On Fri, Oct 23, 2020 at 07:58:50PM +0200, Patrick Steinhardt wrote:
> On Mon, Oct 19, 2020 at 06:09:56PM -0500, Glenn Washburn wrote:
> > This creates an alignment with grub_disk_t naming of the same field and is
> > more intuitive as to how it should be used.
> >
> > Signed-off-by: Glenn Washburn
On Fri, Oct 23, 2020 at 08:01:54PM +0200, Patrick Steinhardt wrote:
> On Mon, Oct 19, 2020 at 06:09:58PM -0500, Glenn Washburn wrote:
> > This makes it more obvious to the reader that the disk referred to is the
> > source disk, as opposed to say the disk holding the cryptodisk.
> >
> > Signed-off-
On Mon, Oct 19, 2020 at 06:09:55PM -0500, Glenn Washburn wrote:
> This should improve readability of code by providing clues as to what the
> value represents.
>
> Signed-off-by: Glenn Washburn
> ---
> grub-core/disk/cryptodisk.c | 12 +++-
> include/grub/types.h| 3 +++
> 2 file
On Fri, Oct 23, 2020 at 07:58:13PM +0200, Patrick Steinhardt wrote:
> On Mon, Oct 19, 2020 at 06:09:57PM -0500, Glenn Washburn wrote:
> > This makes it clear that the offset represents sectors, not bytes, in order
> > to improve readability.
> >
> > Signed-off-by: Glenn Washburn
>
> Reviewed-by: P
On Mon, Oct 19, 2020 at 06:09:48PM -0500, Glenn Washburn wrote:
> Heres an updated patch series which addresses comment from Patrick. The only
> code change is adding a slot_key member to grub_luks2_keyslot and using that
> instead of an extra out parameter to luks2_get_keyslot.
>
> Glenn Washburn
On Sat, Oct 03, 2020 at 12:42:55AM -0500, Glenn Washburn wrote:
> On Mon, 21 Sep 2020 13:23:04 +0200
> Daniel Kiper wrote:
>
> > On Mon, Sep 21, 2020 at 06:28:28AM +, Glenn Washburn wrote:
> > > Sep 8, 2020 7:21:31 AM Daniel Kiper :
> > > > On Mon, Sep 07, 2020 at 05:27:46PM +0200, Patrick Ste
Hi Petr,
First of all, sorry for late reply...
On Tue, Sep 22, 2020 at 11:14:48AM +0200, Petr Vorel wrote:
> > On Wed, Sep 09, 2020 at 10:02:20PM +0200, Petr Vorel wrote:
> > > Remove mips builds fix configure error:
> > > configure: error: could not force big-endian)
>
> > Could you try to fix m
Adding Alex...
On Tue, Sep 22, 2020 at 11:20:12AM +0200, Petr Vorel wrote:
> Hi Daniel,
>
> > To fix travis error:
> > grub-mkimage: error: target 1036 not reachable from pc=ba.
>
> https://travis-ci.org/github/pevik/grub/jobs/729143844
> $ for target in $GRUB_TARGETS; do grub-mkimage -c grub.cfg
On Sat, Sep 19, 2020 at 01:58:43PM +0200, Daniel Kiper wrote:
> On Sat, Sep 19, 2020 at 12:38:24AM +0200, John Paul Adrian Glaubitz wrote:
> > On 9/18/20 11:38 PM, Daniel Kiper wrote:
> > >> It is tested on x86_64-efi and arm64-efi platforms. I don’t have an
> > >> environment for x86 32-bit EFI, a
Hi,
First of all, sorry for late reply...
On Wed, Jul 29, 2020 at 09:33:27PM +0800, Tianjia Zhang wrote:
> Add a number of debug logs to the tpm module. The condition tag
> for opening debugging is `tpm`. On TPM machines, this will bring
> great convenience to diagnosis and debugging.
>
> Signed-
On Mon, Jul 20, 2020 at 05:07:49PM +1000, Daniel Axtens wrote:
> Compiling under clang-10 gives:
>
> grub-core/lib/LzmaEnc.c:1362:9: error: misleading indentation; statement is
> not part of the previous 'if' [-Werror,-Wmisleading-indentation]
> {
> ^
> grub-core/lib/LzmaEnc.c:1358
On Tue, Jul 28, 2020 at 01:42:04PM +0800, Cao jin wrote:
> Commit b81d609e4c forget to update it.
>
> Signed-off-by: Cao jin
Reviewed-by: Daniel Kiper
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-d
On Sat, Jun 20, 2020 at 03:01:43PM +0200, Jacob Kroon wrote:
> Signed-off-by: Jacob Kroon
> ---
> Makefile.util.def | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/Makefile.util.def b/Makefile.util.def
> index d9e2bd84d..f8b356cc1 100644
> --- a/Makefile.util.def
> +++ b/Makefile.util.def
Hi Faidon,
First of all, sorry for late reply...
On Mon, Jun 15, 2020 at 12:51:29PM +0300, Faidon Liambotis wrote:
> Hi all,
>
> Around a year ago, in my attempts to use GRUB for PXE, I ran into quite
> a few bugs with GRUB's TCP, DNS and HTTP stack that prevented me from
> using GRUB for that pu
If we are verifying large kernels, we need more that 32MB. (Many distro
kernels are quite large, and debug kernels can be even bigger!)
This is possibly not the way we want to go with for upstream as it breaks
booting on systems with <= 512MB. We're working on a more upstream-friendly
solution and
Other verifiers that implement secure boot may want to be able to
reuse the same list and behaviour.
Signed-off-by: Daniel Axtens
---
grub-core/commands/efi/shim_lock.c | 45 +++--
grub-core/commands/verifiers.c | 46 ++
include/grub/verify
v2: fix the grub-mkimage bug. I haven't changed any libtasn1 licensing
because I don't think we reached any conclusion on whether anything
was needed, and if so what.
Part of a secure boot chain is allowing grub to verify the boot
kernel. For UEFI platforms, this is usually delegated to the shim:
Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell
script. The para doesn't really add that much, especially since it's
the user manual, so just drop it.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 7 ---
1 file changed, 7 deletions(-)
diff --git a/docs/grub.texi b/do
rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme.
We want to use it in other RSA signature verification applications.
I considered and rejected putting it in lib/crypto.c. That file doesn't
currently require any MPI functions, but rsa_pad does. That's not so
much of a problem for
--pubkey is supported, so we can now document it.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 12 +++-
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index 6cbd753d12fd..6bac37728042 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@
Trying to start grub-emu with a module that calls grub_dl_set_persistent
will crash because grub-emu fakes modules and passes NULL to the module
init function.
Provide an empty function for the emu case.
Fixes: ee7808e2197c (dl: Add support for persistent modules)
Signed-off-by: Daniel Axtens
--
The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the
pgp module is a bit quirky.
include/grub/crypto.h contains:
extern struct gcry_pk_spec *grub_crypto_pk_rsa;
commands/pgp.c contains the actual storage:
struct gcry_pk_spec *grub_crypto_pk_rsa;
And the module itself save
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
platforms, so we al
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
Do a few things to make libtasn1 compile as part of grub:
- replace strcat. grub removed strcat so replace it with the appropriate
calls to memcpy and strlen.
- replace c_isdigit with grub_isdigit (and don't import c-ctype from
gnulib) grub_isdigit provides the same functionality as c_isd
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap.c | 26 ++
2 files changed, 41 insertions(+)
create mod
From: Alastair D'Silva
To support verification of appended signatures, we need a way to
embed the necessary public keys. Existing appended signature schemes
in the Linux kernel use X.509 certificates, so allow certificates to
be embedded in the grub core image in the same way as PGP keys.
Signed
Building on the parsers and the ability to embed x509 certificates, as
well as the existing gcrypt functionality, add a module for verifying
appended signatures.
This includes:
- a verifier that requires that kernels and grub modules have appended
signatures. It shares lots of logic with shim
This code allows us to parse:
- PKCS#7 signedData messages. Only a single signerInfo is supported,
which is all that the Linux sign-file utility supports creating
out-of-the-box. Only RSA, SHA-256 and SHA-512 are supported.
Any certificate embedded in the PKCS#7 message will be ignored.
In order to parse PKCS#7 messages and X.509 certificates with libtasn1,
we need some information about how they are encoded.
We get these from GNUTLS, which has the benefit that they support the
features we need and are well tested.
The GNUTLS license is LGPLv2.1+, which is GPLv3 compatible, allo
These tests are run through all_functional_test and test a range
of commands and behaviours.
Signed-off-by: Daniel Axtens
---
grub-core/Makefile.core.def | 6 +
grub-core/tests/appended_signature_test.c | 250 +++
grub-core/tests/appended_signatures.h | 483 ++
This explains how appended signatures can be used to form part of
a secure boot chain, and documents the commands and variables
introduced.
Signed-off-by: Daniel Axtens
---
docs/grub.texi | 189 +
1 file changed, 174 insertions(+), 15 deletions(-)
Thanks for pointing it out, this patch is too careless, very sorry, I
will revise another version.
Best regards,
Tianjia
On 10/28/20 4:58 AM, Daniel Kiper wrote:
Hi,
First of all, sorry for late reply...
On Wed, Jul 29, 2020 at 09:33:27PM +0800, Tianjia Zhang wrote:
Add a number of debug
33 matches
Mail list logo
