| commit | 5b8d5353950765ae08a22a96deb25354702d313b | |
| author | Daniel Kiper <daniel.kiper@oracle.com> | |
| Wed, 26 Sep 2018 11:17:52 +0000 (26 13:17 +0200) | ||
| committer | Daniel Kiper <daniel.kiper@oracle.com> | |
| Fri, 9 Nov 2018 12:25:31 +0000 (9 13:25 +0100) | ||
| tree | b9f99beccb87929175ac0ebee53a8c1d82b744de | treesnapshot (tar.gz zip) |
| parent | 4d4a8c96e3593d76fe7b025665ccdecc70a53c1f | commitdiff |
verifiers: Add possibility to defer verification to other verifiers
This way if a verifier requires verification of a given file it can defer task
to another verifier (another authority) if it is not able to do it itself. E.g.
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
files. This means that it is not able to verify any of GRUB2 modules which have
to be trusted on UEFI systems with secure boot enabled. So, it can defer
verification to other verifier, e.g. PGP one.
I silently assume that other verifiers are trusted and will do good job for us.
Or at least they will not do any harm.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
This way if a verifier requires verification of a given file it can defer task
to another verifier (another authority) if it is not able to do it itself. E.g.
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
files. This means that it is not able to verify any of GRUB2 modules which have
to be trusted on UEFI systems with secure boot enabled. So, it can defer
verification to other verifier, e.g. PGP one.
I silently assume that other verifiers are trusted and will do good job for us.
Or at least they will not do any harm.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
| grub-core/commands/verifiers.c | diffblobblamehistory | |
| include/grub/verify.h | diffblobblamehistory |