signed-boot verify_signature hole?

Brett Grandbois brett.grandbois at opengear.com
Mon Mar 12 11:01:26 AEDT 2018


Hi,

We're looking at adopting the signed-boot system in our platform and 
going through the implementation I've noticed something I need to ask 
the wider community about.  In lib/security/gpg.c in 
gpg_validate_boot_files() the initial commit had this code block:

> +    if (verify_file_signature(kernel_filename,
> +        local_image_signature,
> +        authorized_signatures_handle, "/etc/gpg"))
> +        result = KEXEC_LOAD_SIGNATURE_FAILURE;
> +    if (verify_file_signature(cmdline_template,
> +        local_cmdline_signature,
> +        authorized_signatures_handle, "/etc/gpg"))
> +        result = KEXEC_LOAD_SIGNATURE_FAILURE;

where the following commit that adds in the decryption support removes the:

> result = KEXEC_LOAD_SIGNATURE_FAILURE;
lines to the kernel and command line checks, effectively making them 
irrelevant in the boot_task->verify_signature path?

Is there some other check somewhere else that I've missed?



-- 
Brett Grandbois
Software Engineering
Opengear Inc.
www.opengear.com <http://www.opengear.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/petitboot/attachments/20180312/b72a3641/attachment-0001.html>


More information about the Petitboot mailing list