Re: [PATCH v2 20/22] appended signatures: verification tests

On 6/30/21 4:40 AM, Daniel Axtens wrote: These tests are run through all_functional_test and test a range of commands and behaviours. Signed-off-by: Daniel Axtens Reviewed-by: Stefan Berger --- v2 changes: - add a test for EKU - add tests for files signed with multiple signers

Re: [PATCH] ibmvtpm: Add support for trusted boot using a vTPM 2.0

On 7/14/21 12:16 PM, Daniel Kiper wrote: Signed-off-by: Stefan Berger --- grub-core/Makefile.core.def | 8 ++ grub-core/commands/ieee1275/ibmvtpm.c | 118 ++ grub-core/kern/ieee1275/ibmvtpm.c | 62 ++ include/grub/ieee1275/ibmvtpm.h

Re: [SECURITY PATCH 100/117] kern/parser: Fix a stack buffer overflow

Hi, Sorry for taking a while to look at this. On 10/06/2021 12:55, Paul Menzel wrote: > Dear Daniel, dear Chris, > > > Am 02.03.21 um 19:01 schrieb Daniel Kiper: >> From: Chris Coulson >> >> grub_parser_split_cmdline() expands variable names present in the >> supplied >> command line in to the

[PATCH v2 1/4] ieee1275: drop HEAP_MAX_ADDR, HEAP_MIN_SIZE

From: Daniel Axtens HEAP_MAX_ADDR is confusing. Currently it is set to 32MB, except on ieee1275 on x86, where it is 64MB. There is a comment which purports to explain it: /* If possible, we will avoid claiming heap above this address, because it seems to cause relocation problems with OSes t

[PATCH v2 4/4] ibmvtpm: Add support for trusted boot using a vTPM 2.0

From: Stefan Berger Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275 PowerPC platform. With this patch grub now measures text and binary data into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform does. Cc: Eric Snowberg Signed-off-by: Stefan Berger --- docs/grub.

[PATCH v2 3/4] ieee1275: request memory with ibm, client-architecture-support

From: Daniel Axtens On PowerVM, the first time we boot a Linux partition, we may only get 256MB of real memory area, even if the partition has more memory. This isn't really enough. Fortunately, the Power Architecture Platform Reference (PAPR) defines a method we can call to ask for more memory.

[PATCH v2 2/4] ieee1275: claim more memory

From: Daniel Axtens On powerpc-ieee1275, we are running out of memory trying to verify anything. This is because: - we have to load an entire file into memory to verify it. This is extremely difficult to change with appended signatures. - We only have 32MB of heap. - Distro kernels are now

[PATCH v2 0/4] Add support for trusted boot on IBM PPC platform

From: Stefan Berger This series of patches adds support for trusted boot using vTPM on the IBM IEEE1275 PowerPC platform. Stefan v2: - Prepended Daniel's patches to claim more memory on IBM platform - Added documentation to vTPM patch and major refactoring following Daniels' review D

Re: [PATCH v2 11/22] libtasn1: import libtasn1-4.16.0

On 6/30/21 4:40 AM, Daniel Axtens wrote: Import a very trimmed-down set of libtasn1 files: pushd /tmp wget https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.16.0.tar.gz popd pushd grub-core/lib mkdir libtasn1 cp /tmp/libtasn1-4.16.0/{README.md,LICENSE} libtasn1/ mkdir libtasn1/lib cp /tmp/libtasn1-4

Re: [PATCH v2 12/22] libtasn1: disable code not needed in grub

On 6/30/21 4:40 AM, Daniel Axtens wrote: We don't expect to be able to write ASN.1, only read it, so we can disable some code. Do that with #if 0/#endif, rather than deletion. This means that the difference between upstream and grub is smaller, which should make updating libtasn1 easier in the