On Mon, Jun 30, 2014 at 10:35:17PM -0600, Chris Murphy wrote:
On Jun 30, 2014, at 4:20 PM, Matthew Garrett mjg59@srcf.ucam.org wrote:
On Mon, Jun 30, 2014 at 03:09:01PM -0600, Chris Murphy wrote:
Ok for long term. In the next two weeks before freeze is it possible to modify the grub2-efi package spec file GRUB_MODULES= so that the grux64.efi has xnu, xnu_uuid, xnu_uuid_test modules baked in? That would fix the main problem in bug 893179 so that the first two OS X entries would then have a chance of working.
Not unless somebody writes signature checking support for them, no.
Ahh. So without that, it'd be possible to execute arbitrary code masquerading as xnu on a Secure Boot system?
Yeah. One option would be to just disable the code if secure boot is enabled - Macs don't implement it, so that would be fine for basically every real world case. But I'd still prefer to chain the Apple bootloader rather than fiddling with XNU.