Blame SOURCES/0373-kern-Add-lockdown-support.patch

468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Javier Martinez Canillas <javierm@redhat.com>
468bd4
Date: Fri, 19 Feb 2021 10:33:54 +0100
468bd4
Subject: [PATCH] kern: Add lockdown support
468bd4
468bd4
When the GRUB starts on a secure boot platform, some commands can be
468bd4
used to subvert the protections provided by the verification mechanism and
468bd4
could lead to booting untrusted system.
468bd4
468bd4
To prevent that situation, allow GRUB to be locked down. That way the code
468bd4
may check if GRUB has been locked down and further restrict the commands
468bd4
that are registered or what subset of their functionality could be used.
468bd4
468bd4
The lockdown support adds the following components:
468bd4
468bd4
* The grub_lockdown() function which can be used to lockdown GRUB if,
468bd4
  e.g., UEFI Secure Boot is enabled.
468bd4
468bd4
* The grub_is_lockdown() function which can be used to check if the GRUB
468bd4
  was locked down.
468bd4
468bd4
* A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI
468bd4
  tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other
468bd4
  verifiers. These files are only successfully verified if another registered
468bd4
  verifier returns success. Otherwise, the whole verification process fails.
468bd4
468bd4
  For example, PE/COFF binaries verification can be done by the shim_lock
468bd4
  verifier which validates the signatures using the shim_lock protocol.
468bd4
  However, the verification is not deferred directly to the shim_lock verifier.
468bd4
  The shim_lock verifier is hooked into the verification process instead.
468bd4
468bd4
* A set of grub_{command,extcmd}_lockdown functions that can be used by
468bd4
  code registering command handlers, to only register unsafe commands if
468bd4
  the GRUB has not been locked down.
468bd4
468bd4
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/Makefile.core.def |  1 +
468bd4
 grub-core/commands/extcmd.c | 23 +++++++++++
468bd4
 grub-core/kern/command.c    | 24 ++++++++++++
468bd4
 grub-core/kern/lockdown.c   | 93 +++++++++++++++++++++++++++++++++++++++++++++
468bd4
 include/grub/command.h      |  5 +++
468bd4
 include/grub/extcmd.h       |  7 ++++
468bd4
 include/grub/lockdown.h     | 44 +++++++++++++++++++++
468bd4
 conf/Makefile.common        |  2 +
468bd4
 docs/grub-dev.texi          | 27 +++++++++++++
468bd4
 docs/grub.texi              |  8 ++++
468bd4
 grub-core/Makefile.am       |  5 ++-
468bd4
 11 files changed, 238 insertions(+), 1 deletion(-)
468bd4
 create mode 100644 grub-core/kern/lockdown.c
468bd4
 create mode 100644 include/grub/lockdown.h
468bd4
468bd4
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
f6e916
index 8914083d1..02fbecd4b 100644
468bd4
--- a/grub-core/Makefile.core.def
468bd4
+++ b/grub-core/Makefile.core.def
468bd4
@@ -197,6 +197,7 @@ kernel = {
468bd4
   efi = term/efi/console.c;
468bd4
   efi = kern/acpi.c;
468bd4
   efi = kern/efi/acpi.c;
468bd4
+  efi = kern/lockdown.c;
468bd4
   efi = lib/envblk.c;
468bd4
   efi = kern/efi/tpm.c;
468bd4
   i386_coreboot = kern/i386/pc/acpi.c;
468bd4
diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c
f6e916
index 69574e2b0..90a5ca24a 100644
468bd4
--- a/grub-core/commands/extcmd.c
468bd4
+++ b/grub-core/commands/extcmd.c
468bd4
@@ -19,6 +19,7 @@
468bd4
 
468bd4
 #include <grub/mm.h>
468bd4
 #include <grub/list.h>
468bd4
+#include <grub/lockdown.h>
468bd4
 #include <grub/misc.h>
468bd4
 #include <grub/extcmd.h>
468bd4
 #include <grub/script_sh.h>
468bd4
@@ -110,6 +111,28 @@ grub_register_extcmd (const char *name, grub_extcmd_func_t func,
468bd4
 				    summary, description, parser, 1);
468bd4
 }
468bd4
 
468bd4
+static grub_err_t
468bd4
+grub_extcmd_lockdown (grub_extcmd_context_t ctxt __attribute__ ((unused)),
468bd4
+                      int argc __attribute__ ((unused)),
468bd4
+                      char **argv __attribute__ ((unused)))
468bd4
+{
468bd4
+  return grub_error (GRUB_ERR_ACCESS_DENIED,
468bd4
+                     N_("%s: the command is not allowed when lockdown is enforced"),
468bd4
+                     ctxt->extcmd->cmd->name);
468bd4
+}
468bd4
+
468bd4
+grub_extcmd_t
468bd4
+grub_register_extcmd_lockdown (const char *name, grub_extcmd_func_t func,
468bd4
+                               grub_command_flags_t flags, const char *summary,
468bd4
+                               const char *description,
468bd4
+                               const struct grub_arg_option *parser)
468bd4
+{
468bd4
+  if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED)
468bd4
+    func = grub_extcmd_lockdown;
468bd4
+
468bd4
+  return grub_register_extcmd (name, func, flags, summary, description, parser);
468bd4
+}
468bd4
+
468bd4
 void
468bd4
 grub_unregister_extcmd (grub_extcmd_t ext)
468bd4
 {
468bd4
diff --git a/grub-core/kern/command.c b/grub-core/kern/command.c
f6e916
index acd721879..4aabcd4b5 100644
468bd4
--- a/grub-core/kern/command.c
468bd4
+++ b/grub-core/kern/command.c
468bd4
@@ -17,6 +17,7 @@
468bd4
  *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
468bd4
  */
468bd4
 
468bd4
+#include <grub/lockdown.h>
468bd4
 #include <grub/mm.h>
468bd4
 #include <grub/command.h>
468bd4
 
468bd4
@@ -77,6 +78,29 @@ grub_register_command_prio (const char *name,
468bd4
   return cmd;
468bd4
 }
468bd4
 
468bd4
+static grub_err_t
468bd4
+grub_cmd_lockdown (grub_command_t cmd __attribute__ ((unused)),
468bd4
+                   int argc __attribute__ ((unused)),
468bd4
+                   char **argv __attribute__ ((unused)))
468bd4
+
468bd4
+{
468bd4
+  return grub_error (GRUB_ERR_ACCESS_DENIED,
468bd4
+                     N_("%s: the command is not allowed when lockdown is enforced"),
468bd4
+                     cmd->name);
468bd4
+}
468bd4
+
468bd4
+grub_command_t
468bd4
+grub_register_command_lockdown (const char *name,
468bd4
+                                grub_command_func_t func,
468bd4
+                                const char *summary,
468bd4
+                                const char *description)
468bd4
+{
468bd4
+  if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED)
468bd4
+    func = grub_cmd_lockdown;
468bd4
+
468bd4
+  return grub_register_command_prio (name, func, summary, description, 0);
468bd4
+}
468bd4
+
468bd4
 void
468bd4
 grub_unregister_command (grub_command_t cmd)
468bd4
 {
468bd4
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
468bd4
new file mode 100644
f6e916
index 000000000..f87ddaeb1
468bd4
--- /dev/null
468bd4
+++ b/grub-core/kern/lockdown.c
468bd4
@@ -0,0 +1,93 @@
468bd4
+/*
468bd4
+ *  GRUB  --  GRand Unified Bootloader
468bd4
+ *  Copyright (C) 2020  Free Software Foundation, Inc.
468bd4
+ *
468bd4
+ *  GRUB is free software: you can redistribute it and/or modify
468bd4
+ *  it under the terms of the GNU General Public License as published by
468bd4
+ *  the Free Software Foundation, either version 3 of the License, or
468bd4
+ *  (at your option) any later version.
468bd4
+ *
468bd4
+ *  GRUB is distributed in the hope that it will be useful,
468bd4
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
468bd4
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
468bd4
+ *  GNU General Public License for more details.
468bd4
+ *
468bd4
+ *  You should have received a copy of the GNU General Public License
468bd4
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
468bd4
+ *
468bd4
+ */
468bd4
+
468bd4
+#include <grub/dl.h>
468bd4
+#include <grub/file.h>
468bd4
+#include <grub/lockdown.h>
468bd4
+
468bd4
+/* There is no verifier framework in grub 2.02 */
468bd4
+#if 0
468bd4
+#include <grub/verify.h>
468bd4
+#endif
468bd4
+
468bd4
+static int lockdown = GRUB_LOCKDOWN_DISABLED;
468bd4
+
468bd4
+/* There is no verifier framework in grub 2.02 */
468bd4
+#if 0
468bd4
+static grub_err_t
468bd4
+lockdown_verifier_init (grub_file_t io __attribute__ ((unused)),
468bd4
+                    enum grub_file_type type,
468bd4
+                    void **context __attribute__ ((unused)),
468bd4
+                    enum grub_verify_flags *flags)
468bd4
+{
468bd4
+  *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
468bd4
+
468bd4
+  switch (type & GRUB_FILE_TYPE_MASK)
468bd4
+    {
468bd4
+    case GRUB_FILE_TYPE_GRUB_MODULE:
468bd4
+    case GRUB_FILE_TYPE_LINUX_KERNEL:
468bd4
+    case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
468bd4
+    case GRUB_FILE_TYPE_XEN_HYPERVISOR:
468bd4
+    case GRUB_FILE_TYPE_BSD_KERNEL:
468bd4
+    case GRUB_FILE_TYPE_XNU_KERNEL:
468bd4
+    case GRUB_FILE_TYPE_PLAN9_KERNEL:
468bd4
+    case GRUB_FILE_TYPE_NTLDR:
468bd4
+    case GRUB_FILE_TYPE_TRUECRYPT:
468bd4
+    case GRUB_FILE_TYPE_FREEDOS:
468bd4
+    case GRUB_FILE_TYPE_PXECHAINLOADER:
468bd4
+    case GRUB_FILE_TYPE_PCCHAINLOADER:
468bd4
+    case GRUB_FILE_TYPE_COREBOOT_CHAINLOADER:
468bd4
+    case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
468bd4
+    case GRUB_FILE_TYPE_ACPI_TABLE:
468bd4
+    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
468bd4
+      *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
468bd4
+
468bd4
+      /* Fall through. */
468bd4
+
468bd4
+    default:
468bd4
+      return GRUB_ERR_NONE;
468bd4
+    }
468bd4
+}
468bd4
+
468bd4
+struct grub_file_verifier lockdown_verifier =
468bd4
+  {
468bd4
+    .name = "lockdown_verifier",
468bd4
+    .init = lockdown_verifier_init,
468bd4
+  };
468bd4
+#endif
468bd4
+
468bd4
+void
468bd4
+grub_lockdown (void)
468bd4
+{
468bd4
+  lockdown = GRUB_LOCKDOWN_ENABLED;
468bd4
+
468bd4
+  /*
468bd4
+   * XXX: The lockdown verifier doesn't make sense until
468bd4
+   * GRUB has moved to the shim_lock verifier.
468bd4
+   */
468bd4
+#if 0
468bd4
+  grub_verifier_register (&lockdown_verifier);
468bd4
+#endif
468bd4
+}
468bd4
+
468bd4
+int
468bd4
+grub_is_lockdown (void)
468bd4
+{
468bd4
+  return lockdown;
468bd4
+}
468bd4
diff --git a/include/grub/command.h b/include/grub/command.h
f6e916
index eee4e847e..2a6f7f846 100644
468bd4
--- a/include/grub/command.h
468bd4
+++ b/include/grub/command.h
468bd4
@@ -86,6 +86,11 @@ EXPORT_FUNC(grub_register_command_prio) (const char *name,
468bd4
 					 const char *summary,
468bd4
 					 const char *description,
468bd4
 					 int prio);
468bd4
+grub_command_t
468bd4
+EXPORT_FUNC(grub_register_command_lockdown) (const char *name,
468bd4
+                                             grub_command_func_t func,
468bd4
+                                             const char *summary,
468bd4
+                                             const char *description);
468bd4
 void EXPORT_FUNC(grub_unregister_command) (grub_command_t cmd);
468bd4
 
468bd4
 static inline grub_command_t
468bd4
diff --git a/include/grub/extcmd.h b/include/grub/extcmd.h
f6e916
index 19fe59266..fe9248b8b 100644
468bd4
--- a/include/grub/extcmd.h
468bd4
+++ b/include/grub/extcmd.h
468bd4
@@ -62,6 +62,13 @@ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd) (const char *name,
468bd4
 						 const char *description,
468bd4
 						 const struct grub_arg_option *parser);
468bd4
 
468bd4
+grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_lockdown) (const char *name,
468bd4
+                                                          grub_extcmd_func_t func,
468bd4
+                                                          grub_command_flags_t flags,
468bd4
+                                                          const char *summary,
468bd4
+                                                          const char *description,
468bd4
+                                                          const struct grub_arg_option *parser);
468bd4
+
468bd4
 grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_prio) (const char *name,
468bd4
 						      grub_extcmd_func_t func,
468bd4
 						      grub_command_flags_t flags,
468bd4
diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h
468bd4
new file mode 100644
f6e916
index 000000000..40531fa82
468bd4
--- /dev/null
468bd4
+++ b/include/grub/lockdown.h
468bd4
@@ -0,0 +1,44 @@
468bd4
+/*
468bd4
+ *  GRUB  --  GRand Unified Bootloader
468bd4
+ *  Copyright (C) 2020  Free Software Foundation, Inc.
468bd4
+ *
468bd4
+ *  GRUB is free software: you can redistribute it and/or modify
468bd4
+ *  it under the terms of the GNU General Public License as published by
468bd4
+ *  the Free Software Foundation, either version 3 of the License, or
468bd4
+ *  (at your option) any later version.
468bd4
+ *
468bd4
+ *  GRUB is distributed in the hope that it will be useful,
468bd4
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
468bd4
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
468bd4
+ *  GNU General Public License for more details.
468bd4
+ *
468bd4
+ *  You should have received a copy of the GNU General Public License
468bd4
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
468bd4
+ */
468bd4
+
468bd4
+#ifndef GRUB_LOCKDOWN_H
468bd4
+#define GRUB_LOCKDOWN_H 1
468bd4
+
468bd4
+#include <grub/symbol.h>
468bd4
+
468bd4
+#define GRUB_LOCKDOWN_DISABLED       0
468bd4
+#define GRUB_LOCKDOWN_ENABLED        1
468bd4
+
468bd4
+#ifdef GRUB_MACHINE_EFI
468bd4
+extern void
468bd4
+EXPORT_FUNC (grub_lockdown) (void);
468bd4
+extern int
468bd4
+EXPORT_FUNC (grub_is_lockdown) (void);
468bd4
+#else
468bd4
+static inline void
468bd4
+grub_lockdown (void)
468bd4
+{
468bd4
+}
468bd4
+
468bd4
+static inline int
468bd4
+grub_is_lockdown (void)
468bd4
+{
468bd4
+  return GRUB_LOCKDOWN_DISABLED;
468bd4
+}
468bd4
+#endif
468bd4
+#endif /* ! GRUB_LOCKDOWN_H */
468bd4
diff --git a/conf/Makefile.common b/conf/Makefile.common
f6e916
index b93879804..521cdda1f 100644
468bd4
--- a/conf/Makefile.common
468bd4
+++ b/conf/Makefile.common
468bd4
@@ -85,7 +85,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER
468bd4
 CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)'
468bd4
 CPPFLAGS_TERMINAL_LIST += '-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)'
468bd4
 CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)'
468bd4
+CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)'
468bd4
 CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)'
468bd4
+CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)'
468bd4
 CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)'
468bd4
 CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)'
468bd4
 CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \
468bd4
diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
f6e916
index 3ce827ab7..421dd410e 100644
468bd4
--- a/docs/grub-dev.texi
468bd4
+++ b/docs/grub-dev.texi
468bd4
@@ -84,6 +84,7 @@ This edition documents version @value{VERSION}.
468bd4
 * Video Subsystem::
468bd4
 * PFF2 Font File Format::
468bd4
 * Graphical Menu Software Design::
468bd4
+* Lockdown framework::
468bd4
 * Copying This Manual::         Copying This Manual
468bd4
 * Index::
468bd4
 @end menu
468bd4
@@ -1949,6 +1950,32 @@ the graphics mode that was in use before @code{grub_video_setup()} was called
468bd4
 might fix some of the problems.
468bd4
 
468bd4
 
468bd4
+@node Lockdown framework
468bd4
+@chapter Lockdown framework
468bd4
+
468bd4
+The GRUB can be locked down, which is a restricted mode where some operations
468bd4
+are not allowed. For instance, some commands cannot be used when the GRUB is
468bd4
+locked down.
468bd4
+
468bd4
+The function
468bd4
+@code{grub_lockdown()} is used to lockdown GRUB and the function
468bd4
+@code{grub_is_lockdown()} function can be used to check whether lockdown is
468bd4
+enabled or not. When enabled, the function returns @samp{GRUB_LOCKDOWN_ENABLED}
468bd4
+and @samp{GRUB_LOCKDOWN_DISABLED} when is not enabled.
468bd4
+
468bd4
+The following functions can be used to register the commands that can only be
468bd4
+used when lockdown is disabled:
468bd4
+
468bd4
+@itemize
468bd4
+
468bd4
+@item @code{grub_cmd_lockdown()} registers command which should not run when the
468bd4
+GRUB is in lockdown mode.
468bd4
+
468bd4
+@item @code{grub_cmd_lockdown()} registers extended command which should not run
468bd4
+when the GRUB is in lockdown mode.
468bd4
+
468bd4
+@end itemize
468bd4
+
468bd4
 @node Copying This Manual
468bd4
 @appendix Copying This Manual
468bd4
 
468bd4
diff --git a/docs/grub.texi b/docs/grub.texi
f6e916
index 97f0f47e0..f957535db 100644
468bd4
--- a/docs/grub.texi
468bd4
+++ b/docs/grub.texi
468bd4
@@ -5687,6 +5687,7 @@ environment variables and commands are listed in the same order.
468bd4
 * Using GPG-style digital signatures:: Booting digitally signed code
468bd4
 * Using appended signatures::          An alternative approach to booting digitally signed code
468bd4
 * Signing GRUB itself::                Ensuring the integrity of the GRUB core image
468bd4
+* Lockdown::                           Lockdown when booting on a secure setup
468bd4
 @end menu
468bd4
 
468bd4
 @node Authentication and authorisation
468bd4
@@ -5977,6 +5978,13 @@ As with UEFI secure boot, it is necessary to build in the required modules,
468bd4
 or sign them separately.
468bd4
 
468bd4
 
468bd4
+@node Lockdown
468bd4
+@section Lockdown when booting on a secure setup
468bd4
+
468bd4
+The GRUB can be locked down when booted on a secure boot environment, for example
468bd4
+if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
468bd4
+be restricted and some operations/commands cannot be executed.
468bd4
+
468bd4
 @node Platform limitations
468bd4
 @chapter Platform limitations
468bd4
 
468bd4
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
f6e916
index 406265250..a6f1b0dcd 100644
468bd4
--- a/grub-core/Makefile.am
468bd4
+++ b/grub-core/Makefile.am
468bd4
@@ -82,6 +82,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h
468bd4
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h
468bd4
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/kernel.h
468bd4
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/list.h
468bd4
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lockdown.h
468bd4
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/misc.h
468bd4
 if COND_emu
468bd4
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/compiler-rt-emu.h
468bd4
@@ -350,8 +351,10 @@ command.lst: $(MARKER_FILES)
468bd4
 	  b=`basename $$pp .marker`; \
468bd4
 	  sed -n \
468bd4
 	    -e "/EXTCOMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
468bd4
+	    -e "/EXTCOMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
468bd4
 	    -e "/P1COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
468bd4
-	    -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \
468bd4
+	    -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" \
468bd4
+	    -e "/COMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \
468bd4
 	done) | sort -u > $@
468bd4
 platform_DATA += command.lst
468bd4
 CLEANFILES += command.lst