path: root/ui/common
diff options
mode: <>2016-08-18 04:45:47 -0500
committerSamuel Mendoza-Jonas <>2016-08-26 13:23:01 +1000
commit86c9d34380b0074dab1ba89a569a94280d6999c4 (patch)
tree22cf0cccbd4022d150e231adcb360b3bcf528cda /ui/common
parent5496eee36f70631ae45403f90ed7b4dc143f27c0 (diff)
Add support for GPG signature enforcement on booted
kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson <> Signed-off-by: Samuel Mendoza-Jonas <> (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
Diffstat (limited to 'ui/common')
2 files changed, 2 insertions, 0 deletions
diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c
index 6247dd0..5dbd99b 100644
--- a/ui/common/discover-client.c
+++ b/ui/common/discover-client.c
@@ -312,6 +312,7 @@ static void create_boot_command(struct boot_command *command,
command->initrd_file = data->initrd;
command->dtb_file = data->dtb;
command->boot_args = data->args;
+ command->args_sig_file = data->args_sig_file;
command->tty = ttyname(STDIN_FILENO);
diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h
index 542a275..59d2df9 100644
--- a/ui/common/discover-client.h
+++ b/ui/common/discover-client.h
@@ -11,6 +11,7 @@ struct pb_boot_data {
char *initrd;
char *dtb;
char *args;
+ char *args_sig_file;
OpenPOWER on IntegriCloud