<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi,</p>
    <p>We're looking at adopting the signed-boot system in our platform
      and going through the implementation I've noticed something I need
      to ask the wider community about.  In lib/security/gpg.c in
      gpg_validate_boot_files() the initial commit had this code block:</p>
    <p>
      <blockquote type="cite">+    if
        (verify_file_signature(kernel_filename,<br>
        +        local_image_signature,<br>
        +        authorized_signatures_handle, "/etc/gpg"))<br>
        +        result = KEXEC_LOAD_SIGNATURE_FAILURE;<br>
        +    if (verify_file_signature(cmdline_template,<br>
        +        local_cmdline_signature,<br>
        +        authorized_signatures_handle, "/etc/gpg"))<br>
        +        result = KEXEC_LOAD_SIGNATURE_FAILURE;</blockquote>
    </p>
    <p>where the following commit that adds in the decryption support
      removes the:
      <blockquote type="cite">result = KEXEC_LOAD_SIGNATURE_FAILURE;</blockquote>
      lines to the kernel and command line checks, effectively making
      them irrelevant in the boot_task->verify_signature path?</p>
    <p>Is there some other check somewhere else that I've missed?<br>
    </p>
    <p><br>
    </p>
    <p><br>
    </p>
    <div class="moz-signature">-- <br>
      Brett Grandbois<br>
      Software Engineering<br>
      Opengear Inc.<br>
      <a href="http://www.opengear.com">www.opengear.com</a></div>
  </body>
</html>