Reviewed-by: Avnish Chouhan
On 2024-12-18 20:26, Sudhakar Kuppusamy wrote:
enhancing the infrastructure to enable the Platform Keystore (PKS)
feature,
which provides access to the SB VERSION, DB, and DBX secure boot
variables
from PKS.
Signed-off-by: Sudhakar Kuppusamy
---
grub-core/kern/
On 2025-02-06 13:00, Michael Chang wrote:
On Wed, Jan 15, 2025 at 05:46:05PM +0530, Avnish Chouhan wrote:
Change RMA size from 512 MB to 768 MB which will result
in more memory at boot time for PowerPC. When PowerPC LPAR use/uses
vTPM,
Secure Boot or FADump, the 512 MB RMA memory is not suffic
Suggestion : Can we use grub_dprintf instead of grub_printf, unless it
is extremely necessary!
Reviewed-by: Avnish Chouhan
On 2024-12-18 20:26, Sudhakar Kuppusamy wrote:
If secure boot is enabled with PKS, it will read secure boot variables
such as db and dbx from PKS and extract certificates
Reviewed-by: Avnish Chouhan
On 2024-12-18 20:26, Sudhakar Kuppusamy wrote:
The trusted certificates and binary hashes, distrusted certificates and
binary/certificate hashes will be extracted from the platform keystore
buffer
if Secure Boot is enabled with PKS.
In order to verify the integeri
Reviewed-by: Avnish Chouhan
On 2024-12-18 20:26, Sudhakar Kuppusamy wrote:
To verify the kernel's: verify the kernel binary against list of binary
hashes
that are distrusted and trusted. If it is not listed in both trusted
and distrusted,
the trusted keys from trusted key list used to verify
Reviewed-by: Avnish Chouhan
On 2024-12-18 20:26, Sudhakar Kuppusamy wrote:
if secure boot enabled with PKS and set use_static_keys flag, it
reads the DB default keys from ELF Note and store it in trusted list
buffer.
Signed-off-by: Sudhakar Kuppusamy
---
grub-core/commands/appendedsig/app
Reviewed-by: Avnish Chouhan
On 2024-12-18 20:26, Sudhakar Kuppusamy wrote:
if secure boot enabled with PKS, it set the use_static_keys flag
when DB variable is not present in PKS storage and the appendedsig
(module)
would use it later to extract the default DB key's from ELF Note and
store i
