sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-05-25 15:00:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

[build] Mark GDB stub as forbidden for UEFI Secure Boot

Browse Source 
Enabling the GDB debugger functionality would provide an immediate and
trivial Secure Boot exploit.  Mark all GDB-related files as explicitly
forbidden for UEFI Secure Boot.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2026-01-28 13:20:38 +00:00
parent 03a906a9f3
commit 4db03054d5
13 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/arch/i386/core/gdbidt.S
+2
View File
@@ -1,3 +1,5 @@
FILE_SECBOOT ( FORBIDDEN );
/*
* Interrupt handlers for GDB stub
*/
src/arch/i386/include/bits/gdbmach.h
+2
View File
@@ -10,6 +10,8 @@
*
*/
FILE_SECBOOT ( FORBIDDEN );
#include <stdint.h>
typedef unsigned long gdbreg_t;
src/arch/x86/core/gdbmach.c
+1
View File
@@ -23,6 +23,7 @@
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
FILE_SECBOOT ( FORBIDDEN );
#include <stddef.h>
#include <stdio.h>
src/arch/x86_64/core/gdbidt.S
+1
View File
@@ -22,6 +22,7 @@
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
FILE_SECBOOT ( FORBIDDEN );
/** @file
*
src/arch/x86_64/include/bits/gdbmach.h
+2
View File
@@ -10,6 +10,8 @@
*
*/
FILE_SECBOOT ( FORBIDDEN );
#include <stdint.h>
typedef unsigned long gdbreg_t;