note type: (0x1275)
description data: ff ff ff ff 00 c0 00 00 ff ff ff ff ff ff ff ff ff ff ff
ff 00 00 40 00
So far as I can tell this issue has existed for as long as the note
generation code has existed, but I guess nothing really checks descsz.
Signed-off-by: Daniel Axtens
Hi Hans,
> Hello,
>
> as I am continuing to flood this mailing list with patches, I am
> realizing that I am missing some general rules for how things work on
> grub-devel. Sorry for the inconvenience caused by that.
>
> Anyway, here are a few questions I am beginning realize I should know
> the
Hi,
I'd like to teach grub how to verify appended signatures. Appended
signatures are a format used by the Linux kernel to cryptographically
sign binaries. They're used to verify kernel modules on all platforms
[1], and they're also used on some platforms (such as PowerPC) for
signing the kernel
Javier Martinez Canillas writes:
> Hello Daniel,
>
> On 5/18/20 5:49 PM, Daniel Kiper wrote:
>
> [snip]
>
>>>
>>> Without this patch, clang-9 fails on the use of nested functions in
>>> commit cb2f15c54489 ("normal/main: Search for specific config files for
>>> netboot") - I'll send a fix for
Hi all,
I'm having some trouble with the grub tests run by `make check`.
In particular, grub_func_test is failing for me in every configuration I
try. I've tried various combinations of:
- master, grub-2.04 and grub-2.02 tags, as well as the grub-2.04
tarball.
- configuring for platform
' ! -ipath './util/grub-gen-asciih.c' ! -ipath
> './gnulib/*' ! -ipath './grub-core/lib/gnulib/*' |sort > po/POTFILES.in
> find util -iname '*.in' ! -name Makefile.in |sort > po/POTFILES-shell.in
Fantastic, that had been bugging me every time I saw it.
Hi Daniel,
> Commit d5a32255d (misc: Make grub_strtol() "end" pointers have safer
> const qualifiers) introduced "restrict" keyword into some functions
> definitions. This keyword was introduced in C99 standard. However, some
> compilers by default may use C89 or something different. This
Hi,
I've made a little progress on this.
> I keep having failures with the cmdline_cat test and the gfxmenu tests
> within grub_func_test - the video checksums don't match. The images all
> look OK to me, so I'm not quite sure what the problem is, and we don't
> ship known-good images for me to
th clang.
>
> Reported-by: Daniel Axtens
> Signed-off-by: Javier Martinez Canillas
With this patch, clang-9 builds and runs mainline grub-emu.
Tested-by: Daniel Axtens # emu platform only
clang still doesn't like 'make check', but that looks like a different
issue around relocatio
Javier Martinez Canillas writes:
> Hello Daniel,
>
> On 5/19/20 3:47 AM, Daniel Axtens wrote:
>> Javier Martinez Canillas writes:
>>
>>> Hello Daniel,
>>>
>>> On 5/18/20 5:49 PM, Daniel Kiper wrote:
>>>
>>> [snip]
>>>
&
Hi Konrad,
>> +LICENSING
>> +=
>> +
>> +The libtasn1 library is released under the GNU Lesser General Public
>> +License (LGPL) version 2.1 or later; see
>> [COPYING.LESSER](doc/COPYING.LESSER)
>> +for the license terms.
>> +
>> +The GNU LGPL applies to the main libtasn1 library, while
on the the grub
command line or by load_env.
Thus, as with the PGP verifier, it is not a complete secure-boot solution:
other mechanisms must be used to ensure that a user cannot drop to the
grub shell and disable verification.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def
.
- X.509 certificates: at least enough to verify the signatures on the
PKCS#7 messages. We expect that the certificates embedded in grub will
be leaf certificates, not CA certificates. The parser enforces this.
Signed-off-by: Daniel Axtens
---
grub-core/commands/appendedsig/appendedsig.h
If the 'ibm,secure-boot' property of the root node is 2 or greater,
require that the kernel pass appended-signature verification.
Do not consider the presence of a certificate to enforce verification.
Signed-off-by: Daniel Axtens
---
grub-core/commands/appendedsig/appendedsig.c | 44
ot/vmlinux /boot/vmlinux.signed
- You should now be able to boot with new SLOF and qemu in
secure-boot mode.
Daniel Axtens (1):
ieee1275: link appended-signature enforcement to /ibm,secure-boot
grub-core/commands/appendedsig/appendedsig.c | 44 +++-
grub-core/kern/ieee1275/init.
> +case 'x':
> + arguments->x509keys = xrealloc (arguments->x509keys,
> + sizeof (arguments->x509keys[0])
> + * (arguments->nx509keys + 1));
> + arguments->pubkeys[arguments->nx509keys++] = xstrdup (arg);
This
[This bounced from the list for some reason, so I'm trying again.]
Hi Michal,
That's a really interesting proposal - thank you. I'm still thinking
about it and experimenting with it in SLOF.
Some thoughts:
> It has been pointed out in the plumbers session that the ELF note will
> cause
Hi Michael,
>> +@section Signing GRUB with an appended signature
>> +
>> +The @file{core.img} itself can be signed with a Linux kernel module-style
>> +appended signature.
>> +
>> +To support IEEE1275 platforms where the boot image is often loaded directly
>> +from a disk partition rather than
and location of the
signature.
More details are in patch 1, including a link to an open-source firmware
capable of verifying a grub image signed this way.
Daniel Axtens (2):
docs/grub: Document signing grub under UEFI
docs/grub: Document signing grub with an appended signature
Rashmica Gupta (1
e appended signature
structure (not at the end) so that the final bytes of a signed ELF file
are the appended signature magic.
A subsequent patch documents how to create a grub core.img validly signed
under this scheme.
Signed-off-by: Daniel Axtens
Signed-off-by: Rashmica Gupta
---
You can exper
Signing grub for firmware that verifies an appended signature is a
bit fiddly. I don't want people to have to figure it out from scratch
so document it here.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 42 ++
1 file changed, 42 insertions(+)
diff
Before adding information about how grub is signed with an appended
signature scheme, it's worth adding some information about how it
can currently be signed for UEFI.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 22 +-
1 file changed, 21 insertions(+), 1 deletion
/738/
https://youtu.be/IJUNxHnopH4?t=537
> More details are in patch 1, including a link to an open-source firmware
> capable of verifying a grub image signed this way.
>
> Daniel Axtens (2):
> docs/grub: Document signing grub under UEFI
> docs/grub: Document si
be suitable but I don't really mind either way. Having said
that, I'd appreciate any feedback before then.
Alastair D'Silva (1):
grub-install: support embedding x509 certificates
Daniel Axtens (17):
docs/grub: grub-install is no longer a shell script
docs/grub: --pubkey has been supported
Other verifiers that implement secure boot may want to be able to
reuse the same list and behaviour.
Signed-off-by: Daniel Axtens
---
grub-core/commands/efi/shim_lock.c | 45 +++--
grub-core/commands/verifiers.c | 46 ++
include/grub
avoid the need for minmax.h,
which is convenient because it means we don't have to
import it from gnulib.
Signed-off-by: Daniel Axtens
---
grub-core/lib/libtasn1/lib/coding.c| 12 ++--
grub-core/lib/libtasn1/lib/decoding.c | 2 ++
grub-core/lib/libtasn1/lib/element.c | 4 ++--
grub
--pubkey is supported, so we can now document it.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 12 +++-
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index bd72b589522e..327c1bd0f412 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell
script. The para doesn't really add that much, especially since it's
the user manual, so just drop it.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 7 ---
1 file changed, 7 deletions(-)
diff --git a/docs/grub.texi b
These tests are run through all_functional_test and test a range
of commands and behaviours.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 6 +
grub-core/tests/appended_signature_test.c | 250 +++
grub-core/tests/appended_signatures.h | 483
Trying to start grub-emu with a module that calls grub_dl_set_persistent
will crash because grub-emu fakes modules and passes NULL to the module
init function.
Provide an empty function for the emu case.
Fixes: ee7808e2197c (dl: Add support for persistent modules)
Signed-off-by: Daniel Axtens
module.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 8 +
grub-core/commands/pgp.c| 28 ++
grub-core/lib/pkcs1_v15.c | 59 +
include/grub/pkcs1_v15.h| 27 +
4 files changed, 96 insertions(+), 26
pher handle. That depends on grub_ciphers being populated
by people calling grub_cipher_register. import_gcry.py ensures that the
symmetric ciphers call it.]
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c | 4
grub-core/lib/crypto.c | 4
2 files changed, 4 insertions(+
also use that value.
- Provide strto[u]l[l] preprocessor macros that resolve to
grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we
also define HAVE_STRTOUL here.
Signed-off-by: Daniel Axtens
---
grub-core/lib/posix_wrap/limits.h| 1 +
grub-core/lib/posix_wrap/stdlib.h| 8
, allowing
us to import it without issue.
Signed-off-by: Daniel Axtens
---
.../commands/appendedsig/gnutls_asn1_tab.c| 121 +
.../commands/appendedsig/pkix_asn1_tab.c | 484 ++
2 files changed, 605 insertions(+)
create mode 100644 grub-core/commands/appendedsig
modules. Unconditionally support const and pure attributes and adjust
header paths.
- adjust header paths to "grub/libtasn1.h".
- replace a 64 bit division with a call to grub_divmod64, preventing
creation of __udivdi3 calls on 32 bit platforms.
Signed-off-by: Daniel Axtens
---
gru
This explains how appended signatures can be used to form part of
a secure boot chain, and documents the commands and variables
introduced.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 189 +
1 file changed, 174 insertions(+), 15 deletions
.
Signed-off-by: Alastair D'Silva
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c| 2 +-
include/grub/kernel.h | 3 ++-
include/grub/util/install.h | 7 +--
util/grub-install-common.c | 23 -
util/grub-mkimage.c | 15 --
util/mkimage.c
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap.c | 26 ++
2 files changed, 41 insertions(+)
create
Charles Duffy writes:
> Howdy, y'all --
>
> In anticipation of trying to revive the OpenPGP compatibility patch created
> by Ignat Korchagin in 2016, I've assembled a simple test suite that can
> generate multiple builds of GRUB (different versions/patches/etc) and then
> test them with keys and
Currently GRUB2 verify logic searches PGP keyid only in unhashed subpackets of
PGP signature packet. As a result, signatures generated with GoLang openpgp
package (https://godoc.org/golang.org/x/crypto/openpgp) could not be verified,
because this package puts keyid in hashed subpackets and GRUB
Charles Duffy writes:
> On Wed, May 27, 2020 at 11:42 PM Daniel Axtens wrote:
>
>> My team has been working on the verifier area to support appended
>> signatures (used to sign Linux kernel modules, and on at least powerpc64
>> also used to sign the kernel), so
>> [ modified by dja: rebase, split out 'readbuf' to both readbuf and
>> subpacket_buf for clarity
>> signature_test still passes but I have not run any other tests ]
Signed-off-by: Daniel Axtens
>> ---
>> grub-core/commands/pgp.c | 117 ++
"json.h". If enforcing the GNU99 C
> standard, clang may generate a warning about this non-standard
> construct.
>
> Fix the issue by using a simple `struct jsmntok` forward declaration
> instead of using a typedef.
>
> Signed-off-by: Patrick Steinhardt
Te
Daniel Kiper writes:
> On Fri, May 29, 2020 at 02:10:46PM +1000, Daniel Axtens wrote:
>> Charles Duffy writes:
>>
>> > Amended the test repo to apply this patch; it applies and works-as-intended
>> > on both 2.04 and current master.
>> >
check' can pass (at least on my laptop) in a number
of configurations, including x86_64-emu and i386-pc.
Signed-off-by: Daniel Axtens
---
I had a crack at getting this into Travis CI, but I had a lot of
trouble with the existing boot test. Then I realised that there was
a whole series of Travis im
> clang still doesn't like 'make check', but that looks like a different
> issue around relocations. clang isn't a huge priority for me, so it
> might take a while. But this patch is good to go in regardless.
Turns out I needed to specify CXX=clang++ as well.
Daniel
>
> Thanks again,
> Daniel
>
Hi Michal,
>> A simpler scheme would be for grub-install to parse the signature
>> footer, split-off the signature, write the ELF binary at the start of
>> the PReP partition, and the signature at the end. Then the grub
>> signature can use exactly same format as the kernel and modules.
>
> I got
--pubkey is supported, so we can now document it.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 12 +++-
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index 6cbd753d12fd..6bac37728042 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
Trying to start grub-emu with a module that calls grub_dl_set_persistent
will crash because grub-emu fakes modules and passes NULL to the module
init function.
Provide an empty function for the emu case.
Fixes: ee7808e2197c (dl: Add support for persistent modules)
Signed-off-by: Daniel Axtens
pher handle. That depends on grub_ciphers being populated
by people calling grub_cipher_register. import_gcry.py ensures that the
symmetric ciphers call it.]
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c | 4
grub-core/lib/crypto.c | 4
2 files changed, 4 insertions(+
Other verifiers that implement secure boot may want to be able to
reuse the same list and behaviour.
Signed-off-by: Daniel Axtens
---
grub-core/commands/efi/shim_lock.c | 45 +++--
grub-core/commands/verifiers.c | 46 ++
include/grub
appreciate any feedback before then.
Alastair D'Silva (1):
grub-install: support embedding x509 certificates
Daniel Axtens (17):
docs/grub: grub-install is no longer a shell script
docs/grub: --pubkey has been supported for some time
dl: provide a fake grub_dl_set_persistent for the emu target
Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell
script. The para doesn't really add that much, especially since it's
the user manual, so just drop it.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 7 ---
1 file changed, 7 deletions(-)
diff --git a/docs/grub.texi b
module.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 8 +
grub-core/commands/pgp.c| 28 ++
grub-core/lib/pkcs1_v15.c | 59 +
include/grub/pkcs1_v15.h| 27 +
4 files changed, 96 insertions(+), 26
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap.c | 26 ++
2 files changed, 41 insertions(+)
create
.
Signed-off-by: Alastair D'Silva
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c| 2 +-
include/grub/kernel.h | 3 ++-
include/grub/util/install.h | 7 +--
util/grub-install-common.c | 23 -
util/grub-mkimage.c | 15 --
util/mkimage.c
modules. Unconditionally support const and pure attributes and adjust
header paths.
- adjust header paths to "grub/libtasn1.h".
- replace a 64 bit division with a call to grub_divmod64, preventing
creation of __udivdi3 calls on 32 bit platforms.
Signed-off-by: Daniel Axtens
---
gru
also use that value.
- Provide strto[u]l[l] preprocessor macros that resolve to
grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we
also define HAVE_STRTOUL here.
Signed-off-by: Daniel Axtens
---
grub-core/lib/posix_wrap/limits.h| 1 +
grub-core/lib/posix_wrap/stdlib.h| 8
avoid the need for minmax.h,
which is convenient because it means we don't have to
import it from gnulib.
Signed-off-by: Daniel Axtens
---
grub-core/lib/libtasn1/lib/coding.c| 12 ++--
grub-core/lib/libtasn1/lib/decoding.c | 2 ++
grub-core/lib/libtasn1/lib/element.c | 4 ++--
grub
ion and will post it shortly. However, for an end-user or packager with
a higher minimum memory requirement, this will work fine.
Signed-off-by: Daniel Axtens
---
grub-core/kern/ieee1275/init.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.
on the the grub
command line or by load_env.
Thus, as with the PGP verifier, it is not a complete secure-boot solution:
other mechanisms must be used to ensure that a user cannot drop to the
grub shell and disable verification.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def
.
- X.509 certificates: at least enough to verify the signatures on the
PKCS#7 messages. We expect that the certificates embedded in grub will
be leaf certificates, not CA certificates. The parser enforces this.
Signed-off-by: Daniel Axtens
---
grub-core/commands/appendedsig/appendedsig.h
, allowing
us to import it without issue.
Signed-off-by: Daniel Axtens
---
.../commands/appendedsig/gnutls_asn1_tab.c| 121 +
.../commands/appendedsig/pkix_asn1_tab.c | 484 ++
2 files changed, 605 insertions(+)
create mode 100644 grub-core/commands/appendedsig
These tests are run through all_functional_test and test a range
of commands and behaviours.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 6 +
grub-core/tests/appended_signature_test.c | 250 +++
grub-core/tests/appended_signatures.h | 483
Hi Michal,
>> So grub is usually loaded from the PReP partition if you are booting
>> from disk. But, if you are booting from a CD/USB/etc, we first parse
>> /ppc/boot-info.txt and then load whatever file it identifies. If you're
>> netbooting we load the file we get from the network.
>>
>> One
d decision; in particular,
>> the Go x/crypto/openpgp library chooses to store issuer ID in the hashed
>> area.
>>
>> Without this patch, trying to verify a valid signature made by
>> x/crypto/openpgp results in `error: public key 0000 not found.`,
>> becau
"Vladimir 'phcoder' Serbinenko" writes:
> On Tue, Jun 2, 2020, 10:40 Daniel Axtens wrote:
>
>> cmdline_cat takes a checksum of a screen that includes the grub
>> version number, so it has been broken since commit 94d9926a6640
>> ("Release 2.04~rc1&
error generated.
It's not really that unclear in context: there's a commented-out
if-statement. But tweak the alignment anyway so that clang is happy.
Signed-off-by: Daniel Axtens
---
With this and Patrick's patch 'json: Remove invalid typedef redefinition',
grub-emu compiles under clang-10
for this to go into 2.06.
Kind regards,
Daniel
v2: fix the bug where I mixed up model and compatible.
Daniel Axtens (3):
ieee1275: drop HEAP_MAX_ADDR, HEAP_MIN_SIZE
ieee1275: claim more memory
ieee1275: request memory with ibm,client-architecture-support
docs/grub-dev.texi | 6
ADDR check. It is now unused. Remove it.
Signed-off-by: Daniel Axtens
---
grub-core/kern/ieee1275/init.c | 17 -
1 file changed, 17 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 7a1ebdf94e06..c81cfc0320ae 100644
--- a/grub-core/ker
a natural cap
of 1GB for powerpc-ieee1275.
Also apply this 1/4 approach to i386-ieee1275, but keep the 32MB cap.
make check still works for both i386 and powerpc and I've booted
powerpc grub with this change under SLOF and PFW.
Signed-off-by: Daniel Axtens
---
docs/grub-dev.texi | 6
ize - it persists even on cold boots.
So if you've ever booted Linux in a partition, you'll probably never have
grub call CAS. It'll only ever fire the first time a partition loads grub,
or if you deliberately lower the amount of memory your partition has below
512MB.)
Signed-off-by: Daniel Axtens
---
: support embedding x509 certificates
Daniel Axtens (20):
ieee1275: drop HEAP_MAX_ADDR, HEAP_MIN_SIZE
ieee1275: claim more memory
ieee1275: request memory with ibm,client-architecture-support
docs/grub: Document signing grub under UEFI
docs/grub: Document signing grub with an appended
ADDR check. It is now unused. Remove it.
Signed-off-by: Daniel Axtens
---
grub-core/kern/ieee1275/init.c | 17 -
1 file changed, 17 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index d483e35eed2b..c5d091689f29 100644
--- a/grub-core/ker
a natural cap
of 1GB for powerpc-ieee1275.
Also apply this 1/4 approach to i386-ieee1275, but keep the 32MB cap.
make check still works for both i386 and powerpc and I've booted
powerpc grub with this change under SLOF and PFW.
Signed-off-by: Daniel Axtens
---
docs/grub-dev.texi | 6
pher handle. That depends on grub_ciphers being populated
by people calling grub_cipher_register. import_gcry.py ensures that the
symmetric ciphers call it.]
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c | 4
grub-core/lib/crypto.c | 4
2 files changed, 4 insertions(+
it by verifying that the certificate has a single purpose, that is code
signing. This is required because Red Hat certificates have both Key
Usage and Extended Key Usage extensions present.
Signed-off-by: Javier Martinez Canillas # EKU support
Signed-off-by: Daniel Axtens
---
v2 changes
, allowing
us to import it without issue.
Signed-off-by: Daniel Axtens
---
.../commands/appendedsig/gnutls_asn1_tab.c| 121 +
.../commands/appendedsig/pkix_asn1_tab.c | 484 ++
2 files changed, 605 insertions(+)
create mode 100644 grub-core/commands/appendedsig
If the 'ibm,secure-boot' property of the root node is 2 or greater,
enter lockdown.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 4 ++--
grub-core/Makefile.core.def| 1 +
grub-core/kern/ieee1275/init.c | 27 +++
include/grub/lockdown.h
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap.c | 26 ++
2 files changed, 41 insertions(+)
create
on 32 bit platforms.
Signed-off-by: Daniel Axtens
---
v2: Clean up strcat handling, thanks Stefan Berger.
---
grub-core/lib/libtasn1/lib/decoding.c | 11 ++-
grub-core/lib/libtasn1/lib/element.c| 3 ++-
grub-core/lib/libtasn1/lib/gstr.c | 4 ++--
grub-core/lib/libtasn1/lib/int.h
These tests are run through all_functional_test and test a range
of commands and behaviours.
Signed-off-by: Daniel Axtens
---
v2 changes:
- add a test for EKU
- add tests for files signed with multiple signers
- add a test of padded PKCS#7 messages
- use macros to reduce duplication
.
Signed-off-by: Alastair D'Silva
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c| 2 +-
include/grub/kernel.h | 3 ++-
include/grub/util/install.h | 7 +--
util/grub-install-common.c | 22 +++-
util/grub-mkimage.c | 15 --
util/mkimage.c
also use that value.
- Provide strto[u]l[l] preprocessor macros that resolve to
grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we
also define HAVE_STRTOUL here.
Signed-off-by: Daniel Axtens
---
grub-core/lib/posix_wrap/limits.h| 1 +
grub-core/lib/posix_wrap/stdlib.h| 8
ize - it persists even on cold boots.
So if you've ever booted Linux in a partition, you'll probably never have
grub call CAS. It'll only ever fire the first time a partition loads grub,
or if you deliberately lower the amount of memory your partition has below
512MB.)
Signed-off-by: Daniel Axtens
---
e appended signature
structure (not at the end) so that the final bytes of a signed ELF file
are the appended signature magic.
A subsequent patch documents how to create a grub core.img validly signed
under this scheme.
Signed-off-by: Daniel Axtens
Signed-off-by: Rashmica Gupta
---
You can exper
Trying to start grub-emu with a module that calls grub_dl_set_persistent
will crash because grub-emu fakes modules and passes NULL to the module
init function.
Provide an empty function for the emu case.
Fixes: ee7808e2197c (dl: Add support for persistent modules)
Signed-off-by: Daniel Axtens
, such as a password or lockdown, must be used to ensure
that a user cannot drop to the grub shell and disable verification.
Signed-off-by: Daniel Axtens
---
v2 changes:
- Improve x509 parser function name
- Constify data parameters in function signatures
- Support multiple signers
- Use
This explains how appended signatures can be used to form part of
a secure boot chain, and documents the commands and variables
introduced.
Signed-off-by: Daniel Axtens
---
v2: fix a grammar issue, thanks Stefan Berger.
---
docs/grub.texi | 193
avoid the need for minmax.h,
which is convenient because it means we don't have to
import it from gnulib.
Signed-off-by: Daniel Axtens
---
grub-core/lib/libtasn1/lib/coding.c| 12 ++--
grub-core/lib/libtasn1/lib/decoding.c | 2 ++
grub-core/lib/libtasn1/lib/element.c | 4 ++--
grub
Before adding information about how grub is signed with an appended
signature scheme, it's worth adding some information about how it
can currently be signed for UEFI.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 22 +-
1 file changed, 21 insertions(+), 1 deletion
module.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 8 +
grub-core/commands/pgp.c| 28 ++
grub-core/lib/pkcs1_v15.c | 59 +
include/grub/pkcs1_v15.h| 27 +
4 files changed, 96 insertions(+), 26
Signing grub for firmware that verifies an appended signature is a
bit fiddly. I don't want people to have to figure it out from scratch
so document it here.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 42 ++
1 file changed, 42 insertions(+)
diff
also use that value.
- Provide strto[u]l[l] preprocessor macros that resolve to
grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we
also define HAVE_STRTOUL here.
Signed-off-by: Daniel Axtens
---
grub-core/lib/posix_wrap/limits.h| 1 +
grub-core/lib/posix_wrap/stdlib.h| 8
Signing grub for firmware that verifies an appended signature is a
bit fiddly. I don't want people to have to figure it out from scratch
so document it here.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 42 ++
1 file changed, 42 insertions(+)
diff
Trying to start grub-emu with a module that calls grub_dl_set_persistent
will crash because grub-emu fakes modules and passes NULL to the module
init function.
Provide an empty function for the emu case.
Fixes: ee7808e2197c (dl: Add support for persistent modules)
Signed-off-by: Daniel Axtens
, such as a password or lockdown, must be used to ensure
that a user cannot drop to the grub shell and disable verification.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 12 +
grub-core/commands/appendedsig/appendedsig.c | 645 +++
include/grub
These tests are run through all_functional_test and test a range
of commands and behaviours.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 6 +
grub-core/tests/appended_signature_test.c | 281 +++
grub-core/tests/appended_signatures.h | 557
pher handle. That depends on grub_ciphers being populated
by people calling grub_cipher_register. import_gcry.py ensures that the
symmetric ciphers call it.]
Signed-off-by: Daniel Axtens
---
grub-core/commands/pgp.c | 4
grub-core/lib/crypto.c | 4
2 files changed, 4 insertions(+
modules. Unconditionally support const and pure attributes and adjust
header paths.
- adjust header paths to "grub/libtasn1.h".
- replace a 64 bit division with a call to grub_divmod64, preventing
creation of __udivdi3 calls on 32 bit platforms.
Signed-off-by: Daniel Axtens
---
gru
1 - 100 of 274 matches
Mail list logo