Matthias Gerstner
c9f47e683e
- Merge TXT Protected Range support branch.
- Remove unncessary OPENSSL_free from lcputils.c and add a functionality to
move ACM modules from the address range below TBOOT to above TBOOT, to
allow the usage of ACMs bigger than 256KB.
- Restore call to configure_vtd.
- refresh and adjust tboot-bsc#1207833-copy-mbi.patch
- refresh tboot-distributor.patch
- refresh tboot-fix-alloc-size-warning.patch
- refresh tboot-grub2-fix-menu-in-xen-host-server.patch
- refresh tboot-grub2-fix-xen-submenu-name.patch
- refresh tboot-grub2-refuse-secure-boot.patch
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=122
67 lines
2.1 KiB
Diff
67 lines
2.1 KiB
Diff
Index: tboot-1.11.9/tboot/20_linux_tboot
|
|
===================================================================
|
|
--- tboot-1.11.9.orig/tboot/20_linux_tboot
|
|
+++ tboot-1.11.9/tboot/20_linux_tboot
|
|
@@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb
|
|
. ${sysconfdir}/default/grub-tboot
|
|
fi
|
|
|
|
+secureBootActive()
|
|
+{
|
|
+ for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do
|
|
+ [ ! -e "$secboot_var" ] && continue
|
|
+
|
|
+ # this variable contains a '1' byte at the end if secure boot is enabled
|
|
+ local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1`
|
|
+
|
|
+ [ "$secboot_byte" = "1" ] && return 0
|
|
+ done
|
|
+
|
|
+ return 1
|
|
+}
|
|
+
|
|
+if secureBootActive; then
|
|
+ cat >&2 << EOF
|
|
+Not generating tboot menu entries, because UEFI Secure Boot is active.
|
|
+tboot is not compatible with UEFI Secure Boot.
|
|
+EOF
|
|
+ exit 0
|
|
+fi
|
|
+
|
|
# Set the following variables in /etc/default/grub-tboot to customize command lines
|
|
# (empty values are treated as if the variables were unset).
|
|
[ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
|
|
Index: tboot-1.11.9/tboot/20_linux_xen_tboot
|
|
===================================================================
|
|
--- tboot-1.11.9.orig/tboot/20_linux_xen_tboot
|
|
+++ tboot-1.11.9/tboot/20_linux_xen_tboot
|
|
@@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb
|
|
. ${sysconfdir}/default/grub-tboot
|
|
fi
|
|
|
|
+secureBootActive()
|
|
+{
|
|
+ for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do
|
|
+ [ ! -e "$secboot_var" ] && continue
|
|
+
|
|
+ # this variable contains a '1' byte at the end if secure boot is enabled
|
|
+ local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1`
|
|
+
|
|
+ [ "$secboot_byte" = "1" ] && return 0
|
|
+ done
|
|
+
|
|
+ return 1
|
|
+}
|
|
+
|
|
+if secureBootActive; then
|
|
+ cat >&2 << EOF
|
|
+Not generating tboot menu entries, because UEFI Secure Boot is active.
|
|
+tboot is not compatible with UEFI Secure Boot.
|
|
+EOF
|
|
+ exit 0
|
|
+fi
|
|
+
|
|
# Set the following variables in /etc/default/grub-tboot to customize command lines
|
|
# (empty values are treated as if the variables were unset).
|
|
[ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
|