signed-boot verify_signature hole?

Brett Grandbois brett.grandbois at
Mon Mar 12 11:01:26 AEDT 2018


We're looking at adopting the signed-boot system in our platform and 
going through the implementation I've noticed something I need to ask 
the wider community about.  In lib/security/gpg.c in 
gpg_validate_boot_files() the initial commit had this code block:

> +    if (verify_file_signature(kernel_filename,
> +        local_image_signature,
> +        authorized_signatures_handle, "/etc/gpg"))
> +    if (verify_file_signature(cmdline_template,
> +        local_cmdline_signature,
> +        authorized_signatures_handle, "/etc/gpg"))

where the following commit that adds in the decryption support removes the:

lines to the kernel and command line checks, effectively making them 
irrelevant in the boot_task->verify_signature path?

Is there some other check somewhere else that I've missed?

Brett Grandbois
Software Engineering
Opengear Inc. <>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Petitboot mailing list