@dfn{BSD UFS/UFS2}, @dfn{XFS}, and @dfn{ZFS} (including lzjb, gzip,
zle, mirror, stripe, raidz1/2/3 and encryption in AES-CCM and AES-GCM).
@xref{Filesystem}, for more information.
+Note: Only a subset of filesystems are supported in lockdown mode (such
+as when secure boot is enabled, @pxref{Lockdown} for more information).
@item Support automatic decompression
Can decompress files which were compressed by @command{gzip} or
F2FS, HFS, uncompressed HFS+, ISO9660, JFS, Minix, Minix2, Minix3, NILFS2,
NTFS, ReiserFS, ROMFS, SFS, tar, UDF, UFS1, UFS2, XFS
@end itemize
+Note: Only a subset of filesystems are supported in lockdown mode (such
+as when secure boot is enabled, @pxref{Lockdown} for more information).
MBR gap has few technical problems. There is no way to reserve space in
the embedding area with complete safety, and some proprietary software is
@node affs_module
@section affs
This module provides support for the Amiga Fast FileSystem (AFFS).
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node afs_module
@section afs
This module provides support for the AtheOS File System (AFS).
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node afsplitter_module
@section afsplitter
@node bfs_module
@section bfs
This module provides support for the BeOS "Be File System" (BFS).
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node biosdisk_module
@section biosdisk
@section cbfs
This module provides support for the Coreboot File System (CBFS) which is an
archive based file system.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node cbls_module
@section cbls
@section hfs
This module provides support for the Hierarchical File System (HFS) file system
in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node hfsplus_module
@section hfsplus
@node jfs_module
@section jfs
This module provides support for the Journaled File System (JFS) file system.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node jpeg_module
@section jpeg
@node minix_module
@section minix
This module provides support for the Minix filesystem, version 1.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node minix2_module
@section minix2
This module provides support for the Minix filesystem, version 2.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node minix2_be_module
@section minix2_be
This module provides support for the Minix filesystem, version 2 big-endian.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node minix3_module
@section minix3
This module provides support for the Minix filesystem, version 3.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node minix3_be_module
@section minix3_be
This module provides support for the Minix filesystem, version 3 big-endian.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node minix_be_module
@section minix_be
This module provides support for the Minix filesystem, version 1 big-endian.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node mmap_module
@section mmap
@section nilfs2
This module provides support for the New Implementation of Log filesystem
(nilfs2).
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node normal_module
@section normal
@node ntfs_module
@section ntfs
This module provides support for the New Technology File System (NTFS) in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node ntfscomp_module
@section ntfscomp
This module provides support for compression with the New Technology File
System (NTFS) in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node ntldr_module
@section ntldr
@node reiserfs_module
@section reiserfs
This module provides support for the ReiserFS File System in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node relocator_module
@section relocator
@node romfs_module
@section romfs
This module provides support for the Read-Only Memory File System (ROMFS).
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node scsi_module
@section scsi
@node sfs_module
@section sfs
This module provides support for the Amiga Smart File System (SFS) in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node shift_test_module
@section shift_test
@section udf
This module provides support for the Universal Disk Format (UDF) used on some
newer optical disks.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node ufs1_module
@section ufs1
This module provides support for the Unix File System version 1 in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node ufs1_be_module
@section ufs1_be
This module provides support for the Unix File System version 1 (big-endian) in
GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node ufs2_module
@section ufs2
This module provides support for the Unix File System version 2 in GRUB.
+Note: This module is not allowed in lockdown mode, @pxref{Lockdown} for more
+information.
@node uhci_module
@section uhci
The GRUB can be locked down when booted on a secure boot environment, for example
if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
-be restricted and some operations/commands cannot be executed.
+be restricted and some operations/commands cannot be executed. This also includes
+limiting which filesystems are supported to those thought to be more robust and
+widely used within GRUB.
+
+The filesystems currently allowed in lockdown mode include:
+@itemize @bullet
+@item BtrFS
+@item cpio
+@item exFAT
+@item Enhanced Read-Only File System (EROFS)
+@item Linux ext2/ext3/ext4
+@item F2FS
+@item DOS FAT12/FAT16/FAT32
+@item HFS+
+@item ISO9660
+@item Squash4
+@item tar
+@item XFS
+@item ZFS
+@end itemize
+
+The filesystems currently not allowed in lockdown mode include:
+@itemize @bullet
+@item Amiga Fast FileSystem (AFFS)
+@item AtheOS File System (AFS)
+@item Bee File System (BFS)
+@item Coreboot File System (CBFS)
+@item Hierarchical File System (HFS)
+@item Journaled File System (JFS)
+@item Minix filesystem
+@item New Implementation of Log filesystem (nilfs2)
+@item Windows New Technology File System (NTFS)
+@item ReiserFS
+@item Read-Only Memory File System (ROMFS)
+@item Amiga Smart File System (SFS)
+@item Universal Disk Format (UDF)
+@item Unix File System (UFS)
+@end itemize
The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
-Otherwise it does not exit.
+Otherwise it does not exist.
@node TPM2 key protector
@section TPM2 key protector in GRUB
projects / thirdparty / grub.git / commitdiff
