On Mon, Aug 25, 2025 at 04:38:38PM +0530, Sudhakar Kuppusamy wrote: > If Secure Boot is enabled with dynamic key management mode and the > use_static_keys flag is not set, then read the keys from the PKS > keystore as well from ELF Note, and add them into the db. > Otherwise, it only reads the static keys from the ELF Note and > adds them into the db. > > Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com> > Reviewed-by: Stefan Berger <stef...@linux.ibm.com> > Reviewed-by: Avnish Chouhan <avn...@linux.ibm.com> > --- > grub-core/commands/appendedsig/appendedsig.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/grub-core/commands/appendedsig/appendedsig.c > b/grub-core/commands/appendedsig/appendedsig.c > index 83e97814a..5da603eb6 100644 > --- a/grub-core/commands/appendedsig/appendedsig.c > +++ b/grub-core/commands/appendedsig/appendedsig.c > @@ -1154,9 +1154,17 @@ build_pks_keystore (void) > if (err != GRUB_ERR_NONE) > grub_printf ("warning: dbx list might not be fully populated\n"); > > - err = create_db_list (); > - if (err != GRUB_ERR_NONE) > - grub_printf ("warning: db list might not be fully populated\n"); > + if (grub_pks_keystore.use_static_keys == true) > + grub_dprintf ("appendedsig", "db variable is not available at PKS and " > + "using a static keys as a default key in db list\n"); > + > + build_static_db_list ();
I find some function names very confusing... s/build_static_db_list/load_elf2db/ > + if (grub_pks_keystore.use_static_keys == false) > + { > + err = create_db_list (); s/create_db_list/load_pks2db/, etc... > + if (err != GRUB_ERR_NONE) > + grub_printf ("warning: db list might not be fully populated\n"); > + } If you shuffle the code a bit then you need one if/else only. > grub_pks_free_keystore (); s/grub_pks_free_keystore/grub_pks_tmp_free/, etc... > grub_dprintf ("appendedsig", "the db list now has %u keys\n" Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel