Hi Daniel,
Thank you for your valuable review. splited this patch into two in v3.
Thanks,
Sudhakar Kuppusmay
On 2025-05-28 21:17, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:28AM +0530, Sudhakar Kuppusamy wrote:
From: Alastair D'Silva <[email protected]>
To support verification of appended signatures, we need a way to
embed the necessary public keys. Existing appended signature schemes
in the Linux kernel use X.509 certificates, so allow certificates to
be embedded in the grub core image in the same way as PGP keys.
s/grub/GRUB/
Signed-off-by: Alastair D'Silva <[email protected]>
Signed-off-by: Daniel Axtens <[email protected]>
Signed-off-by: Sudhakar Kuppusamy <[email protected]>
Reviewed-by: Stefan Berger <[email protected]>
Reviewed-by: Avnish Chouhan <[email protected]>
---
grub-core/commands/pgp.c | 2 +-
include/grub/kernel.h | 2 ++
include/grub/util/install.h | 3 +++
util/grub-install-common.c | 19 ++++++++++++++++++-
util/grub-mkimage.c | 14 ++++++++++++--
util/mkimage.c | 33 +++++++++++++++++++++++++++++++--
6 files changed, 67 insertions(+), 6 deletions(-)
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index 961abf775..fa3ef5c75 100644
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp)
grub_memset (&pseudo_file, 0, sizeof (pseudo_file));
/* Not an ELF module, skip. */
- if (header->type != OBJ_TYPE_PUBKEY)
+ if (header->type != OBJ_TYPE_GPG_PUBKEY)
This patch should be split into two. One should do required renames in
existing code and another one should add X.509 code.
Daniel
_______________________________________________
Grub-devel mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/grub-devel
