On Thu, Mar 27, 2025 at 01:02:28AM +0530, Sudhakar Kuppusamy wrote: > From: Alastair D'Silva <[email protected]> > > To support verification of appended signatures, we need a way to > embed the necessary public keys. Existing appended signature schemes > in the Linux kernel use X.509 certificates, so allow certificates to > be embedded in the grub core image in the same way as PGP keys.
s/grub/GRUB/ > Signed-off-by: Alastair D'Silva <[email protected]> > Signed-off-by: Daniel Axtens <[email protected]> > Signed-off-by: Sudhakar Kuppusamy <[email protected]> > Reviewed-by: Stefan Berger <[email protected]> > Reviewed-by: Avnish Chouhan <[email protected]> > --- > grub-core/commands/pgp.c | 2 +- > include/grub/kernel.h | 2 ++ > include/grub/util/install.h | 3 +++ > util/grub-install-common.c | 19 ++++++++++++++++++- > util/grub-mkimage.c | 14 ++++++++++++-- > util/mkimage.c | 33 +++++++++++++++++++++++++++++++-- > 6 files changed, 67 insertions(+), 6 deletions(-) > > diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c > index 961abf775..fa3ef5c75 100644 > --- a/grub-core/commands/pgp.c > +++ b/grub-core/commands/pgp.c > @@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp) > grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); > > /* Not an ELF module, skip. */ > - if (header->type != OBJ_TYPE_PUBKEY) > + if (header->type != OBJ_TYPE_GPG_PUBKEY) This patch should be split into two. One should do required renames in existing code and another one should add X.509 code. Daniel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
