| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the GRUB2 parser incorrectly reports "[ -f <path> ]" as
false if the size of the file is above 1 MB. This patch changes the
parser interface to allow stating files (with parser_stat_file). Then
in the implementation of "[ -f <path> ]", we can use parser_stat_file
instead of parser_request_file which has the size limitation. I
eliminate parser_check_dir in lieu of this new interface, which has
the side effect of making "[ -d <path> ]" work (the error code for
stat was not checked correctly before).
I add a basic test for the test file operations -f, -s, and -d (to
show that my changes to test file operations do not break them) and
minorly modify the test framework to ensure it has enough fidelity to
cause the expected results. Unfortunately the test wouldn't have
caught the issue with -d, since the test framework stubs out the
parser interface itself. Nor can the test framework catch the initial
problem with -f because the imposed limit is (transitively) in
function parser_request_file.
Note that -f and -d follow symlinks despite the fact that GRUB does
not (see
http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00142.html
discussing GRUB's behavior). This is not a change to Petitboot's
behavior though.
Tested:
The test test-grub2-test-file-ops passes. I booted Petitboot against
a GRUB snippet:
status=success
if [ ! -f /large_file -a $status = success ]
then status=fail_large_file
fi
if [ ! -d /a_directory -a $status = success ]
then status=fail_dir
fi
menuentry $status {
linux /vmlinux
}
(after making /large_file a file of size > 1 MiB and /a_directory a
directory) and the menuentry had title "success", as desired.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a function to the parser API:
int parser_check_dir(struct discover_context *ctx,
struct discover_device *dev, const char *dirname)
- which allows parsers to check for the presence of a directory (path of
'dirname') on the device ('dev'). We use this in the GRUB2 parser to
implement the `test -d` check.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Implement -s and -f checks for grub, and test with the standard GRUB2
saved_default config.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
This change groups the offsetof, container_of and ARRAY_SIZE macros in a
single header file util/util.h.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Use the new parser_request_file API to access the GRUB environment
block.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
| |
A faily simple implementation now, and could do with some testing...
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
| |
For user-defined functions, we'll need a data pointer to the function's
execution callback. Add this as a void *, and change references from
'command' to 'function'.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
.. with a simple 'set' command to update the environment
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
