[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 0/9] verifiers: Framework and EFI shim lock verifier
|
From: |
Ross Philipson |
|
Subject: |
Re: [PATCH v4 0/9] verifiers: Framework and EFI shim lock verifier |
|
Date: |
Wed, 31 Oct 2018 12:11:14 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 |
On 10/30/2018 09:12 AM, Daniel Kiper wrote:
> Hi all,
>
> Another stab at verifiers framework and EFI shim lock verifier. This time
> I have dived into Vladmir code and cleaned it up. I have improved shim_lock
> code and added some doc too. So, right now patchset is in quite good shape.
> Please take a look.
>
> Daniel
>
> docs/grub-dev.texi | 58 ++
> docs/grub.texi | 15 +
> grub-core/Makefile.core.def | 15 +-
> grub-core/commands/acpi.c | 2 +-
> grub-core/commands/blocklist.c | 4 +-
> grub-core/commands/cat.c | 2 +-
> grub-core/commands/cmp.c | 4 +-
> grub-core/commands/efi/loadbios.c | 4 +-
> grub-core/commands/efi/shim_lock.c | 141 ++++
> grub-core/commands/file.c | 5 +-
> grub-core/commands/hashsum.c | 22 +-
> grub-core/commands/hexdump.c | 2 +-
> grub-core/commands/i386/pc/play.c | 2 +-
> grub-core/commands/keylayouts.c | 2 +-
> grub-core/commands/legacycfg.c | 2 +-
> grub-core/commands/loadenv.c | 24 +-
> grub-core/commands/ls.c | 8 +-
> grub-core/commands/minicmd.c | 5 +-
> grub-core/commands/nativedisk.c | 3 +-
> grub-core/commands/parttool.c | 2 +-
> grub-core/commands/pgp.c | 1019 +++++++++++++++++++++++++
> grub-core/commands/search.c | 4 +-
> grub-core/commands/test.c | 4 +-
> grub-core/commands/testload.c | 2 +-
> grub-core/commands/testspeed.c | 2 +-
> grub-core/commands/verifiers.c | 228 ++++++
> grub-core/commands/verify.c | 1042
> --------------------------
> grub-core/disk/loopback.c | 3 +-
> grub-core/efiemu/main.c | 2 +-
> grub-core/font/font.c | 4 +-
> grub-core/fs/zfs/zfscrypt.c | 2 +-
> grub-core/gettext/gettext.c | 2 +-
> grub-core/gfxmenu/theme_loader.c | 2 +-
> grub-core/io/bufio.c | 8 +-
> grub-core/io/gzio.c | 5 +-
> grub-core/io/lzopio.c | 6 +-
> grub-core/io/offset.c | 7 +-
> grub-core/io/xzio.c | 6 +-
> grub-core/kern/dl.c | 2 +-
> grub-core/kern/elf.c | 4 +-
> grub-core/kern/file.c | 22 +-
> grub-core/lib/cmdline.c | 9 +-
> grub-core/lib/syslinux_parse.c | 2 +-
> grub-core/loader/arm/linux.c | 8 +-
> grub-core/loader/arm64/linux.c | 10 +-
> grub-core/loader/efi/chainloader.c | 2 +-
> grub-core/loader/i386/bsd.c | 22 +-
> grub-core/loader/i386/coreboot/chainloader.c | 2 +-
> grub-core/loader/i386/linux.c | 18 +-
> grub-core/loader/i386/multiboot_mbi.c | 16 +-
> grub-core/loader/i386/pc/chainloader.c | 4 +-
> grub-core/loader/i386/pc/freedos.c | 2 +-
> grub-core/loader/i386/pc/linux.c | 15 +-
> grub-core/loader/i386/pc/ntldr.c | 2 +-
> grub-core/loader/i386/pc/plan9.c | 13 +-
> grub-core/loader/i386/pc/pxechainloader.c | 2 +-
> grub-core/loader/i386/pc/truecrypt.c | 2 +-
> grub-core/loader/i386/xen.c | 14 +-
> grub-core/loader/i386/xen_file.c | 2 +-
> grub-core/loader/i386/xnu.c | 2 +-
> grub-core/loader/ia64/efi/linux.c | 7 +
> grub-core/loader/linux.c | 6 +-
> grub-core/loader/macho.c | 4 +-
> grub-core/loader/mips/linux.c | 10 +-
> grub-core/loader/multiboot.c | 8 +-
> grub-core/loader/multiboot_mbi2.c | 13 +-
> grub-core/loader/powerpc/ieee1275/linux.c | 5 +-
> grub-core/loader/sparc64/ieee1275/linux.c | 5 +-
> grub-core/loader/xnu.c | 25 +-
> grub-core/loader/xnu_resume.c | 4 +-
> grub-core/normal/autofs.c | 11 +-
> grub-core/normal/crypto.c | 2 +-
> grub-core/normal/dyncmd.c | 2 +-
> grub-core/normal/main.c | 2 +-
> grub-core/normal/term.c | 2 +-
> grub-core/video/readers/jpeg.c | 2 +-
> grub-core/video/readers/png.c | 2 +-
> grub-core/video/readers/tga.c | 2 +-
> include/grub/bufio.h | 6 +-
> include/grub/dl.h | 13 +
> include/grub/elfload.h | 2 +-
> include/grub/file.h | 154 ++--
> include/grub/lib/cmdline.h | 5 +-
> include/grub/list.h | 1 +
> include/grub/machoload.h | 3 +-
> include/grub/verify.h | 78 ++
> util/grub-fstest.c | 6 +-
> util/grub-mount.c | 6 +-
> 88 files changed, 1949 insertions(+), 1282 deletions(-)
>
> Daniel Kiper (5):
> bufio: Use grub_size_t instead of plain int for size
> verifiers: Add possibility to defer verification to other verifiers
> verifiers: Rename verify module to pgp module
> dl: Add support for persistent modules
> efi: Add EFI shim lock verifier
>
> Vladimir Serbinenko (4):
> verifiers: File type for fine-grained signature-verification controlling
> verifiers: Framework core
> verifiers: Add possibility to verify kernel and modules command lines
> verifiers: Add the documentation
>
This version of the patch set looks good to me.
Reviewed-by: Ross Philipson <address@hidden>
- [PATCH v4 0/9] verifiers: Framework and EFI shim lock verifier, Daniel Kiper, 2018/10/30
- [PATCH v4 3/9] verifiers: Framework core, Daniel Kiper, 2018/10/30
- [PATCH v4 6/9] verifiers: Rename verify module to pgp module, Daniel Kiper, 2018/10/30
- [PATCH v4 4/9] verifiers: Add possibility to verify kernel and modules command lines, Daniel Kiper, 2018/10/30
- [PATCH v4 8/9] dl: Add support for persistent modules, Daniel Kiper, 2018/10/30
- [PATCH v4 7/9] verifiers: Add the documentation, Daniel Kiper, 2018/10/30
- [PATCH v4 5/9] verifiers: Add possibility to defer verification to other verifiers, Daniel Kiper, 2018/10/30
- [PATCH v4 1/9] bufio: Use grub_size_t instead of plain int for size, Daniel Kiper, 2018/10/30
- [PATCH v4 2/9] verifiers: File type for fine-grained signature-verification controlling, Daniel Kiper, 2018/10/30
- [PATCH v4 9/9] efi: Add EFI shim lock verifier, Daniel Kiper, 2018/10/30
- Re: [PATCH v4 0/9] verifiers: Framework and EFI shim lock verifier,
Ross Philipson <=