Fonts and theming and what to do in future with SB

From: Steve McIntyre
Subject: Fonts and theming and what to do in future with SB
Date: Tue, 29 Nov 2022 18:35:44 +0000
Hey folks!

So, with the latest set of GRUB CVE patches we've fixed up a bunch of
potential crashes in font-handling code that could lead to Secure Boot
holes. These are good and useful fixes, and thanks to Zhang Boyang and
everyone else involved!

There were also a few other changes:

 * In SB mode, refuse to load fonts from outside of the signed GRUB
 * Restrictions to image dimensions
 * Fix integer overflow in fbutil

Locking down fonts here has caused some issues that I've seen.

We didn't update the config generation code in util/grub.d, so we're
still generating grub.cfg files that will try (and fail!) to load
fonts from other locations at runtime in SB mode. This causes ugly
errors, and also causes GRUB to fail to set up video as normal. We can
fix this, but it would be nice to agree on something upstream rather
than as diverging distro patches.

AFAIK Chris Coulson has a patch for the font loader to cause it to try
loading fonts from the embedded memdisk first. Is that the best
approach? If so, what fonts should we be embedding in the signed
image? It's a tradeoff between size and functionality, of course -
some people are happy with just "unicode" while others may want a
wider choice for added theming options. Is the size an issue for most

Or... Could/should we look at options to sign fonts separately? I've
heard suggestions to embed them into faked-up modules that we could
load with insmod, but of course we don't support signing modules yet
anyway... :-)


