You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.6 KiB
54 lines
1.6 KiB
2 years ago
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
||
|
Date: Tue, 2 Feb 2021 19:59:48 +0100
|
||
|
Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down
|
||
|
|
||
|
It may be useful for scripts to determine whether the GRUB is locked
|
||
|
down or not. Add the lockdown variable which is set to "y" when the GRUB
|
||
|
is locked down.
|
||
|
|
||
|
Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com>
|
||
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
||
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||
|
---
|
||
|
grub-core/kern/lockdown.c | 4 ++++
|
||
|
docs/grub.texi | 3 +++
|
||
|
2 files changed, 7 insertions(+)
|
||
|
|
||
|
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
|
||
|
index f87ddaeb1..30cba7f5e 100644
|
||
|
--- a/grub-core/kern/lockdown.c
|
||
|
+++ b/grub-core/kern/lockdown.c
|
||
|
@@ -18,6 +18,7 @@
|
||
|
*/
|
||
|
|
||
|
#include <grub/dl.h>
|
||
|
+#include <grub/env.h>
|
||
|
#include <grub/file.h>
|
||
|
#include <grub/lockdown.h>
|
||
|
|
||
|
@@ -84,6 +85,9 @@ grub_lockdown (void)
|
||
|
#if 0
|
||
|
grub_verifier_register (&lockdown_verifier);
|
||
|
#endif
|
||
|
+
|
||
|
+ grub_env_set ("lockdown", "y");
|
||
|
+ grub_env_export ("lockdown");
|
||
|
}
|
||
|
|
||
|
int
|
||
|
diff --git a/docs/grub.texi b/docs/grub.texi
|
||
|
index f957535db..755de88d7 100644
|
||
|
--- a/docs/grub.texi
|
||
|
+++ b/docs/grub.texi
|
||
|
@@ -5985,6 +5985,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl
|
||
|
if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
|
||
|
be restricted and some operations/commands cannot be executed.
|
||
|
|
||
|
+The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
|
||
|
+Otherwise it does not exit.
|
||
|
+
|
||
|
@node Platform limitations
|
||
|
@chapter Platform limitations
|
||
|
|