[PATCH v4 00/10] UEFI NX support and NX Linux loader using shim loader protocol

Wed, 12 Jun 2024 08:58:14 -0700 

Currently the patchset consists of:
- Reworked Fedora NX patches to make GRUB itself work under NX.
- Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for 
the downstream loader).
- Implemented shim loader protocol support using the above loader framework.
- Added patch to disallow using the legacy Linux loader when NX is required.

Future work:
- Implement NX in non-Linux loaders where applicable.
  (Note that this is non-crtitical for security, as non-UEFI/Linux loaders are 
disabled
   by SB lockdown, but would be nice to avoid crashes for unsuspecting users on 
future
   hardware).

Julian Andres Klode (1):
  efi: Provide wrappers for load_image, start_image, unload_image

Mate Kukri (6):
  modules: load module sections at page-aligned addresses
  nx: add memory attribute get/set API
  nx: set page permissions for loaded modules.
  nx: set the nx compatible flag in EFI grub images
  efi: Use shim's loader protocol for EFI image verification and loading
  efi: Disallow fallback to legacy Linux loader when shim says NX is
    required.

Peter Jones (3):
  modules: make .module_license read-only
  modules: strip .llvm_addrsig sections and similar.
  modules: Don't allocate space for non-allocable sections.

 docs/grub-dev.texi                 |   6 +-
 grub-core/genmod.sh.in             |   5 +-
 grub-core/kern/arm/dl.c            |  13 +++
 grub-core/kern/arm64/dl.c          |  13 +++
 grub-core/kern/dl.c                | 160 +++++++++++++++++++++++------
 grub-core/kern/efi/efi.c           |  57 ++++++++++
 grub-core/kern/efi/mm.c            | 127 +++++++++++++++++++++++
 grub-core/kern/efi/sb.c            |  61 +++++++----
 grub-core/kern/emu/full.c          |  13 +++
 grub-core/kern/i386/dl.c           |  13 +++
 grub-core/kern/ia64/dl.c           |   9 ++
 grub-core/kern/mips/dl.c           |   8 ++
 grub-core/kern/powerpc/dl.c        |   9 ++
 grub-core/kern/riscv/dl.c          |  13 +++
 grub-core/kern/sparc64/dl.c        |   9 ++
 grub-core/kern/x86_64/dl.c         |  13 +++
 grub-core/loader/efi/chainloader.c |  13 +--
 grub-core/loader/efi/linux.c       |  40 +++-----
 include/grub/dl.h                  |  50 ++++++++-
 include/grub/efi/api.h             |  32 ++++++
 include/grub/efi/efi.h             |  42 ++++++++
 include/grub/efi/pe32.h            |   2 +
 include/grub/efi/sb.h              |   5 +-
 include/grub/mm.h                  |  33 ++++++
 util/mkimage.c                     |   1 +
 25 files changed, 652 insertions(+), 95 deletions(-)

-- 
2.39.2


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to