Hi all,
Another stab at verifiers framework and EFI shim lock verifier. This time
I have dived into Vladmir code and cleaned it up. I have improved shim_lock
code and added some doc too. So, right now patchset is in quite good shape.
Please take a look.
Daniel
docs/grub-dev.texi | 58 ++
docs/grub.texi | 15 +
grub-core/Makefile.core.def | 15 +-
grub-core/commands/acpi.c | 2 +-
grub-core/commands/blocklist.c | 4 +-
grub-core/commands/cat.c | 2 +-
grub-core/commands/cmp.c | 4 +-
grub-core/commands/efi/loadbios.c | 4 +-
grub-core/commands/efi/shim_lock.c | 141 ++++
grub-core/commands/file.c | 5 +-
grub-core/commands/hashsum.c | 22 +-
grub-core/commands/hexdump.c | 2 +-
grub-core/commands/i386/pc/play.c | 2 +-
grub-core/commands/keylayouts.c | 2 +-
grub-core/commands/legacycfg.c | 2 +-
grub-core/commands/loadenv.c | 24 +-
grub-core/commands/ls.c | 8 +-
grub-core/commands/minicmd.c | 5 +-
grub-core/commands/nativedisk.c | 3 +-
grub-core/commands/parttool.c | 2 +-
grub-core/commands/pgp.c | 1019 +++++++++++++++++++++++++
grub-core/commands/search.c | 4 +-
grub-core/commands/test.c | 4 +-
grub-core/commands/testload.c | 2 +-
grub-core/commands/testspeed.c | 2 +-
grub-core/commands/verifiers.c | 228 ++++++
grub-core/commands/verify.c | 1042 --------------------------
grub-core/disk/loopback.c | 3 +-
grub-core/efiemu/main.c | 2 +-
grub-core/font/font.c | 4 +-
grub-core/fs/zfs/zfscrypt.c | 2 +-
grub-core/gettext/gettext.c | 2 +-
grub-core/gfxmenu/theme_loader.c | 2 +-
grub-core/io/bufio.c | 8 +-
grub-core/io/gzio.c | 5 +-
grub-core/io/lzopio.c | 6 +-
grub-core/io/offset.c | 7 +-
grub-core/io/xzio.c | 6 +-
grub-core/kern/dl.c | 2 +-
grub-core/kern/elf.c | 4 +-
grub-core/kern/file.c | 22 +-
grub-core/lib/cmdline.c | 9 +-
grub-core/lib/syslinux_parse.c | 2 +-
grub-core/loader/arm/linux.c | 8 +-
grub-core/loader/arm64/linux.c | 10 +-
grub-core/loader/efi/chainloader.c | 2 +-
grub-core/loader/i386/bsd.c | 22 +-
grub-core/loader/i386/coreboot/chainloader.c | 2 +-
grub-core/loader/i386/linux.c | 18 +-
grub-core/loader/i386/multiboot_mbi.c | 16 +-
grub-core/loader/i386/pc/chainloader.c | 4 +-
grub-core/loader/i386/pc/freedos.c | 2 +-
grub-core/loader/i386/pc/linux.c | 15 +-
grub-core/loader/i386/pc/ntldr.c | 2 +-
grub-core/loader/i386/pc/plan9.c | 13 +-
grub-core/loader/i386/pc/pxechainloader.c | 2 +-
grub-core/loader/i386/pc/truecrypt.c | 2 +-
grub-core/loader/i386/xen.c | 14 +-
grub-core/loader/i386/xen_file.c | 2 +-
grub-core/loader/i386/xnu.c | 2 +-
grub-core/loader/ia64/efi/linux.c | 7 +
grub-core/loader/linux.c | 6 +-
grub-core/loader/macho.c | 4 +-
grub-core/loader/mips/linux.c | 10 +-
grub-core/loader/multiboot.c | 8 +-
grub-core/loader/multiboot_mbi2.c | 13 +-
grub-core/loader/powerpc/ieee1275/linux.c | 5 +-
grub-core/loader/sparc64/ieee1275/linux.c | 5 +-
grub-core/loader/xnu.c | 25 +-
grub-core/loader/xnu_resume.c | 4 +-
grub-core/normal/autofs.c | 11 +-
grub-core/normal/crypto.c | 2 +-
grub-core/normal/dyncmd.c | 2 +-
grub-core/normal/main.c | 2 +-
grub-core/normal/term.c | 2 +-
grub-core/video/readers/jpeg.c | 2 +-
grub-core/video/readers/png.c | 2 +-
grub-core/video/readers/tga.c | 2 +-
include/grub/bufio.h | 6 +-
include/grub/dl.h | 13 +
include/grub/elfload.h | 2 +-
include/grub/file.h | 154 ++--
include/grub/lib/cmdline.h | 5 +-
include/grub/list.h | 1 +
include/grub/machoload.h | 3 +-
include/grub/verify.h | 78 ++
util/grub-fstest.c | 6 +-
util/grub-mount.c | 6 +-
88 files changed, 1949 insertions(+), 1282 deletions(-)
Daniel Kiper (5):
bufio: Use grub_size_t instead of plain int for size
verifiers: Add possibility to defer verification to other verifiers
verifiers: Rename verify module to pgp module
dl: Add support for persistent modules
efi: Add EFI shim lock verifier
Vladimir Serbinenko (4):
verifiers: File type for fine-grained signature-verification controlling
verifiers: Framework core
verifiers: Add possibility to verify kernel and modules command lines
verifiers: Add the documentation
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
