On Mon, Jun 30, 2014 at 10:35:17PM -0600, Chris Murphy wrote:
On Jun 30, 2014, at 4:20 PM, Matthew Garrett <mjg59(a)srcf.ucam.org> wrote:
> On Mon, Jun 30, 2014 at 03:09:01PM -0600, Chris Murphy wrote:
>> Ok for long term. In the next two weeks before freeze is it possible
>> to modify the grub2-efi package spec file GRUB_MODULES= so that the
>> grux64.efi has xnu, xnu_uuid, xnu_uuid_test modules baked in? That
>> would fix the main problem in bug 893179 so that the first two OS X
>> entries would then have a chance of working.
> Not unless somebody writes signature checking support for them, no.
Ahh. So without that, it'd be possible to execute arbitrary code masquerading as xnu
on a Secure Boot system?
Yeah. One option would be to just disable the code if secure boot is
enabled - Macs don't implement it, so that would be fine for basically
every real world case. But I'd still prefer to chain the Apple
bootloader rather than fiddling with XNU.
Matthew Garrett | mjg59(a)srcf.ucam.org