Hi all,
Another stab at verifiers framework and EFI shim lock verifier. This time it
is not an RFC because IMO it looks pretty well.
There are still minor things to address like PGP code changes split from
verifiers
introduction (patch #2) and/or rename grub-core/commands/verify_helper.c to
grub-core/commands/verifiers.c. Maybe something else but probably nothing
major...
Anyway, please take a look.
Daniel
docs/grub-dev.texi | 57 ++
grub-core/Makefile.core.def | 15 +-
grub-core/commands/acpi.c | 2 +-
grub-core/commands/blocklist.c | 4 +-
grub-core/commands/cat.c | 2 +-
grub-core/commands/cmp.c | 4 +-
grub-core/commands/efi/loadbios.c | 4 +-
grub-core/commands/efi/shim_lock.c | 140 ++++
grub-core/commands/file.c | 5 +-
grub-core/commands/hashsum.c | 22 +-
grub-core/commands/hexdump.c | 2 +-
grub-core/commands/i386/pc/play.c | 2 +-
grub-core/commands/keylayouts.c | 2 +-
grub-core/commands/legacycfg.c | 2 +-
grub-core/commands/loadenv.c | 24 +-
grub-core/commands/ls.c | 8 +-
grub-core/commands/minicmd.c | 5 +-
grub-core/commands/nativedisk.c | 3 +-
grub-core/commands/parttool.c | 2 +-
grub-core/commands/pgp.c | 1018 +++++++++++++++++++++++++
grub-core/commands/search.c | 4 +-
grub-core/commands/test.c | 4 +-
grub-core/commands/testload.c | 2 +-
grub-core/commands/testspeed.c | 2 +-
grub-core/commands/verify.c | 1042 --------------------------
grub-core/commands/verify_helper.c | 228 ++++++
grub-core/disk/loopback.c | 3 +-
grub-core/efiemu/main.c | 2 +-
grub-core/font/font.c | 4 +-
grub-core/fs/zfs/zfscrypt.c | 2 +-
grub-core/gettext/gettext.c | 2 +-
grub-core/gfxmenu/theme_loader.c | 2 +-
grub-core/io/bufio.c | 10 +-
grub-core/io/gzio.c | 5 +-
grub-core/io/lzopio.c | 6 +-
grub-core/io/offset.c | 7 +-
grub-core/io/xzio.c | 6 +-
grub-core/kern/dl.c | 2 +-
grub-core/kern/elf.c | 4 +-
grub-core/kern/file.c | 22 +-
grub-core/lib/cmdline.c | 9 +-
grub-core/lib/syslinux_parse.c | 2 +-
grub-core/loader/arm/linux.c | 8 +-
grub-core/loader/arm64/linux.c | 10 +-
grub-core/loader/efi/chainloader.c | 2 +-
grub-core/loader/i386/bsd.c | 22 +-
grub-core/loader/i386/coreboot/chainloader.c | 2 +-
grub-core/loader/i386/linux.c | 18 +-
grub-core/loader/i386/multiboot_mbi.c | 16 +-
grub-core/loader/i386/pc/chainloader.c | 4 +-
grub-core/loader/i386/pc/freedos.c | 2 +-
grub-core/loader/i386/pc/linux.c | 15 +-
grub-core/loader/i386/pc/ntldr.c | 2 +-
grub-core/loader/i386/pc/plan9.c | 13 +-
grub-core/loader/i386/pc/pxechainloader.c | 2 +-
grub-core/loader/i386/pc/truecrypt.c | 2 +-
grub-core/loader/i386/xen.c | 14 +-
grub-core/loader/i386/xen_file.c | 2 +-
grub-core/loader/i386/xnu.c | 2 +-
grub-core/loader/ia64/efi/linux.c | 7 +
grub-core/loader/linux.c | 6 +-
grub-core/loader/macho.c | 4 +-
grub-core/loader/mips/linux.c | 10 +-
grub-core/loader/multiboot.c | 8 +-
grub-core/loader/multiboot_mbi2.c | 13 +-
grub-core/loader/powerpc/ieee1275/linux.c | 5 +-
grub-core/loader/sparc64/ieee1275/linux.c | 5 +-
grub-core/loader/xnu.c | 25 +-
grub-core/loader/xnu_resume.c | 4 +-
grub-core/normal/autofs.c | 11 +-
grub-core/normal/crypto.c | 2 +-
grub-core/normal/dyncmd.c | 2 +-
grub-core/normal/main.c | 2 +-
grub-core/normal/term.c | 2 +-
grub-core/video/readers/jpeg.c | 2 +-
grub-core/video/readers/png.c | 2 +-
grub-core/video/readers/tga.c | 2 +-
include/grub/bufio.h | 6 +-
include/grub/dl.h | 13 +
include/grub/elfload.h | 2 +-
include/grub/file.h | 153 ++--
include/grub/lib/cmdline.h | 5 +-
include/grub/list.h | 1 +
include/grub/machoload.h | 3 +-
include/grub/verify.h | 77 ++
util/grub-fstest.c | 6 +-
util/grub-mount.c | 6 +-
87 files changed, 1931 insertions(+), 1282 deletions(-)
Daniel Kiper (4):
verifiers: Add possibility to defer verification to other verifiers
verifiers: Rename verify module to pgp module
dl: Add support for persistent modules
efi: Add EFI shim lock verifier
Vladimir Serbinenko (4):
verifiers: File type for fine-grained signature-verification controlling
verifiers: Framework core
verifiers: Add possibility to verify kernel and modules command lines
verifiers: Add the documentation
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
