[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 110/117] grub-install-common: Add --sbat option
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 110/117] grub-install-common: Add --sbat option |
Date: |
Tue, 2 Mar 2021 19:01:57 +0100 |
From: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
include/grub/util/install.h | 5 ++++-
util/grub-install-common.c | 12 ++++++++++--
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/include/grub/util/install.h b/include/grub/util/install.h
index 3736a16aa..c14985858 100644
--- a/include/grub/util/install.h
+++ b/include/grub/util/install.h
@@ -63,6 +63,8 @@
/* TRANSLATORS: "embed" is a verb (command description). "*/ \
{ "pubkey", 'k', N_("FILE"), 0, \
N_("embed FILE as public key for signature checking"), 0}, \
+ { "sbat", GRUB_INSTALL_OPTIONS_SBAT, N_("FILE"), 0, \
+ N_("SBAT metadata"), 0 },
\
{ "verbose", 'v', 0, 0, \
N_("print verbose messages."), 1 }
@@ -122,7 +124,8 @@ enum grub_install_options {
GRUB_INSTALL_OPTIONS_THEMES_DIRECTORY,
GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE,
GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS,
- GRUB_INSTALL_OPTIONS_DTB
+ GRUB_INSTALL_OPTIONS_DTB,
+ GRUB_INSTALL_OPTIONS_SBAT
};
extern char *grub_install_source_directory;
diff --git a/util/grub-install-common.c b/util/grub-install-common.c
index 56dcb52bf..89af26c26 100644
--- a/util/grub-install-common.c
+++ b/util/grub-install-common.c
@@ -332,6 +332,7 @@ handle_install_list (struct install_list *il, const char
*val,
static char **pubkeys;
static size_t npubkeys;
+static char *sbat;
static grub_compression_t compression;
int
@@ -362,6 +363,12 @@ grub_install_parse (int key, char *arg)
* (npubkeys + 1));
pubkeys[npubkeys++] = xstrdup (arg);
return 1;
+ case GRUB_INSTALL_OPTIONS_SBAT:
+ if (sbat)
+ free (sbat);
+
+ sbat = xstrdup (arg);
+ return 1;
case GRUB_INSTALL_OPTIONS_VERBOSITY:
verbosity++;
@@ -523,9 +530,10 @@ grub_install_make_image_wrap_file (const char *dir, const
char *prefix,
grub_util_info ("grub-mkimage --directory '%s' --prefix '%s'"
" --output '%s' "
" --dtb '%s' "
+ "--sbat '%s' "
"--format '%s' --compression '%s' %s %s\n",
dir, prefix,
- outname, dtb ? : "", mkimage_target,
+ outname, dtb ? : "", sbat ? : "", mkimage_target,
compnames[compression], note ? "--note" : "", s);
free (s);
@@ -536,7 +544,7 @@ grub_install_make_image_wrap_file (const char *dir, const
char *prefix,
grub_install_generate_image (dir, prefix, fp, outname,
modules.entries, memdisk_path,
pubkeys, npubkeys, config_path, tgt,
- note, compression, dtb, NULL);
+ note, compression, dtb, sbat);
while (dc--)
grub_install_pop_module ();
}
--
2.11.0
- [SECURITY PATCH 116/117] templates: Disable the os-prober by default, (continued)
- [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/02
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/02
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
- Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
[SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02
[SECURITY PATCH 110/117] grub-install-common: Add --sbat option,
Daniel Kiper <=
[SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling, Daniel Kiper, 2021/03/02
[SECURITY PATCH 111/117] shim_lock: Only skip loading shim_lock verifier with explicit consent, Daniel Kiper, 2021/03/02
Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, John Paul Adrian Glaubitz, 2021/03/02
Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Paul Menzel, 2021/03/18