[PATCH v4 19/23] powerpc_ieee1275: Introduce use_static_keys flag

Sudhakar Kuppusamy Wed, 09 Jul 2025 04:51:10 -0700

Introduce the use_static_keys flag to indicate that static keys are to be used
rather than keys from the PKS storage's DB variable. This flag is set when
Secure Boot is enabled with PKS but the DB variable is not present in the PKS 
storage.
The appendedsig module would use this flag to extract the static keys from
the GRUB ELF Note and stored in the db list.


Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com>
Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
Reviewed-by: Avnish Chouhan <avn...@linux.ibm.com>
---
 grub-core/kern/powerpc/ieee1275/platform_keystore.c | 12 +++++++++++-
 include/grub/powerpc/ieee1275/platform_keystore.h   |  1 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/grub-core/kern/powerpc/ieee1275/platform_keystore.c 
b/grub-core/kern/powerpc/ieee1275/platform_keystore.c
index 3af1ea28a..cf08e39bb 100644
--- a/grub-core/kern/powerpc/ieee1275/platform_keystore.c
+++ b/grub-core/kern/powerpc/ieee1275/platform_keystore.c
@@ -40,7 +40,8 @@ static grub_size_t pks_max_object_size;
 grub_uint8_t grub_pks_use_keystore = 0;
 
 /* Platform Keystore. */
-grub_pks_t grub_pks_keystore = { .db = NULL, .dbx = NULL, .db_entries = 0, 
.dbx_entries = 0 };
+grub_pks_t grub_pks_keystore = { .db = NULL, .dbx = NULL, .db_entries = 0, 
.dbx_entries = 0,
+                                 .use_static_keys = false };
 
 /* Convert the esl data into the ESL. */
 static grub_esl_t *
@@ -323,6 +324,15 @@ grub_pks_keystore_init (void)
       grub_memset (&grub_pks_keystore, 0, sizeof (grub_pks_t));
       /* Read DB from PKS. */
       rc = read_secure_boot_variables (0, DB, &grub_pks_keystore.db, 
&grub_pks_keystore.db_entries);
+      if (rc == GRUB_ERR_UNKNOWN_COMMAND)
+        {
+          rc = GRUB_ERR_NONE;
+          /*
+           * DB variable won't be available by default in PKS.
+           * So, it will use the static key as a default key from the GRUB ELF 
Note.
+           */
+          grub_pks_keystore.use_static_keys = true;
+        }
       if (rc == GRUB_ERR_NONE)
         {
           /* Read DBX from PKS. */
diff --git a/include/grub/powerpc/ieee1275/platform_keystore.h 
b/include/grub/powerpc/ieee1275/platform_keystore.h
index d48c60200..fc3996937 100644
--- a/include/grub/powerpc/ieee1275/platform_keystore.h
+++ b/include/grub/powerpc/ieee1275/platform_keystore.h
@@ -108,6 +108,7 @@ struct grub_pks
   grub_pks_sd_t *dbx;       /* Forbidden signature database. */
   grub_size_t db_entries;   /* Size of signature database. */
   grub_size_t dbx_entries;  /* Size of forbidden signature database. */
+  bool use_static_keys;     /* Flag to indicate use of static keys. */
 } GRUB_PACKED;
 
 typedef struct grub_pks grub_pks_t;
-- 
2.39.5 (Apple Git-154)


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH v4 19/23] powerpc_ieee1275: Introduce use_static_keys flag

Reply via email to