Current state of the patchset:
- Cherry-picked Fedora NX patches to make GRUB itself work under NX.
This required some fixups to build on non-64 bit arches (operation
on 32-bit is currently untested)
- Cherry-picked Julian Andres Klode's loader framework patch (used in
Debian and Ubuntu for the downstream loader).
- Implemented shim loader protocol support using the above loader framework.
- Added patch to disallow using the legacy Linux loader when NX is required.
Future work:
- Completely disable non-NX compatible loaders when heap allocation are marked
NX.
This should be independent from the NX-enforcement flag and Secure Boot
status.
(Note that this is non-crtitical for security, as non-UEFI/Linux loaders are
disabled
by SB lockdown, but would be nice to avoid crashes for unsuspecting users on
future
hardware).
- Implement NX in non-Linux loaders where applicable.
Julian Andres Klode (1):
efi: Provide wrappers for load_image, start_image, unload_image
Laszlo Ersek (3):
grub_dl_load_segments(): page-align the tramp/GOT areas too
grub_dl_set_mem_attrs(): add self-check for the tramp/GOT sizes
grub_dl_set_mem_attrs(): fix format string
Mate Kukri (3):
mm: Fixup bogus assumptions about types sizes in format strings
efi: Use shim's loader protocol for EFI image verification and loading
efi: Disallow fallback to legacy Linux loader when shim says NX is
required.
Peter Jones (8):
modules: make .module_license read-only
modules: strip .llvm_addrsig sections and similar.
modules: Don't allocate space for non-allocable sections.
pe: add the DOS header struct and fix some bad naming.
modules: load module sections at page-aligned addresses
nx: add memory attribute get/set API
nx: set page permissions for loaded modules.
nx: set the nx compatible flag in EFI grub images
docs/grub-dev.texi | 6 +-
grub-core/genmod.sh.in | 5 +-
grub-core/kern/arm/dl.c | 13 +++
grub-core/kern/arm64/dl.c | 13 +++
grub-core/kern/dl.c | 168 ++++++++++++++++++++++++-----
grub-core/kern/efi/efi.c | 93 ++++++++++++++++
grub-core/kern/efi/mm.c | 128 ++++++++++++++++++++++
grub-core/kern/efi/sb.c | 39 +++----
grub-core/kern/emu/full.c | 13 +++
grub-core/kern/i386/dl.c | 13 +++
grub-core/kern/ia64/dl.c | 9 ++
grub-core/kern/mips/dl.c | 8 ++
grub-core/kern/powerpc/dl.c | 9 ++
grub-core/kern/riscv/dl.c | 13 +++
grub-core/kern/sparc64/dl.c | 9 ++
grub-core/kern/x86_64/dl.c | 13 +++
grub-core/loader/efi/chainloader.c | 13 +--
grub-core/loader/efi/linux.c | 69 +++++++-----
include/grub/dl.h | 48 ++++++++-
include/grub/efi/api.h | 30 ++++++
include/grub/efi/efi.h | 44 ++++++++
include/grub/efi/pe32.h | 98 +++++++++++++++--
include/grub/efi/sb.h | 3 -
include/grub/mm.h | 32 ++++++
util/mkimage.c | 1 +
25 files changed, 786 insertions(+), 104 deletions(-)
--
2.39.2
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
