Zhang Boyang <zhangboyang...@gmail.com> writes: > This patch add version information to GRUB modules. Specifically, > PACKAGE_VERSION is embedded as null-terminated string in .modver > section. This string is checked at module loading time. That module will > be rejected if mismatch is found. This will prevent loading modules from > different versions of GRUB. > > It should be pointed out that the version string is only consisted of > PACKAGE_VERSION. Any difference not reflected in PACKAGE_VERSION is not > noticed by version check (e.g. configure options).
Right now, this only affects non-secureboot scenarios (because we don't have external signed module support). I would want to see a resolution to the external module signing question first so that we don't paint ourselves into a corner with something like this. I share Glenn's confusion about what real-world problems this addresses: my understanding is that grub modules mostly register callbacks, so the possibility of disaster is low (unless the callback interfaces change of course, but that generally has not happened). The combination of those two things leads me to suspect this is not the right approach. It seems likely that if we want to down the road of versionlocking, something like the kernel's ephemeral key approach would be better suited - and if we want external modules (which I don't think we do), full SBAT support. Be well, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
