Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
PUBLIC_REPOS
/
buildroot
zrkadlo git://git.buildroot.net/buildroot
2
1
Fork 0
Súbory
Branch: master
Branche Tagy
buildroot
/
boot
/
grub2
/
0041-commands-memrw-Disable-memory-reading-in-lockdown-mo.patch

0041-commands-memrw-Disable-memory-reading-in-lockdown-mo.patch 2.2 KB
Permanentný odkaz História Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. From 51c3e37bb23b3ce1919f3ff582cb31fc32a10b4b Mon Sep 17 00:00:00 2001
    2. 

  2. From: B Horn <b@horn.uk>
    3. 

  3. Date: Thu, 18 Apr 2024 20:37:10 +0100
    4. 

  4. Subject: [PATCH] commands/memrw: Disable memory reading in lockdown mode
    5. 

  5. 

  6. With the rest of module being blocked in lockdown mode it does not make
    7. 

  7. a lot of sense to leave memory reading enabled. This also goes in par
    8. 

  8. with disabling the dump command.
    9. 

  9. 

  10. Reported-by: B Horn <b@horn.uk>
    11. 

  11. Signed-off-by: B Horn <b@horn.uk>
    12. 

  12. Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
    13. 

  13. Upstream: 340e4d058f584534f4b90b7dbea2b64a9f8c418c
    14. 

  14. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    15. 

  15. ---
    16. 

  16.  grub-core/commands/memrw.c | 21 ++++++++++++---------
    17. 

  17.  1 file changed, 12 insertions(+), 9 deletions(-)
    18. 

  18. 

  19. diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
    20. 

  20. index d401a6db0..3542683d1 100644
    21. 

  21. --- a/grub-core/commands/memrw.c
    22. 

  22. +++ b/grub-core/commands/memrw.c
    23. 

  23. @@ -122,17 +122,20 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
    24. 

  24.  GRUB_MOD_INIT(memrw)
    25. 

  25.  {
    26. 

  26.    cmd_read_byte =
    27. 

  27. -    grub_register_extcmd ("read_byte", grub_cmd_read, 0,
    28. 

  28. -			  N_("ADDR"), N_("Read 8-bit value from ADDR."),
    29. 

  29. -			  options);
    30. 

  30. +    grub_register_extcmd_lockdown ("read_byte", grub_cmd_read, 0,
    31. 

  31. +                                   N_("ADDR"),
    32. 

  32. +                                   N_("Read 8-bit value from ADDR."),
    33. 

  33. +                                   options);
    34. 

  34.    cmd_read_word =
    35. 

  35. -    grub_register_extcmd ("read_word", grub_cmd_read, 0,
    36. 

  36. -			  N_("ADDR"), N_("Read 16-bit value from ADDR."),
    37. 

  37. -			  options);
    38. 

  38. +    grub_register_extcmd_lockdown ("read_word", grub_cmd_read, 0,
    39. 

  39. +                                   N_("ADDR"),
    40. 

  40. +                                   N_("Read 16-bit value from ADDR."),
    41. 

  41. +                                   options);
    42. 

  42.    cmd_read_dword =
    43. 

  43. -    grub_register_extcmd ("read_dword", grub_cmd_read, 0,
    44. 

  44. -			  N_("ADDR"), N_("Read 32-bit value from ADDR."),
    45. 

  45. -			  options);
    46. 

  46. +    grub_register_extcmd_lockdown ("read_dword", grub_cmd_read, 0,
    47. 

  47. +                                   N_("ADDR"),
    48. 

  48. +                                   N_("Read 32-bit value from ADDR."),
    49. 

  49. +                                   options);
    50. 

  50.    cmd_write_byte =
    51. 

  51.      grub_register_command_lockdown ("write_byte", grub_cmd_write,
    52. 

  52.                                      N_("ADDR VALUE [MASK]"),
    53. 

  53. -- 
    54. 

  54. 2.50.1
    55. 

  55.