[Bug 1851897] [NEW] devicetree command should be disabled in Secure Boot mode

dann frazier dann.frazier at canonical.com
Sat Nov 9 00:06:49 UTC 2019 

Public bug reported:

[Impact]
A devicetree command could be used to load an unsigned device tree file, which will override the hardware configuration exposed to the kernel. This could potentially be used to subvert Secure Boot.

[Test Case]
grub> devicetree foo
error: Secure Boot forbids loading devicetree from foo.

[Regression Risk]
The idea of Secure Boot and externally provided devicetree are inherently incompatible - there's no known system that requires this config, but it is of course possible someone somewhere is doing it.

** Affects: grub2 (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2 (Ubuntu Bionic)
     Importance: Undecided
         Status: In Progress

** Affects: grub2 (Ubuntu Disco)
     Importance: Undecided
         Status: In Progress

** Affects: grub2 (Ubuntu Eoan)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2 (Ubuntu Focal)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2 (Debian)
     Importance: Unknown
         Status: Unknown

** Also affects: grub2 (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Changed in: grub2 (Ubuntu Focal)
       Status: New => Fix Released

** Changed in: grub2 (Ubuntu Eoan)
       Status: New => Fix Released

** Changed in: grub2 (Ubuntu Disco)
       Status: New => In Progress

** Changed in: grub2 (Ubuntu Bionic)
       Status: New => In Progress

** Bug watch added: Debian Bug tracker #927888
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927888

** Also affects: grub2 (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927888
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1851897

Title:
  devicetree command should be disabled in Secure Boot mode

Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2 source package in Bionic:
  In Progress
Status in grub2 source package in Disco:
  In Progress
Status in grub2 source package in Eoan:
  Fix Released
Status in grub2 source package in Focal:
  Fix Released
Status in grub2 package in Debian:
  Unknown

Bug description:
  [Impact]
  A devicetree command could be used to load an unsigned device tree file, which will override the hardware configuration exposed to the kernel. This could potentially be used to subvert Secure Boot.

  [Test Case]
  grub> devicetree foo
  error: Secure Boot forbids loading devicetree from foo.

  [Regression Risk]
  The idea of Secure Boot and externally provided devicetree are inherently incompatible - there's no known system that requires this config, but it is of course possible someone somewhere is doing it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1851897/+subscriptions

More information about the foundations-bugs mailing list