On Fri, Mar 15, 2024 at 7:26 AM Vladimir 'phcoder' Serbinenko
wrote:
>
> Verifying after decompression is a bad security practice. It relies on
> decompression having no security holes. Given how complex decompression is,
> this is almost guaranteed to be false.
>
Point taken... I'll drop this
On Fri, Mar 15, 2024 at 7:31 AM Vladimir 'phcoder' Serbinenko
wrote:
>
> Not a full review. Just one blocking problem
>
>>
>>
>> }
>> + case MULTIBOOT_LOAD_TYPE_PE:
>> + grub_fatal ("Unsupported load type: %u\n", mld.load_type);
>> + default:
>> +/* should be impossible */
>> +
On Tue, Mar 19, 2024 at 10:07 AM Roger Pau Monné wrote:
>
> On Wed, Mar 13, 2024 at 03:07:43PM +, Ross Lagerwall wrote:
> > Binaries may be built with entry points above 4G. While bootloaders may
> > relocate them below 4G, it should be possible for the binary to specify
> > those entry points
This patch series implements support for loading and verifying a signed
xen binary. This would allow the same xen binary to be used for BIOS
boot, UEFI boot, and UEFI boot with Secure Boot verification.
There is an accompanying Xen patch series.
The first patch updates the multiboot2 specification
Currently, multiboot2-compatible bootloaders can load ELF binaries and
a.out binaries. The presence of the address header tag determines
how the bootloader tries to interpret the binary (a.out if the address
tag is present else ELF).
In addition to the existing address and ELF load types, specify
GRUB doesn't do anything with multiboot modules except loading them and
passing a pointer to the multiboot kernel. Therefore GRUB itself doesn't
need to verify the module. Multiboot modules may contain code that needs
to be verified. If this is the case, the expectation is that the
multiboot kernel
Add the ability to load multiboot binaries in PE format. This allows the
binaries to be signed and verified.
Signed-off-by: Ross Lagerwall
---
grub-core/Makefile.core.def | 1 +
grub-core/loader/multiboot.c | 7 +
grub-core/loader/multiboot_mbi2.c | 11 +-
grub-core/loader/multib
On Thu, Mar 28, 2024 at 03:05:47PM +, Ross Lagerwall wrote:
> On Tue, Mar 19, 2024 at 10:07 AM Roger Pau Monné wrote:
> >
> > On Wed, Mar 13, 2024 at 03:07:43PM +, Ross Lagerwall wrote:
> > > Binaries may be built with entry points above 4G. While bootloaders may
> > > relocate them below
