diff options
author | tpearson@raptorengineering.com <tpearson@raptorengineering.com> | 2016-08-18 04:45:47 -0500 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2016-08-26 13:23:01 +1000 |
commit | 86c9d34380b0074dab1ba89a569a94280d6999c4 (patch) | |
tree | 22cf0cccbd4022d150e231adcb360b3bcf528cda /lib/file/file.h | |
parent | 5496eee36f70631ae45403f90ed7b4dc143f27c0 (diff) | |
download | talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.tar.gz talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.zip |
Add support for GPG signature enforcement on booted
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
Diffstat (limited to 'lib/file/file.h')
-rw-r--r-- | lib/file/file.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/file/file.h b/lib/file/file.h index 8aa7d3c..a2744a0 100644 --- a/lib/file/file.h +++ b/lib/file/file.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2013 Jeremy Kerr <jk@ozlabs.org> + * Copyright (C) 2016 Raptor Engineering, LLC * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,6 +18,8 @@ #ifndef FILE_H #define FILE_H +int copy_file_secure_dest(void *ctx, + const char * source_file, char ** destination_file); int read_file(void *ctx, const char *filename, char **bufp, int *lenp); int replace_file(const char *filename, char *buf, int len); |