[bug #56349] GRUB 2 "trust" command does not work with GPG identities containing a photo uid

[Artur Juraszek]

URL:
  <https://savannah.gnu.org/bugs/?56349>

                 Summary: GRUB 2 "trust" command does not work with GPG
identities containing a photo uid
                 Project: GNU GRUB
            Submitted by: asgavar
            Submitted on: Sun 19 May 2019 06:33:45 PM UTC
                Category: Configuration
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Artur Juraszek
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: 2.02
         Reproducibility: None
         Planned Release: None

    _______________________________________________________

Details:

The title should say it all, steps to reproduce:

1) Generate a GPG/PGP identity or use an already existing one
2) Add a photo ID:
     gpg --edit-key YOUR_KEY_ID_HERE
     addphoto
3) Export it (in a non-ASCII-armored form) somewhere, e.g.:
     gpg --export YOUR_KEY_ID_HERE > /boot/boot.key
4) Dive into GRUB Console or include step 5. in your GRUB config file
5) Try to trust this key, i.e. run something like this:
     trust (hd0,gpt2)/boot.key
6) Get the list of trusted keys and observe that nothing happened:
     list_trusted

The appropriate behavior can be seen after removing the Photo ID from such
key, or using another without it.




    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56349>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/