grub2/SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch

54 lines
1.6 KiB
Diff
Raw Normal View History

2021-03-30 15:50:09 +00:00
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 2 Feb 2021 19:59:48 +0100
Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down
It may be useful for scripts to determine whether the GRUB is locked
down or not. Add the lockdown variable which is set to "y" when the GRUB
is locked down.
Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/lockdown.c | 4 ++++
docs/grub.texi | 3 +++
2 files changed, 7 insertions(+)
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
2022-03-29 18:03:52 +00:00
index f87ddaeb1..30cba7f5e 100644
2021-03-30 15:50:09 +00:00
--- a/grub-core/kern/lockdown.c
+++ b/grub-core/kern/lockdown.c
@@ -18,6 +18,7 @@
*/
#include <grub/dl.h>
+#include <grub/env.h>
#include <grub/file.h>
#include <grub/lockdown.h>
@@ -84,6 +85,9 @@ grub_lockdown (void)
#if 0
grub_verifier_register (&lockdown_verifier);
#endif
+
+ grub_env_set ("lockdown", "y");
+ grub_env_export ("lockdown");
}
int
diff --git a/docs/grub.texi b/docs/grub.texi
2022-03-29 18:03:52 +00:00
index f957535db..755de88d7 100644
2021-03-30 15:50:09 +00:00
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -5985,6 +5985,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl
if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
be restricted and some operations/commands cannot be executed.
+The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
+Otherwise it does not exit.
+
@node Platform limitations
@chapter Platform limitations