signed-boot verify_signature hole?
Brett Grandbois
brett.grandbois at opengear.com
Mon Mar 12 11:01:26 AEDT 2018
Hi,
We're looking at adopting the signed-boot system in our platform and
going through the implementation I've noticed something I need to ask
the wider community about. In lib/security/gpg.c in
gpg_validate_boot_files() the initial commit had this code block:
> + if (verify_file_signature(kernel_filename,
> + local_image_signature,
> + authorized_signatures_handle, "/etc/gpg"))
> + result = KEXEC_LOAD_SIGNATURE_FAILURE;
> + if (verify_file_signature(cmdline_template,
> + local_cmdline_signature,
> + authorized_signatures_handle, "/etc/gpg"))
> + result = KEXEC_LOAD_SIGNATURE_FAILURE;
where the following commit that adds in the decryption support removes the:
> result = KEXEC_LOAD_SIGNATURE_FAILURE;
lines to the kernel and command line checks, effectively making them
irrelevant in the boot_task->verify_signature path?
Is there some other check somewhere else that I've missed?
--
Brett Grandbois
Software Engineering
Opengear Inc.
www.opengear.com <http://www.opengear.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/petitboot/attachments/20180312/b72a3641/attachment-0001.html>
More information about the Petitboot
mailing list