From 09657e853913ac79142e8577b7b47eb79511debd Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 28 Mar 2023 10:45:38 +0200
Subject: [PATCH] Hardening: Declare content of /usr/lib/grub as firmware files

This folder contains the neccessary files, which are written to
the MBR, dealing with EFI, or loading additional required grub
modules unless the whole grub menu can be displayed or a selected
OS will start up.

Some of these files are 32bit ELF files or do not have SSP etc.

So I would suggest to mark them as firmware files and therefore
skip some of the hardening tests.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/libpakfire/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c
index 33e26fea..819587ef 100644
--- a/src/libpakfire/file.c
+++ b/src/libpakfire/file.c
@@ -1509,6 +1509,7 @@ static const struct pattern {
 	{ "*.pm", PAKFIRE_FILE_PERL },
 	{ "*.pc", PAKFIRE_FILE_PKGCONFIG },
 	{ "/usr/lib/firmware/*", PAKFIRE_FILE_FIRMWARE },
+	{ "/usr/lib/grub/*", PAKFIRE_FILE_FIRMWARE },
 	{ "/usr/lib*/ld-*.so*", PAKFIRE_FILE_RUNTIME_LINKER },
 	{ NULL },
 };
-- 
2.47.3