[PATCH 07/19] posix_wrap: tweaks in preparation for libtasn1

latforms, so we also use that value. - Provide strto[u]l[l] preprocessor macros that resolve to grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we also define HAVE_STRTOUL here. Signed-off-by: Daniel Axtens --- grub-core/lib/posix_wrap/limits.h| 1 + grub-core/lib/posix_wrap/

[PATCH 01/19] Add suport for signing grub with an appended signature

before the appended signature structure (not at the end) so that the final bytes of a signed ELF file are the appended signature magic. A subsequent patch documents how to create a grub core.img validly signed under this scheme. Signed-off-by: Daniel Axtens Signed-off-by: Rashmica Gupta --- You

[PATCH 02/19] docs/grub: Document signing grub under UEFI

Before adding information about how grub is signed with an appended signature scheme, it's worth adding some information about how it can currently be signed for UEFI. Signed-off-by: Daniel Axtens --- docs/grub.texi | 22 +- 1 file changed, 21 insertions(+), 1 del

[PATCH 00/19] appended signature secure boot support

at the 'right' solution is and will send a followup patch.) I have some information about testing all the parts together at https://gist.github.com/daxtens/cfc0a7e15614b0383e0c57f308cacdd1 It's largely unchanged from https://lists.gnu.org/archive/html/grub-devel/2020-10/msg00048.html

Re: RFC: Grub project management

Glenn Washburn writes: > On Sun, 14 Feb 2021 13:58:40 +1100 > Daniel Axtens wrote: > >> > Reading more about patchwork, it seems to have its own set of >> > issues, partly revolving around using a mailing list of development >> > as we do. see: https://l

Re: RFC: Grub project management

> Reading more about patchwork, it seems to have its own set of issues, > partly revolving around using a mailing list of development as we do. > see: https://lwn.net/Articles/773456/ I'm a patchwork maintainer, happy to discuss how Patchwork might be helpful. It certainly isn't perfect (and alter

[PATCH v2 17/18] appended signatures: verification tests

These tests are run through all_functional_test and test a range of commands and behaviours. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def | 6 + grub-core/tests/appended_signature_test.c | 250 +++ grub-core/tests/appended_signatures.h | 483

[PATCH v2 18/18] appended signatures: documentation

This explains how appended signatures can be used to form part of a secure boot chain, and documents the commands and variables introduced. Signed-off-by: Daniel Axtens --- docs/grub.texi | 189 + 1 file changed, 174 insertions(+), 15 deletions

[PATCH v2 16/18] appended signatures: support verifying appended signatures

the the grub command line or by load_env. Thus, as with the PGP verifier, it is not a complete secure-boot solution: other mechanisms must be used to ensure that a user cannot drop to the grub shell and disable verification. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def

[PATCH v2 15/18] appended signatures: parse PKCS#7 signedData and X.509 certificates

. - X.509 certificates: at least enough to verify the signatures on the PKCS#7 messages. We expect that the certificates embedded in grub will be leaf certificates, not CA certificates. The parser enforces this. Signed-off-by: Daniel Axtens --- grub-core/commands/appendedsig/appendedsig.h

[PATCH v2 14/18] appended signatures: import GNUTLS's ASN.1 description files

, allowing us to import it without issue. Signed-off-by: Daniel Axtens --- .../commands/appendedsig/gnutls_asn1_tab.c| 121 + .../commands/appendedsig/pkix_asn1_tab.c | 484 ++ 2 files changed, 605 insertions(+) create mode 100644 grub-core/commands/appendedsig

[PATCH v2 11/18] libtasn1: compile into asn1 module

Create a wrapper file that specifies the module license. Set up the makefile so it is built. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def| 15 +++ grub-core/lib/libtasn1_wrap/wrap.c | 26 ++ 2 files changed, 41 insertions(+) create

[PATCH v2 13/18] grub-install: support embedding x509 certificates

keys. Signed-off-by: Alastair D'Silva Signed-off-by: Daniel Axtens --- grub-core/commands/pgp.c| 2 +- include/grub/kernel.h | 3 ++- include/grub/util/install.h | 7 +-- util/grub-install-common.c | 23 - util/grub-mkimage.c | 15 -- util

[PATCH v2 07/18] posix_wrap: tweaks in preparation for libtasn1

latforms, so we also use that value. - Provide strto[u]l[l] preprocessor macros that resolve to grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we also define HAVE_STRTOUL here. Signed-off-by: Daniel Axtens --- grub-core/lib/posix_wrap/limits.h| 1 + grub-core/lib/posix_wrap/

[PATCH v2 09/18] libtasn1: disable code not needed in grub

also avoid the need for minmax.h, which is convenient because it means we don't have to import it from gnulib. Signed-off-by: Daniel Axtens --- grub-core/lib/libtasn1/lib/coding.c| 12 ++-- grub-core/lib/libtasn1/lib/decoding.c | 2 ++ grub-core/lib/libtasn1/lib/element.c | 4

[PATCH v2 10/18] libtasn1: changes for grub compatibility

ed for our modules. Unconditionally support const and pure attributes and adjust header paths. - adjust header paths to "grub/libtasn1.h". - replace a 64 bit division with a call to grub_divmod64, preventing creation of __udivdi3 calls on 32 bit platforms. Signed-off-by: Daniel Axtens

[PATCH v2 03/18] dl: provide a fake grub_dl_set_persistent for the emu target

Trying to start grub-emu with a module that calls grub_dl_set_persistent will crash because grub-emu fakes modules and passes NULL to the module init function. Provide an empty function for the emu case. Fixes: ee7808e2197c (dl: Add support for persistent modules) Signed-off-by: Daniel Axtens

[PATCH v2 06/18] crypto: move storage for grub_crypto_pk_* to crypto.c

a cipher handle. That depends on grub_ciphers being populated by people calling grub_cipher_register. import_gcry.py ensures that the symmetric ciphers call it.] Signed-off-by: Daniel Axtens --- grub-core/commands/pgp.c | 4 grub-core/lib/crypto.c | 4 2 files changed, 4 inserti

[PATCH v2 02/18] docs/grub: --pubkey has been supported for some time

--pubkey is supported, so we can now document it. Signed-off-by: Daniel Axtens --- docs/grub.texi | 12 +++- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi index 6cbd753d12fd..6bac37728042 100644 --- a/docs/grub.texi +++ b/docs/grub.texi

[PATCH v2 00/18] Verify appended signatures from grub

g this to land upstream for 2.06. Patches 1 and 2 might be suitable but I don't really mind either way. Having said that, I'd appreciate any feedback before then. Alastair D'Silva (1): grub-install: support embedding x509 certificates Daniel Axtens (17): docs/grub: grub-install is no

[PATCH v2 01/18] docs/grub: grub-install is no longer a shell script

Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell script. The para doesn't really add that much, especially since it's the user manual, so just drop it. Signed-off-by: Daniel Axtens --- docs/grub.texi | 7 --- 1 file changed, 7 deletions(-) diff --git a/d

[PATCH v2 04/18] verifiers: factor unsafe module handling out of shim_lock

Other verifiers that implement secure boot may want to be able to reuse the same list and behaviour. Signed-off-by: Daniel Axtens --- grub-core/commands/efi/shim_lock.c | 45 +++-- grub-core/commands/verifiers.c | 46 ++ include/grub

[PATCH v2 05/18] pgp: factor out rsa_pad

KCS#1 v1.5 module. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def | 8 + grub-core/commands/pgp.c| 28 ++ grub-core/lib/pkcs1_v15.c | 59 + include/grub/pkcs1_v15.h| 27 + 4 files changed, 96 inserti

[PATCH] ieee1275: claim up to 512MB memory

solution and will post it shortly. However, for an end-user or packager with a higher minimum memory requirement, this will work fine. Signed-off-by: Daniel Axtens --- grub-core/kern/ieee1275/init.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/ieee1275/

Re: [PATCH 0/3] Add support for signing grub with an appended signature

Hi Michal, >> So grub is usually loaded from the PReP partition if you are booting >> from disk. But, if you are booting from a CD/USB/etc, we first parse >> /ppc/boot-info.txt and then load whatever file it identifies. If you're >> netbooting we load the file we get from the network. >> >> One s

Re: [PATCH 0/3] Add support for signing grub with an appended signature

Hi Michal, >> A simpler scheme would be for grub-install to parse the signature >> footer, split-off the signature, write the ELF binary at the start of >> the PReP partition, and the signature at the end. Then the grub >> signature can use exactly same format as the kernel and modules. > > I got

Re: [PATCH 3/3] docs/grub: Document signing grub with an appended signature

Hi Michael, >> +@section Signing GRUB with an appended signature >> + >> +The @file{core.img} itself can be signed with a Linux kernel module-style >> +appended signature. >> + >> +To support IEEE1275 platforms where the boot image is often loaded directly >> +from a disk partition rather than fro

Re: [PATCH 0/3] Add support for signing grub with an appended signature

[This bounced from the list for some reason, so I'm trying again.] Hi Michal, That's a really interesting proposal - thank you. I'm still thinking about it and experimenting with it in SLOF. Some thoughts: > It has been pointed out in the plumbers session that the ELF note will > cause problems

Re: [PATCH 13/18] grub-install: support embedding x509 certificates

> +case 'x': > + arguments->x509keys = xrealloc (arguments->x509keys, > + sizeof (arguments->x509keys[0]) > + * (arguments->nx509keys + 1)); > + arguments->pubkeys[arguments->nx509keys++] = xstrdup (arg); This shoul

[PATCH 0/1] RFC: ieee1275: link appended-signature enforcement to secure boot

r \ /boot/vmlinux /boot/vmlinux.signed - You should now be able to boot with new SLOF and qemu in secure-boot mode. Daniel Axtens (1): ieee1275: link appended-signature enforcement to /ibm,secure-boot grub-core/commands/appendedsig/appendedsig.c | 44 +++-

[PATCH] ieee1275: link appended-signature enforcement to /ibm, secure-boot

If the 'ibm,secure-boot' property of the root node is 2 or greater, require that the kernel pass appended-signature verification. Do not consider the presence of a certificate to enforce verification. Signed-off-by: Daniel Axtens --- grub-core/commands/appendedsig/appended

Re: [PATCH 08/18] libtasn1: import libtasn1-4.16.0

Hi Konrad, >> +LICENSING >> += >> + >> +The libtasn1 library is released under the GNU Lesser General Public >> +License (LGPL) version 2.1 or later; see >> [COPYING.LESSER](doc/COPYING.LESSER) >> +for the license terms. >> + >> +The GNU LGPL applies to the main libtasn1 library, while th

[PATCH 16/18] appended signatures: support verifying appended signatures

the the grub command line or by load_env. Thus, as with the PGP verifier, it is not a complete secure-boot solution: other mechanisms must be used to ensure that a user cannot drop to the grub shell and disable verification. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def

[PATCH 15/18] appended signatures: parse PKCS#7 signedData and X.509 certificates

. - X.509 certificates: at least enough to verify the signatures on the PKCS#7 messages. We expect that the certificates embedded in grub will be leaf certificates, not CA certificates. The parser enforces this. Signed-off-by: Daniel Axtens --- grub-core/commands/appendedsig/appendedsig.h

[PATCH 13/18] grub-install: support embedding x509 certificates

keys. Signed-off-by: Alastair D'Silva Signed-off-by: Daniel Axtens --- grub-core/commands/pgp.c| 2 +- include/grub/kernel.h | 3 ++- include/grub/util/install.h | 7 +-- util/grub-install-common.c | 23 - util/grub-mkimage.c | 15 -- util

[PATCH 14/18] appended signatures: import GNUTLS's ASN.1 description files

, allowing us to import it without issue. Signed-off-by: Daniel Axtens --- .../commands/appendedsig/gnutls_asn1_tab.c| 121 + .../commands/appendedsig/pkix_asn1_tab.c | 484 ++ 2 files changed, 605 insertions(+) create mode 100644 grub-core/commands/appendedsig

[PATCH 11/18] libtasn1: compile into asn1 module

Create a wrapper file that specifies the module license. Set up the makefile so it is built. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def| 15 +++ grub-core/lib/libtasn1_wrap/wrap.c | 26 ++ 2 files changed, 41 insertions(+) create

[PATCH 10/18] libtasn1: changes for grub compatibility

ed for our modules. Unconditionally support const and pure attributes and adjust header paths. - adjust header paths to "grub/libtasn1.h". - replace a 64 bit division with a call to grub_divmod64, preventing creation of __udivdi3 calls on 32 bit platforms. Signed-off-by: Daniel Axtens

[PATCH 18/18] appended signatures: documentation

This explains how appended signatures can be used to form part of a secure boot chain, and documents the commands and variables introduced. Signed-off-by: Daniel Axtens --- docs/grub.texi | 189 + 1 file changed, 174 insertions(+), 15 deletions

[PATCH 07/18] posix_wrap: tweaks in preparation for libtasn1

latforms, so we also use that value. - Provide strto[u]l[l] preprocessor macros that resolve to grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we also define HAVE_STRTOUL here. Signed-off-by: Daniel Axtens --- grub-core/lib/posix_wrap/limits.h| 1 + grub-core/lib/posix_wrap/

[PATCH 06/18] crypto: move storage for grub_crypto_pk_* to crypto.c

a cipher handle. That depends on grub_ciphers being populated by people calling grub_cipher_register. import_gcry.py ensures that the symmetric ciphers call it.] Signed-off-by: Daniel Axtens --- grub-core/commands/pgp.c | 4 grub-core/lib/crypto.c | 4 2 files changed, 4 inserti

[PATCH 17/18] appended signatures: verification tests

These tests are run through all_functional_test and test a range of commands and behaviours. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def | 6 + grub-core/tests/appended_signature_test.c | 250 +++ grub-core/tests/appended_signatures.h | 483

[PATCH 03/18] dl: provide a fake grub_dl_set_persistent for the emu target

Trying to start grub-emu with a module that calls grub_dl_set_persistent will crash because grub-emu fakes modules and passes NULL to the module init function. Provide an empty function for the emu case. Fixes: ee7808e2197c (dl: Add support for persistent modules) Signed-off-by: Daniel Axtens

[PATCH 05/18] pgp: factor out rsa_pad

KCS#1 v1.5 module. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def | 8 + grub-core/commands/pgp.c| 28 ++ grub-core/lib/pkcs1_v15.c | 59 + include/grub/pkcs1_v15.h| 27 + 4 files changed, 96 inserti

[PATCH 09/18] libtasn1: disable code not needed in grub

also avoid the need for minmax.h, which is convenient because it means we don't have to import it from gnulib. Signed-off-by: Daniel Axtens --- grub-core/lib/libtasn1/lib/coding.c| 12 ++-- grub-core/lib/libtasn1/lib/decoding.c | 2 ++ grub-core/lib/libtasn1/lib/element.c | 4

[PATCH 04/18] verifiers: factor unsafe module handling out of shim_lock

Other verifiers that implement secure boot may want to be able to reuse the same list and behaviour. Signed-off-by: Daniel Axtens --- grub-core/commands/efi/shim_lock.c | 45 +++-- grub-core/commands/verifiers.c | 46 ++ include/grub

[PATCH 02/18] docs/grub: --pubkey has been supported for some time

--pubkey is supported, so we can now document it. Signed-off-by: Daniel Axtens --- docs/grub.texi | 12 +++- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi index bd72b589522e..327c1bd0f412 100644 --- a/docs/grub.texi +++ b/docs/grub.texi

[PATCH 01/18] docs/grub: grub-install is no longer a shell script

Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell script. The para doesn't really add that much, especially since it's the user manual, so just drop it. Signed-off-by: Daniel Axtens --- docs/grub.texi | 7 --- 1 file changed, 7 deletions(-) diff --git a/d

[PATCH 00/18] Verify appended signatures from grub

signature enforcement is acceptable. I'm not expecting this to land upstream for 2.06. Patches 1 and 2 might be suitable but I don't really mind either way. Having said that, I'd appreciate any feedback before then. Alastair D'Silva (1): grub-install: support embedding x50

Re: [PATCH 0/3] Add support for signing grub with an appended signature

to chase it up further. Thoughts? (on or off-list is fine.) Kind regards, Daniel [1] https://linuxplumbersconf.org/event/7/contributions/738/ https://youtu.be/IJUNxHnopH4?t=537 > More details are in patch 1, including a link to an open-source firmware > capable of verifying a grub

[PATCH 3/3] docs/grub: Document signing grub with an appended signature

Signing grub for firmware that verifies an appended signature is a bit fiddly. I don't want people to have to figure it out from scratch so document it here. Signed-off-by: Daniel Axtens --- docs/grub.texi | 42 ++ 1 file changed, 42 insertions(+)

[PATCH 2/3] docs/grub: Document signing grub under UEFI

Before adding information about how grub is signed with an appended signature scheme, it's worth adding some information about how it can currently be signed for UEFI. Signed-off-by: Daniel Axtens --- docs/grub.texi | 22 +- 1 file changed, 21 insertions(+), 1 del

[PATCH 0/3] Add support for signing grub with an appended signature

e size and location of the signature. More details are in patch 1, including a link to an open-source firmware capable of verifying a grub image signed this way. Daniel Axtens (2): docs/grub: Document signing grub under UEFI docs/grub: Document signing grub with an appended signature Rashmic

[PATCH 1/3] Add suport for signing grub with an appended signature

before the appended signature structure (not at the end) so that the final bytes of a signed ELF file are the appended signature magic. A subsequent patch documents how to create a grub core.img validly signed under this scheme. Signed-off-by: Daniel Axtens Signed-off-by: Rashmica Gupta --- You

[PATCH] lzma: fix compilation error under clang-10

^ 1 error generated. It's not really that unclear in context: there's a commented-out if-statement. But tweak the alignment anyway so that clang is happy. Signed-off-by: Daniel Axtens --- With this and Patrick's patch 'json: Remove invalid typedef redefinition'

Re: [PATCH] pgp: Recognize issuer subpackets in either hashed or unhashed sections

ence), it is not the only valid decision; in particular, >> the Go x/crypto/openpgp library chooses to store issuer ID in the hashed >> area. >> >> Without this patch, trying to verify a valid signature made by >> x/crypto/openpgp results in `error: public key not

Re: [PATCH] tests: remove cmdline_cat and gfxterm_menu tests

"Vladimir 'phcoder' Serbinenko" writes: > On Tue, Jun 2, 2020, 10:40 Daniel Axtens wrote: > >> cmdline_cat takes a checksum of a screen that includes the grub >> version number, so it has been broken since commit 94d9926a6640 >> ("Release 2.0

[PATCH] tests: remove cmdline_cat and gfxterm_menu tests

move both tests. With this, 'make check' can pass (at least on my laptop) in a number of configurations, including x86_64-emu and i386-pc. Signed-off-by: Daniel Axtens --- I had a crack at getting this into Travis CI, but I had a lot of trouble with the existing boot test. Then I realis

Re: [PATCH] json: Remove invalid typedef redefinition

f in "json.h". If enforcing the GNU99 C > standard, clang may generate a warning about this non-standard > construct. > > Fix the issue by using a simple `struct jsmntok` forward declaration > instead of using a typedef. > > Signed-off-by: Patrick Steinhardt Tested-b

Re: [PATCH REBASED] verify: search keyid in hashed signature subpackets

Daniel Kiper writes: > On Fri, May 29, 2020 at 02:10:46PM +1000, Daniel Axtens wrote: >> Charles Duffy writes: >> >> > Amended the test repo to apply this patch; it applies and works-as-intended >> > on both 2.04 and current master. >> > >>

Re: [PATCH REBASED] verify: search keyid in hashed signature subpackets

al ] > >> [ modified by dja: rebase, split out 'readbuf' to both readbuf and >> subpacket_buf for clarity >> signature_test still passes but I have not run any other tests ] Signed-off-by: Daniel Axtens >> --- >> grub-core/commands/pgp.c | 117 ++

[PATCH REBASED] verify: search keyid in hashed signature subpackets

Currently GRUB2 verify logic searches PGP keyid only in unhashed subpackets of PGP signature packet. As a result, signatures generated with GoLang openpgp package (https://godoc.org/golang.org/x/crypto/openpgp) could not be verified, because this package puts keyid in hashed subpackets and GRUB cod

Re: Tools for testing Grub / Go OpenPGP compatibility

Charles Duffy writes: > On Wed, May 27, 2020 at 11:42 PM Daniel Axtens wrote: > >> My team has been working on the verifier area to support appended >> signatures (used to sign Linux kernel modules, and on at least powerpc64 >> also used to sign the kernel), so I have s

Re: Tools for testing Grub / Go OpenPGP compatibility

Charles Duffy writes: > Howdy, y'all -- > > In anticipation of trying to revive the OpenPGP compatibility patch created > by Ignat Korchagin in 2016, I've assembled a simple test suite that can > generate multiple builds of GRUB (different versions/patches/etc) and then > test them with keys and

Re: [PATCH] net: Don't use nested functions to allow building with clang

> clang still doesn't like 'make check', but that looks like a different > issue around relocations. clang isn't a huge priority for me, so it > might take a while. But this patch is good to go in regardless. Turns out I needed to specify CXX=clang++ as well. Daniel > > Thanks again, > Daniel >

Re: [PATCH] net: Don't use nested functions to allow building with clang

th clang. > > Reported-by: Daniel Axtens > Signed-off-by: Javier Martinez Canillas With this patch, clang-9 builds and runs mainline grub-emu. Tested-by: Daniel Axtens # emu platform only clang still doesn't like 'make check', but that looks like a different issue aroun

Re: [PATCH v3 2/5] configure: Set gnu99 C language standard by default

Javier Martinez Canillas writes: > Hello Daniel, > > On 5/19/20 3:47 AM, Daniel Axtens wrote: >> Javier Martinez Canillas writes: >> >>> Hello Daniel, >>> >>> On 5/18/20 5:49 PM, Daniel Kiper wrote: >>> >>> [snip] >>> &

Re: make check / grub_func_test issues

Hi, I've made a little progress on this. > I keep having failures with the cmdline_cat test and the gfxmenu tests > within grub_func_test - the video checksums don't match. The images all > look OK to me, so I'm not quite sure what the problem is, and we don't > ship known-good images for me to c

Re: [PATCH v3 2/5] configure: Set gnu99 C language standard by default

Javier Martinez Canillas writes: > Hello Daniel, > > On 5/18/20 5:49 PM, Daniel Kiper wrote: > > [snip] > >>> >>> Without this patch, clang-9 fails on the use of nested functions in >>> commit cb2f15c54489 ("normal/main: Search for specific config files for >>> netboot") - I'll send a fix for tha

Re: [PATCH v3 2/5] configure: Set gnu99 C language standard by default

Hi Daniel, > Commit d5a32255d (misc: Make grub_strtol() "end" pointers have safer > const qualifiers) introduced "restrict" keyword into some functions > definitions. This keyword was introduced in C99 standard. However, some > compilers by default may use C89 or something different. This behavior

Re: [PATCH v3 5/5] autogen: Replace -iname with -ipath in find command

#x27;./grub-core/lib/libgcrypt/src/global.c' ! -ipath > './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath > './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath > './gnulib/*' ! -ipath 

make check / grub_func_test issues

Hi all, I'm having some trouble with the grub tests run by `make check`. In particular, grub_func_test is failing for me in every configuration I try. I've tried various combinations of: - master, grub-2.04 and grub-2.02 tags, as well as the grub-2.04 tarball. - configuring for platform em

ASN.1 parsing for verifying appended signatures

Hi, I'd like to teach grub how to verify appended signatures. Appended signatures are a format used by the Linux kernel to cryptographically sign binaries. They're used to verify kernel modules on all platforms [1], and they're also used on some platforms (such as PowerPC) for signing the kernel i

Re: How to submit patches and patchsets via grub-devel

Hi Hans, > Hello, > > as I am continuing to flood this mailing list with patches, I am > realizing that I am missing some general rules for how things work on > grub-devel. Sorry for the inconvenience caused by that. > > Anyway, here are a few questions I am beginning realize I should know > the a

[PATCH] mkimage: powerpc: fix CHRP note descsz

0x0018 Unknown note type: (0x1275) description data: ff ff ff ff 00 c0 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 40 00 So far as I can tell this issue has existed for as long as the note generation code has existed, but I guess nothing really checks descsz. Signed-off-

<    1   2   3