Blame SOURCES/0301-kern-efi-sb-Enforce-verification-of-font-files.patch

a46852
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
a46852
From: Zhang Boyang <zhangboyang.id@gmail.com>
a46852
Date: Sun, 14 Aug 2022 15:51:54 +0800
a46852
Subject: [PATCH] kern/efi/sb: Enforce verification of font files
a46852
a46852
As a mitigation and hardening measure enforce verification of font
a46852
files. Then only trusted font files can be load. This will reduce the
a46852
attack surface at cost of losing the ability of end-users to customize
a46852
fonts if e.g. UEFI Secure Boot is enabled. Vendors can always customize
a46852
fonts because they have ability to pack fonts into their GRUB bundles.
a46852
a46852
This goal is achieved by:
a46852
a46852
  * Removing GRUB_FILE_TYPE_FONT from shim lock verifier's
a46852
    skip-verification list.
a46852
a46852
  * Adding GRUB_FILE_TYPE_FONT to lockdown verifier's defer-auth list,
a46852
    so font files must be verified by a verifier before they can be loaded.
a46852
a46852
Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
a46852
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
a46852
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
a46852
(cherry picked from commit 630deb8c0d8b02b670ced4b7030414bcf17aa080)
a46852
(cherry picked from commit 37257e0ee45b9029b62f4046c983481d063b821d)
a46852
---
a46852
 grub-core/kern/efi/sb.c   | 1 -
a46852
 grub-core/kern/lockdown.c | 1 +
a46852
 2 files changed, 1 insertion(+), 1 deletion(-)
a46852
a46852
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
a46852
index 89c4bb3fd1..db42c2539f 100644
a46852
--- a/grub-core/kern/efi/sb.c
a46852
+++ b/grub-core/kern/efi/sb.c
a46852
@@ -145,7 +145,6 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
a46852
     case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
a46852
     case GRUB_FILE_TYPE_TESTLOAD:
a46852
     case GRUB_FILE_TYPE_GET_SIZE:
a46852
-    case GRUB_FILE_TYPE_FONT:
a46852
     case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
a46852
     case GRUB_FILE_TYPE_CAT:
a46852
     case GRUB_FILE_TYPE_HEXCAT:
a46852
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
a46852
index 0bc70fd42d..af6d493cd3 100644
a46852
--- a/grub-core/kern/lockdown.c
a46852
+++ b/grub-core/kern/lockdown.c
a46852
@@ -51,6 +51,7 @@ lockdown_verifier_init (grub_file_t io __attribute__ ((unused)),
a46852
     case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
a46852
     case GRUB_FILE_TYPE_ACPI_TABLE:
a46852
     case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
a46852
+    case GRUB_FILE_TYPE_FONT:
a46852
       *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
a46852
 
a46852
       /* Fall through. */