Feedback Request: Implement Fuzzers and Add to OSS-Fuzz

Hello, I’m looking for feedback on whether there would be project interest / support on me creating an initial fuzz test suite for some core GRUB functions and then integrating these fuzzers into the OSS-Fuzz project that would run them and automate bug reporting to project owners / maintainers on

Re: [PATCH v4 5/6] commands/ls: Print full paths for file args

On Thu, Feb 27, 2025 at 12:28:31AM -0600, Glenn Washburn wrote: > On Mon, 24 Feb 2025 18:14:59 +0100 Daniel Kiper wrote: > > On Mon, Jan 06, 2025 at 01:02:43AM -0600, Glenn Washburn wrote: > > > For arguments that are paths to files, print the full path of the file. > > > > > > Signed-off-by: Glen

Re: [PATCH 3/3] blsuki: Add uki command to load Unified Kernel Image entries

On 2/14/25 8:40 AM, Alec Brown wrote: A Unified Kernel Image is a single UEFI PE file that combines a UEFI boot stub, a Linux kernel image, an initrd, and further resources. The uki command will locate where the uki file is and create a GRUB menu entry to load it. I chatted with Alec yesterday

Re: [PATCH 0/6 v13] LVM Cachevol and Integrity volumes break entire LVM VG

I just rebased them with no changes except for line numbers shifting, and pushed to https://github.com/byteit101/grub2/commits/grub-lvmintegrity/ and attached them as patches with --thread. I unfortunately don't have time to figure out how to get send-email to work for the next few weeks as I'm tra

Re: [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18

Daniel Kiper via Grub-devel on Mon, 2025/02/24 15:34: > > [...] > > The current situation is just insane. > > I can understand your frustration but I am afraid we are not able to do > much about it at this point. Sorry... We have problems with finding > people doing security patches, forward po

Re: [PATCH v1 19/21] appendedsig: Reads the default DB keys from ELF Note

On 2025-01-02 18:49, Stefan Berger wrote: On 12/18/24 9:56 AM, Sudhakar Kuppusamy wrote: if secure boot enabled with PKS and set use_static_keys flag, it If Secure Boot is enabled with PKS and the use_static_keys flag is set, then read the DB default keys from the ELF note and store them in th

Re: [PATCH v1 16/21] appendedsig: The creation of trusted and distrusted lists

On 2024-12-31 22:51, Stefan Berger wrote: On 12/18/24 9:56 AM, Sudhakar Kuppusamy wrote: The trusted certificates and binary hashes, distrusted certificates and binary/certificate hashes will be extracted from the platform keystore buffer if Secure Boot is enabled with PKS. In order to verify

Re: [PATCH v1 17/21] appendedsig: While verifying the kernel, use trusted and distrusted lists

On 2024-12-31 23:07, Stefan Berger wrote: On 12/18/24 9:56 AM, Sudhakar Kuppusamy wrote: To verify the kernel's: verify the kernel binary against list of binary hashes To verify the kernel's signature? against lists of binary hashes that are distrusted and trusted. If it is not listed in bot

Re: [PATCH v1 18/21] ieee1275: set use_static_keys flag

On 2025-01-02 18:52, Stefan Berger wrote: On 12/18/24 9:56 AM, Sudhakar Kuppusamy wrote: if secure boot enabled with PKS, it set the use_static_keys flag I was not sure at this point what the patch actually does so I reformulated it a bit. I would start the patch description with the reason wh

Re: [PATCH v1 05/21] pgp: factor out rsa_pad

On 2025-01-05 00:10, Vladimir 'phcoder' Serbinenko wrote: rsa_pad will be removed when we update libgcrypt (see pending patch). Can we accommodate for this? On Wed, Dec 18, 2024 at 5:58 PM Sudhakar Kuppusamy wrote: From: Daniel Axtens rsa_pad does the PKCS#1 v1.5 padding for the RSA signatu

Re: [PATCH v1 05/21] pgp: factor out rsa_pad

On 2025-01-24 16:10, Avnish Chouhan wrote: Indentation looks off in couple of places. Please fix it. Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme. We want to use it in other R

Re: [PATCH v1 09/21] appended signatures: parse PKCS#7 signedData and X.509 certificates

On 2025-01-24 16:40, Avnish Chouhan wrote: Suggestion : It will be good if we can remove the brackets in one liner if conditions and loops! Reviewed-by: Avnish Chouhan  On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens This code allows us to parse: - PKCS#7 signedData mess

Re: [PATCH v1 10/21] appended signatures: support verifying appended signatures

On 2025-02-06 11:40, Avnish Chouhan wrote: On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens Building on the parsers and the ability to embed x509 certificates, as well as the existing gcrypt functionality, add a module for verifying appended signatures. This includes a verif

Re: [PATCH v1 13/21] ieee1275: enter lockdown based on /ibm,secure-boot

On 2025-02-06 11:53, Avnish Chouhan wrote: On 2024-12-18 20:26, Sudhakar Kuppusamy wrote: From: Daniel Axtens If the 'ibm,secure-boot' property of the root node is 2 or greater, enter lockdown. Signed-off-by: Daniel Axtens Signed-off-by: Sudhakar Kuppusamy --- docs/grub.texi