Bug#820129: grub2: Disallow booting unsigned kernels when Secure Boot is enabled
Linn Crosetto
linn at hpe.com
Tue Apr 5 18:17:24 UTC 2016
Package: grub2
Version: 2.02~beta2-36
Severity: wishlist
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The current code in 2.02~beta2-36 will silently fall back to calling
ExitBootServices() and booting an unsigned kernel if signature verification
fails.
As a part of support for UEFI Secure Boot in Debian (820036) change the boot
to fail if signature verification fails.
I have attached a trivial patch for this change. Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJXBAE0AAoJEF/3aG7d/FTWDh4P/ja6Qa0JRr2bIDj+I+sihFmJ
fIHVItLpMEU5hrKnpkRas7GflntzfpEObqUmzPLTRsrA1WobEyZDfNJUOonvEojR
atccbvjShxNJIZFCr+W8mGh23+Xv+4VFVJ9f2jd+2sOlmViGyM88rDLOZN69vwIe
9+GbTY6Ha3PifVDwLXvNH0cNiInt8uPbPnFOKwAcwSqFncyq5mfpCroLIqgfR5Dv
ImROn7to4iurho3MOidJ0gRJm17mcPjzQAyX/Wh2asSiUMx2cIVrkfcSqoeb6W3L
sXytfIwMf3YzY+eLEpsTZDYhmxrJGMa9uQ+Ryg1ZCQI0uI/n3We7cXnukofcM+Of
sAtETJvr8SYrF5J/v7XafbEKXr64jV7wEEk97kDA+YGdw7nR1Y0UeX3W3AJCuOeo
/KF75oIKJrYbRLymT701RwjArKD2wXYDTzmvnQKiTBc4sPofnr+nJIUOGvZ8Tn8O
D/vI8PZKStsZ4cuABkiHEmA3y6zlVtJEkS+OGktNWrugNBJXGWHs6AHGjIIGenTQ
8FPeNrC01DHf+170iV/0PXGLfJKn037y9JSDaZXuZkAsSrqmQENLKzOv9ee4QSsm
UmalPiqKkyeZRQna7ZDK+LwB8yf02applIzsQcFuF/RahZdgLhwl42doC7LgjpYI
wN0JD88AfHJAuUtwbpxc
=fkO9
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Disallow-unsigned-kernels-if-UEFI-Secure-Boot-is-ena.patch
Type: text/x-diff
Size: 1697 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20160405/f7371cb0/attachment.patch>
More information about the Pkg-grub-devel
mailing list