Tools for testing Grub / Go OpenPGP compatibility

Howdy, y'all -- In anticipation of trying to revive the OpenPGP compatibility patch created by Ignat Korchagin in 2016, I've assembled a simple test suite that can generate multiple builds of GRUB (different versions/patches/etc) and then test them with keys and signatures generated by multiple to

Re: Tools for testing Grub / Go OpenPGP compatibility

On Wed, May 27, 2020 at 11:42 PM Daniel Axtens wrote: > My team has been working on the verifier area to support appended > signatures (used to sign Linux kernel modules, and on at least powerpc64 > also used to sign the kernel), so I have some familiarity with the > area. Where would I find the

Re: [PATCH REBASED] verify: search keyid in hashed signature subpackets

gnu.org/archive/html/grub-devel/2016-11/msg00073.html) > > Signed-off-by: Ignat Korchagin > Signed-off-by: Charles Duffy [ modified by Charles Duffy: rebase from pre-2.02 release to 2.02 final ] > [ modified by dja: rebase, split out 'readbuf' to both readbuf and > sub

[PATCH] pgp: Recognize issuer subpackets in either hashed or unhashed sections

`keyid` variable is unpopulated. This patch, originally written by Ignat Korchagin and ported to GRUB 2.04 by Daniel Axtens, remedies this. I (Charles Duffy) have tried to address review comments on the original requesting that named constants be used to enhance readability. There are still outstanding

Re: [PATCH] pgp: Recognize issuer subpackets in either hashed or unhashed sections

hed-or-.patch> Thanks/apologies/&c., -- Charles On Sat, May 30, 2020 at 4:20 PM Charles Duffy wrote: > Currently, GRUB's OpenPGP signature parsing searches for the issuer > field (specifying the key to use) only in the unhashed portion of the > signature. > > RFC 4880

verify not supporting all OpenPGP signature packets?

Howdy -- When trying to validate a signature produced by the Go standard-library OpenPGP implementation, I get the following: grub> verify_detached /test /test.sig error: public key not found. GnuPG verifies this same signature successfully. On investigation, there appear to be two diff

Debugging modules built into a GRUB image w/ gdb

Howdy -- I'm trying to track down an issue encountered wherein a grub.cfg on a memdisk is only successfully loaded with check_signatures=no, despite grub_pubkey_open containing code which appears to explicitly exempt the case where io->device->disk->id == GRUB_DISK_DEVICE_MEMDISK_ID from enforceme

Anyone have a copy of grub-0.97-nic_update-2.patch?

A patch adding a port of the nForce ethernet driver forcedeth to GRUB is supposedly available at http://ftp.jg555.com/netboot/patches/grub-0.97-nic_update-2.patch; however, the site is inaccessible, and the file doesn't appear to be covered by archive.org. Would anyone here happen to have that pat