grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 0/9] verifiers: Framework and EFI shim lock verifier


From: Ross Philipson
Subject: Re: [PATCH v4 0/9] verifiers: Framework and EFI shim lock verifier
Date: Wed, 31 Oct 2018 12:11:14 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2

On 10/30/2018 09:12 AM, Daniel Kiper wrote:
> Hi all,
> 
> Another stab at verifiers framework and EFI shim lock verifier. This time
> I have dived into Vladmir code and cleaned it up. I have improved shim_lock
> code and added some doc too. So, right now patchset is in quite good shape.
> Please take a look.
> 
> Daniel
> 
>  docs/grub-dev.texi                           |   58 ++
>  docs/grub.texi                               |   15 +
>  grub-core/Makefile.core.def                  |   15 +-
>  grub-core/commands/acpi.c                    |    2 +-
>  grub-core/commands/blocklist.c               |    4 +-
>  grub-core/commands/cat.c                     |    2 +-
>  grub-core/commands/cmp.c                     |    4 +-
>  grub-core/commands/efi/loadbios.c            |    4 +-
>  grub-core/commands/efi/shim_lock.c           |  141 ++++
>  grub-core/commands/file.c                    |    5 +-
>  grub-core/commands/hashsum.c                 |   22 +-
>  grub-core/commands/hexdump.c                 |    2 +-
>  grub-core/commands/i386/pc/play.c            |    2 +-
>  grub-core/commands/keylayouts.c              |    2 +-
>  grub-core/commands/legacycfg.c               |    2 +-
>  grub-core/commands/loadenv.c                 |   24 +-
>  grub-core/commands/ls.c                      |    8 +-
>  grub-core/commands/minicmd.c                 |    5 +-
>  grub-core/commands/nativedisk.c              |    3 +-
>  grub-core/commands/parttool.c                |    2 +-
>  grub-core/commands/pgp.c                     | 1019 +++++++++++++++++++++++++
>  grub-core/commands/search.c                  |    4 +-
>  grub-core/commands/test.c                    |    4 +-
>  grub-core/commands/testload.c                |    2 +-
>  grub-core/commands/testspeed.c               |    2 +-
>  grub-core/commands/verifiers.c               |  228 ++++++
>  grub-core/commands/verify.c                  | 1042 
> --------------------------
>  grub-core/disk/loopback.c                    |    3 +-
>  grub-core/efiemu/main.c                      |    2 +-
>  grub-core/font/font.c                        |    4 +-
>  grub-core/fs/zfs/zfscrypt.c                  |    2 +-
>  grub-core/gettext/gettext.c                  |    2 +-
>  grub-core/gfxmenu/theme_loader.c             |    2 +-
>  grub-core/io/bufio.c                         |    8 +-
>  grub-core/io/gzio.c                          |    5 +-
>  grub-core/io/lzopio.c                        |    6 +-
>  grub-core/io/offset.c                        |    7 +-
>  grub-core/io/xzio.c                          |    6 +-
>  grub-core/kern/dl.c                          |    2 +-
>  grub-core/kern/elf.c                         |    4 +-
>  grub-core/kern/file.c                        |   22 +-
>  grub-core/lib/cmdline.c                      |    9 +-
>  grub-core/lib/syslinux_parse.c               |    2 +-
>  grub-core/loader/arm/linux.c                 |    8 +-
>  grub-core/loader/arm64/linux.c               |   10 +-
>  grub-core/loader/efi/chainloader.c           |    2 +-
>  grub-core/loader/i386/bsd.c                  |   22 +-
>  grub-core/loader/i386/coreboot/chainloader.c |    2 +-
>  grub-core/loader/i386/linux.c                |   18 +-
>  grub-core/loader/i386/multiboot_mbi.c        |   16 +-
>  grub-core/loader/i386/pc/chainloader.c       |    4 +-
>  grub-core/loader/i386/pc/freedos.c           |    2 +-
>  grub-core/loader/i386/pc/linux.c             |   15 +-
>  grub-core/loader/i386/pc/ntldr.c             |    2 +-
>  grub-core/loader/i386/pc/plan9.c             |   13 +-
>  grub-core/loader/i386/pc/pxechainloader.c    |    2 +-
>  grub-core/loader/i386/pc/truecrypt.c         |    2 +-
>  grub-core/loader/i386/xen.c                  |   14 +-
>  grub-core/loader/i386/xen_file.c             |    2 +-
>  grub-core/loader/i386/xnu.c                  |    2 +-
>  grub-core/loader/ia64/efi/linux.c            |    7 +
>  grub-core/loader/linux.c                     |    6 +-
>  grub-core/loader/macho.c                     |    4 +-
>  grub-core/loader/mips/linux.c                |   10 +-
>  grub-core/loader/multiboot.c                 |    8 +-
>  grub-core/loader/multiboot_mbi2.c            |   13 +-
>  grub-core/loader/powerpc/ieee1275/linux.c    |    5 +-
>  grub-core/loader/sparc64/ieee1275/linux.c    |    5 +-
>  grub-core/loader/xnu.c                       |   25 +-
>  grub-core/loader/xnu_resume.c                |    4 +-
>  grub-core/normal/autofs.c                    |   11 +-
>  grub-core/normal/crypto.c                    |    2 +-
>  grub-core/normal/dyncmd.c                    |    2 +-
>  grub-core/normal/main.c                      |    2 +-
>  grub-core/normal/term.c                      |    2 +-
>  grub-core/video/readers/jpeg.c               |    2 +-
>  grub-core/video/readers/png.c                |    2 +-
>  grub-core/video/readers/tga.c                |    2 +-
>  include/grub/bufio.h                         |    6 +-
>  include/grub/dl.h                            |   13 +
>  include/grub/elfload.h                       |    2 +-
>  include/grub/file.h                          |  154 ++--
>  include/grub/lib/cmdline.h                   |    5 +-
>  include/grub/list.h                          |    1 +
>  include/grub/machoload.h                     |    3 +-
>  include/grub/verify.h                        |   78 ++
>  util/grub-fstest.c                           |    6 +-
>  util/grub-mount.c                            |    6 +-
>  88 files changed, 1949 insertions(+), 1282 deletions(-)
> 
> Daniel Kiper (5):
>       bufio: Use grub_size_t instead of plain int for size
>       verifiers: Add possibility to defer verification to other verifiers
>       verifiers: Rename verify module to pgp module
>       dl: Add support for persistent modules
>       efi: Add EFI shim lock verifier
> 
> Vladimir Serbinenko (4):
>       verifiers: File type for fine-grained signature-verification controlling
>       verifiers: Framework core
>       verifiers: Add possibility to verify kernel and modules command lines
>       verifiers: Add the documentation
> 

This version of the patch set looks good to me.

Reviewed-by: Ross Philipson <address@hidden>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]