nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0209-grub-core-loader-efi-linux.c-drop-now-unused-grub_li.patch

b35c50
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b35c50
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
b35c50
Date: Fri, 4 Mar 2022 11:36:09 +0100
b35c50
Subject: [PATCH] grub-core/loader/efi/linux.c: drop now unused
b35c50
 grub_linuxefi_secure_validate
b35c50
b35c50
Drop the now unused grub_linuxefi_secure_validate() as all prior users
b35c50
of this API now rely on the shim-lock-verifier codepath instead.
b35c50
b35c50
This patch must not be ported to older editions of grub code bases
b35c50
that do not have verifiers framework, or it is not builtin, or
b35c50
shim-lock-verifier is an optional module.
b35c50
b35c50
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
b35c50
---
b35c50
 grub-core/loader/efi/linux.c | 40 ----------------------------------------
b35c50
 include/grub/efi/linux.h     |  2 --
b35c50
 2 files changed, 42 deletions(-)
b35c50
b35c50
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
b35c50
index 9260731c10..9265cf4200 100644
b35c50
--- a/grub-core/loader/efi/linux.c
b35c50
+++ b/grub-core/loader/efi/linux.c
b35c50
@@ -24,46 +24,6 @@
b35c50
 #include <grub/efi/pe32.h>
b35c50
 #include <grub/efi/linux.h>
b35c50
 
b35c50
-#define SHIM_LOCK_GUID \
b35c50
- { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
b35c50
-
b35c50
-struct grub_efi_shim_lock
b35c50
-{
b35c50
-  grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
b35c50
-};
b35c50
-typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
b35c50
-
b35c50
-// Returns 1 on success, -1 on error, 0 when not available
b35c50
-int
b35c50
-grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
b35c50
-{
b35c50
-  grub_efi_guid_t guid = SHIM_LOCK_GUID;
b35c50
-  grub_efi_shim_lock_t *shim_lock;
b35c50
-  grub_efi_status_t status;
b35c50
-
b35c50
-  shim_lock = grub_efi_locate_protocol(&guid, NULL);
b35c50
-  grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
b35c50
-  if (!shim_lock)
b35c50
-    {
b35c50
-      grub_dprintf ("secureboot", "shim not available\n");
b35c50
-      return 0;
b35c50
-    }
b35c50
-
b35c50
-  grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n");
b35c50
-  status = shim_lock->verify (data, size);
b35c50
-  grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", (long int)status);
b35c50
-  if (status == GRUB_EFI_SUCCESS)
b35c50
-    {
b35c50
-      grub_dprintf ("secureboot", "Kernel signature verification passed\n");
b35c50
-      return 1;
b35c50
-    }
b35c50
-
b35c50
-  grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n",
b35c50
-		(unsigned long) status);
b35c50
-
b35c50
-  return -1;
b35c50
-}
b35c50
-
b35c50
 #pragma GCC diagnostic push
b35c50
 #pragma GCC diagnostic ignored "-Wcast-align"
b35c50
 
b35c50
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
b35c50
index 0033d9305a..887b02fd9f 100644
b35c50
--- a/include/grub/efi/linux.h
b35c50
+++ b/include/grub/efi/linux.h
b35c50
@@ -22,8 +22,6 @@
b35c50
 #include <grub/err.h>
b35c50
 #include <grub/symbol.h>
b35c50
 
b35c50
-int
b35c50
-EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size);
b35c50
 grub_err_t
b35c50
 EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,
b35c50
 				  void *kernel_param);