commit 16d07cc1cb4d09e16d0134c6634d0b4bf1ce9779
author Colin Watson <cjwatson@ubuntu.com> Tue Oct 23 10:40:49 2012 -0400
committer Edward Jee <edjee@google.com> Wed Mar 07 22:24:45 2018 +0000
tree 4ef195d6d8ed789fc413003a450607c346cc3e84
parent 78d109819d4e8bd125acdd048ef95875fd399769

grub-lakitu: REDHAT: MASTER-SB: Don't allow insmod when secure boot is enabled.

Hi,

Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes.  However, the insmod command is not the only way that
modules can be loaded.  In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory.  This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.

I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct.  It
moves the check into grub_dl_load_file.

(cherry picked from commit 6f8175a2bd6b7f1a0fd560cc0f93325d500f4d94)
(from master-sb branch of https://github.com/rhboot/grub2)

BUG=b:69569602
TEST=TBD

Change-Id: Iec511340c8a06f5ab110642cd5790f8a8b938da8
Reviewed-on: https://chromium-review.googlesource.com/945887
Reviewed-by: Edward Jee <edjee@google.com>
Commit-Queue: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Trybot-Ready: Edward Jee <edjee@google.com>