diff options
| author | tpearson@raptorengineering.com <tpearson@raptorengineering.com> | 2016-08-18 04:45:47 -0500 |
|---|---|---|
| committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2016-08-26 13:23:01 +1000 |
| commit | 86c9d34380b0074dab1ba89a569a94280d6999c4 (patch) | |
| tree | 22cf0cccbd4022d150e231adcb360b3bcf528cda /discover/grub2 | |
| parent | 5496eee36f70631ae45403f90ed7b4dc143f27c0 (diff) | |
| download | talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.tar.gz talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.zip | |
Add support for GPG signature enforcement on booted
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
Diffstat (limited to 'discover/grub2')
| -rw-r--r-- | discover/grub2/builtins.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/discover/grub2/builtins.c b/discover/grub2/builtins.c index 8bff732..c16b639 100644 --- a/discover/grub2/builtins.c +++ b/discover/grub2/builtins.c @@ -6,7 +6,9 @@ #include <types/types.h> #include <talloc/talloc.h> #include <util/util.h> +#include <url/url.h> +#include "discover/resource.h" #include "discover/parser.h" #include "grub2.h" @@ -69,6 +71,12 @@ static int builtin_linux(struct grub2_script *script, opt->option->boot_args = talloc_asprintf_append( opt->option->boot_args, " %s", argv[i]); + + char* args_sigfile_default = talloc_asprintf(opt, + "%s.cmdline.sig", argv[1]); + opt->args_sig_file = create_grub2_resource(opt, script->ctx->device, + root, args_sigfile_default); + talloc_free(args_sigfile_default); return 0; } |
