commands/setpci: Restrict setpci command when locked down

This command can set PCI devices register values, which makes it dangerous
in a locked down configuration. Restrict it so can't be used on this setup.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c
index e966af080a6fb93077c50239e7ded897207dfe2d..8a0c91f02bec2ada8067fe784e190af7af838537 100644 (file)
--- a/grub-core/commands/setpci.c
+++ b/grub-core/commands/setpci.c
@@ -328,10 +328,10 @@ static grub_extcmd_t cmd;
 
 GRUB_MOD_INIT(setpci)
 {
-  cmd = grub_register_extcmd ("setpci", grub_cmd_setpci, 0,
-                             N_("[-s POSITION] [-d DEVICE] [-v VAR] "
-                                "REGISTER[=VALUE[:MASK]]"),
-                             N_("Manipulate PCI devices."), options);
+  cmd = grub_register_extcmd_lockdown ("setpci", grub_cmd_setpci, 0,
+                                      N_("[-s POSITION] [-d DEVICE] [-v VAR] "
+                                         "REGISTER[=VALUE[:MASK]]"),
+                                      N_("Manipulate PCI devices."), options);
 }
 
 GRUB_MOD_FINI(setpci)