From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 54770C83F12 for ; Wed, 9 Jul 2025 11:50:04 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uZTID-0006E6-2T; Wed, 09 Jul 2025 07:48:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uZTHZ-00065O-Ec for grub-devel@gnu.org; Wed, 09 Jul 2025 07:48:26 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uZTHP-0006pA-Qy for grub-devel@gnu.org; Wed, 09 Jul 2025 07:48:11 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5697UTjW003516; Wed, 9 Jul 2025 11:47:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=VQIIv44g8oPlJvzt0 X50y3vF/lU4ZCOSZyqO7S9dnx8=; b=aZby/pIjDT9/8UeD/cx4XqV7L4u52ApaX hqJysy0jf16VTNdvPkAyViSY1KEr1s73c6Bht3xAjqHk5BQMIf/TfBbXzN8aD6GE 74Lco3kPlqIUYEc8GXVxAnEBp/a8Ss+FKLbyPmbDAxj2m4b2DbGGH6SN1+YWmzO/ UZPHnrDW6ZGG6cbHWVTQVRtB17/3C/zlUWxbaasezRt1RxRi96hL3vcsjM/N2rwY +vTDsXAa/W6G+aRZNqFf6Q9m3aNtwBBZn1YQAqAXyooPynT00EvEm4M8Fcy5GMLK LVl39+Iy0xMoBSQ8B3W1//Vf029geRAmCsZASDrVjPRE/xmtu1qaw== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47puk462a5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Jul 2025 11:47:58 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 5698U7xE024678; Wed, 9 Jul 2025 11:47:57 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 47qh32fnt0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Jul 2025 11:47:56 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 569BlrBG45416894 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 9 Jul 2025 11:47:53 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6DE462004E; Wed, 9 Jul 2025 11:47:53 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E83902004B; Wed, 9 Jul 2025 11:47:50 +0000 (GMT) Received: from localhost.localdomain (unknown [9.39.27.9]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 9 Jul 2025 11:47:50 +0000 (GMT) From: Sudhakar Kuppusamy To: grub-devel@gnu.org Cc: jan.setjeeilers@oracle.com, julian.klode@canonical.com, mate.kukri@canonical.com, pjones@redhat.com, msuchanek@suse.com, mlewando@redhat.com, nayna@linux.ibm.com, ltcgcw@linux.vnet.ibm.com, ssrish@linux.ibm.com, stefanb@linux.ibm.com, avnish@linux.ibm.com, Sudhakar Kuppusamy , dja@axtens.net Subject: [PATCH v4 03/23] docs/grub: Document signing GRUB with an appended signature Date: Wed, 9 Jul 2025 17:15:20 +0530 Message-Id: <20250709114540.58608-4-sudhakar@linux.ibm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250709114540.58608-1-sudhakar@linux.ibm.com> References: <20250709114540.58608-1-sudhakar@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzA5MDEwNiBTYWx0ZWRfX/zZMgUusHlE7 VzTHXu/mc4YrPAHY3O0ME4PQ8od6vcqKlnWXBSdeR3+Ac2I0aEB0X1Nuwf6IG4g3mj9als9zmao kuQF5bY/VEAFQjDHe3jTjOd+ujdN9UUUmaTSSkAxJ4i38b/tM8FKRKC9Mh5j/sRCZDFWh60IWMQ IIA7NKtTFiM/dIxq6ysJcGZbMIReFoSI+1JozLsFA0dvbsRuRFC21XXyRRC6CxfFdnUkrGF3faX 0VilWO+Q8976sxhK0j9E+IRrOI0G5gWC/DbGGYON6ZxgcAA3TF/+iDrXQHxkifjCqIbmTD8cVnB 0Co57r4YFMPE72/z9ZNcwEvNJobilDs7v3poXurxW7oihwiSOxZdHapm9rfs6d1CKSY8ysLyK3p 6JwvZEeGgy95l8zm/021F3k/iutImz4KtvHZQ7fCK86gAEsNnjYaAvhHF9HdFU6+Agefa/K/ X-Authority-Analysis: v=2.4 cv=XYeJzJ55 c=1 sm=1 tr=0 ts=686e56ee cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Wb1JkmetP80A:10 a=JuTF4qcAAAAA:8 a=VnNF1IyMAAAA:8 a=BlRlUMKLR4rfvJ7WqM8A:9 a=WlT8qwTXB_Kj6um4hl3b:22 X-Proofpoint-ORIG-GUID: -TGecNhO3Do4_aqK6dh0nEm4y4tEsxox X-Proofpoint-GUID: -TGecNhO3Do4_aqK6dh0nEm4y4tEsxox X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-07-09_02,2025-07-08_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 lowpriorityscore=0 adultscore=0 priorityscore=1501 suspectscore=0 mlxscore=0 impostorscore=0 phishscore=0 bulkscore=0 clxscore=1015 spamscore=0 mlxlogscore=999 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2507090106 Received-SPF: pass client-ip=148.163.156.1; envelope-from=sudhakar@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org Sender: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org U2lnbmluZyBHUlVCIGZvciBmaXJtd2FyZSB0aGF0IHZlcmlmaWVzIGFuIGFwcGVuZGVkIHNpZ25h dHVyZSBpcyBhCmJpdCBmaWRkbHkuIEkgZG9uJ3Qgd2FudCBwZW9wbGUgdG8gaGF2ZSB0byBmaWd1 cmUgaXQgb3V0IGZyb20gc2NyYXRjaApzbyBkb2N1bWVudCBpdCBoZXJlLgoKU2lnbmVkLW9mZi1i eTogRGFuaWVsIEF4dGVucyA8ZGphQGF4dGVucy5uZXQ+ClNpZ25lZC1vZmYtYnk6IFN1ZGhha2Fy IEt1cHB1c2FteSA8c3VkaGFrYXJAbGludXguaWJtLmNvbT4KUmV2aWV3ZWQtYnk6IFN0ZWZhbiBC ZXJnZXIgPHN0ZWZhbmJAbGludXguaWJtLmNvbT4KUmV2aWV3ZWQtYnk6IEF2bmlzaCBDaG91aGFu IDxhdm5pc2hAbGludXguaWJtLmNvbT4KLS0tCiBkb2NzL2dydWIudGV4aSB8IDg2ICsrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrCiAxIGZpbGUgY2hhbmdl ZCwgODYgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL2RvY3MvZ3J1Yi50ZXhpIGIvZG9jcy9n cnViLnRleGkKaW5kZXggMzIwZmEyMTI0Li5kNTk0ZTI5YmQgMTAwNjQ0Ci0tLSBhL2RvY3MvZ3J1 Yi50ZXhpCisrKyBiL2RvY3MvZ3J1Yi50ZXhpCkBAIC05Mzc5LDYgKzkzNzksOTIgQEAgaW1hZ2Ug d29ya3MgdW5kZXIgVUVGSSBzZWN1cmUgYm9vdCBhbmQgY2FuIG1haW50YWluIHRoZSBzZWN1cmUt Ym9vdCBjaGFpbi4gSXQKIHdpbGwgYWxzbyBiZSBuZWNlc3NhcnkgdG8gZW5yb2xsIHRoZSBwdWJs aWMga2V5IHVzZWQgaW50byBhIHJlbGV2YW50IGZpcm13YXJlCiBrZXkgZGF0YWJhc2UuCiAKK0Bz ZWN0aW9uIFNpZ25pbmcgR1JVQiB3aXRoIGFuIGFwcGVuZGVkIHNpZ25hdHVyZQorVGhlIEBmaWxl e2NvcmUuaW1nfSBpdHNlbGYgY2FuIGJlIHNpZ25lZCB3aXRoIGEgTGludXgga2VybmVsIG1vZHVs ZS1zdHlsZQorYXBwZW5kZWQgc2lnbmF0dXJlLgorVG8gc3VwcG9ydCBJRUVFMTI3NSBwbGF0Zm9y bXMgd2hlcmUgdGhlIGJvb3QgaW1hZ2UgaXMgb2Z0ZW4gbG9hZGVkIGRpcmVjdGx5Citmcm9tIGEg ZGlzayBwYXJ0aXRpb24gcmF0aGVyIHRoYW4gZnJvbSBhIGZpbGUgc3lzdGVtLCB0aGUgQGZpbGV7 Y29yZS5pbWd9CitjYW4gc3BlY2lmeSB0aGUgc2l6ZSBhbmQgbG9jYXRpb24gb2YgdGhlIGFwcGVu ZGVkIHNpZ25hdHVyZSB3aXRoIGFuIEVMRgorbm90ZSBhZGRlZCBieSBAY29tbWFuZHtncnViLWlu c3RhbGx9LgorQW4gaW1hZ2UgY2FuIGJlIHNpZ25lZCB0aGlzIHdheSB1c2luZyB0aGUgQGNvbW1h bmR7c2lnbi1maWxlfSBjb21tYW5kIGZyb20KK3RoZSBMaW51eCBrZXJuZWw6CitAZXhhbXBsZQor QGdyb3VwCisjIFNpZ25pbmcgYSBHUlVCIGltYWdlIHdpdGggb25seSBvbmUgc2lnbmVyIGtleSBp biB0aGUgYXBwZW5kZWQgc2lnbmF0dXJlOgorIyBUaGUgZ3J1Yi5rZXkgaXMgeW91ciBwcml2YXRl IGtleSBhbmQgY2VydGlmaWNhdGUuZGVyIGlzIHlvdXIgR1JVQiBzaWduaW5nIHB1YmxpYyBrZXkK KyMga2VybmVsLmRlciBpcyB5b3VyIGtlcm5lbCBzaWduaW5nIHB1YmxpYyBrZXkuCisjCisjIERl dGVybWluZSB0aGUgc2l6ZSBvZiB0aGUgYXBwZW5kZWQgc2lnbmF0dXJlLiBJdCBkZXBlbmRzIG9u IHRoZSBzaWduaW5nIGNlcnRpZmljYXRlCisjIGFuZCB0aGUgaGFzaCBhbGdvcml0aG0uCisjCisj IFNpZ25pbmcgdGhlIC9kZXYvbnVsbCB3aXRoIGFuIGFwcGVuZGVkIHNpZ25hdHVyZS4KKworc2ln bi1maWxlIFNIQTI1NiBncnViLmtleSBjZXJ0aWZpY2F0ZS5kZXIgL2Rldi9udWxsIC9kZXYvZW1w dHkuc2lnCisKKyMgR2V0IHRoZSBzaXplIG9mIHRoZSBzaWduYXR1cmUuCisKK0VNUFRZX1NJR19T SVpFPWBzdGF0IC1jICclcycgL2Rldi9lbXB0eS5zaWdgCisKKyMgUmVtb3ZlIHRoZSBlbXB0eSBm aWxlcy4KKworcm0gLXJmIC9kZXYvZW1wdHkuc2lnCisKKyMgQnVpbGQgYSBHUlVCIGltYWdlIHdp dGggJEVNUFRZX1NJR19TSVpFIHJlc2VydmVkIGZvciB0aGUgc2lnbmF0dXJlLgorCitncnViLWlu c3RhbGwgLS1hcHBlbmRlZC1zaWduYXR1cmUtc2l6ZSAkRU1QVFlfU0lHX1NJWkUgLS1tb2R1bGVz PSJhcHBlbmRlZHNpZyAuLi4iIC4uLgorICAgICAgICAgICAgICAgICAgICAgIG9yCitncnViLW1r aW1hZ2UgLU8gcG93ZXJwYy1pZWVlMTI3NSAtbyBjb3JlLmVsZi51bnNpZ25lZCAteCBrZXJuZWwu ZGVyIC1wIC9ncnViMiBcCistLWFwcGVuZGVkLXNpZ25hdHVyZS1zaXplICRFTVBUWV9TSUdfU0la RSAtLW1vZHVsZXM9ImFwcGVuZGVkc2lnIC4uLiIgLi4uCisKKyMgU2lnbmluZyBhIEdSVUIgaW1h Z2Ugd2l0aCBhbiBhcHBlbmRlZCBzaWduYXR1cmUuCisKK3NpZ24tZmlsZSBTSEEyNTYgZ3J1Yi5r ZXkgY2VydGlmaWNhdGUuZGVyIGNvcmUuZWxmLnVuc2lnbmVkIGNvcmUuZWxmLnNpZ25lZAorCisj CisjIFNpZ25pbmcgYSBHUlVCIGltYWdlIHdpdGggbW9yZSB0aGFuIG9uZSBzaWduZXIga2V5IGlu IHRoZSBhcHBlbmRlZCBzaWduYXR1cmU6CisjIFRoZSBncnViMS5rZXkgYW5kIGdydWIyLmtleSBh cmUgeW91ciBwcml2YXRlIGtleXMsIGNlcnRpZmljYXRlMS5kZXIgYW5kIGNlcnRpZmljYXRlMi5k ZXIKKyMgYXJlIHlvdXIgR1JVQiBzaWduaW5nIHB1YmxpYyBrZXlzLiBrZXJuZWwuZGVyIGFuZCBL ZXJuZWwyLmRlciBhcmUgeW91ciBrZXJuZWwgc2lnbmluZyBwdWJsaWMga2V5LgorCisjIEdlbmVy YXRlIGEgcmF3IHNpZ25hdHVyZSBmb3IgL2Rldi9udWxsIHNpZ25pbmcgdXNpbmcgT3BlblNTTC4K Kworb3BlbnNzbCBjbXMgLXNpZ24gLWJpbmFyeSAtbm9jZXJ0cyAtaW4gL2Rldi9udWxsIC1zaWdu ZXIgY2VydGlmaWNhdGUxLnBlbSAtaW5rZXkgZ3J1YjEua2V5IFwKKy1zaWduZXIgY2VydGlmaWNh dGUyLnBlbSAtaW5rZXkgZ3J1YjIua2V5IC1vdXQgL2Rldi9lbXB0eS5wN3MgLW91dGZvcm0gREVS IC1ub2F0dHIgLW1kIHNoYTI1NgorCisjIFNpZ25pbmcgdGhlIC9kZXYvbnVsbCB3aXRoIGFuIGFw cGVuZGVkIHNpZ25hdHVyZS4KKworc2lnbi1maWxlIC1zIC9kZXYvZW1wdHkucDdzIHNoYTI1NiAv ZGV2L251bGwgL2Rldi9udWxsIC9kZXYvZW1wdHkuc2lnbmVkCisKKyMgR2V0IHRoZSBzaXplIG9m IHRoZSBzaWduYXR1cmUuCisKK0VNUFRZX1NJR19TSVpFPWBzdGF0IC1jICclcycgL2Rldi9lbXB0 eS5zaWduZWRgCisKKyMgUmVtb3ZlIHRoZSBlbXB0eSBmaWxlcy4KKworcm0gLXJmIC9kZXYvZW1w dHkuc2lnbmVkIC9kZXYvZW1wdHkucDdzCisKKyMgQnVpbGQgYSBHUlVCIGltYWdlIHdpdGggJEVN UFRZX1NJR19TSVpFIHJlc2VydmVkIGZvciB0aGUgc2lnbmF0dXJlLgorCitncnViLWluc3RhbGwg LS1hcHBlbmRlZC1zaWduYXR1cmUtc2l6ZSAkRU1QVFlfU0lHX1NJWkUgLS1tb2R1bGVzPSJhcHBl bmRlZHNpZyAuLi4iIC4uLgorICAgICAgICAgICAgICAgICAgICAgICAgIG9yCitncnViLW1raW1h Z2UgLU8gcG93ZXJwYy1pZWVlMTI3NSAtbyBjb3JlLmVsZi51bnNpZ25lZCAteCBrZXJuZWwuZGVy IC1wIC9ncnViMiBcCistLWFwcGVuZGVkLXNpZ25hdHVyZS1zaXplICRFTVBUWV9TSUdfU0laRSAt LW1vZHVsZXM9ImFwcGVuZGVkc2lnIC4uLiIgLi4uCisKKyMgR2VuZXJhdGUgYSByYXcgc2lnbmF0 dXJlIGZvciBHUlVCIGltYWdlIHNpZ25pbmcgdXNpbmcgT3BlblNTTC4KKworb3BlbnNzbCBjbXMg LXNpZ24gLWJpbmFyeSAtbm9jZXJ0cyAtaW4gY29yZS5lbGYudW5zaWduZWQgLXNpZ25lciBjZXJ0 aWZpY2F0ZS5wZW0gXAorLWlua2V5IGdydWIua2V5IC1zaWduZXIgY2VydGlmaWNhdGUxLnBlbSAt aW5rZXkgZ3J1YjEua2V5IC1vdXQgY29yZS5wN3MgLW91dGZvcm0gREVSIC1ub2F0dHIgLW1kIHNo YTI1NgorCisjIFNpZ25pbmcgYSBHUlVCIGltYWdlIHdpdGggYW4gYXBwZW5kZWQgc2lnbmF0dXJl LgorCitzaWduLWZpbGUgLXMgY29yZS5wN3Mgc2hhMjU2IC9kZXYvbnVsbCBjb3JlLmVsZi51bnNp Z25lZCBjb3JlLmVsZi5zaWduZWQKKworIyBEb24ndCBmb3JnZXQgdG8gaW5zdGFsbCB0aGUgc2ln bmVkIGltYWdlIGFzIHJlcXVpcmVkIChlLmcuIG9uIHBvd2VycGMtaWVlZTEyNzUsIHRvIHRoZSBQ UmVQIHBhcnRpdGlvbikKKworQGVuZCBncm91cAorQGVuZCBleGFtcGxlCitBcyB3aXRoIFVFRkkg c2VjdXJlIGJvb3QsIGl0IGlzIG5lY2Vzc2FyeSB0byBidWlsZC1pbiB0aGUgcmVxdWlyZWQgbW9k dWxlcywKK29yIHNpZ24gdGhlbSBzZXBhcmF0ZWx5LgorCiBAbm9kZSBQbGF0Zm9ybSBsaW1pdGF0 aW9ucwogQGNoYXB0ZXIgUGxhdGZvcm0gbGltaXRhdGlvbnMKIAotLSAKMi4zOS41IChBcHBsZSBH aXQtMTU0KQoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f CkdydWItZGV2ZWwgbWFpbGluZyBsaXN0CkdydWItZGV2ZWxAZ251Lm9yZwpodHRwczovL2xpc3Rz LmdudS5vcmcvbWFpbG1hbi9saXN0aW5mby9ncnViLWRldmVsCg==