylu9Uuh9YRMhn4kZHaLMudgS6LTgWndN6UihLxlnMOS0Mbt
 7emtwnGChulD9321DyoozUWIi76r14+OLsa33UOWgKp1PkxXF7Lv3Uknj3zRVyoPSB9g
 2Xd9KPTVku9jiokYm+pVQxKMrVUn/Hv7jySf2giOIdVp/r5GWG9T/jiBj0nzaWWzamzB
 PdHLBcSOF65NW2ZJ99srKts/LATrmrEFu6RvywzWL8YK/YYACJ7Cu+Gk9fVz7aYZaBc9
 nyCA==
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org"
Return-Path: <grub-devel-bounces+patch=linaro.org@gnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 b83si6990540yba.304.2019.02.12.02.33.49 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Tue, 12 Feb 2019 02:33:50 -0800 (PST)
Received-SPF: pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 grub-devel-bounces+patch=linaro.org@gnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org"
Received: from localhost ([127.0.0.1]:36934 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <grub-devel-bounces+patch=linaro.org@gnu.org>)
 id 1gtVNt-0001ut-2C
 for patch@linaro.org; Tue, 12 Feb 2019 05:33:49 -0500
Received: from eggs.gnu.org ([209.51.188.92]:37216)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <agraf@suse.de>) id 1gtVMG-0000tY-U8
 for grub-devel@gnu.org; Tue, 12 Feb 2019 05:32:11 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <agraf@suse.de>) id 1gtVMC-0004B2-Fl
 for grub-devel@gnu.org; Tue, 12 Feb 2019 05:32:08 -0500
Received: from mx2.suse.de ([195.135.220.15]:52042 helo=mx1.suse.de)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <agraf@suse.de>) id 1gtVMB-00042i-UQ
 for grub-devel@gnu.org; Tue, 12 Feb 2019 05:32:04 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
 by mx1.suse.de (Postfix) with ESMTP id 0EA79B151;
 Tue, 12 Feb 2019 10:31:12 +0000 (UTC)
From: Alexander Graf <agraf@suse.de>
To: grub-devel@gnu.org
Subject: [PATCH v6 11/11] fdt: Treat device tree file type like ACPI
Date: Tue, 12 Feb 2019 11:31:08 +0100
Message-Id: <20190212103108.56963-12-agraf@suse.de>
X-Mailer: git-send-email 2.12.3
In-Reply-To: <20190212103108.56963-1-agraf@suse.de>
References: <20190212103108.56963-1-agraf@suse.de>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no
 timestamps) [generic]
X-Received-From: 195.135.220.15
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: "rickchen36 @ gmail . com" <rickchen36@gmail.com>,
 David Abdurachmanov <david.abdurachmanov@gmail.com>, schwab@suse.de, 
 "greentime @ andestech . com" <greentime@andestech.com>,
 leif.lindholm@linaro.org, atish.patra@wdc.com,
 Michael Chang <mchang@suse.com>,
 Alistair Francis <Alistair.Francis@wdc.com>,
 Lukas Auer <lukas.auer@aisec.fraunhofer.de>,
 Paul Walmsley <paul.walmsley@sifive.com>, Bin Meng <bmeng.cn@gmail.com>, 
 Daniel Kiper <dkiper@net-space.pl>
MIME-Version: 1.0
Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org
Sender: "Grub-devel" <grub-devel-bounces+patch=linaro.org@gnu.org>

We now have signature check logic in grub which allows us to treat
files differently depending on their file type.

Treat a loaded device tree like an overlayed ACPI table.
Both describe hardware, so I suppose their threat level is the same.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

---

v3 -> v4:

  - Rebase onto current git master
---
 grub-core/commands/efi/shim_lock.c | 1 +
 include/grub/file.h                | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

-- 
2.12.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
index 01246b0fc..83568cb2b 100644
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,
       /* Fall through. */
 
     case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
 
       return GRUB_ERR_NONE;
diff --git a/include/grub/file.h b/include/grub/file.h
index cbbd29465..31567483c 100644
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -74,8 +74,6 @@ enum grub_file_type
 
     GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,
 
-    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
-
     /* File holding signature.  */
     GRUB_FILE_TYPE_SIGNATURE,
     /* File holding public key to verify signature once.  */
@@ -100,6 +98,8 @@ enum grub_file_type
     GRUB_FILE_TYPE_FILE_ID,
     /* File holding ACPI table.  */
     GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
     /* File we intend show to user.  */
     GRUB_FILE_TYPE_CAT,
     GRUB_FILE_TYPE_HEXCAT,