From 0e3f8ea032583ef8c3900e83678931429abc9e64 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 28 Mar 2023 10:55:21 +0200
Subject: [PATCH] Hardening: Declare content of /usr/lib/grub as firmware files

This folder contains the neccessary files, which are written to
the MBR, dealing with EFI, or loading additional required grub
modules unless the whole grub menu can be displayed or a selected
OS will start up.

Some of these files are 32bit ELF files or do not have SSP etc.

So I would suggest to mark them as firmware files and therefore
skip some of the hardening tests.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/libpakfire/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c
index 33e26fea..819587ef 100644
--- a/src/libpakfire/file.c
+++ b/src/libpakfire/file.c
@@ -1509,6 +1509,7 @@ static const struct pattern {
 	{ "*.pm", PAKFIRE_FILE_PERL },
 	{ "*.pc", PAKFIRE_FILE_PKGCONFIG },
 	{ "/usr/lib/firmware/*", PAKFIRE_FILE_FIRMWARE },
+	{ "/usr/lib/grub/*", PAKFIRE_FILE_FIRMWARE },
 	{ "/usr/lib*/ld-*.so*", PAKFIRE_FILE_RUNTIME_LINKER },
 	{ NULL },
 };
-- 
2.47.2