From 86c9d34380b0074dab1ba89a569a94280d6999c4 Mon Sep 17 00:00:00 2001 From: "tpearson@raptorengineering.com" Date: Thu, 18 Aug 2016 04:45:47 -0500 Subject: Add support for GPG signature enforcement on booted kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson Signed-off-by: Samuel Mendoza-Jonas (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c) --- ui/common/discover-client.c | 1 + ui/common/discover-client.h | 1 + 2 files changed, 2 insertions(+) (limited to 'ui/common') diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index 6247dd0..5dbd99b 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -312,6 +312,7 @@ static void create_boot_command(struct boot_command *command, command->initrd_file = data->initrd; command->dtb_file = data->dtb; command->boot_args = data->args; + command->args_sig_file = data->args_sig_file; command->tty = ttyname(STDIN_FILENO); } diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 542a275..59d2df9 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -11,6 +11,7 @@ struct pb_boot_data { char *initrd; char *dtb; char *args; + char *args_sig_file; }; /** -- cgit v1.2.1