rpm/tboot
SHA256
1
0
Fork 0
forked from pool/tboot
Code Pull Requests Activity
Files
devel
tboot/tboot-grub2-refuse-secure-boot.patch
Matthias Gerstner 3f42461b8c - add tboot-fix-alloc-size-warning.patch: newest GCC spits out this error: 
```
  pconf_legacy.c: In function ‘create’:
  pconf_legacy.c:327:16: error: allocation of insufficient size ‘20’ for type ‘tb_hash_t’ with size ‘64’ [-Werror=alloc-size]
  327 |         digest = malloc(SHA1_DIGEST_SIZE);
      |                ^
  ```
  There's a union data type behind this. It's not an actual error. To get rid
  of the warning, the patch allocates the full union size, thereby wasting a
  bit of memory.

OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=120
2024-08-28 08:45:07 +00:00

67 lines
2.1 KiB
Diff
Raw Permalink Blame History

Index: tboot-1.9.12/tboot/20_linux_tboot
===================================================================
--- tboot-1.9.12.orig/tboot/20_linux_tboot
+++ tboot-1.9.12/tboot/20_linux_tboot
@@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb
. ${sysconfdir}/default/grub-tboot
fi
+secureBootActive()
+{
+ for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do
+ [ ! -e "$secboot_var" ] && continue
+
+ # this variable contains a '1' byte at the end if secure boot is enabled
+ local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1`
+
+ [ "$secboot_byte" = "1" ] && return 0
+ done
+
+ return 1
+}
+
+if secureBootActive; then
+ cat >&2 << EOF
+Not generating tboot menu entries, because UEFI Secure Boot is active.
+tboot is not compatible with UEFI Secure Boot.
+EOF
+ exit 0
+fi
+
# Set the following variables in /etc/default/grub-tboot to customize command lines
# (empty values are treated as if the variables were unset).
[ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
Index: tboot-1.9.12/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.9.12.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.12/tboot/20_linux_xen_tboot
@@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb
. ${sysconfdir}/default/grub-tboot
fi
+secureBootActive()
+{
+ for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do
+ [ ! -e "$secboot_var" ] && continue
+
+ # this variable contains a '1' byte at the end if secure boot is enabled
+ local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1`
+
+ [ "$secboot_byte" = "1" ] && return 0
+ done
+
+ return 1
+}
+
+if secureBootActive; then
+ cat >&2 << EOF
+Not generating tboot menu entries, because UEFI Secure Boot is active.
+tboot is not compatible with UEFI Secure Boot.
+EOF
+ exit 0
+fi
+
# Set the following variables in /etc/default/grub-tboot to customize command lines
# (empty values are treated as if the variables were unset).
[ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
View Git Blame Copy Permalink