From: Daniel Axtens <dja@axtens.net>
To: grub-devel@gnu.org
Cc: rashmica.g@gmail.com, alastair@d-silva.org,
Daniel Axtens <dja@axtens.net>
Subject: [PATCH 0/3] Add support for signing grub with an appended signature
Date: Fri, 21 Aug 2020 12:37:17 +1000 [thread overview]
Message-ID: <20200821023720.13747-1-dja@axtens.net> (raw)
Part of a secure boot chain is allowing boot firmware to verify the
grub core.img. For UEFI platforms, this is done by signing the PE
binary with a tool like pesign or sb-sign. However, for platforms that
don't implement UEFI, an alternative scheme is required.
These patches provide some infrastructure and documentation for
signing grub's core.img with a Linux-kernel-module style appended
signature.
Because some platforms, such as powerpc-ieee1275, load grub from a raw
disk partition rather than a filesystem, we extend grub-install to add
an ELF note that allows us to specify the size and location of the
signature.
More details are in patch 1, including a link to an open-source firmware
capable of verifying a grub image signed this way.
Daniel Axtens (2):
docs/grub: Document signing grub under UEFI
docs/grub: Document signing grub with an appended signature
Rashmica Gupta (1):
Add suport for signing grub with an appended signature
docs/grub.texi | 64 ++++++++++++++++++++++++++++++++++++-
include/grub/util/install.h | 8 +++--
include/grub/util/mkimage.h | 4 +--
util/grub-install-common.c | 16 ++++++++--
util/grub-mkimage.c | 11 +++++++
util/grub-mkimagexx.c | 39 +++++++++++++++++++++-
util/mkimage.c | 10 +++---
7 files changed, 138 insertions(+), 14 deletions(-)
--
2.25.1
next reply other threads:[~2020-08-21 2:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-21 2:37 Daniel Axtens [this message]
2020-08-21 2:37 ` [PATCH 1/3] Add suport for signing grub with an appended signature Daniel Axtens
2020-08-21 2:37 ` [PATCH 2/3] docs/grub: Document signing grub under UEFI Daniel Axtens
2020-08-21 2:37 ` [PATCH 3/3] docs/grub: Document signing grub with an appended signature Daniel Axtens
2020-10-20 3:54 ` Michael Chang
2020-10-20 4:51 ` Daniel Axtens
2020-10-20 5:58 ` Michael Chang
2020-09-23 15:11 ` [PATCH 0/3] Add support for " Daniel Axtens
2020-10-16 11:20 Michal Suchánek
[not found] ` <871rhuwi80.fsf@dja-thinkpad.axtens.net>
2020-10-19 23:18 ` Daniel Axtens
2020-10-22 4:25 ` Daniel Axtens
2020-10-22 11:14 ` Michal Suchánek
2020-10-23 5:33 ` Daniel Axtens
2020-11-04 18:04 ` Michal Suchánek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200821023720.13747-1-dja@axtens.net \
--to=dja@axtens.net \
--cc=alastair@d-silva.org \
--cc=grub-devel@gnu.org \
--cc=rashmica.g@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.