URL: <http://savannah.gnu.org/bugs/?43601>
Summary: Built-in gpg verification fails over tftp Project: GNU GRUB Submitted by: rkliewer Submitted on: Thu 13 Nov 2014 03:53:48 PM GMT Category: Security Severity: Major Priority: 5 - Normal Item Group: Software Error Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: Git master Reproducibility: Every Time Planned Release: None _______________________________________________________ Details: I am booting an x86_64 efi image over tftp on a vmware 10 instance. I'm seeing an issue in both grub 2.02~beta2 and the latest git when using a gpg public key with check_signatures enabled. All file operations over tftp (or http) complete, but grub immediately throws the following error: alloc magic is broken at <addr>: <value> Aborted. Press any key to exit. Pressing a key takes me back to the EFI firmware. I can work around the issue by disabling check signatures and manually running verify_detached on a file, but that leaves me having to pull the kernel and initrd twice and nearly double my boot time. Signature checking from a memdisk does not appear to be broken. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?43601> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub