[PATCH v2 0/5] Enable savedefault, etc with check

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce

From:	Jon McCune
Subject:	[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce
Date:	Fri, 6 Sep 2013 09:18:48 -0700

These patches add support to load_env and save_env to work nicely
in concert with check_signatures=enforce.  This represents an
evolution from the design in my email to grub-devel entitled
"Proposal to enable savedefault, one-shot reboot, etc with
check_signatures=enforce".  Some additional work is done to make
this support usable: A {-k, --pubkey} option is added to
grub-install, and significant documentation is included.  See the
individual patch descriptions for more specifics.

Jon McCune (5):
  style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c
  load_env support for whitelisting which variables are read
  save_env should work, even if check_signatures=enforce
  Add -k, --pubkey=FILE support to grub-install command
  Additional security-relevant documentation

 docs/grub.texi               | 180 ++++++++++++++++++++++++++++++++++++++++++-
 grub-core/commands/loadenv.c | 171 ++++++++++++++++++++++++++++------------
 util/grub-install.in         |  13 +++-
 util/grub-install_header     |   6 ++
 4 files changed, 316 insertions(+), 54 deletions(-)

-- 
1.8.4

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/5] Enable savedefault, etc with check_signatures=enforce, Jon McCune <=
- [PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c, Jon McCune, 2013/09/06
- [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jon McCune, 2013/09/06
  - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/06
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/07
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/09
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Jonathan McCune, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Vladimir 'φ-coder/phcoder' Serbinenko, 2013/09/19
    - Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce, Andrey Borzenkov, 2013/09/19

Prev by Date: Re: grub2 boot root-on-zfs errors
Next by Date: [PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c
Previous by thread: Re: grub2 boot root-on-zfs errors
Next by thread: [PATCH v2 1/5] style: indent --no-tabs --gnu-style grub-core/commands/loadenv.c
Index(es):
- Date
- Thread