On Mon, Nov 21, 2016 at 6:45 AM, Daniel Kiper <dki...@net-space.pl> wrote:
> On Fri, Nov 18, 2016 at 12:00:08PM +0000, Ignat Korchagin wrote: > > Reposting this, as requested by Daniel and rebasing on current tree. > > > > Currently GRUB2 verify logic searches PGP keyid only in unhashed > subpackets of PGP signature packet. As a result, signatures generated with > GoLang openpgp package (https://godoc.org/golang.org/x/crypto/openpgp) > could not be verified, because this package puts keyid in hashed subpackets > and GRUB code never initializes the keyid variable, therefore is not able > to find "verification key" with id 0x0. > I think it would be wise to include a brief argument citing the OpenPGP RFC that this change is compliant. Compatibility with an existing implementation is valuable, but let's make sure the appropriate code is being changed. (I haven't looked carefully myself.) Thanks, -Jon
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
