Hi,
On 2022/12/22 19:14, Leo Yan wrote:
When boot from menu and the flag GRUB_VERIFY_FLAGS_DEFER_AUTH is set,
grub returns error:
Booting a command list
error: verification requested but nobody cares: (hd0,gpt1)/Image.
Press any key to continue...
In this case, the image should be deferred for authentication, grub
should return the file handle and pass down to later firmware (e.g.
U-Boot, etc) for authentication.
This is probably not what verification framework designed to be. It
seems to be designed to verify files during GRUB is executing (e.g.
check file signature if UEFI Secure Boot is enabled).
By the way, I didn't understand what does "return the file handle and
pass down to later firmware" means. If you means you want GRUB call into
firmware's function, you can write a verifier to do that and register
your verifier with grub_verifier_register().
Best Regards,
Zhang Boyang
For this purpose, rather than returning error, this patch prints log
and returns file handler.
Signed-off-by: Leo Yan <leo....@linaro.org>
---
grub-core/kern/verifiers.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/grub-core/kern/verifiers.c b/grub-core/kern/verifiers.c
index 75d7994cf..ada753e69 100644
--- a/grub-core/kern/verifiers.c
+++ b/grub-core/kern/verifiers.c
@@ -115,11 +115,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type
type)
if (!ver)
{
if (defer)
- {
- grub_error (GRUB_ERR_ACCESS_DENIED,
- N_("verification requested but nobody cares: %s"),
io->name);
- goto fail_noclose;
- }
+ grub_printf("%s verification is deferred\n", io->name);
/* No verifiers wanted to verify. Just return underlying file. */
return io;
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
