Hi Daniel,
Thank you for your valuable review. splited this patch into two in v3.
Thanks,
Sudhakar Kuppusmay
On 2025-05-28 21:17, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:28AM +0530, Sudhakar Kuppusamy wrote:
From: Alastair D'Silva <alast...@d-silva.org>
To support verification of appended signatures, we need a way to
embed the necessary public keys. Existing appended signature schemes
in the Linux kernel use X.509 certificates, so allow certificates to
be embedded in the grub core image in the same way as PGP keys.
s/grub/GRUB/
Signed-off-by: Alastair D'Silva <alast...@d-silva.org>
Signed-off-by: Daniel Axtens <d...@axtens.net>
Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com>
Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
Reviewed-by: Avnish Chouhan <avn...@linux.ibm.com>
---
grub-core/commands/pgp.c | 2 +-
include/grub/kernel.h | 2 ++
include/grub/util/install.h | 3 +++
util/grub-install-common.c | 19 ++++++++++++++++++-
util/grub-mkimage.c | 14 ++++++++++++--
util/mkimage.c | 33 +++++++++++++++++++++++++++++++--
6 files changed, 67 insertions(+), 6 deletions(-)
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index 961abf775..fa3ef5c75 100644
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp)
grub_memset (&pseudo_file, 0, sizeof (pseudo_file));
/* Not an ELF module, skip. */
- if (header->type != OBJ_TYPE_PUBKEY)
+ if (header->type != OBJ_TYPE_GPG_PUBKEY)
This patch should be split into two. One should do required renames in
existing code and another one should add X.509 code.
Daniel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
