From: Eric Biggers
Allow GRUB to mount ext2/3/4 filesystems that have the encryption
feature. On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
For a regular file, this means its contents are encrypted; for a
directory, this means the filenames in its directory entries are
encrypted;
On Thu, Jun 15, 2017 at 01:52:14AM +, Vladimir 'phcoder' Serbinenko wrote:
> On Thu, Jun 15, 2017, 03:49 Matthew Garrett wrote:
> > if you're making the ordering significant,
> > it's far too easy for someone to mess up and end up with an insecure
> > system as a result.
> >
> Adding them wou
On Thu, Jun 15, 2017, 03:49 Matthew Garrett wrote:
> On Wed, Jun 14, 2017 at 06:34:38PM -0700, Vladimir 'phcoder' Serbinenko
> wrote:
>
> > This bid at odds with the need to keep kernel small. Why not just put
> > verifiers as the first module to load? Presumably you need to verify the
> > whole
On Wed, Jun 14, 2017 at 06:34:38PM -0700, Vladimir 'phcoder' Serbinenko wrote:
> This bid at odds with the need to keep kernel small. Why not just put
> verifiers as the first module to load? Presumably you need to verify the
> whole core in either case.
They're not useful as an external module,
On Jun 15, 2017 2:43 AM, "Matthew Garrett" wrote:
We want to be able to measure stuff right from the very beginning of
grub execution, so it makes sense for the core verifiers code to be
present in-kernel rather than having it as an external module.
This bid at odds with the need to keep kernel
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def| 2 +
grub-core/kern/efi/tpm.c | 282 +
grub-core/
We want to be able to measure stuff right from the very beginning of
grub execution, so it makes sense for the core verifiers code to be
present in-kernel rather than having it as an external module.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def
This patchset reworks my earlier TPM support to use the verifiers framework.
It only includes UEFI support right now due to the unclear copyright situation
on the BIOS code from trusted-grub.
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.
Pass commands to the verification code. We want to be able to log these
in the TPM verification case.
---
grub-core/script/execute.c | 27 ---
include/grub/verify.h | 1 +
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/grub-core/script/execute.c b/gru
Hi Again,
After adding debug prints in grub_cbfs_mount function in
grub-core/fs/cbfs.c we found that mounting fails due to following check.
ptr = grub_cpu_to_le32 (ptr);
header_off = (grub_disk_get_size (disk) << GRUB_DISK_SECTOR_BITS)
+ (grub_int32_t) ptr;
if (grub_disk_read (disk, 0,
Hi,
on occasion of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864701
"grub-common: grub-mkrescue does nothing, successfully"
i wonder whether the reaction of grub-mkrescue on xorriso problems
is intended and appropriate. E.g. with:
grub-mkrescue -o output.iso SOURCE
--
11 matches
Mail list logo
