On 2025-06-09 13:16, Gary Lin via Grub-devel wrote:
For "tpm2_key_protector" and "grub-protect", 'SHA256' is chosen as the
hash algorithm for the TPM session. However, grub-protect mistakenly
used the hash algorithm of the PCR bank to calculate PCR digest. If the
user chose a PCR bank other than
On 2025-06-09 13:16, Gary Lin via Grub-devel wrote:
Add a few more tests to seal and unseal the key with the SHA384 PCR
bank instead of the default SHA256 PCR bank.
Signed-off-by: Gary Lin
Reviewed-by: Sudhakar Kuppusamy
---
tests/tpm2_key_protector_test.in | 34 +
On 2025-06-09 13:16, Gary Lin via Grub-devel wrote:
TPM 2.0 Key File format stores the PCR selection in the parameters
for 'TPM2_PolicyPCR' and it already contains the selected PCR bank.
Currently, "tpm2_key_protector" dumped the PCR bank specified by the
'--bank' option, and it may not be the PC
This file is auto-generated based on the selected platform and should
not be included in the source tarball.
Fixes: 6744840b (build: Track explicit module dependencies in Makefile.core.def)
Signed-off-by: Mike Gilbert
Signed-off-by: Andrew Hamilton
---
conf/Makefile.extra-dist | 1 -
1 file cha
Several new header files have been added to GRUB which need
to be manually added to the dist archive. This allows building
from the tar archive created by 'make dist'.
Signed-off-by: Andrew Hamilton
---
conf/Makefile.extra-dist | 3 +++
1 file changed, 3 insertions(+)
diff --git a/conf/Makefile
Fix several issues with attempting to create and build from the
GRUB 'dist' archive.
1. extra_deps.lst is now automatically generated so remove this
from the archive to avoid a dependency on running make first.
2. Add additional header files to the dist archive.
The first patch is a resend of Mi
On Tue, Jun 10, 2025 at 03:11:27PM -0400, Stefan Berger wrote:
>
>
> On 6/9/25 3:46 AM, Gary Lin wrote:
> > Add a few more tests to seal and unseal the key with the SHA384 PCR
> > bank instead of the default SHA256 PCR bank.
> >
> > Signed-off-by: Gary Lin
> > ---
> > tests/tpm2_key_protector
> On Jun 10, 2025, at 11:13 AM, Ross Philipson
> wrote:
>
> On 6/10/25 10:47 AM, Lidong Chen wrote:
>> In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
>> returns a value of greater or equal to 1, which is assigned to
>> 'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should b
On 23/05/25 22:22, Shreenidhi Shedi wrote:
On 20/05/25 19:15, Daniel Kiper wrote:
On Mon, May 19, 2025 at 11:49:55PM +0530, Shreenidhi Shedi wrote:
From: Shreenidhi Shedi
Previously, the command line construction function
(grub_create_loader_cmdline) escaped single and double quotes, which is
On 6/9/25 3:46 AM, Gary Lin wrote:
Add a few more tests to seal and unseal the key with the SHA384 PCR
bank instead of the default SHA256 PCR bank.
Signed-off-by: Gary Lin
---
tests/tpm2_key_protector_test.in | 34 +---
1 file changed, 31 insertions(+), 3 deleti
On 6/9/25 3:46 AM, Gary Lin wrote:
TPM 2.0 Key File format stores the PCR selection in the parameters
for 'TPM2_PolicyPCR' and it already contains the selected PCR bank.
Currently, "tpm2_key_protector" dumped the PCR bank specified by the
'--bank' option, and it may not be the PCR bank for key
On 6/9/25 3:46 AM, Gary Lin wrote:
For "tpm2_key_protector" and "grub-protect", 'SHA256' is chosen as the
hash algorithm for the TPM session. However, grub-protect mistakenly
used the hash algorithm of the PCR bank to calculate PCR digest. If the
user chose a PCR bank other than 'SHA256", "grub
On 2025-06-10 23:17, Lidong Chen via Grub-devel wrote:
In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
returns a value of greater or equal to 1, which is assigned to
'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should be validated
before performing "len - LZMA_MATCH_LEN_MIN"
On 6/10/25 10:47 AM, Lidong Chen wrote:
In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
returns a value of greater or equal to 1, which is assigned to
'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should be validated
before performing "len - LZMA_MATCH_LEN_MIN" to avoid underf
In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
returns a value of greater or equal to 1, which is assigned to
'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should be validated
before performing "len - LZMA_MATCH_LEN_MIN" to avoid underflow
when 'len' equals to 1.
Fixed: CID 51
On 2025-06-10 15:22, Renaud Métrich via Grub-devel wrote:
Signed-off-by: Renaud Métrich
---
grub-core/commands/efi/lsefi.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/efi/lsefi.c
b/grub-core/commands/efi/lsefi.c
index 7b8316d41..a70f243d0 100644
On 2025-06-10 15:24, Renaud Métrich via Grub-devel wrote:
When network booting is used, trying to chainload to the local disk
(which is used in deployment tools such as Red Hat Satellite) may fail
when searching for the boot loader, e.g. /EFI/redhat/shimx64.efi:
the boot loader file is listed, bu
Hi Daniel,
Thank you for your valuable review comments.
On 2025-05-22 23:19, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:22AM +0530, Sudhakar Kuppusamy wrote:
From: Rashmica Gupta
Add infrastructure to allow firmware to verify the integrity of grub
by use of a Linux-kernel-module-styl
Hi Daniel,
Thank you for your valuable review comments. addressed all your
comments.
On 2025-05-22 23:49, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:24AM +0530, Sudhakar Kuppusamy wrote:
From: Daniel Axtens
Signing grub for firmware that verifies an appended signature is a
s/grub/
Hi Daniel,
Thank you for your valuable review. splited this patch into two in v3.
Thanks,
Sudhakar Kuppusmay
On 2025-05-28 21:17, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:28AM +0530, Sudhakar Kuppusamy wrote:
From: Alastair D'Silva
To support verification of appended signatures, we
Hi Daniel,
Thank you for your valuable review. addressed all the below review
comments in v3.
Thanks,
Sudhakar Kuppusmay
On 2025-05-28 22:14, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:30AM +0530, Sudhakar Kuppusamy wrote:
From: Daniel Axtens
This code allows us to parse:
- PKCS#
Hi Daniel,
Thank you for your valuable review. addressed all the below review
comments in v3.
Thanks,
Sudhakar Kuppusmay
On 2025-05-28 21:25, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:29AM +0530, Sudhakar Kuppusamy wrote:
From: Daniel Axtens
In order to parse PKCS#7 messages and X
Hi Daniel,
Thank you for your valuable review.
On 2025-05-28 22:59, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:32AM +0530, Sudhakar Kuppusamy wrote:
[...]
diff --git a/grub-core/tests/appended_signatures.h
b/grub-core/tests/appended_signatures.h
new file mode 100644
index 0..
Hi Daniel,
Thank you for your valuable review.
addressed all your review comments in v3.
Thanks,
sudhakar Kuppusamy
On 2025-05-28 22:50, Daniel Kiper wrote:
On Thu, Mar 27, 2025 at 01:02:31AM +0530, Sudhakar Kuppusamy wrote:
From: Daniel Axtens
Building on the parsers and the ability to emb
From: Sudhakar Kuppusamy
To verify the kernel's signature: verify the kernel binary against lists of
binary hashes
that are either distrusted or trusted. If it is not list in either trusted or
distrusted hashes list
then the trusted keys from the trusted key list are used to verify the
signatu
From: Sudhakar Kuppusamy
Introduce the use_static_keys flag to indicate that static keys are to be used
rather than keys from the PKS storage's DB variable. This variable is set when
Secure Boot is enabled with PKS but the DB variable is not present in the PKS
storage.
The appendedsig module wou
From: Daniel Axtens
If the 'ibm,secure-boot' property of the root node is 2 or greater,
enter lockdown.
Signed-off-by: Daniel Axtens
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouhan
---
docs/grub.texi | 2 +-
grub-core/Makefile.core.d
From: Sudhakar Kuppusamy
The trusted certificates and binary hashes, distrusted certificates and
binary/certificate hashes will be extracted from the platform keystore buffer
if Secure Boot is enabled with PKS.
In order to verify the integrity of the kernel, the extracted data
needs to be stored
From: Daniel Axtens
Building on the parsers and the ability to embed x509 certificates, as
well as the existing gcrypt functionality, add a module for verifying
appended signatures.
This includes a verifier that requires that Linux kernels and grub modules
have appended signatures, and commands
From: Sudhakar Kuppusamy
If secure boot is enabled with PKS, it will read secure boot variables
such as db and dbx from PKS and extract ESL's from it.
The ESL's would be saved in the platform keystore buffer, and
the appendedsig (module) would read it later to extract
the certificate's details fr
renames the OBJ_TYPE_PUBKEY to OBJ_TYPE_GPG_PUBKEY
Signed-off-by: Alastair D'Silva
Signed-off-by: Daniel Axtens
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouhan
---
grub-core/commands/pgp.c | 2 +-
include/grub/kernel.h| 2 +-
util/grub-mkimage.c
From: Sudhakar Kuppusamy
To support the following trusted and distrusted commands
1. trusted_list:
It will show the list of trusted certificates and binary hashes
2. distrusted_list:
It will show the list of distrusted certificates and binary/certificate
hashes
3. trusted_
From: Daniel Axtens
Before adding information about how grub is signed with an appended
signature scheme, it's worth adding some information about how it
can currently be signed for UEFI.
Signed-off-by: Daniel Axtens
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Da
From: Sudhakar Kuppusamy
This explains how static and dynamic key appended signatures can be used to
form part of
a secure boot chain, and documents the commands and variables introduced.
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Avnish Chouhan
---
docs/grub.texi | 113 +
From: Sudhakar Kuppusamy
changed the following grub commands:
- "trust_certificate" to "trusted_certificate"
- "distrust_certificate" to "distrusted_certificate"
Signed-off-by: Sudhakar Kuppusamy
---
grub-core/tests/appended_signature_test.c | 30 +++
1 file changed, 14 i
From: Daniel Axtens
Signing GRUB for firmware that verifies an appended signature is a
bit fiddly. I don't want people to have to figure it out from scratch
so document it here.
Signed-off-by: Daniel Axtens
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouh
From: Daniel Axtens
This code allows us to parse ASN1 node and allocating memory to store it.
It will work for anything where the size libtasn1 returns is right:
- Integers
- Octet strings
- DER encoding of other structures
It will _not_ work for things where libtasn1 size requires adjustment:
From: Alastair D'Silva
To support verification of appended signatures, we need a way to
embed the necessary public keys. Existing appended signature schemes
in the Linux kernel use X.509 certificates, so allow certificates to
be embedded in the GRUB core image in the same way as PGP keys.
Signed
From: Sudhakar Kuppusamy
If Secure Boot is enabled with PKS and the use_static_keys flag is set,
then read the DB default keys from the ELF note and store them in the trusted
list buffer.
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouhan
---
grub-core/
From: Sudhakar Kuppusamy
enhancing the infrastructure to enable the Platform Keystore (PKS) feature,
which provides access to the SB VERSION, DB, and DBX secure boot variables
from PKS.
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouhan
---
grub-core/Mak
From: Rashmica Gupta
Add infrastructure to allow firmware to verify the integrity of GRUB
by use of a Linux-kernel-module-style appended signature. We initially
target powerpc-ieee1275, but the code should be extensible to other
platforms.
Usually these signatures are appended to a file without
From: Daniel Axtens
This explains how appended signatures can be used to form part of
a secure boot chain, and documents the commands and variables
introduced.
Signed-off-by: Daniel Axtens
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouhan
---
docs/grub
From: Daniel Axtens
Trying to start grub-emu with a module that calls grub_dl_set_persistent
and grub_dl_is_persistent will crash because grub-emu fakes modules and
passes NULL to the module init function.
Provide an empty function for the emu case.
Fixes: ee7808e2197c (dl: Add support for pers
From: Daniel Axtens
In order to parse PKCS#7 messages and X.509 certificates with libtasn1,
we need some information about how they are encoded.
We get these from GNUTLS, which has the benefit that they support the
features we need and are well tested.
The GNUTLS files are from:
- https://gith
From: Daniel Axtens
These tests are run through all_functional_test and test a range
of commands and behaviours.
Signed-off-by: Daniel Axtens
Signed-off-by: Sudhakar Kuppusamy
Reviewed-by: Stefan Berger
Reviewed-by: Avnish Chouhan
---
grub-core/Makefile.core.def | 6 +
grub-
From: Daniel Axtens
This code allows us to parse:
- X.509 certificates: at least enough to verify the signatures on the
PKCS#7 messages. We expect that the certificates embedded in grub will
be leaf certificates, not CA certificates. The parser enforces this.
- X.509 certificates suppor
This patch set contains v3 of the consolidated version of the patch
sets for secure boot using appended signatures on powerpc,
rebased on top of git HEAD.
The v2 series is at
https://mail.gnu.org/archive/html/grub-devel/2025-03/msg00183.html
Changes since v2:
- Daniel Kiper review comments addr
From: Daniel Axtens
rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme.
We want to use it in other RSA signature verification applications.
I considered and rejected putting it in lib/crypto.c. That file doesn't
currently require any MPI functions, but rsa_pad does. That's not so
From: Daniel Axtens
This code allows us to parse:
- PKCS#7 signedData messages. Only a single signerInfo is supported,
which is all that the Linux sign-file utility supports creating
out-of-the-box. Only RSA, SHA-256 and SHA-512 are supported.
Any certificate embedded in the PKCS#7 mes
From: Daniel Axtens
The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the
pgp module is a bit quirky.
include/grub/crypto.h contains:
extern struct gcry_pk_spec *grub_crypto_pk_rsa;
commands/pgp.c contains the actual storage:
struct gcry_pk_spec *grub_crypto_pk_rsa;
And
From: Sudhakar Kuppusamy
To support the following trusted and distrusted commands
1. trusted_list:
It will show the list of trusted certificates and binary hashes
2. distrusted_list:
It will show the list of distrusted certificates and binary/certificate
hashes
3. trusted_
This patch set contains v3 of the consolidated version of the patch
sets for secure boot using appended signatures on powerpc,
rebased on top of git HEAD.
The v2 series is at
https://mail.gnu.org/archive/html/grub-devel/2025-03/msg00183.html
Changes since v2:
- Daniel Kiper review comments addr
In the function merge_state_with_log(), memory is allocated for the variable
next_nodes when creating a union of the variables table_nodes and log_nodes.
However, if next_state->entrance_nodes is NULL, then table_nodes becomes NULL
and we still allocate memory to copy the content of log_nodes. This
This patch set contains v3 of the consolidated version of the patch
sets for secure boot using appended signatures on powerpc,
rebased on top of git HEAD.
The v2 series is at
https://mail.gnu.org/archive/html/grub-devel/2025-03/msg00183.html
Changes since v2:
- Daniel Kiper review comments addr
Coverity found a couple resource leaks in gnulib code that the GRUB is using.
These fixes have been made in the latest version of gnulib and I've backported
these changes to maintain consistency.
This patch set fixes the following CIDs:
CID: 473869
CID: 473887
CID: 473888
Alec Brown (2):
gn
In the functions create_initial_state() and calc_eclosure_iter(), memory is
allocated for the elems member of a re_node_set structure but that memory
isn't freed on error. Before returning an error, a call to re_node_set_free()
should be made to prevent the resource leak.
This issue has been fixed
When network booting is used, trying to chainload to the local disk
(which is used in deployment tools such as Red Hat Satellite) may fail
when searching for the boot loader, e.g. /EFI/redhat/shimx64.efi:
the boot loader file is listed, but not readable, because UEFI DISK I/O
and/or SCSI DISK I/O d
Signed-off-by: Renaud Métrich
---
grub-core/commands/efi/lsefi.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c
index 7b8316d41..a70f243d0 100644
--- a/grub-core/commands/efi/lsefi.c
+++ b/grub-core/commands
58 matches
Mail list logo
