[PATCH 1/2] Add support for GPG signature enforcement on booted
Timothy Pearson
tpearson at raptorengineering.com
Wed Aug 3 13:10:56 AEST 2016
On 08/02/2016 12:33 AM, Jon McCune wrote:
> I think it's also worth noting that GRUB2 has some OpenPGP signature
> verification support:
> https://github.com/jonmccune/grub2/blob/master/grub-core/commands/verify.c
> https://github.com/jonmccune/grub2/blob/master/grub-core/commands/loadenv.c
> https://github.com/jonmccune/grub2/blob/master/docs/grub.texi (search
> for 'detached')
> (I used a github.com <http://github.com> link b/c the
> http://git.savannah.gnu.org/ was reporting errors.)
Yes, GRUB's precendent for using GPG signatures was part of the impetus
for using this method over a different implementation. Another factor
in this decision was the commercial availability of GPG-compatible smart
cards, and the self-contained nature of GPG signatures / encrypted files.
> The implementation in these patches doesn't seem to consider the
> mechanism by which Petitboot discovers its boot options (which is
> actually pretty cute), but that seems to restrict use to kernels with
> their entire kernel command-line compiled in (or allowing perhaps
> unexpected things like init=/bin/bash). Have you considered integrating
> with any bootloader configuration file format?
Very good point. I have added a boot argument verification system to
the updated patchset; right now it's set to look for the signature file
at a specific location (<kernel path + name>.cmdline.sig) but the
implementation could be extended to read a location from the system
configuration files in the future. The user can also edit the location
of this signature file from the user interface, if desired.
--
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
More information about the Petitboot
mailing list