This repository was archived by the owner on May 29, 2020. It is now read-only.
Closed
Conversation
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Let's provide file type info to the I/O layer. This way verifiers framework and its users will be able to differentiate files and verify only required ones. This is preparatory patch. Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Verifiers framework provides core file verification functionality which can be used by various security mechanisms, e.g., UEFI secure boot, TPM, PGP signature verification, etc. The patch contains PGP code changes and probably they should be extracted to separate patch for the sake of clarity. Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
This way if a verifier requires verification of a given file it can defer task to another verifier (another authority) if it is not able to do it itself. E.g. shim_lock verifier, posted as a subsequent patch, is able to verify only PE files. This means that it is not able to verify any of GRUB2 modules which have to be trusted on UEFI systems with secure boot enabled. So, it can defer verification to other verifier, e.g. PGP one. I silently assume that other verifiers are trusted and will do good job for us. Or at least they will not do any harm. Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Just for clarity. No functional change. Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
This type of modules cannot be unloaded. This is useful if a given functionality, e.g. UEFI secure boot shim signature verification, should not be disabled if it was enabled at some point in time. Somebody may say that we can use standalone GRUB2 here. That is true. However, the code is not so big nor complicated hence it make sense to support modularized configs too. Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
This module provides shim lock verification for various kernels
if UEFI secure boot is enabled on a machine.
It is recommended to put this module into GRUB2 standalone image
(avoid putting iorw and memrw modules into it; they are disallowed
if UEFI secure boot is enabled). However, it is also possible to use
it as a normal module. Though such configurations are more fragile
and less secure due to various limitations.
If the module is loaded and UEFI secure boot is enabled then:
- module itself cannot be unloaded (persistent module),
- the iorw and memrw modules cannot be loaded,
- if the iorw and memrw modules are loaded then
machine boot is disabled,
- GRUB2 defers modules and ACPI tables verification to
other verifiers.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Member
|
@pietrushnic the view is too huge. Could You create a separate branch coming out of 2.02 and setup a PR to this branch then? It could provide better visibility of the changes |
Member
Author
|
@miczyg1 this PR is based on patches from the community, I just pushed that here for better review and to not the repeat procedure of reverse engineering where those patches should be applied. I do not expect full code review, but rather trying to familiar with the concept. I sent #2 to remove conflicts. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.