Hi, As I promised I am posting verifiers framework patchset. This is an RFC because I have some concerns which should be discussed.
Some verifiers, e.g. shim lock, may not be able to verify all file types, e.g. GRUB2 modules, on your own and would want to delegate verification to other verifiers, e.g. PGP. Currently this is not possible. So, I think that we should extend the interface with relevant functionality. However, this will not solve all problems. E.g. it is dangerous to load iorw or memrw modules, even if they are signed e.g. with PGP, if UEFI secure boot is enabled. So, I think that we should disable module loading if such verifiers are in use or provide a functionality which gives us a chance to black list some modules. If TPM verifier is introduced then module loading order changes will change measurements. So, in this case maybe we should encourage users to use standalone GRUB2. Or enforce module loading order somehow. However, this can be difficult and not reliable. Additionally, I would split PGP code changes from verifiers introduction (patch #2), rename grub-core/commands/verify.c to grub-core/commands/pgp.c and rename grub-core/commands/verify_helper.c to grub-core/commands/verifiers.c. And I am tempted to rename verify_detached/trust/list_trusted/distrust commands to pgp_verify_detached/pgp_trust/pgp_list_trusted/pgp_distrust. Though this may create some backward compatibility issues, so, ... Anyway, please take look and say what you think about that. Daniel docs/grub-dev.texi | 53 +++++++ grub-core/Makefile.core.def | 11 ++ grub-core/commands/acpi.c | 2 +- grub-core/commands/blocklist.c | 4 +- grub-core/commands/cat.c | 2 +- grub-core/commands/cmp.c | 4 +- grub-core/commands/efi/loadbios.c | 4 +- grub-core/commands/efi/shim_lock.c | 93 ++++++++++++ grub-core/commands/file.c | 5 +- grub-core/commands/hashsum.c | 22 ++- grub-core/commands/hexdump.c | 2 +- grub-core/commands/i386/nthibr.c | 79 ++++++++++ grub-core/commands/i386/pc/play.c | 2 +- grub-core/commands/keylayouts.c | 2 +- grub-core/commands/legacycfg.c | 2 +- grub-core/commands/loadenv.c | 24 +-- grub-core/commands/ls.c | 8 +- grub-core/commands/minicmd.c | 2 +- grub-core/commands/nativedisk.c | 3 +- grub-core/commands/parttool.c | 2 +- grub-core/commands/search.c | 4 +- grub-core/commands/test.c | 4 +- grub-core/commands/testload.c | 2 +- grub-core/commands/testspeed.c | 2 +- grub-core/commands/verify.c | 564 ++++++++++++++++++++++++++++++++++------------------------------------- grub-core/commands/verify_helper.c | 208 ++++++++++++++++++++++++++ grub-core/disk/loopback.c | 3 +- grub-core/efiemu/main.c | 2 +- grub-core/font/font.c | 4 +- grub-core/fs/zfs/zfscrypt.c | 2 +- grub-core/gettext/gettext.c | 2 +- grub-core/gfxmenu/theme_loader.c | 2 +- grub-core/io/bufio.c | 10 +- grub-core/io/gzio.c | 5 +- grub-core/io/lzopio.c | 6 +- grub-core/io/offset.c | 7 +- grub-core/io/xzio.c | 6 +- grub-core/kern/dl.c | 2 +- grub-core/kern/elf.c | 4 +- grub-core/kern/file.c | 22 ++- grub-core/lib/cmdline.c | 9 +- grub-core/lib/syslinux_parse.c | 2 +- grub-core/loader/arm/linux.c | 8 +- grub-core/loader/arm64/linux.c | 10 +- grub-core/loader/efi/chainloader.c | 2 +- grub-core/loader/i386/bsd.c | 22 ++- grub-core/loader/i386/coreboot/chainloader.c | 2 +- grub-core/loader/i386/linux.c | 18 ++- grub-core/loader/i386/multiboot_mbi.c | 16 +- grub-core/loader/i386/pc/chainloader.c | 4 +- grub-core/loader/i386/pc/freedos.c | 2 +- grub-core/loader/i386/pc/linux.c | 15 +- grub-core/loader/i386/pc/ntldr.c | 2 +- grub-core/loader/i386/pc/plan9.c | 13 +- grub-core/loader/i386/pc/pxechainloader.c | 2 +- grub-core/loader/i386/pc/truecrypt.c | 2 +- grub-core/loader/i386/xen.c | 14 +- grub-core/loader/i386/xen_file.c | 2 +- grub-core/loader/i386/xnu.c | 2 +- grub-core/loader/ia64/efi/linux.c | 7 + grub-core/loader/linux.c | 6 +- grub-core/loader/macho.c | 4 +- grub-core/loader/mips/linux.c | 10 +- grub-core/loader/multiboot.c | 8 +- grub-core/loader/multiboot_mbi2.c | 13 +- grub-core/loader/powerpc/ieee1275/linux.c | 5 +- grub-core/loader/sparc64/ieee1275/linux.c | 5 +- grub-core/loader/xnu.c | 25 +++- grub-core/loader/xnu_resume.c | 4 +- grub-core/normal/autofs.c | 11 +- grub-core/normal/crypto.c | 2 +- grub-core/normal/dyncmd.c | 2 +- grub-core/normal/main.c | 2 +- grub-core/normal/term.c | 2 +- grub-core/video/readers/jpeg.c | 2 +- grub-core/video/readers/png.c | 2 +- grub-core/video/readers/tga.c | 2 +- include/grub/bufio.h | 6 +- include/grub/elfload.h | 2 +- include/grub/file.h | 153 +++++++++++++------ include/grub/lib/cmdline.h | 5 +- include/grub/list.h | 1 + include/grub/machoload.h | 3 +- include/grub/verify.h | 76 ++++++++++ util/grub-fstest.c | 6 +- util/grub-mount.c | 6 +- 86 files changed, 1172 insertions(+), 532 deletions(-) Daniel Kiper (1): efi: Add EFI shim lock verifier Vladimir Serbinenko (4): verifiers: File type for fine-grained signature-verification controlling verifiers: Framework core verifiers: Add possibility to verify kernel and modules command lines verifiers: Add the documentation _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel