URL:
<https://savannah.gnu.org/bugs/?62380>
Summary: New special environment variable to control default
menu security
Project: GNU GRUB
Submitted by: stallion
Submitted on: Thu 28 Apr 2022 01:17:52 PM UTC
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Originator Name: Steven Stallion
Originator Email: [email protected]
Open/Closed: Open
Release:
Release: Git master
Discussion Lock: Any
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
When enabling secure boot, it can be a pain to track down all uses of
menuentry and submenu to change security flags (eg. defaulting to
--unrestricted).
I'd like to propose a new special environment variable named `menu_security',
which defines a default that is applied to a configuration if a security flag
is not specified on an entry.
I think this would simplify configuration substantially, especially for files
other than 10_linux that do not have a CLASS variable defined.
I have a little bit of time this week - I'll try to put together a candidate
patch to see what folks think.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?62380>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
