[Bug 1851897] Re: devicetree command should be disabled in Secure Boot mode

dann frazier dann.frazier at canonical.com
Mon Nov 11 15:06:09 UTC 2019 

** Changed in: grub2 (Ubuntu Disco)
       Status: In Progress => Fix Committed

** Changed in: grub2 (Ubuntu Bionic)
       Status: In Progress => Fix Committed

** Changed in: grub2 (Ubuntu Disco)
     Assignee: (unassigned) => dann frazier (dannf)

** Changed in: grub2 (Ubuntu Bionic)
     Assignee: (unassigned) => dann frazier (dannf)

** Description changed:

  [Impact]
  A devicetree command could be used to load an unsigned device tree file, which will override the hardware configuration exposed to the kernel. This could potentially be used to subvert Secure Boot.
  
  [Test Case]
  grub> devicetree foo
  error: Secure Boot forbids loading devicetree from foo.
  
  [Regression Risk]
  The idea of Secure Boot and externally provided devicetree are inherently incompatible - there's no known system that requires this config, but it is of course possible someone somewhere is doing it.
+ 
+ The code involved is restricted to devicetree code, so impact would be
+ restricted to ARM systems.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1851897

Title:
  devicetree command should be disabled in Secure Boot mode

Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2 source package in Bionic:
  Fix Committed
Status in grub2 source package in Disco:
  Fix Committed
Status in grub2 source package in Eoan:
  Fix Released
Status in grub2 source package in Focal:
  Fix Released
Status in grub2 package in Debian:
  Fix Released

Bug description:
  [Impact]
  A devicetree command could be used to load an unsigned device tree file, which will override the hardware configuration exposed to the kernel. This could potentially be used to subvert Secure Boot.

  [Test Case]
  grub> devicetree foo
  error: Secure Boot forbids loading devicetree from foo.

  [Regression Risk]
  The idea of Secure Boot and externally provided devicetree are inherently incompatible - there's no known system that requires this config, but it is of course possible someone somewhere is doing it.

  The code involved is restricted to devicetree code, so impact would be
  restricted to ARM systems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1851897/+subscriptions

More information about the foundations-bugs mailing list