[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/3] Add support for signing grub with an appended signature
|
From: |
Daniel Axtens |
|
Subject: |
[PATCH 0/3] Add support for signing grub with an appended signature |
|
Date: |
Fri, 21 Aug 2020 12:37:17 +1000 |
Part of a secure boot chain is allowing boot firmware to verify the
grub core.img. For UEFI platforms, this is done by signing the PE
binary with a tool like pesign or sb-sign. However, for platforms that
don't implement UEFI, an alternative scheme is required.
These patches provide some infrastructure and documentation for
signing grub's core.img with a Linux-kernel-module style appended
signature.
Because some platforms, such as powerpc-ieee1275, load grub from a raw
disk partition rather than a filesystem, we extend grub-install to add
an ELF note that allows us to specify the size and location of the
signature.
More details are in patch 1, including a link to an open-source firmware
capable of verifying a grub image signed this way.
Daniel Axtens (2):
docs/grub: Document signing grub under UEFI
docs/grub: Document signing grub with an appended signature
Rashmica Gupta (1):
Add suport for signing grub with an appended signature
docs/grub.texi | 64 ++++++++++++++++++++++++++++++++++++-
include/grub/util/install.h | 8 +++--
include/grub/util/mkimage.h | 4 +--
util/grub-install-common.c | 16 ++++++++--
util/grub-mkimage.c | 11 +++++++
util/grub-mkimagexx.c | 39 +++++++++++++++++++++-
util/mkimage.c | 10 +++---
7 files changed, 138 insertions(+), 14 deletions(-)
--
2.25.1
- [PATCH 0/3] Add support for signing grub with an appended signature,
Daniel Axtens <=