fdt: Treat device tree file type like ACPI

We now have signature check logic in grub which allows us to treat
files differently depending on their file type.

Treat a loaded device tree like an overlayed ACPI table.
Both describe hardware, so I suppose their threat level is the same.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
index 01246b0fc1c8088472e4a792edc84cb64c68ca6b..83568cb2b7833a077a9bf52762a78513108eaf64 100644 (file)
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -81,6 +81,7 @@ shim_lock_init (grub_file_t io, enum grub_file_type type,
       /* Fall through. */
 
     case GRUB_FILE_TYPE_ACPI_TABLE:
+    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
 
       return GRUB_ERR_NONE;

diff --git a/include/grub/file.h b/include/grub/file.h
index cbbd294655b402240aef950a8f9111d6d0b4fc40..31567483ccfc36990ee20d95d0664f44d033f3b3 100644 (file)
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -74,8 +74,6 @@ enum grub_file_type
 
     GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE,
 
-    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
-
     /* File holding signature.  */
     GRUB_FILE_TYPE_SIGNATURE,
     /* File holding public key to verify signature once.  */
@@ -100,6 +98,8 @@ enum grub_file_type
     GRUB_FILE_TYPE_FILE_ID,
     /* File holding ACPI table.  */
     GRUB_FILE_TYPE_ACPI_TABLE,
+    /* File holding Device Tree.  */
+    GRUB_FILE_TYPE_DEVICE_TREE_IMAGE,
     /* File we intend show to user.  */
     GRUB_FILE_TYPE_CAT,
     GRUB_FILE_TYPE_HEXCAT,