From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4A145C87FC9 for ; Tue, 29 Jul 2025 12:40:23 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ugjck-00045s-92; Tue, 29 Jul 2025 08:40:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ugjbx-0002UC-7c for grub-devel@gnu.org; Tue, 29 Jul 2025 08:39:21 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ugjbn-0003BP-6z for grub-devel@gnu.org; Tue, 29 Jul 2025 08:39:15 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 56T4Z2QH023071; Tue, 29 Jul 2025 12:38:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Q8AqbsiDHVWY4TuBn n/hR5NGhyvM2kRLrjQp9Ong0/U=; b=tL8dRKod3E2MlkP9mwAc9vzcj+sERd+HR BSxUymxjKtMQHPpHsBXb+iAM2I51lkQy3uzR2Fk5CczXiNLh0oImgb9oPRHHYGgM Lq893Cd76ZxxFGZgmeLMRT+gdgAZfVngArCo94VvXp3HS4oZp3IpPdyCCarFkeSk sbuOwsW1PKHwx5puntOFIxwt8mHHqeqSyamAZM62OInzNlF06OVfwXLTT8Bt6r7e x+EpSH19zbmkdEAl7NhzJeVPAQSOiVSzrgcYanKQ839ezLhYrR/iazrys5bUdozt eOmhSV+WkCzjPNwnCqjEx7rNFd2SygfxxTDfWs7+Px/h5HOVq4BbA== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 484qd5emkp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 29 Jul 2025 12:38:59 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 56T9DopN018301; Tue, 29 Jul 2025 12:38:58 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 485abp2c2a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 29 Jul 2025 12:38:58 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 56TCcsIw52101416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 29 Jul 2025 12:38:54 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF5E42004B; Tue, 29 Jul 2025 12:38:54 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 245C220040; Tue, 29 Jul 2025 12:38:52 +0000 (GMT) Received: from localhost.localdomain (unknown [9.39.21.169]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 29 Jul 2025 12:38:51 +0000 (GMT) From: Sudhakar Kuppusamy To: grub-devel@gnu.org Cc: dja@axtens.net, jan.setjeeilers@oracle.com, julian.klode@canonical.com, mate.kukri@canonical.com, pjones@redhat.com, msuchanek@suse.com, mlewando@redhat.com, stefanb@linux.ibm.com, avnish@linux.ibm.com, nayna@linux.ibm.com, ssrish@linux.ibm.com, Sudhakar Kuppusamy , Daniel Kiper Subject: [PATCH v6 13/20] appended signatures: Using db and dbx lists for signature verification Date: Tue, 29 Jul 2025 18:07:02 +0530 Message-Id: <20250729123709.83349-14-sudhakar@linux.ibm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250729123709.83349-1-sudhakar@linux.ibm.com> References: <20250729123709.83349-1-sudhakar@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzI5MDA5NSBTYWx0ZWRfXwdqZHwSEHmZQ VxQqcRJPYFT+y78SGPD9d35y4oGMsVumQyl4Vcx/zeNew5bk33sKLVzrkBKGJyQ+mVAyJ2EnjJL Oc4geRH33s0X131pT7rs3zcXjIq/TcSpUorOffbUF+34NjiLIuGWoGoqObRWFXpMnpoP2Ts3VzL fyMAiheptODf8IEuBout4m+qEMEgGKPRB4hEW2qdMwlFZvhAvDcshuMcpcDrXrcEaexrpghdrvu JUWoP/p3bl0rZc4w9UWnCvl3q4l82rh2S03ZVORskxBwCnoa8Ilxnb0BpQx2oZGZzdPrVL6UZob zCOPAt5vf4MVa7sEPsU3SMUG7STOvyx+LXmwcFByOipvoiIEI32q2krIVZknstA5jQiLD42CweF LY5KHt4TkqpzqNokuE26ZwhdRqrm0NpQ31grDd/kzDopHqx6kDWcevKb3ZhycTphSOyqAwlX X-Proofpoint-ORIG-GUID: Us2-Kit8_rrawAfGEEzUShvHSMWzGT1Q X-Authority-Analysis: v=2.4 cv=B9q50PtM c=1 sm=1 tr=0 ts=6888c0e3 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=Wb1JkmetP80A:10 a=VnNF1IyMAAAA:8 a=yPCof4ZbAAAA:8 a=BlRlUMKLR4rfvJ7WqM8A:9 X-Proofpoint-GUID: Us2-Kit8_rrawAfGEEzUShvHSMWzGT1Q X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-07-29_03,2025-07-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 mlxscore=0 spamscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 impostorscore=0 bulkscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2507290095 Received-SPF: pass client-ip=148.163.158.5; envelope-from=sudhakar@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org Sender: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org U2lnbmF0dXJlIHZlcmlmaWNhdGlvbjogdmVyaWZ5IHRoZSBrZXJuZWwgYWdhaW5zdCBsaXN0cyBv ZiBoYXNoZXMKdGhhdCBhcmUgZWl0aGVyIGluIGRieCBvciBkYiBsaXN0LiBJZiBpdCBpcyBub3Qg aW4gdGhlIGRieCBsaXN0CnRoZW4gdGhlIHRydXN0ZWQga2V5cyBmcm9tIHRoZSBkYiBsaXN0IGFy ZSB1c2VkIHRvIHZlcmlmeSB0aGUgc2lnbmF0dXJlLgoKU2lnbmVkLW9mZi1ieTogU3VkaGFrYXIg S3VwcHVzYW15IDxzdWRoYWthckBsaW51eC5pYm0uY29tPgpSZXZpZXdlZC1ieTogU3RlZmFuIEJl cmdlciA8c3RlZmFuYkBsaW51eC5pYm0uY29tPgpSZXZpZXdlZC1ieTogQXZuaXNoIENob3VoYW4g PGF2bmlzaEBsaW51eC5pYm0uY29tPgpSZXZpZXdlZC1ieTogRGFuaWVsIEtpcGVyIDxkYW5pZWwu a2lwZXJAb3JhY2xlLmNvbT4KLS0tCiBncnViLWNvcmUvY29tbWFuZHMvYXBwZW5kZWRzaWcvYXBw ZW5kZWRzaWcuYyB8IDg0ICsrKysrKysrKysrKysrKysrKystCiAxIGZpbGUgY2hhbmdlZCwgODIg aW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9ncnViLWNvcmUvY29t bWFuZHMvYXBwZW5kZWRzaWcvYXBwZW5kZWRzaWcuYyBiL2dydWItY29yZS9jb21tYW5kcy9hcHBl bmRlZHNpZy9hcHBlbmRlZHNpZy5jCmluZGV4IDFlNTYxMGRkZi4uMmUxOTMxNmY0IDEwMDY0NAot LS0gYS9ncnViLWNvcmUvY29tbWFuZHMvYXBwZW5kZWRzaWcvYXBwZW5kZWRzaWcuYworKysgYi9n cnViLWNvcmUvY29tbWFuZHMvYXBwZW5kZWRzaWcvYXBwZW5kZWRzaWcuYwpAQCAtNDYwLDYgKzQ2 MCw3NiBAQCB2ZXJpZnlfc2lnbmF0dXJlIChjb25zdCBnY3J5X21waV90ICpwa21waSwgY29uc3Qg Z2NyeV9tcGlfdCBobXBpLAogICByZXR1cm4gR1JVQl9FUlJfTk9ORTsKIH0KIAorc3RhdGljIGdy dWJfZXJyX3QKK2dldF9iaW5hcnlfaGFzaCAoY29uc3QgZ3J1Yl9zaXplX3QgYmluYXJ5X2hhc2hf c2l6ZSwgY29uc3QgZ3J1Yl91aW50OF90ICpkYXRhLAorICAgICAgICAgICAgICAgICBjb25zdCBn cnViX3NpemVfdCBkYXRhX3NpemUsIGdydWJfdWludDhfdCAqaGFzaCwgZ3J1Yl9zaXplX3QgKmhh c2hfc2l6ZSkKK3sKKyAgZ3J1Yl9wYWNrZWRfZ3VpZF90IGd1aWQgPSB7IDAgfTsKKworICAvKiBz dXBwb3J0IFNIQTI1NiwgU0hBMzg0IGFuZCBTSEE1MTIgZm9yIGJpbmFyeSBoYXNoICovCisgIGlm IChiaW5hcnlfaGFzaF9zaXplID09IDMyKQorICAgIGdydWJfbWVtY3B5ICgmZ3VpZCwgJkdSVUJf UEtTX0NFUlRfU0hBMjU2X0dVSUQsIEdSVUJfUEFDS0VEX0dVSURfU0laRSk7CisgIGVsc2UgaWYg KGJpbmFyeV9oYXNoX3NpemUgPT0gNDgpCisgICAgZ3J1Yl9tZW1jcHkgKCZndWlkLCAmR1JVQl9Q S1NfQ0VSVF9TSEEzODRfR1VJRCwgR1JVQl9QQUNLRURfR1VJRF9TSVpFKTsKKyAgZWxzZSBpZiAo YmluYXJ5X2hhc2hfc2l6ZSA9PSA2NCkKKyAgICBncnViX21lbWNweSAoJmd1aWQsICZHUlVCX1BL U19DRVJUX1NIQTUxMl9HVUlELCBHUlVCX1BBQ0tFRF9HVUlEX1NJWkUpOworICBlbHNlCisgICAg eworICAgICAgZ3J1Yl9kcHJpbnRmICgiYXBwZW5kZWRzaWciLCAidW5zdXBwb3J0ZWQgaGFzaCB0 eXBlICglIiBQUkl1R1JVQl9TSVpFICIpIGFuZCAiCisgICAgICAgICAgICAgICAgICAgICJza2lw cGVkXG4iLCBiaW5hcnlfaGFzaF9zaXplKTsKKyAgICAgIHJldHVybiBHUlVCX0VSUl9VTktOT1dO X0NPTU1BTkQ7CisgICAgfQorCisgIHJldHVybiBnZXRfaGFzaCAoJmd1aWQsIGRhdGEsIGRhdGFf c2l6ZSwgaGFzaCwgaGFzaF9zaXplKTsKK30KKworLyoKKyAqIFZlcmlmeSBiaW5hcnkgaGFzaCBh Z2FpbnN0IHRoZSBkYiBhbmQgZGJ4IGxpc3QuCisgKiBUaGUgZm9sbG93aW5nIGVycm9ycyBjYW4g b2NjdXI6CisgKiAgLSBHUlVCX0VSUl9CQURfU0lHTkFUVVJFOiBpbmRpY2F0ZXMgdGhhdCB0aGUg aGFzaCBpcyBpbiBkYnggbGlzdC4KKyAqICAtIEdSVUJfRVJSX0VPRjogdGhlIGhhc2ggY291bGQg bm90IGJlIGZvdW5kIGluIHRoZSBkYiBhbmQgZGJ4IGxpc3QuCisgKiAgLSBHUlVCX0VSUl9OT05F OiB0aGUgaGFzaCBpcyBmb3VuZCBpbiBkYiBsaXN0LgorICovCitzdGF0aWMgZ3J1Yl9lcnJfdAor dmVyaWZ5X2JpbmFyeV9oYXNoIChjb25zdCBncnViX3VpbnQ4X3QgKmRhdGEsIGNvbnN0IGdydWJf c2l6ZV90IGRhdGFfc2l6ZSkKK3sKKyAgZ3J1Yl9lcnJfdCByYyA9IEdSVUJfRVJSX05PTkU7Cisg IGdydWJfc2l6ZV90IGkgPSAwLCBoYXNoX3NpemUgPSAwOworICBncnViX3VpbnQ4X3QgaGFzaFtH UlVCX01BWF9IQVNIX1NJWkVdID0geyAwIH07CisKKyAgZm9yIChpID0gMDsgaSA8IGRieC5zaWdu YXR1cmVfZW50cmllczsgaSsrKQorICAgIHsKKyAgICAgIHJjID0gZ2V0X2JpbmFyeV9oYXNoIChk Ynguc2lnbmF0dXJlX3NpemVbaV0sIGRhdGEsIGRhdGFfc2l6ZSwgaGFzaCwgJmhhc2hfc2l6ZSk7 CisgICAgICBpZiAocmMgIT0gR1JVQl9FUlJfTk9ORSkKKyAgICAgICAgY29udGludWU7CisKKyAg ICAgIGlmIChoYXNoX3NpemUgPT0gZGJ4LnNpZ25hdHVyZV9zaXplW2ldICYmCisgICAgICAgICAg Z3J1Yl9tZW1jbXAgKGRieC5zaWduYXR1cmVzW2ldLCBoYXNoLCBoYXNoX3NpemUpID09IDApCisg ICAgICAgIHsKKyAgICAgICAgICBncnViX2RwcmludGYgKCJhcHBlbmRlZHNpZyIsICJ0aGUgaGFz aCAoJTAyeCUwMnglMDJ4JTAyeCkgaXMgcHJlc2VudCBpbiB0aGUgZGJ4IGxpc3RcbiIsCisgICAg ICAgICAgICAgICAgICAgICAgICBoYXNoWzBdLCBoYXNoWzFdLCBoYXNoWzJdLCBoYXNoWzNdKTsK KyAgICAgICAgICByZXR1cm4gR1JVQl9FUlJfQkFEX1NJR05BVFVSRTsKKyAgICAgICAgfQorICAg IH0KKworICBmb3IgKGkgPSAwOyBpIDwgZGIuc2lnbmF0dXJlX2VudHJpZXM7IGkrKykKKyAgICB7 CisgICAgICByYyA9IGdldF9iaW5hcnlfaGFzaCAoZGIuc2lnbmF0dXJlX3NpemVbaV0sIGRhdGEs IGRhdGFfc2l6ZSwgaGFzaCwgJmhhc2hfc2l6ZSk7CisgICAgICBpZiAocmMgIT0gR1JVQl9FUlJf Tk9ORSkKKyAgICAgICAgY29udGludWU7CisKKyAgICAgIGlmIChoYXNoX3NpemUgPT0gZGIuc2ln bmF0dXJlX3NpemVbaV0gJiYKKyAgICAgICAgICBncnViX21lbWNtcCAoZGIuc2lnbmF0dXJlc1tp XSwgaGFzaCwgaGFzaF9zaXplKSA9PSAwKQorICAgICAgICB7CisgICAgICAgICAgZ3J1Yl9kcHJp bnRmICgiYXBwZW5kZWRzaWciLCAidmVyaWZpZWQgd2l0aCBhIHRydXN0ZWQgaGFzaCAoJTAyeCUw MnglMDJ4JTAyeClcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICBoYXNoWzBdLCBoYXNoWzFd LCBoYXNoWzJdLCBoYXNoWzNdKTsKKyAgICAgICAgICByZXR1cm4gR1JVQl9FUlJfTk9ORTsKKyAg ICAgICAgfQorICAgIH0KKworICByZXR1cm4gR1JVQl9FUlJfRU9GOworfQorCiBzdGF0aWMgZ3J1 Yl9lcnJfdAogZ3J1Yl92ZXJpZnlfYXBwZW5kZWRfc2lnbmF0dXJlIChjb25zdCBncnViX3VpbnQ4 X3QgKmJ1ZiwgZ3J1Yl9zaXplX3QgYnVmc2l6ZSkKIHsKQEAgLTQ3Miw4ICs1NDIsOCBAQCBncnVi X3ZlcmlmeV9hcHBlbmRlZF9zaWduYXR1cmUgKGNvbnN0IGdydWJfdWludDhfdCAqYnVmLCBncnVi X3NpemVfdCBidWZzaXplKQogICBzdHJ1Y3QgcGtjczdfc2lnbmVySW5mbyAqc2k7CiAgIGludCBp OwogCi0gIGlmICghZGIuY2VydF9lbnRyaWVzKQotICAgIHJldHVybiBncnViX2Vycm9yIChHUlVC X0VSUl9CQURfU0lHTkFUVVJFLCAibm8gdHJ1c3RlZCBrZXlzIHRvIHZlcmlmeSBhZ2FpbnN0Iik7 CisgIGlmICghZGIuY2VydF9lbnRyaWVzICYmICFkYi5zaWduYXR1cmVfZW50cmllcykKKyAgICBy ZXR1cm4gZ3J1Yl9lcnJvciAoR1JVQl9FUlJfQkFEX1NJR05BVFVSRSwgIm5vIHRydXN0ZWQga2V5 cy9oYXNoZXMgdG8gdmVyaWZ5IGFnYWluc3QiKTsKIAogICBlcnIgPSBleHRyYWN0X2FwcGVuZGVk X3NpZ25hdHVyZSAoYnVmLCBidWZzaXplLCAmc2lnKTsKICAgaWYgKGVyciAhPSBHUlVCX0VSUl9O T05FKQpAQCAtNDgyLDYgKzU1MiwxNiBAQCBncnViX3ZlcmlmeV9hcHBlbmRlZF9zaWduYXR1cmUg KGNvbnN0IGdydWJfdWludDhfdCAqYnVmLCBncnViX3NpemVfdCBidWZzaXplKQogICBhcHBlbmRf c2lnX2xlbiA9IHNpZy5zaWduYXR1cmVfbGVuOwogICBkYXRhc2l6ZSA9IGJ1ZnNpemUgLSBzaWcu c2lnbmF0dXJlX2xlbjsKIAorICAvKiBWZXJpZnkgYmluYXJ5IGhhc2ggYWdhaW5zdCB0aGUgZGIg YW5kIGRieCBsaXN0LiAqLworICBlcnIgPSB2ZXJpZnlfYmluYXJ5X2hhc2ggKGJ1ZiwgZGF0YXNp emUpOworICBpZiAoZXJyID09IEdSVUJfRVJSX0JBRF9TSUdOQVRVUkUpCisgICAgeworICAgICAg cGtjczdfc2lnbmVkRGF0YV9yZWxlYXNlICgmc2lnLnBrY3M3KTsKKyAgICAgIHJldHVybiBncnVi X2Vycm9yIChlcnIsCisgICAgICAgICAgICAgICAgICAgICAgICAgImZhaWxlZCB0byB2ZXJpZnkg dGhlIGJpbmFyeSBoYXNoLCBhcyBpdCBpcyBwcmVzZW50IGluIHRoZSBkYnggbGlzdFxuIik7Cisg ICAgfQorCisgIC8qIFZlcmlmeSBzaWduYXR1cmUgdXNpbmcgdHJ1c3RlZCBrZXlzIGZyb20gZGIg bGlzdC4gKi8KICAgZm9yIChpID0gMDsgaSA8IHNpZy5wa2NzNy5zaWduZXJJbmZvX2NvdW50OyBp KyspCiAgICAgewogICAgICAgLyoKLS0gCjIuMzkuNSAoQXBwbGUgR2l0LTE1NCkKCgpfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpHcnViLWRldmVsIG1haWxp bmcgbGlzdApHcnViLWRldmVsQGdudS5vcmcKaHR0cHM6Ly9saXN0cy5nbnUub3JnL21haWxtYW4v bGlzdGluZm8vZ3J1Yi1kZXZlbAo=