This allows us to test purely the integration of the implementation
of DSA and RSA from libgcrypt without concerning with additional
code.
Signed-off-by: Vladimir Serbinenko
---
grub-core/tests/dsa_sexp_test.c | 125
grub-core/tests/rsa_sexp_test.c | 99
Base on libgpg-error 1.49 but with modifications to make it compile
in GRUB environment
Signed-off-by: Vladimir Serbinenko
---
grub-core/lib/b64dec.c | 293 +
1 file changed, 293 insertions(+)
create mode 100644 grub-core/lib/b64dec.c
diff --git a/grub-c
Signed-off-by: Vladimir Serbinenko
---
conf/Makefile.common | 2 +-
util/import_gcry.py | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/conf/Makefile.common b/conf/Makefile.common
index 5cada4568..0df4d6e7a 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -82,
Libgcrypt code assumes that on x64 all SSE registers are fair game.
While it's true that CPUs in question support it, we disable it in
our compilation options. Disable the offending optimization.
Signed-off-by: Vladimir Serbinenko
---
.../lib/libgcrypt-patches/02_keccak_sse.patch | 23 ++
Reviewed-By : Vladimir Serbinenko phco...@gmail.com
Le mer. 4 déc. 2024, 17:12, Eric Sandeen a écrit :
> When large extent counter / NREXT64 support was added to grub, it missed
> a couple of direct reads of nextents which need to be changed to the new
> NREXT64-aware helper as well. Without thi
Use loader protocol for image verification where available, otherwise
fall back to the old shim lock protocol.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 58
grub-core/loader/efi/linux.c | 6 ++--
include/grub/efi/api.h | 5
inc
Signed-off-by: Vladimir Serbinenko
---
.../lib/libgcrypt-patches/03_coverity.patch | 45 +++
1 file changed, 45 insertions(+)
create mode 100644 grub-core/lib/libgcrypt-patches/03_coverity.patch
diff --git a/grub-core/lib/libgcrypt-patches/03_coverity.patch
b/grub-core/lib/li
Signed-off-by: Mate Kukri
---
grub-core/loader/efi/chainloader.c | 21 +
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c
b/grub-core/loader/efi/chainloader.c
index 11b64ac1b..e77bd863c 100644
--- a/grub-core/loader/efi/chainlo
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c |
Not reusing these handles will result in image measurements showing up
twice in the event log.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 16
include/grub/efi/sb.h | 4
2 files changed, 20 insertions(+)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/
Le jeu. 27 mars 2025, 23:44, Alec Brown a écrit :
> On Wed, Mar 26, 2025 at 5:43 AM, Vladimir 'phcoder' Serbinenko <
> phco...@gmail.com> wrote:
> >>
> >>
> >>
> >> +#ifdef GRUB_MACHINE_EFI
> >> +#include
> >> +#include
> >> +#include
> >> +#endif
> >> +
> >>
> > Can UKI work without EFI? I th
NOTE that leaving in the shim lock fallback has a downside, which is
that the following contrived scenario will let all checks pass, and
create unavoidable crashes:
1. you are running a system with a real NX mode
2. you have signed an NX_COMPAT + NX_REQUIRE (no one should _ever_
sign NX_COMPAT with
Signed-off-by: Mate Kukri
---
grub-core/loader/efi/linux.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 9cd84ab12..1829d5689 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi
13 matches
Mail list logo
