|
 |
6b2dd0f |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
b9efc54 |
From: Peter Jones <pjones@redhat.com>
|
|
|
b9efc54 |
Date: Tue, 6 Oct 2015 16:09:25 -0400
|
|
|
752ceb1 |
Subject: [PATCH] Make any of the loaders that link in efi mode honor secure
|
|
|
752ceb1 |
boot.
|
|
|
b9efc54 |
|
|
|
b9efc54 |
And in this case "honor" means "even if somebody does link this in, they
|
|
|
b9efc54 |
won't register commands if SB is enabled."
|
|
|
b9efc54 |
|
|
|
b9efc54 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
b9efc54 |
---
|
|
 |
46968b6 |
grub-core/commands/iorw.c | 7 +++++++
|
|
|
46968b6 |
grub-core/commands/memrw.c | 7 +++++++
|
|
|
46968b6 |
grub-core/kern/dl.c | 3 ++-
|
|
|
46968b6 |
grub-core/kern/efi/efi.c | 34 ----------------------------------
|
|
|
46968b6 |
grub-core/loader/efi/appleloader.c | 7 +++++++
|
|
|
b9efc54 |
grub-core/loader/efi/chainloader.c | 1 +
|
|
|
46968b6 |
grub-core/loader/i386/bsd.c | 7 +++++++
|
|
|
46968b6 |
grub-core/loader/i386/linux.c | 7 +++++++
|
|
|
46968b6 |
grub-core/loader/i386/pc/linux.c | 7 +++++++
|
|
|
46968b6 |
grub-core/loader/multiboot.c | 7 +++++++
|
|
|
46968b6 |
grub-core/loader/xnu.c | 7 +++++++
|
|
|
b9efc54 |
include/grub/efi/efi.h | 1 -
|
|
|
9d15b4d |
include/grub/ia64/linux.h | 0
|
|
|
9d15b4d |
include/grub/mips/linux.h | 0
|
|
|
9d15b4d |
include/grub/powerpc/linux.h | 0
|
|
|
9d15b4d |
include/grub/sparc64/linux.h | 0
|
|
|
46968b6 |
16 files changed, 59 insertions(+), 36 deletions(-)
|
|
|
9d15b4d |
create mode 100644 include/grub/ia64/linux.h
|
|
|
9d15b4d |
create mode 100644 include/grub/mips/linux.h
|
|
|
1713515 |
create mode 100644 include/grub/powerpc/linux.h
|
|
|
9d15b4d |
create mode 100644 include/grub/sparc64/linux.h
|
|
|
b9efc54 |
|
|
|
b9efc54 |
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
|
|
|
46968b6 |
index 584baec8f91..7b2999b14b5 100644
|
|
|
b9efc54 |
--- a/grub-core/commands/iorw.c
|
|
|
b9efc54 |
+++ b/grub-core/commands/iorw.c
|
|
|
46968b6 |
@@ -24,6 +24,7 @@
|
|
|
b9efc54 |
#include <grub/cpu/io.h>
|
|
|
b9efc54 |
#include <grub/i18n.h>
|
|
|
46968b6 |
#include <grub/lockdown.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -119,6 +120,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(memrw)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd_read_byte =
|
|
|
b9efc54 |
grub_register_extcmd ("inb", grub_cmd_read, 0,
|
|
|
b9efc54 |
N_("PORT"), N_("Read 8-bit value from PORT."),
|
|
|
46968b6 |
@@ -147,6 +151,9 @@ GRUB_MOD_INIT(memrw)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(memrw)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_read_byte);
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_read_word);
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_read_dword);
|
|
|
b9efc54 |
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
|
|
|
46968b6 |
index d401a6db0ef..39cf3a06dbd 100644
|
|
|
b9efc54 |
--- a/grub-core/commands/memrw.c
|
|
|
b9efc54 |
+++ b/grub-core/commands/memrw.c
|
|
|
46968b6 |
@@ -23,6 +23,7 @@
|
|
|
b9efc54 |
#include <grub/env.h>
|
|
|
b9efc54 |
#include <grub/i18n.h>
|
|
|
46968b6 |
#include <grub/lockdown.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -121,6 +122,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(memrw)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd_read_byte =
|
|
|
b9efc54 |
grub_register_extcmd ("read_byte", grub_cmd_read, 0,
|
|
|
b9efc54 |
N_("ADDR"), N_("Read 8-bit value from ADDR."),
|
|
|
46968b6 |
@@ -149,6 +153,9 @@ GRUB_MOD_INIT(memrw)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(memrw)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_read_byte);
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_read_word);
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_read_dword);
|
|
|
ad4aff0 |
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
|
|
|
46968b6 |
index b7149370950..7afb9e6f724 100644
|
|
|
ad4aff0 |
--- a/grub-core/kern/dl.c
|
|
|
ad4aff0 |
+++ b/grub-core/kern/dl.c
|
|
|
ad4aff0 |
@@ -32,6 +32,7 @@
|
|
|
ad4aff0 |
#include <grub/env.h>
|
|
|
ad4aff0 |
#include <grub/cache.h>
|
|
|
ad4aff0 |
#include <grub/i18n.h>
|
|
|
ad4aff0 |
+#include <grub/efi/sb.h>
|
|
|
ad4aff0 |
|
|
|
ad4aff0 |
/* Platforms where modules are in a readonly area of memory. */
|
|
|
ad4aff0 |
#if defined(GRUB_MACHINE_QEMU)
|
|
|
46968b6 |
@@ -704,7 +705,7 @@ grub_dl_load_file (const char *filename)
|
|
|
46968b6 |
grub_dl_t mod = 0;
|
|
|
46968b6 |
|
|
|
46968b6 |
#ifdef GRUB_MACHINE_EFI
|
|
|
46968b6 |
- if (grub_efi_secure_boot ())
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
46968b6 |
{
|
|
|
46968b6 |
#if 0
|
|
|
46968b6 |
/* This is an error, but grub2-mkconfig still generates a pile of
|
|
|
b9efc54 |
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
|
|
|
46968b6 |
index 4a2259aa1c7..8cff7be0289 100644
|
|
|
b9efc54 |
--- a/grub-core/kern/efi/efi.c
|
|
|
b9efc54 |
+++ b/grub-core/kern/efi/efi.c
|
|
|
46968b6 |
@@ -286,40 +286,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
|
|
|
46968b6 |
return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL);
|
|
|
b9efc54 |
}
|
|
|
b9efc54 |
|
|
|
b9efc54 |
-grub_efi_boolean_t
|
|
|
b9efc54 |
-grub_efi_secure_boot (void)
|
|
|
b9efc54 |
-{
|
|
|
b9efc54 |
- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
|
|
|
b9efc54 |
- grub_size_t datasize;
|
|
|
b9efc54 |
- char *secure_boot = NULL;
|
|
|
b9efc54 |
- char *setup_mode = NULL;
|
|
|
b9efc54 |
- grub_efi_boolean_t ret = 0;
|
|
|
b9efc54 |
-
|
|
|
b9efc54 |
- secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
|
|
|
b9efc54 |
- if (datasize != 1 || !secure_boot)
|
|
|
ad4aff0 |
- {
|
|
|
ad4aff0 |
- grub_dprintf ("secureboot", "No SecureBoot variable\n");
|
|
|
ad4aff0 |
- goto out;
|
|
|
ad4aff0 |
- }
|
|
|
ad4aff0 |
- grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
|
|
|
b9efc54 |
-
|
|
|
b9efc54 |
- setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
|
|
|
b9efc54 |
- if (datasize != 1 || !setup_mode)
|
|
|
ad4aff0 |
- {
|
|
|
ad4aff0 |
- grub_dprintf ("secureboot", "No SetupMode variable\n");
|
|
|
ad4aff0 |
- goto out;
|
|
|
ad4aff0 |
- }
|
|
|
ad4aff0 |
- grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
|
|
|
b9efc54 |
-
|
|
|
b9efc54 |
- if (*secure_boot && !*setup_mode)
|
|
|
b9efc54 |
- ret = 1;
|
|
|
b9efc54 |
-
|
|
|
b9efc54 |
- out:
|
|
|
b9efc54 |
- grub_free (secure_boot);
|
|
|
b9efc54 |
- grub_free (setup_mode);
|
|
|
b9efc54 |
- return ret;
|
|
|
b9efc54 |
-}
|
|
|
b9efc54 |
-
|
|
|
b9efc54 |
#pragma GCC diagnostic ignored "-Wcast-align"
|
|
|
b9efc54 |
|
|
|
b9efc54 |
/* Search the mods section from the PE32/PE32+ image. This code uses
|
|
|
b9efc54 |
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
|
|
|
46968b6 |
index 74888c463ba..585f2b57385 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/efi/appleloader.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/efi/appleloader.c
|
|
|
b9efc54 |
@@ -24,6 +24,7 @@
|
|
|
b9efc54 |
#include <grub/misc.h>
|
|
|
b9efc54 |
#include <grub/efi/api.h>
|
|
|
b9efc54 |
#include <grub/efi/efi.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
#include <grub/command.h>
|
|
|
b9efc54 |
#include <grub/i18n.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
@@ -227,6 +228,9 @@ static grub_command_t cmd;
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(appleloader)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
|
|
|
b9efc54 |
N_("[OPTS]"),
|
|
|
b9efc54 |
/* TRANSLATORS: This command is used on EFI to
|
|
|
b9efc54 |
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(appleloader)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_command (cmd);
|
|
|
b9efc54 |
}
|
|
|
b9efc54 |
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
|
|
46968b6 |
index b54cf6986fc..3ff305b1d32 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/efi/chainloader.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/efi/chainloader.c
|
|
|
b9efc54 |
@@ -34,6 +34,7 @@
|
|
|
b9efc54 |
#include <grub/efi/disk.h>
|
|
|
b9efc54 |
#include <grub/efi/pe32.h>
|
|
|
b9efc54 |
#include <grub/efi/linux.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
#include <grub/command.h>
|
|
|
b9efc54 |
#include <grub/i18n.h>
|
|
|
b9efc54 |
#include <grub/net.h>
|
|
|
b9efc54 |
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
|
|
|
46968b6 |
index 5f3290ce17b..54befc26626 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/i386/bsd.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/i386/bsd.c
|
|
|
46968b6 |
@@ -40,6 +40,7 @@
|
|
|
b9efc54 |
#ifdef GRUB_MACHINE_PCBIOS
|
|
|
b9efc54 |
#include <grub/machine/int.h>
|
|
|
b9efc54 |
#endif
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -2137,6 +2138,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT (bsd)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
/* Net and OpenBSD kernels are often compressed. */
|
|
|
b9efc54 |
grub_dl_load ("gzio");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -2176,6 +2180,9 @@ GRUB_MOD_INIT (bsd)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI (bsd)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_freebsd);
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_openbsd);
|
|
|
b9efc54 |
grub_unregister_extcmd (cmd_netbsd);
|
|
|
b9efc54 |
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
|
|
|
46968b6 |
index dccf3bb3005..4aeb0e4b9a6 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/i386/linux.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/i386/linux.c
|
|
|
46968b6 |
@@ -37,6 +37,7 @@
|
|
|
b9efc54 |
#include <grub/linux.h>
|
|
|
e153146 |
#include <grub/machine/kernel.h>
|
|
|
46968b6 |
#include <grub/safemath.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -1138,6 +1139,9 @@ static grub_command_t cmd_linux, cmd_initrd;
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(linux)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd_linux = grub_register_command ("linux", grub_cmd_linux,
|
|
|
b9efc54 |
0, N_("Load Linux."));
|
|
|
b9efc54 |
cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
|
|
|
46968b6 |
@@ -1147,6 +1151,9 @@ GRUB_MOD_INIT(linux)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(linux)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_command (cmd_linux);
|
|
|
b9efc54 |
grub_unregister_command (cmd_initrd);
|
|
|
b9efc54 |
}
|
|
|
b9efc54 |
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
|
|
|
46968b6 |
index 4b1750e360e..e3fa1221e81 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/i386/pc/linux.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/i386/pc/linux.c
|
|
|
46968b6 |
@@ -36,6 +36,7 @@
|
|
|
b9efc54 |
#include <grub/lib/cmdline.h>
|
|
|
b9efc54 |
#include <grub/linux.h>
|
|
|
46968b6 |
#include <grub/safemath.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -487,6 +488,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16;
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(linux16)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd_linux =
|
|
|
ad4aff0 |
grub_register_command ("linux", grub_cmd_linux,
|
|
|
b9efc54 |
0, N_("Load Linux."));
|
|
|
46968b6 |
@@ -504,6 +508,9 @@ GRUB_MOD_INIT(linux16)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(linux16)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_command (cmd_linux);
|
|
|
ad4aff0 |
grub_unregister_command (cmd_linux16);
|
|
|
b9efc54 |
grub_unregister_command (cmd_initrd);
|
|
|
b9efc54 |
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
|
|
|
46968b6 |
index facb13f3d36..47e481f4576 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/multiboot.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/multiboot.c
|
|
|
752ceb1 |
@@ -50,6 +50,7 @@
|
|
|
b9efc54 |
#include <grub/video.h>
|
|
|
b9efc54 |
#include <grub/memory.h>
|
|
|
b9efc54 |
#include <grub/i18n.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
e153146 |
@@ -444,6 +445,9 @@ static grub_command_t cmd_multiboot, cmd_module;
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(multiboot)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd_multiboot =
|
|
|
b9efc54 |
#ifdef GRUB_USE_MULTIBOOT2
|
|
|
b9efc54 |
grub_register_command ("multiboot2", grub_cmd_multiboot,
|
|
|
e153146 |
@@ -464,6 +468,9 @@ GRUB_MOD_INIT(multiboot)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(multiboot)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
grub_unregister_command (cmd_multiboot);
|
|
|
b9efc54 |
grub_unregister_command (cmd_module);
|
|
|
b9efc54 |
}
|
|
|
b9efc54 |
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
|
|
|
46968b6 |
index 1c0cf6a430a..baa54e652ab 100644
|
|
|
b9efc54 |
--- a/grub-core/loader/xnu.c
|
|
|
b9efc54 |
+++ b/grub-core/loader/xnu.c
|
|
|
46968b6 |
@@ -35,6 +35,7 @@
|
|
|
b9efc54 |
#include <grub/i18n.h>
|
|
|
e153146 |
#include <grub/verify.h>
|
|
|
46968b6 |
#include <grub/safemath.h>
|
|
|
b9efc54 |
+#include <grub/efi/sb.h>
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
b9efc54 |
|
|
|
46968b6 |
@@ -1497,6 +1498,9 @@ static grub_extcmd_t cmd_splash;
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_INIT(xnu)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
|
|
|
b9efc54 |
N_("Load XNU image."));
|
|
|
b9efc54 |
cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
|
|
|
46968b6 |
@@ -1540,6 +1544,9 @@ GRUB_MOD_INIT(xnu)
|
|
|
b9efc54 |
|
|
|
b9efc54 |
GRUB_MOD_FINI(xnu)
|
|
|
b9efc54 |
{
|
|
|
46968b6 |
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
|
|
b9efc54 |
+ return;
|
|
|
b9efc54 |
+
|
|
|
b9efc54 |
#ifndef GRUB_MACHINE_EMU
|
|
|
b9efc54 |
grub_unregister_command (cmd_resume);
|
|
|
b9efc54 |
#endif
|
|
|
b9efc54 |
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
|
|
|
46968b6 |
index 6295df85f3f..585fa6662b6 100644
|
|
|
b9efc54 |
--- a/include/grub/efi/efi.h
|
|
|
b9efc54 |
+++ b/include/grub/efi/efi.h
|
|
|
46968b6 |
@@ -91,7 +91,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
|
|
|
b9efc54 |
const grub_efi_guid_t *guid,
|
|
|
b9efc54 |
void *data,
|
|
|
b9efc54 |
grub_size_t datasize);
|
|
|
b9efc54 |
-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void);
|
|
|
b9efc54 |
int
|
|
|
b9efc54 |
EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
|
|
|
b9efc54 |
const grub_efi_device_path_t *dp2);
|
|
|
9d15b4d |
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
|
|
|
9d15b4d |
new file mode 100644
|
|
|
ec4acbb |
index 00000000000..e69de29bb2d
|
|
|
9d15b4d |
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
|
|
|
9d15b4d |
new file mode 100644
|
|
|
ec4acbb |
index 00000000000..e69de29bb2d
|
|
|
1713515 |
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
|
|
|
1713515 |
new file mode 100644
|
|
|
ec4acbb |
index 00000000000..e69de29bb2d
|
|
|
9d15b4d |
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
|
|
|
9d15b4d |
new file mode 100644
|
|
|
ec4acbb |
index 00000000000..e69de29bb2d
|