Blame SOURCES/0221-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch

f731ee
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
f731ee
From: Peter Jones <pjones@redhat.com>
f731ee
Date: Tue, 6 Oct 2015 16:09:25 -0400
f731ee
Subject: [PATCH] Make any of the loaders that link in efi mode honor secure
f731ee
 boot.
f731ee
f731ee
And in this case "honor" means "even if somebody does link this in, they
f731ee
won't register commands if SB is enabled."
f731ee
f731ee
Signed-off-by: Peter Jones <pjones@redhat.com>
f731ee
---
f731ee
 grub-core/Makefile.core.def        |  2 ++
f731ee
 grub-core/commands/iorw.c          |  7 +++++
f731ee
 grub-core/commands/memrw.c         |  7 +++++
f731ee
 grub-core/kern/efi/efi.c           | 28 ------------------
f731ee
 grub-core/kern/efi/sb.c            | 58 ++++++++++++++++++++++++++++++++++++++
f731ee
 grub-core/loader/efi/appleloader.c |  7 +++++
f731ee
 grub-core/loader/efi/chainloader.c |  1 +
f731ee
 grub-core/loader/i386/bsd.c        |  7 +++++
f731ee
 grub-core/loader/i386/linux.c      |  7 +++++
f731ee
 grub-core/loader/i386/pc/linux.c   |  7 +++++
f731ee
 grub-core/loader/multiboot.c       |  7 +++++
f731ee
 grub-core/loader/xnu.c             |  7 +++++
f731ee
 include/grub/efi/efi.h             |  1 -
f731ee
 include/grub/efi/sb.h              | 29 +++++++++++++++++++
f731ee
 include/grub/ia64/linux.h          |  0
f731ee
 include/grub/mips/linux.h          |  0
f731ee
 include/grub/powerpc/linux.h       |  0
f731ee
 include/grub/sparc64/linux.h       |  0
f731ee
 grub-core/Makefile.am              |  1 +
f731ee
 19 files changed, 147 insertions(+), 29 deletions(-)
f731ee
 create mode 100644 grub-core/kern/efi/sb.c
f731ee
 create mode 100644 include/grub/efi/sb.h
f731ee
 create mode 100644 include/grub/ia64/linux.h
f731ee
 create mode 100644 include/grub/mips/linux.h
f731ee
 create mode 100644 include/grub/powerpc/linux.h
f731ee
 create mode 100644 include/grub/sparc64/linux.h
f731ee
f731ee
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
f731ee
index 4fc74393335..b340ceeec7f 100644
f731ee
--- a/grub-core/Makefile.core.def
f731ee
+++ b/grub-core/Makefile.core.def
f731ee
@@ -175,6 +175,8 @@ kernel = {
f731ee
   efi = term/efi/console.c;
f731ee
   efi = lib/envblk.c;
f731ee
 
f731ee
+  common = kern/efi/sb.c;
f731ee
+
f731ee
   x86 = kern/i386/tsc.c;
f731ee
 
f731ee
   i386_efi = kern/i386/efi/init.c;
f731ee
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
f731ee
index a0c164e54f0..41a7f3f0466 100644
f731ee
--- a/grub-core/commands/iorw.c
f731ee
+++ b/grub-core/commands/iorw.c
f731ee
@@ -23,6 +23,7 @@
f731ee
 #include <grub/env.h>
f731ee
 #include <grub/cpu/io.h>
f731ee
 #include <grub/i18n.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
f731ee
 
f731ee
 GRUB_MOD_INIT(memrw)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd_read_byte =
f731ee
     grub_register_extcmd ("inb", grub_cmd_read, 0,
f731ee
 			  N_("PORT"), N_("Read 8-bit value from PORT."),
f731ee
@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw)
f731ee
 
f731ee
 GRUB_MOD_FINI(memrw)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_extcmd (cmd_read_byte);
f731ee
   grub_unregister_extcmd (cmd_read_word);
f731ee
   grub_unregister_extcmd (cmd_read_dword);
f731ee
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
f731ee
index 98769eadb34..088cbe9e2bc 100644
f731ee
--- a/grub-core/commands/memrw.c
f731ee
+++ b/grub-core/commands/memrw.c
f731ee
@@ -22,6 +22,7 @@
f731ee
 #include <grub/extcmd.h>
f731ee
 #include <grub/env.h>
f731ee
 #include <grub/i18n.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
f731ee
 
f731ee
 GRUB_MOD_INIT(memrw)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd_read_byte =
f731ee
     grub_register_extcmd ("read_byte", grub_cmd_read, 0,
f731ee
 			  N_("ADDR"), N_("Read 8-bit value from ADDR."),
f731ee
@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw)
f731ee
 
f731ee
 GRUB_MOD_FINI(memrw)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_extcmd (cmd_read_byte);
f731ee
   grub_unregister_extcmd (cmd_read_word);
f731ee
   grub_unregister_extcmd (cmd_read_dword);
f731ee
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
f731ee
index c80d85b677e..7dfe2ef1455 100644
f731ee
--- a/grub-core/kern/efi/efi.c
f731ee
+++ b/grub-core/kern/efi/efi.c
f731ee
@@ -260,34 +260,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
f731ee
   return NULL;
f731ee
 }
f731ee
 
f731ee
-grub_efi_boolean_t
f731ee
-grub_efi_secure_boot (void)
f731ee
-{
f731ee
-  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
f731ee
-  grub_size_t datasize;
f731ee
-  char *secure_boot = NULL;
f731ee
-  char *setup_mode = NULL;
f731ee
-  grub_efi_boolean_t ret = 0;
f731ee
-
f731ee
-  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
f731ee
-
f731ee
-  if (datasize != 1 || !secure_boot)
f731ee
-    goto out;
f731ee
-
f731ee
-  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
f731ee
-
f731ee
-  if (datasize != 1 || !setup_mode)
f731ee
-    goto out;
f731ee
-
f731ee
-  if (*secure_boot && !*setup_mode)
f731ee
-    ret = 1;
f731ee
-
f731ee
- out:
f731ee
-  grub_free (secure_boot);
f731ee
-  grub_free (setup_mode);
f731ee
-  return ret;
f731ee
-}
f731ee
-
f731ee
 #pragma GCC diagnostic ignored "-Wcast-align"
f731ee
 
f731ee
 /* Search the mods section from the PE32/PE32+ image. This code uses
f731ee
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
f731ee
new file mode 100644
f731ee
index 00000000000..a41b6c5b851
f731ee
--- /dev/null
f731ee
+++ b/grub-core/kern/efi/sb.c
f731ee
@@ -0,0 +1,58 @@
f731ee
+/*
f731ee
+ *  GRUB  --  GRand Unified Bootloader
f731ee
+ *  Copyright (C) 2014 Free Software Foundation, Inc.
f731ee
+ *
f731ee
+ *  GRUB is free software: you can redistribute it and/or modify
f731ee
+ *  it under the terms of the GNU General Public License as published by
f731ee
+ *  the Free Software Foundation, either version 3 of the License, or
f731ee
+ *  (at your option) any later version.
f731ee
+ *
f731ee
+ *  GRUB is distributed in the hope that it will be useful,
f731ee
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
f731ee
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
f731ee
+ *  GNU General Public License for more details.
f731ee
+ *
f731ee
+ *  You should have received a copy of the GNU General Public License
f731ee
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
f731ee
+ */
f731ee
+
f731ee
+#include <grub/err.h>
f731ee
+#include <grub/mm.h>
f731ee
+#include <grub/types.h>
f731ee
+#include <grub/cpu/linux.h>
f731ee
+#include <grub/efi/efi.h>
f731ee
+#include <grub/efi/pe32.h>
f731ee
+#include <grub/efi/linux.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
+
f731ee
+int
f731ee
+grub_efi_secure_boot (void)
f731ee
+{
f731ee
+#ifdef GRUB_MACHINE_EFI
f731ee
+  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
f731ee
+  grub_size_t datasize;
f731ee
+  char *secure_boot = NULL;
f731ee
+  char *setup_mode = NULL;
f731ee
+  grub_efi_boolean_t ret = 0;
f731ee
+
f731ee
+  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
f731ee
+
f731ee
+  if (datasize != 1 || !secure_boot)
f731ee
+    goto out;
f731ee
+
f731ee
+  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
f731ee
+
f731ee
+  if (datasize != 1 || !setup_mode)
f731ee
+    goto out;
f731ee
+
f731ee
+  if (*secure_boot && !*setup_mode)
f731ee
+    ret = 1;
f731ee
+
f731ee
+ out:
f731ee
+  grub_free (secure_boot);
f731ee
+  grub_free (setup_mode);
f731ee
+  return ret;
f731ee
+#else
f731ee
+  return 0;
f731ee
+#endif
f731ee
+}
f731ee
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
f731ee
index 74888c463ba..69c2a10d351 100644
f731ee
--- a/grub-core/loader/efi/appleloader.c
f731ee
+++ b/grub-core/loader/efi/appleloader.c
f731ee
@@ -24,6 +24,7 @@
f731ee
 #include <grub/misc.h>
f731ee
 #include <grub/efi/api.h>
f731ee
 #include <grub/efi/efi.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 #include <grub/command.h>
f731ee
 #include <grub/i18n.h>
f731ee
 
f731ee
@@ -227,6 +228,9 @@ static grub_command_t cmd;
f731ee
 
f731ee
 GRUB_MOD_INIT(appleloader)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
f731ee
 			       N_("[OPTS]"),
f731ee
 			       /* TRANSLATORS: This command is used on EFI to
f731ee
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
f731ee
 
f731ee
 GRUB_MOD_FINI(appleloader)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_command (cmd);
f731ee
 }
f731ee
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
f731ee
index 87a91e16f17..aee8e6becf6 100644
f731ee
--- a/grub-core/loader/efi/chainloader.c
f731ee
+++ b/grub-core/loader/efi/chainloader.c
f731ee
@@ -34,6 +34,7 @@
f731ee
 #include <grub/efi/disk.h>
f731ee
 #include <grub/efi/pe32.h>
f731ee
 #include <grub/efi/linux.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 #include <grub/command.h>
f731ee
 #include <grub/i18n.h>
f731ee
 #include <grub/net.h>
f731ee
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
f731ee
index 8f691e0e2d1..b671f59b62a 100644
f731ee
--- a/grub-core/loader/i386/bsd.c
f731ee
+++ b/grub-core/loader/i386/bsd.c
f731ee
@@ -38,6 +38,7 @@
f731ee
 #ifdef GRUB_MACHINE_PCBIOS
f731ee
 #include <grub/machine/int.h>
f731ee
 #endif
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -2111,6 +2112,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
f731ee
 
f731ee
 GRUB_MOD_INIT (bsd)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   /* Net and OpenBSD kernels are often compressed.  */
f731ee
   grub_dl_load ("gzio");
f731ee
 
f731ee
@@ -2150,6 +2154,9 @@ GRUB_MOD_INIT (bsd)
f731ee
 
f731ee
 GRUB_MOD_FINI (bsd)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_extcmd (cmd_freebsd);
f731ee
   grub_unregister_extcmd (cmd_openbsd);
f731ee
   grub_unregister_extcmd (cmd_netbsd);
f731ee
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
f731ee
index 2ae176315b6..bd37c69b5d0 100644
f731ee
--- a/grub-core/loader/i386/linux.c
f731ee
+++ b/grub-core/loader/i386/linux.c
f731ee
@@ -35,6 +35,7 @@
f731ee
 #include <grub/i18n.h>
f731ee
 #include <grub/lib/cmdline.h>
f731ee
 #include <grub/linux.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -1137,6 +1138,9 @@ static grub_command_t cmd_linux, cmd_initrd;
f731ee
 
f731ee
 GRUB_MOD_INIT(linux)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd_linux = grub_register_command ("linux", grub_cmd_linux,
f731ee
 				     0, N_("Load Linux."));
f731ee
   cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
f731ee
@@ -1146,6 +1150,9 @@ GRUB_MOD_INIT(linux)
f731ee
 
f731ee
 GRUB_MOD_FINI(linux)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_command (cmd_linux);
f731ee
   grub_unregister_command (cmd_initrd);
f731ee
 }
f731ee
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
f731ee
index b481e466846..b19527e8e17 100644
f731ee
--- a/grub-core/loader/i386/pc/linux.c
f731ee
+++ b/grub-core/loader/i386/pc/linux.c
f731ee
@@ -35,6 +35,7 @@
f731ee
 #include <grub/i386/floppy.h>
f731ee
 #include <grub/lib/cmdline.h>
f731ee
 #include <grub/linux.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -469,6 +470,9 @@ static grub_command_t cmd_linux, cmd_initrd;
f731ee
 
f731ee
 GRUB_MOD_INIT(linux16)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd_linux =
f731ee
     grub_register_command ("linux16", grub_cmd_linux,
f731ee
 			   0, N_("Load Linux."));
f731ee
@@ -480,6 +484,9 @@ GRUB_MOD_INIT(linux16)
f731ee
 
f731ee
 GRUB_MOD_FINI(linux16)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_command (cmd_linux);
f731ee
   grub_unregister_command (cmd_initrd);
f731ee
 }
f731ee
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
f731ee
index 4b71f336353..e4e696e8f89 100644
f731ee
--- a/grub-core/loader/multiboot.c
f731ee
+++ b/grub-core/loader/multiboot.c
f731ee
@@ -42,6 +42,7 @@
f731ee
 #include <grub/video.h>
f731ee
 #include <grub/memory.h>
f731ee
 #include <grub/i18n.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -383,6 +384,9 @@ static grub_command_t cmd_multiboot, cmd_module;
f731ee
 
f731ee
 GRUB_MOD_INIT(multiboot)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd_multiboot =
f731ee
 #ifdef GRUB_USE_MULTIBOOT2
f731ee
     grub_register_command ("multiboot2", grub_cmd_multiboot,
f731ee
@@ -403,6 +407,9 @@ GRUB_MOD_INIT(multiboot)
f731ee
 
f731ee
 GRUB_MOD_FINI(multiboot)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   grub_unregister_command (cmd_multiboot);
f731ee
   grub_unregister_command (cmd_module);
f731ee
 }
f731ee
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
f731ee
index cdd9715cedd..faffccc9744 100644
f731ee
--- a/grub-core/loader/xnu.c
f731ee
+++ b/grub-core/loader/xnu.c
f731ee
@@ -33,6 +33,7 @@
f731ee
 #include <grub/extcmd.h>
f731ee
 #include <grub/env.h>
f731ee
 #include <grub/i18n.h>
f731ee
+#include <grub/efi/sb.h>
f731ee
 
f731ee
 GRUB_MOD_LICENSE ("GPLv3+");
f731ee
 
f731ee
@@ -1466,6 +1467,9 @@ static grub_extcmd_t cmd_splash;
f731ee
 
f731ee
 GRUB_MOD_INIT(xnu)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
   cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
f731ee
 				      N_("Load XNU image."));
f731ee
   cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
f731ee
@@ -1506,6 +1510,9 @@ GRUB_MOD_INIT(xnu)
f731ee
 
f731ee
 GRUB_MOD_FINI(xnu)
f731ee
 {
f731ee
+  if (grub_efi_secure_boot())
f731ee
+    return;
f731ee
+
f731ee
 #ifndef GRUB_MACHINE_EMU
f731ee
   grub_unregister_command (cmd_resume);
f731ee
 #endif
f731ee
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
f731ee
index 22456327e13..9a2da0eb38d 100644
f731ee
--- a/include/grub/efi/efi.h
f731ee
+++ b/include/grub/efi/efi.h
f731ee
@@ -76,7 +76,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
f731ee
 				     const grub_efi_guid_t *guid,
f731ee
 				     void *data,
f731ee
 				     grub_size_t datasize);
f731ee
-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void);
f731ee
 int
f731ee
 EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
f731ee
 					     const grub_efi_device_path_t *dp2);
f731ee
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
f731ee
new file mode 100644
f731ee
index 00000000000..9629fbb0f9e
f731ee
--- /dev/null
f731ee
+++ b/include/grub/efi/sb.h
f731ee
@@ -0,0 +1,29 @@
f731ee
+/* sb.h - declare functions for EFI Secure Boot support */
f731ee
+/*
f731ee
+ *  GRUB  --  GRand Unified Bootloader
f731ee
+ *  Copyright (C) 2006,2007,2008,2009  Free Software Foundation, Inc.
f731ee
+ *
f731ee
+ *  GRUB is free software: you can redistribute it and/or modify
f731ee
+ *  it under the terms of the GNU General Public License as published by
f731ee
+ *  the Free Software Foundation, either version 3 of the License, or
f731ee
+ *  (at your option) any later version.
f731ee
+ *
f731ee
+ *  GRUB is distributed in the hope that it will be useful,
f731ee
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
f731ee
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
f731ee
+ *  GNU General Public License for more details.
f731ee
+ *
f731ee
+ *  You should have received a copy of the GNU General Public License
f731ee
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
f731ee
+ */
f731ee
+
f731ee
+#ifndef GRUB_EFI_SB_HEADER
f731ee
+#define GRUB_EFI_SB_HEADER	1
f731ee
+
f731ee
+#include <grub/types.h>
f731ee
+#include <grub/dl.h>
f731ee
+
f731ee
+/* Functions.  */
f731ee
+int EXPORT_FUNC (grub_efi_secure_boot) (void);
f731ee
+
f731ee
+#endif /* ! GRUB_EFI_SB_HEADER */
f731ee
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
f731ee
new file mode 100644
f731ee
index 00000000000..e69de29bb2d
f731ee
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
f731ee
new file mode 100644
f731ee
index 00000000000..e69de29bb2d
f731ee
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
f731ee
new file mode 100644
f731ee
index 00000000000..e69de29bb2d
f731ee
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
f731ee
new file mode 100644
f731ee
index 00000000000..e69de29bb2d
f731ee
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
f731ee
index cb7fd9f98e8..be29e327f77 100644
f731ee
--- a/grub-core/Makefile.am
f731ee
+++ b/grub-core/Makefile.am
f731ee
@@ -67,6 +67,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
f731ee
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
f731ee
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h
f731ee
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h
f731ee
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
f731ee
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
f731ee
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
f731ee
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h