Building on the parsers and the ability to embed x509 certificates, as
well as the existing gcrypt functionality, add a module for verifying
appended signatures.
This includes a verifier that requires that Linux kernels and grub modules
have appended signatures, and commands to manage the list of
On 6/30/21 4:40 AM, Daniel Axtens wrote:
Building on the parsers and the ability to embed x509 certificates, as
well as the existing gcrypt functionality, add a module for verifying
appended signatures.
This includes a verifier that requires that Linux kernels and grub modules
have appended sig
>> +static enum
>> +{ check_sigs_no = 0,
>
>
> nit: newline after '{'
>
fixed
>
>> + check_sigs_enforce = 1,
>> + check_sigs_forced = 2
>> +} check_sigs = check_sigs_no;
>
>
> What does 'forced' mean?
It means that it cannot be turned of with `set check_appended_signatures=0`
at the grub prompt
