On Sun, Mar 26, 2017 at 04:44:58AM +0200, Jean-Christophe PLAGNIOL-VILLARD wrote: > Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@xxxxxxxxxxxx> Does this realy help? If someone has access to the barebox shell, then there are many ways to overwrite the secure boot check. Michael > --- > commands/go.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/commands/go.c b/commands/go.c > index fb319b320..e0385a977 100644 > --- a/commands/go.c > +++ b/commands/go.c > @@ -26,6 +26,7 @@ > #include <fcntl.h> > #include <linux/ctype.h> > #include <errno.h> > +#include <boot_verify.h> > > static int do_go(int argc, char *argv[]) > { > @@ -37,6 +38,9 @@ static int do_go(int argc, char *argv[]) > if (argc < 2) > return COMMAND_ERROR_USAGE; > > + if (boot_get_verify_mode() < BOOT_VERIFY_AVAILABLE) > + return -ESECVIOLATION; > + > if (!isdigit(*argv[1])) { > fd = open(argv[1], O_RDONLY); > if (fd < 0) { > -- > 2.11.0 > > > _______________________________________________ > barebox mailing list > barebox@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/barebox > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox