On Mon, Aug 25, 2025 at 04:38:38PM +0530, Sudhakar Kuppusamy wrote:
> If Secure Boot is enabled with dynamic key management mode and the
> use_static_keys flag is not set, then read the keys from the PKS
> keystore as well from ELF Note, and add them into the db.
> Otherwise, it only reads the static keys from the ELF Note and
> adds them into the db.
>
> Signed-off-by: Sudhakar Kuppusamy <[email protected]>
> Reviewed-by: Stefan Berger <[email protected]>
> Reviewed-by: Avnish Chouhan <[email protected]>
> ---
> grub-core/commands/appendedsig/appendedsig.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/grub-core/commands/appendedsig/appendedsig.c
> b/grub-core/commands/appendedsig/appendedsig.c
> index 83e97814a..5da603eb6 100644
> --- a/grub-core/commands/appendedsig/appendedsig.c
> +++ b/grub-core/commands/appendedsig/appendedsig.c
> @@ -1154,9 +1154,17 @@ build_pks_keystore (void)
> if (err != GRUB_ERR_NONE)
> grub_printf ("warning: dbx list might not be fully populated\n");
>
> - err = create_db_list ();
> - if (err != GRUB_ERR_NONE)
> - grub_printf ("warning: db list might not be fully populated\n");
> + if (grub_pks_keystore.use_static_keys == true)
> + grub_dprintf ("appendedsig", "db variable is not available at PKS and "
> + "using a static keys as a default key in db list\n");
> +
> + build_static_db_list ();
I find some function names very confusing...
s/build_static_db_list/load_elf2db/
> + if (grub_pks_keystore.use_static_keys == false)
> + {
> + err = create_db_list ();
s/create_db_list/load_pks2db/, etc...
> + if (err != GRUB_ERR_NONE)
> + grub_printf ("warning: db list might not be fully populated\n");
> + }
If you shuffle the code a bit then you need one if/else only.
> grub_pks_free_keystore ();
s/grub_pks_free_keystore/grub_pks_tmp_free/, etc...
> grub_dprintf ("appendedsig", "the db list now has %u keys\n"
Daniel
_______________________________________________
Grub-devel mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/grub-devel
