Re: grub-mkstandalone not adding public key

help-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: grub-mkstandalone not adding public key

From:	Andrei Borzenkov
Subject:	Re: grub-mkstandalone not adding public key
Date:	Thu, 28 Sep 2023 20:52:32 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1

On 28.09.2023 17:58, Philip Couling wrote:

I'm having trouble getting grub-mkstandalone to recognise the public key
passed in via --pubkey

According to the documentation, adding --pubkey to grub-mkimage should
imply check_signatures=enforce but this doesn't seem to happen for
grub-mkstandalone. (or does it?).

The documentation doesn't mention what format the public key file should
be.  So I've tried both gpg --export


That is correct

and and gpg --export --armor.  However
when I try the command "list_trusted", I get no results and attempting to
cat a signed file results in an error saying the public key could not be
found.

I'm currently invoking with:

grub-mkstandalone --output=../build/grub/EFI/BOOT/BOOTX64.EFI
--format=x86_64-efi --pubkey=../artefacts/grub.pgp
boot/grub/grub.cfg=./grub.cfg

Any suggestions on what I'm missing?

You need to include pgp module into core. The memory occupied byembedded modules (including public key(s)) is freed after they areprocessed during initialization.

[Prev in Thread]

Current Thread

[Next in Thread]

grub-mkstandalone not adding public key, Philip Couling, 2023/09/28
- Re: grub-mkstandalone not adding public key, Andrei Borzenkov <=

Prev by Date: grub-mkstandalone not adding public key
Previous by thread: grub-mkstandalone not adding public key
Index(es):
- Date
- Thread