Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock proto

From:	Daniel Kiper
Subject:	Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled
Date:	Thu, 10 Dec 2020 17:50:53 +0100
User-agent:	NeoMutt/20170113 (1.7.2)

On Tue, Dec 08, 2020 at 10:20:03AM +0800, Michael Chang via Grub-devel wrote:
> On Thu, Dec 03, 2020 at 04:01:49PM +0100, Javier Martinez Canillas wrote:
> > The shim_lock module registers a verifier to call shim's verify, but the
> > handler is registered even when the shim_lock protocol was not installed.
> >
> > This doesn't cause a NULL pointer dereference in shim_lock_write() because
> > the shim_lock_init() function just returns GRUB_ERR_NONE if sl isn't set.
> >
> > But in that case there's no point to even register the shim_lock verifier
> > since won't do anything. Additionally, it is only useful when Secure Boot
> > is enabled.
> >
> > Finally, don't assume that the shim_lock protocol will always be present
> > when the shim_lock_write() function is called, and check for it on every
> > call to this function.
> >
> > Reported-by: Michael Chang <mchang@suse.com>
>
> To complete the information here, this fixed the problem I tried to
> solve before, but in a more elegant way. :)
>
> https://www.mail-archive.com/grub-devel@gnu.org/msg30738.html
>
> Thank you to work on the patch.

You are welcome!

May I add your Tested-by do this patch?

Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 1/9] i386: Don't include <grub/cpu/linux.h> in coreboot and ieee1275 startup.S, (continued)
- [PATCH 1/9] i386: Don't include <grub/cpu/linux.h> in coreboot and ieee1275 startup.S, Javier Martinez Canillas, 2020/12/03
- [PATCH 2/9] include/grub/i386/linux.h: Include missing <grub/types.h> header, Javier Martinez Canillas, 2020/12/03
- [PATCH 3/9] arm/term: Fix linking error due multiple ps2_state definitions, Javier Martinez Canillas, 2020/12/03
- [PATCH 4/9] efi: Make shim_lock GUID and protocol type public, Javier Martinez Canillas, 2020/12/03
- [PATCH 5/9] efi: Return grub_efi_status_t from grub_efi_get_variable(), Javier Martinez Canillas, 2020/12/03
- [PATCH 6/9] efi: Add a function to read EFI variables with attributes, Javier Martinez Canillas, 2020/12/03
- [PATCH 9/9] loader/linux: Report the UEFI Secure Boot status to the Linux kernel, Javier Martinez Canillas, 2020/12/03
- [PATCH 7/9] efi: Add secure boot detection, Javier Martinez Canillas, 2020/12/03
- [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Javier Martinez Canillas, 2020/12/03
  - Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Michael Chang, 2020/12/07
    - Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Daniel Kiper <=
    - Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Michael Chang, 2020/12/14
    - Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Daniel Kiper, 2020/12/15
    - Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Javier Martinez Canillas, 2020/12/16
- Re: [PATCH 0/9] Add UEFI Secure Boot detection and report the status to Linux, Daniel Kiper, 2020/12/04

Prev by Date: Re: [PATCH v8 00/18] Cryptodisk fixes for v2.06 redux
Next by Date: Re: [PATCH v2] loopback: Do not automaticaly replace existing loopback dev, error instead
Previous by thread: Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled
Next by thread: Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled
Index(es):
- Date
- Thread