dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch

9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Javier Martinez Canillas <javierm@redhat.com>
9723a8
Date: Tue, 2 Feb 2021 19:59:48 +0100
9723a8
Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down
9723a8
9723a8
It may be useful for scripts to determine whether the GRUB is locked
9723a8
down or not. Add the lockdown variable which is set to "y" when the GRUB
9723a8
is locked down.
9723a8
9723a8
Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com>
9723a8
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/kern/lockdown.c | 4 ++++
9723a8
 docs/grub.texi            | 3 +++
9723a8
 2 files changed, 7 insertions(+)
9723a8
9723a8
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
9723a8
index f87ddaeb1ee..30cba7f5ea2 100644
9723a8
--- a/grub-core/kern/lockdown.c
9723a8
+++ b/grub-core/kern/lockdown.c
9723a8
@@ -18,6 +18,7 @@
9723a8
  */
9723a8
 
9723a8
 #include <grub/dl.h>
9723a8
+#include <grub/env.h>
9723a8
 #include <grub/file.h>
9723a8
 #include <grub/lockdown.h>
9723a8
 
9723a8
@@ -84,6 +85,9 @@ grub_lockdown (void)
9723a8
 #if 0
9723a8
   grub_verifier_register (&lockdown_verifier);
9723a8
 #endif
9723a8
+
9723a8
+  grub_env_set ("lockdown", "y");
9723a8
+  grub_env_export ("lockdown");
9723a8
 }
9723a8
 
9723a8
 int
9723a8
diff --git a/docs/grub.texi b/docs/grub.texi
3efed6
index f957535dbea..755de88d7d8 100644
9723a8
--- a/docs/grub.texi
9723a8
+++ b/docs/grub.texi
3efed6
@@ -5985,6 +5985,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl
9723a8
 if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
9723a8
 be restricted and some operations/commands cannot be executed.
9723a8
 
9723a8
+The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
9723a8
+Otherwise it does not exit.
9723a8
+
9723a8
 @node Platform limitations
9723a8
 @chapter Platform limitations
9723a8