nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch

80913e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
80913e
From: Javier Martinez Canillas <javierm@redhat.com>
80913e
Date: Tue, 2 Feb 2021 19:59:48 +0100
80913e
Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down
80913e
80913e
It may be useful for scripts to determine whether the GRUB is locked
80913e
down or not. Add the lockdown variable which is set to "y" when the GRUB
80913e
is locked down.
80913e
80913e
Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com>
80913e
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
80913e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
80913e
---
80913e
 grub-core/kern/lockdown.c | 4 ++++
80913e
 docs/grub.texi            | 3 +++
80913e
 2 files changed, 7 insertions(+)
80913e
80913e
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
80913e
index f87ddaeb1ee..30cba7f5ea2 100644
80913e
--- a/grub-core/kern/lockdown.c
80913e
+++ b/grub-core/kern/lockdown.c
80913e
@@ -18,6 +18,7 @@
80913e
  */
80913e
 
80913e
 #include <grub/dl.h>
80913e
+#include <grub/env.h>
80913e
 #include <grub/file.h>
80913e
 #include <grub/lockdown.h>
80913e
 
80913e
@@ -84,6 +85,9 @@ grub_lockdown (void)
80913e
 #if 0
80913e
   grub_verifier_register (&lockdown_verifier);
80913e
 #endif
80913e
+
80913e
+  grub_env_set ("lockdown", "y");
80913e
+  grub_env_export ("lockdown");
80913e
 }
80913e
 
80913e
 int
80913e
diff --git a/docs/grub.texi b/docs/grub.texi
80913e
index f957535dbea..755de88d7d8 100644
80913e
--- a/docs/grub.texi
80913e
+++ b/docs/grub.texi
80913e
@@ -5985,6 +5985,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl
80913e
 if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
80913e
 be restricted and some operations/commands cannot be executed.
80913e
 
80913e
+The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
80913e
+Otherwise it does not exit.
80913e
+
80913e
 @node Platform limitations
80913e
 @chapter Platform limitations
80913e