[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 00/10] UEFI NX support and NX Linux loader using shim loader p
|
From: |
Mate Kukri |
|
Subject: |
[PATCH v2 00/10] UEFI NX support and NX Linux loader using shim loader protocol |
|
Date: |
Thu, 30 May 2024 15:12:31 +0100 |
Currently the patchset consists of:
- Reworked Fedora NX patches to make GRUB itself work under NX.
- Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for
the downstream loader).
- Implemented shim loader protocol support using the above loader framework.
- Added patch to disallow using the legacy Linux loader when NX is required.
Future work:
- Implement NX in non-Linux loaders where applicable.
(Note that this is non-crtitical for security, as non-UEFI/Linux loaders are
disabled
by SB lockdown, but would be nice to avoid crashes for unsuspecting users on
future
hardware).
Julian Andres Klode (1):
efi: Provide wrappers for load_image, start_image, unload_image
Mate Kukri (6):
modules: load module sections at page-aligned addresses
nx: add memory attribute get/set API
nx: set page permissions for loaded modules.
nx: set the nx compatible flag in EFI grub images
efi: Use shim's loader protocol for EFI image verification and loading
efi: Disallow fallback to legacy Linux loader when shim says NX is
required.
Peter Jones (3):
modules: make .module_license read-only
modules: strip .llvm_addrsig sections and similar.
modules: Don't allocate space for non-allocable sections.
docs/grub-dev.texi | 6 +-
grub-core/genmod.sh.in | 5 +-
grub-core/kern/arm/dl.c | 13 +++
grub-core/kern/arm64/dl.c | 13 +++
grub-core/kern/dl.c | 160 +++++++++++++++++++++++------
grub-core/kern/efi/efi.c | 57 ++++++++++
grub-core/kern/efi/mm.c | 127 +++++++++++++++++++++++
grub-core/kern/efi/sb.c | 39 +++----
grub-core/kern/emu/full.c | 13 +++
grub-core/kern/i386/dl.c | 13 +++
grub-core/kern/ia64/dl.c | 9 ++
grub-core/kern/mips/dl.c | 8 ++
grub-core/kern/powerpc/dl.c | 9 ++
grub-core/kern/riscv/dl.c | 13 +++
grub-core/kern/sparc64/dl.c | 9 ++
grub-core/kern/x86_64/dl.c | 13 +++
grub-core/loader/efi/chainloader.c | 13 +--
grub-core/loader/efi/linux.c | 69 ++++++++-----
include/grub/dl.h | 48 ++++++++-
include/grub/efi/api.h | 30 ++++++
include/grub/efi/efi.h | 42 ++++++++
include/grub/efi/pe32.h | 2 +
include/grub/efi/sb.h | 3 -
include/grub/mm.h | 33 ++++++
util/mkimage.c | 1 +
25 files changed, 650 insertions(+), 98 deletions(-)
--
2.39.2
- [PATCH v2 00/10] UEFI NX support and NX Linux loader using shim loader protocol,
Mate Kukri <=
- [PATCH v2 01/10] modules: make .module_license read-only, Mate Kukri, 2024/05/30
- [PATCH v2 02/10] modules: strip .llvm_addrsig sections and similar., Mate Kukri, 2024/05/30
- [PATCH v2 03/10] modules: Don't allocate space for non-allocable sections., Mate Kukri, 2024/05/30
- [PATCH v2 04/10] modules: load module sections at page-aligned addresses, Mate Kukri, 2024/05/30
- [PATCH v2 05/10] nx: add memory attribute get/set API, Mate Kukri, 2024/05/30
- [PATCH v2 08/10] efi: Provide wrappers for load_image, start_image, unload_image, Mate Kukri, 2024/05/30
- [PATCH v2 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required., Mate Kukri, 2024/05/30
- [PATCH v2 07/10] nx: set the nx compatible flag in EFI grub images, Mate Kukri, 2024/05/30
- [PATCH v2 09/10] efi: Use shim's loader protocol for EFI image verification and loading, Mate Kukri, 2024/05/30
- [PATCH v2 06/10] nx: set page permissions for loaded modules., Mate Kukri, 2024/05/30