shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Code
65fe9f3080
systemd-stable/src
History
Luca Boccassi 65fe9f3080 boot: skip loading DTBs in type 1 when secure boot is enabled 
The kernel loads the DTB from EFI before ExitBootServices():

https://github.com/torvalds/linux/blob/v6.5/drivers/firmware/efi/libstub/fdt.c#L245

DTBs can map and assign arbitrary memory ranges. The kernel refuses
to load one from the dtb= kernel command line parameter when secure
boot is enabled, as it's not safe. Let's do the same for type 1
entries, as they are unverified.

This only affects arm64 and riscv64, firmwares do not support DTB
on x86.

(cherry picked from commit 4b4d612d86)
(cherry picked from commit c1404fff32)
(cherry picked from commit 7844c655be)
(cherry picked from commit f381320760)
(cherry picked from commit 3c97ff5907)
2023-09-20 13:03:55 +01:00
..
ac-power util: move on_ac_power() from util.c -> udev-util.c 2022-01-07 15:59:23 +01:00
activate
analyze analyze: add --image= + --root= to --help text 2022-11-04 13:09:21 +01:00
ask-password
backlight backlight: ignore error if the backlight device is already removed 2022-01-07 15:52:33 +01:00
basic escape: Ensure that output is always valid UTF-8 2023-03-05 23:19:17 +00:00
binfmt binfmt: add logging information 2021-11-12 17:23:36 +01:00
boot boot: skip loading DTBs in type 1 when secure boot is enabled 2023-09-20 13:03:55 +01:00
busctl busctl: fix introspecting DBus properties 2023-01-28 00:50:04 +00:00
cgls Merge pull request #20138 from keszybz/coding-style-variable-decls 2021-11-05 13:57:30 +00:00
cgroups-agent cgroups-agent: connect stdin/stdout/stderr to /dev/null 2022-11-04 13:02:19 +01:00
cgtop
core systemctl: print better message if default target is masked 2023-03-05 23:19:17 +00:00
coredump coredump: cescape invalid json data before logging 2022-12-20 19:44:28 +01:00
creds
cryptenroll cryptenroll: fix memory leak 2022-11-04 13:02:20 +01:00
cryptsetup Revert "generator: Rename password arg" 2022-12-22 17:32:05 +01:00
debug-generator shared: clean up mkdir.h/label.h situation 2021-11-16 17:03:28 +01:00
delta tree-wide: make FOREACH_DIRENT_ALL define the iterator variable 2021-12-15 16:19:13 +01:00
detect-virt
dissect dissect: add missing --umount to the help output 2022-11-04 13:09:21 +01:00
environment-d-generator
escape
firstboot firstboot: fix can't overwrite timezone 2022-11-04 13:02:20 +01:00
fsck generator: skip fsck if fsck command is missing 2022-11-04 13:09:20 +01:00
fstab-generator fstab-generator: also skip other network filesystems and live image 2022-01-07 16:02:50 +01:00
fundamental alloc-util: Disallow inlining of expand_to_usable 2023-01-28 00:50:04 +00:00
fuzz fuzz-fido-id-desc: drop unused case file 2021-10-18 09:43:18 +02:00
getty-generator getty-generator: add kernel cmdline and env vars to disable it 2021-11-18 10:38:48 +00:00
gpt-auto-generator gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev" 2023-01-28 00:50:04 +00:00
hibernate-resume shared: clean up mkdir.h/label.h situation 2021-11-16 17:03:28 +01:00
home homectl: add missing break 2023-03-05 23:19:17 +00:00
hostname policy files: adjust landing page link 2022-01-12 22:10:55 +01:00
hwdb hwdb: fix parsing options 2022-04-28 18:51:47 +02:00
id128
import importd: Always specify file unpacked by tar 2023-02-13 21:10:07 +00:00
initctl
integritysetup integritysetup: do not use crypt_init_data_device after crypt_init 2022-11-04 13:02:20 +01:00
journal journalctl: fix output when --lines is used with --grep 2023-03-05 23:19:17 +00:00
journal-remote journal-remote: code is of type enum MHD_RequestTerminationCode 2023-01-28 00:50:04 +00:00
kernel-install kernel-install: run depmod only if writeable 2023-01-28 00:50:04 +00:00
libsystemd sd-event: fix error handling 2023-03-05 23:19:17 +00:00
libsystemd-network sd-dhcp-server: allow to send header only message 2023-02-13 21:10:07 +00:00
libudev meson: drop convenience library that was only used in one place 2021-12-16 11:09:51 +01:00
locale kbd-model-map: correct variants for cz-qwerty to include comma 2022-11-04 13:02:21 +01:00
login logind: fix getting property OnExternalPower via D-Bus 2022-11-04 13:09:20 +01:00
machine meson: move files' closing brace to separate line 2022-03-05 21:03:32 +00:00
machine-id-setup
modules-load
mount generator: skip fsck if fsck command is missing 2022-11-04 13:09:20 +01:00
network network: dhcp-server: do not create DHCPServer object when the DHCP server is running in relaying mode 2023-02-13 21:10:07 +00:00
notify
nspawn nspawn: fix directory in logged error 2023-02-16 15:02:59 +00:00
nss-myhostname nss-myhostname: do not apply non-zero offset to null pointer 2022-01-04 16:23:35 +01:00
nss-mymachines nss: only read logging config from environment variables 2022-01-11 20:31:54 +01:00
nss-resolve nss: only read logging config from environment variables 2022-01-11 20:31:54 +01:00
nss-systemd nss: only read logging config from environment variables 2022-01-11 20:31:54 +01:00
oom meson: add libatomic dependency 2022-11-04 13:02:21 +01:00
partition repart: fix invalid errno in log 2023-02-13 21:10:07 +00:00
path
portable portable: set PrivateTmp=yes in trusted profile too 2022-11-04 13:02:19 +01:00
pstore meson: do not use split() in file lists 2022-03-05 21:03:32 +00:00
quotacheck
random-seed random-seed: hash together old seed and new seed before writing out file 2022-03-24 22:38:29 +00:00
rc-local-generator shared: clean up mkdir.h/label.h situation 2021-11-16 17:03:28 +01:00
remount-fs
reply-password
resolve resolved: Fall back to TCP if UDP is blocked 2023-03-05 23:19:17 +00:00
rfkill tree-wide: warn when sd_notify fails with READY=1 or FDSTOREREMOVE=1 2021-11-03 11:29:49 +01:00
rpm pkgconfig,rpm: expose vars for user-tmpfiles.d location 2022-07-13 13:18:20 +02:00
run run: make --working-directory= work for --scope too 2022-11-04 13:02:21 +01:00
run-generator
shared psi-util: fix error handling 2023-03-05 23:19:17 +00:00
shutdown meson: move files' closing brace to separate line 2022-03-05 21:03:32 +00:00
sleep Update sleep.conf HibernateDelaySec default to match implementation 2022-11-04 13:02:19 +01:00
socket-proxy tree-wide: use ERRNO_IS_TRANSIENT() 2021-11-30 23:06:43 +09:00
stdio-bridge stdio-bridge: make the error more straightforward 2022-01-18 12:19:47 +01:00
sulogin-shell
sysctl Make pager_open() return void 2021-11-03 15:24:56 +01:00
sysext sysext: add missing COMMAND to the help output and man synopsis 2022-11-04 13:02:20 +01:00
system-update-generator
systemctl systemctl: print better message if default target is masked 2023-03-05 23:19:17 +00:00
systemd Fix 24172: __STDC_VERSION__ may be defined in C++ 2022-11-04 13:02:20 +01:00
sysusers sysusers: add fsync for passwd (#24324) 2022-11-04 13:02:20 +01:00
sysv-generator Define FOREACH_DIRENT through FOREACH_DIRENT_ALL 2021-12-15 22:50:00 +01:00
test test-escape: Add tests for escaping bogus UTF-8 sequences 2023-03-05 23:19:17 +00:00
timedate timedatectl: fix a memory leak 2022-05-25 16:33:44 +02:00
timesync meson: stop building out convenience libraries by default 2021-12-16 11:01:08 +01:00
tmpfiles tmpfiles: avoid null free() for acl attributes 2023-01-28 00:50:04 +00:00
tty-ask-password-agent Define FOREACH_DIRENT through FOREACH_DIRENT_ALL 2021-12-15 22:50:00 +01:00
udev udevd: configure a child process name for worker processes 2023-02-13 21:10:07 +00:00
update-done
update-utmp
user-sessions
userdb various: add %m in messages 2022-06-02 20:09:14 +02:00
vconsole tree-wide: use new RET_NERRNO() helper at various places 2021-11-16 08:04:09 +01:00
veritysetup veritysetup-generator: generate service for usr device 2021-11-19 15:53:36 -05:00
version
volatile-root various: add %m in messages 2022-06-02 20:09:14 +02:00
xdg-autostart-generator xdg-autostart-service: Use common boolean parser 2022-11-04 13:02:21 +01:00