:: commit 3f3a748d4212e5ab109c846f9a7e8f360f2dd50a
Revert "misc: Exempt EFI chainload and cosmetic resources from Secure Boot hash enforcement"
This reverts commit 4793ace8b2b6449012ca5750bb178bce69f559ba.
diff --git a/CONFIG.md b/CONFIG.md
index 2092bd91..b6bac469 100644
--- a/CONFIG.md
+++ b/CONFIG.md
@@ -345,8 +345,7 @@ A path can optionally be suffixed with a blake2b hash for the referenced file,
by appending a pound character (`#`) followed by the blake2b hash.
E.g.: `boot():/somemodule.tar#ca6914d2...446b470a`.
When Secure Boot is active, all file paths **must** have a hash appended or
-Limine will panic (except for wallpapers and fonts, which are silently skipped
-instead, falling back to defaults).
+Limine will panic (except for wallpapers, which are silently skipped instead).
## Macros
diff --git a/USAGE.md b/USAGE.md
index 4783d01d..e1f64ca7 100644
--- a/USAGE.md
+++ b/USAGE.md
@@ -28,10 +28,9 @@ is set and `SetupMode` is not), the following security policies are enforced:
executable. If no checksum is enrolled, Limine will panic.
* All file paths (kernels, modules, DTBs, fonts, etc.) **must** have a BLAKE2B
hash appended (e.g. `boot():/kernel#<hash>`). Loading a file without a hash
- will cause a panic. The exception is EFI chainloading, where the firmware's
- own Secure Boot image verification is used instead.
-* Wallpaper and font files without an associated hash are silently skipped
- (falling back to defaults) rather than causing a panic.
+ will cause a panic.
+* Wallpaper files without an associated hash are silently skipped rather than
+ causing a panic.
* The config editor is unconditionally disabled.
* `hash_mismatch_panic` is forced to `yes` regardless of the config setting.
diff --git a/common/lib/gterm.c b/common/lib/gterm.c
index a574f253..99686dce 100644
--- a/common/lib/gterm.c
+++ b/common/lib/gterm.c
@@ -658,10 +658,6 @@ static void gterm_parse_config(char *config, struct gterm_config *cfg) {
char *menu_font = config_get_value(config, 0, "TERM_FONT");
if (menu_font != NULL) {
- if (secure_boot_active && strchr(menu_font, '#') == NULL) {
- print("Font skipped: Secure Boot is active and no hash is associated.\n");
- goto config_no_load_font;
- }
struct file_handle *f;
if ((f = uri_open(menu_font)) == NULL) {
print("menu: Could not open font file.\n");
diff --git a/common/protos/chainload.c b/common/protos/chainload.c
index dfd20e5e..29de9c24 100644
--- a/common/protos/chainload.c
+++ b/common/protos/chainload.c
@@ -265,18 +265,10 @@ noreturn void chainload(char *config, char *cmdline) {
panic(true, "efi: Image path not specified");
}
- // The firmware's LoadImage will verify the Secure Boot signature of the
- // chainloaded EFI application, so Limine does not need to enforce its
- // own hash check here.
- bool saved_secure_boot_active = secure_boot_active;
- secure_boot_active = false;
-
struct file_handle *image;
if ((image = uri_open(image_path)) == NULL)
panic(true, "efi: Failed to open image with path `%s`. Is the path correct?", image_path);
- secure_boot_active = saved_secure_boot_active;
-
EFI_STATUS status;
EFI_HANDLE efi_part_handle = image->efi_part_handle;
