Re: [PATCH v1 09/21] appended signatures: parse PKCS#7 signedData and X.509 certificates

Hello, On Wed, Dec 18, 2024 at 08:26:35PM +0530, Sudhakar Kuppusamy wrote: > From: Daniel Axtens > > This code allows us to parse: > > - PKCS#7 signedData messages. Only a single signerInfo is supported, >which is all that the Linux sign-file utility supports creating >out-of-the-box.

Re: [PATCH v1 09/21] appended signatures: parse PKCS#7 signedData and X.509 certificates

Suggestion : It will be good if we can remove the brackets in one liner if conditions and loops! Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens This code allows us to parse: - PKCS#7 signedData messages. Only a single signerInfo is supported

Re: [PATCH v1 08/21] appended signatures: import GNUTLS's ASN.1 description files

Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens In order to parse PKCS#7 messages and X.509 certificates with libtasn1, we need some information about how they are encoded. We get these from GNUTLS, which has the benefit that they support the f

Re: [PATCH v1 07/21] grub-install: support embedding x509 certificates

Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Alastair D'Silva To support verification of appended signatures, we need a way to embed the necessary public keys. Existing appended signature schemes in the Linux kernel use X.509 certificates, so allow certifi

Re: [PATCH v1 06/21] crypto: move storage for grub_crypto_pk_* to crypto.c

Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the pgp module is a bit quirky. include/grub/crypto.h contains: extern struct gcry_pk_spec *grub_crypto_pk_rsa; commands/p

Re: [PATCH v1 05/21] pgp: factor out rsa_pad

Indentation looks off in couple of places. Please fix it. Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme. We want to use it in other RSA signature verification applications. I

Re: [PATCH v1 03/21] docs/grub: Document signing grub with an appended signature

Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens Signing grub for firmware that verifies an appended signature is a bit fiddly. I don't want people to have to figure it out from scratch so document it here. Signed-off-by: Daniel Axtens Signed-o

Re: [PATCH v1 04/21] dl: provide a fake grub_dl_set_persistent for the emu target

Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens Trying to start grub-emu with a module that calls grub_dl_set_persistent will crash because grub-emu fakes modules and passes NULL to the module init function. Provide an empty function for the