git.ipfire.org Git - thirdparty/grub.git/commit

author	Zhang Boyang <zhangboyang.id@gmail.com>
	Sun, 14 Aug 2022 07:51:54 +0000 (15:51 +0800)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Mon, 14 Nov 2022 19:24:39 +0000 (20:24 +0100)
commit	93a786a00163e50c29f0394df198518617e1c9a5
tree	ddf7799fd4d3189fcc6f2567b25ca916a888476f	tree
parent	1d2015598cc7a9fca4b39186273e3519a88e80c7	commit \| diff

kern/efi/sb: Enforce verification of font files

As a mitigation and hardening measure enforce verification of font
files. Then only trusted font files can be load. This will reduce the
attack surface at cost of losing the ability of end-users to customize
fonts if e.g. UEFI Secure Boot is enabled. Vendors can always customize
fonts because they have ability to pack fonts into their GRUB bundles.

This goal is achieved by:

  * Removing GRUB_FILE_TYPE_FONT from shim lock verifier's
    skip-verification list.

  * Adding GRUB_FILE_TYPE_FONT to lockdown verifier's defer-auth list,
    so font files must be verified by a verifier before they can be loaded.

Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/kern/efi/sb.c		diff \| blob \| blame \| history
grub-core/kern/lockdown.c		diff \| blob \| blame \| history