On Thu, Mar 27, 2025 at 01:02:28AM +0530, Sudhakar Kuppusamy wrote: > From: Alastair D'Silva <alast...@d-silva.org> > > To support verification of appended signatures, we need a way to > embed the necessary public keys. Existing appended signature schemes > in the Linux kernel use X.509 certificates, so allow certificates to > be embedded in the grub core image in the same way as PGP keys.
s/grub/GRUB/ > Signed-off-by: Alastair D'Silva <alast...@d-silva.org> > Signed-off-by: Daniel Axtens <d...@axtens.net> > Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com> > Reviewed-by: Stefan Berger <stef...@linux.ibm.com> > Reviewed-by: Avnish Chouhan <avn...@linux.ibm.com> > --- > grub-core/commands/pgp.c | 2 +- > include/grub/kernel.h | 2 ++ > include/grub/util/install.h | 3 +++ > util/grub-install-common.c | 19 ++++++++++++++++++- > util/grub-mkimage.c | 14 ++++++++++++-- > util/mkimage.c | 33 +++++++++++++++++++++++++++++++-- > 6 files changed, 67 insertions(+), 6 deletions(-) > > diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c > index 961abf775..fa3ef5c75 100644 > --- a/grub-core/commands/pgp.c > +++ b/grub-core/commands/pgp.c > @@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp) > grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); > > /* Not an ELF module, skip. */ > - if (header->type != OBJ_TYPE_PUBKEY) > + if (header->type != OBJ_TYPE_GPG_PUBKEY) This patch should be split into two. One should do required renames in existing code and another one should add X.509 code. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
