On 2025-09-15 16:31, Sudhakar Kuppusamy wrote:
Building on the parsers and the ability to embed X.509 certificates, as
well as the existing gcrypt functionality, add a module for verifying
appended signatures.
This includes a signature verifier that requires that the Linux kernel
and
GRUB modules have appended signatures for verification.
Signature verification must be enabled by setting
check_appended_signatures.
If secure boot is enabled with enforce mode when the appendedsig
module is loaded, signature verification will be enabled, and trusted
keys will be extracted from the GRUB ELF Note and stored in the db and
locked automatically.
Signed-off-by: Daniel Axtens <d...@axtens.net>
Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
Reviewed-by: Avnish Chouhan <avn...@linux.ibm.com>
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
