[Bug 1856424] Re: please add smbios module to the signed grub2 images

Chris Coulson chris.coulson at canonical.com
Thu Feb 20 19:33:16 UTC 2020 

Hi,

I've given this module a quick review - it looks ok for including in the
EFI image. I only have one small note on the while loop in
grub_smbios_match_structure, which I made because I thought it looked a
bit suspicious:

  while (ptr < table_end
         && ptr[1] >= 4 /* Valid structures include the 4-byte header. */
         && (structure_count++ < structures || structures == 0))
    {
      grub_uint16_t structure_handle = grub_get_unaligned16 (ptr + 2);

... the "ptr < table_end" condition isn't completely sufficient to
prevent reads beyond table_end because it reads the size field (ptr[1]
>= 4) and the handle (grub_get_unaligned (ptr + 2)) even when this
condition is true. But I don't think there's a real issue here as it
would require a broken smbios implementation to end up in the situation
where ptr is close enough to table_end to cause a read beyond the end of
it inside the loop.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1856424

Title:
  please add smbios module to the signed grub2 images

Status in grub2 package in Ubuntu:
  Triaged
Status in grub2 source package in Focal:
  Triaged

Bug description:
  smbios is a new module available in grub2 upstream master, merged
  shortly after 2.04 release.

  It allows reading values from various SMBIOS tables to allow detecting
  vendor, make, model among with other smbios defined handles. In terms
  of userspace, it can be compared to dmidecode.

  The premise to include this module in the EFI prebuild images is to
  allow automatic selection of appropriate kernel and kernel option at
  boot time of certified or specilized hardware.

  For example:
  - allowing to choose linux-hwe kernel on newer generation
    (query handle 0x37, dmi type 4 Processor information)
  - allowing to choose linux-oem kernel on OEM certified hardware
    (query handle 0x1, DMI type 1, Manufactuere / serial number / sku number)
  - allowing to choose correct DTB for arm64 Laptops

  The grub module itself is fairly trivial, and basically dumps memory,
  processes it into various data types, optionally storing them in a
  variable thus allowing making scripting decisions based on them (i.e.
  setting the 'default' menuetry)

  This is a request to review this module for inclusion in the prebuilt
  UEFI signed images of grub.

  As a patch:
  http://git.savannah.gnu.org/cgit/grub.git/commit/?id=688023cd0ac4c985fd0e2ec477fcf1ec33a0e49c

  Main Files:
  http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/smbios.c?id=688023cd0ac4c985fd0e2ec477fcf1ec33a0e49c
  http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/i386/pc/smbios.c?id=688023cd0ac4c985fd0e2ec477fcf1ec33a0e49c
  http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/efi/smbios.c?id=688023cd0ac4c985fd0e2ec477fcf1ec33a0e49c

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1856424/+subscriptions

More information about the foundations-bugs mailing list