These patches add support to load_env and save_env to work nicely
in concert with check_signatures=enforce. This represents an
evolution from the design in my email to grub-devel entitled
"Proposal to enable savedefault, one-shot reboot, etc with
check_signatures=enforce". Some additional work is done to make
this support usable: A {-k, --pubkey} option is added to
grub-install, and significant documentation is included. See the
individual patch descriptions for more specifics.
Jon McCune (5):
style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c
load_env support for whitelisting which variables are read
save_env should work, even if check_signatures=enforce
Add -k, --pubkey=FILE support to grub-install command
Additional security-relevant documentation
docs/grub.texi | 180 ++++++++++++++++++++++++++++++++++++++++++-
grub-core/commands/loadenv.c | 171 ++++++++++++++++++++++++++++------------
util/grub-install.in | 13 +++-
util/grub-install_header | 6 ++
4 files changed, 316 insertions(+), 54 deletions(-)
--
1.8.4
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
