Re: edif / create files from a grub module

2017-05-10 Thread Jon McCune
Jean-Francois, It's possible to write one's grub.cfg to save GRUB environment variables in pre-existing GRUB environment variable files on an ext4 filesystem. What types of sanity-checking are you looking to do? It may be possible to achieve what you want with just these mechanisms. -Jon On

Re: Support for TPM measurements on UEFI systems

2017-02-06 Thread Jon McCune
On Mon, Feb 6, 2017 at 2:04 PM, Matthew Garrett <mj...@srcf.ucam.org> wrote: > On Mon, Feb 06, 2017 at 09:53:57AM -0800, Jon McCune wrote: > > > I'm not sure about measuring the commands that GRUB runs. GRUB's config > > file is a shell-like language, and measuri

Re: Support for TPM measurements on UEFI systems

2017-02-06 Thread Jon McCune
Matthew, On Mon, Feb 6, 2017 at 8:43 AM, Matthew Garrett wrote: > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko > wrote: > > See verify.h for the interface. Obviously if you need changes in the API, > > please say. > > I think that's a starting

Re: [PATCH] verify: search keyid in hashed signature subpackets (repost)

2016-11-21 Thread Jon McCune
On Mon, Nov 21, 2016 at 6:45 AM, Daniel Kiper wrote: > On Fri, Nov 18, 2016 at 12:00:08PM +, Ignat Korchagin wrote: > > Reposting this, as requested by Daniel and rebasing on current tree. > > > > Currently GRUB2 verify logic searches PGP keyid only in unhashed >

[PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce

2013-09-06 Thread Jon McCune
on the contents of the file. This prevents a malicious environment block file from overwriting the value of security-critical environment variables such as check_signatures, while still allowing a properly constructed configuration file to offer savedefault and one-shot functionality. Signed-off-by: Jon

[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce

2013-09-06 Thread Jon McCune
is done to make this support usable: A {-k, --pubkey} option is added to grub-install, and significant documentation is included. See the individual patch descriptions for more specifics. Jon McCune (5): style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c load_env support

[PATCH v2 3/5] save_env should work, even if check_signatures=enforce

2013-09-06 Thread Jon McCune
will be written. Thus, the actual contents of the file do not pose a security risk. Signed-off-by: Jon McCune jonmcc...@google.com --- grub-core/commands/loadenv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c index 49e8004

[PATCH v2 5/5] Additional security-relevant documentation

2013-09-06 Thread Jon McCune
documentation) * Modifications to documentation for load_env, save_env, hashsum Signed-off-by: Jon McCune jonmcc...@google.com --- docs/grub.texi | 180 - 1 file changed, 178 insertions(+), 2 deletions(-) diff --git a/docs/grub.texi b/docs

[PATCH v2 4/5] Add -k, --pubkey=FILE support to grub-install command

2013-09-06 Thread Jon McCune
This simply passes along the public key to the grub-mkimage invocation Signed-off-by: Jon McCune jonmcc...@google.com --- util/grub-install.in | 13 + util/grub-install_header | 6 ++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/util/grub-install.in b/util

[PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c

2013-09-06 Thread Jon McCune
-by: Jon McCune jonmcc...@google.com --- grub-core/commands/loadenv.c | 87 ++-- 1 file changed, 44 insertions(+), 43 deletions(-) diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c index c0a42c5..a431499 100644 --- a/grub-core/commands

[PATCH v3 3/3] Add (multiple) -k, --pubkey=FILE support to grub-install command

2013-09-06 Thread Jon McCune
Passes along one or more public keys to the grub-mkimage invocation Signed-off-by: Jon McCune jonmcc...@google.com --- util/grub-install.in | 19 +++ util/grub-install_header | 6 ++ 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/util/grub-install.in b

[PATCH v3 0/3] Add whitelisting support for load_env

2013-09-06 Thread Jon McCune
This is an iteration of the code that was discussed in the v2 patch. I have not yet updated the documentation to match these changes, since I would prefer to conclude discussion of the suitability of these changes first. Jon McCune (3): style: indent --no-tabs --gnu-style grub-core/commands

[PATCH v3 1/3] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c

2013-09-06 Thread Jon McCune
-by: Jon McCune jonmcc...@google.com --- grub-core/commands/loadenv.c | 87 ++-- 1 file changed, 44 insertions(+), 43 deletions(-) diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c index c0a42c5..a431499 100644 --- a/grub-core/commands

[PATCH v3 2/3] load_env support for whitelisting which variables are read from an env file

2013-09-06 Thread Jon McCune
, boot_once, and similar. This version of this patch drops all direct interaction with the logic in verify.c. The author of grub.cfg must take care to disable and re-enable check_signatures as appropriate. Signed-off-by: Jon McCune jonmcc...@google.com --- grub-core/commands/loadenv.c | 57