From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 839D8C87FC9 for ; Tue, 29 Jul 2025 14:53:52 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ugli4-0000cf-1q; Tue, 29 Jul 2025 10:53:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uglhh-0008Qt-Dr for grub-devel@gnu.org; Tue, 29 Jul 2025 10:53:21 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uglhd-0007Dh-6c for grub-devel@gnu.org; Tue, 29 Jul 2025 10:53:19 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 56T4YuM1021832; Tue, 29 Jul 2025 14:53:10 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ONim4yrZ6YTPYo5hb EPP/CHunWKuQ4F0/dII41YtSnQ=; b=P1zW5u4zDn/qv2TacjP5K+Om/JEPbBb20 VnpZtCe66d8JNXCdlzoFnwcRjUG0gkg1VGIAKQ/67h2DZZAw/axnfEHymzikNLex l66S01ZWyFSGw68m0F/VRyU2BLK75Tvt9J+z3cC8cNN6HZFrNiUZpVWf+VPQnKn/ VCSeUJtzv8JxDmCD7zx4e3GN6xoCWEEcdaiN116URgKt8B1OUXJZrKS6r7/d7mFB J8uAjX5SM14c3pcRiCZv6gZDY3U/Yo+6ODa+jUA+jn3rp+Fa3CkLnFCQBRBtitrn 0f5Yybmd8wxNBTHNwg+j5P9i+G3TaanTa7FgO8dzMMIJNs/Mx2nig== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 484qemqa51-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 29 Jul 2025 14:53:10 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 56TAoR35028425; Tue, 29 Jul 2025 14:53:09 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 485c22jgue-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 29 Jul 2025 14:53:09 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 56TEr5uX34079270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 29 Jul 2025 14:53:05 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B3E9820043; Tue, 29 Jul 2025 14:53:05 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A8C820040; Tue, 29 Jul 2025 14:53:03 +0000 (GMT) Received: from localhost.localdomain (unknown [9.39.21.169]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 29 Jul 2025 14:53:02 +0000 (GMT) From: Sudhakar Kuppusamy To: grub-devel@gnu.org Cc: dja@axtens.net, jan.setjeeilers@oracle.com, julian.klode@canonical.com, mate.kukri@canonical.com, pjones@redhat.com, msuchanek@suse.com, mlewando@redhat.com, stefanb@linux.ibm.com, avnish@linux.ibm.com, nayna@linux.ibm.com, ssrish@linux.ibm.com, Sudhakar Kuppusamy , Daniel Kiper Subject: [PATCH v6 13/20] appended signatures: Using db and dbx lists for signature verification Date: Tue, 29 Jul 2025 20:21:49 +0530 Message-Id: <20250729145156.3522-14-sudhakar@linux.ibm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250729145156.3522-1-sudhakar@linux.ibm.com> References: <20250729145156.3522-1-sudhakar@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: U8mOpeUfahXIlyKblnvTtDO_6lbQ9-rk X-Proofpoint-GUID: U8mOpeUfahXIlyKblnvTtDO_6lbQ9-rk X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzI5MDExMyBTYWx0ZWRfX8m1/4THkCU8i RNKeIas8CdY9Ddw7MsKtODyiXf3IFjuLYcgCFp0MxF4qZ1POFcx12oUUkFGZwFMGXhN/saSVTW/ +TB/qtebQtxKpHhaVfhWHfvmk8T4kL1M69PEhTovaOulwsBwbBpNaRBLmvOgYH0okOVSrwuWr4v n7prQoll0pff/oAfquTMpJM0OWPmlvvSazT7CsqfB0bb0RQ+O9w6pfIy1N9JjjojmKanWySYk7P wCdLNIDiKo/JeqK6rGjxt2ewUPVcjNr1nM/74DLzNRJlBE6XAmzxDffj8qqWSLWBF4KGkjGiGDm mhtpnLAalDr7Q1sJoPA7uGyy2uGYX/fymeAjBRbM5Q2MGRizKIRCGYQkJt9O/SguDFIQBI707AU Ab7WdjUXB+P93LudmY47butOk4udGApVBtX3HC3PLyv7fU6ijvxKaXBvFTeX+q0AyYXt4BPn X-Authority-Analysis: v=2.4 cv=BJOzrEQG c=1 sm=1 tr=0 ts=6888e056 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=Wb1JkmetP80A:10 a=VnNF1IyMAAAA:8 a=yPCof4ZbAAAA:8 a=BlRlUMKLR4rfvJ7WqM8A:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-07-29_03,2025-07-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 mlxlogscore=999 priorityscore=1501 malwarescore=0 mlxscore=0 bulkscore=0 adultscore=0 clxscore=1015 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2507290113 Received-SPF: pass client-ip=148.163.156.1; envelope-from=sudhakar@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org Sender: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org U2lnbmF0dXJlIHZlcmlmaWNhdGlvbjogdmVyaWZ5IHRoZSBrZXJuZWwgYWdhaW5zdCBsaXN0cyBv ZiBoYXNoZXMKdGhhdCBhcmUgZWl0aGVyIGluIGRieCBvciBkYiBsaXN0LiBJZiBpdCBpcyBub3Qg aW4gdGhlIGRieCBsaXN0CnRoZW4gdGhlIHRydXN0ZWQga2V5cyBmcm9tIHRoZSBkYiBsaXN0IGFy ZSB1c2VkIHRvIHZlcmlmeSB0aGUgc2lnbmF0dXJlLgoKU2lnbmVkLW9mZi1ieTogU3VkaGFrYXIg S3VwcHVzYW15IDxzdWRoYWthckBsaW51eC5pYm0uY29tPgpSZXZpZXdlZC1ieTogU3RlZmFuIEJl cmdlciA8c3RlZmFuYkBsaW51eC5pYm0uY29tPgpSZXZpZXdlZC1ieTogQXZuaXNoIENob3VoYW4g PGF2bmlzaEBsaW51eC5pYm0uY29tPgpSZXZpZXdlZC1ieTogRGFuaWVsIEtpcGVyIDxkYW5pZWwu a2lwZXJAb3JhY2xlLmNvbT4KLS0tCiBncnViLWNvcmUvY29tbWFuZHMvYXBwZW5kZWRzaWcvYXBw ZW5kZWRzaWcuYyB8IDg0ICsrKysrKysrKysrKysrKysrKystCiAxIGZpbGUgY2hhbmdlZCwgODIg aW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9ncnViLWNvcmUvY29t bWFuZHMvYXBwZW5kZWRzaWcvYXBwZW5kZWRzaWcuYyBiL2dydWItY29yZS9jb21tYW5kcy9hcHBl bmRlZHNpZy9hcHBlbmRlZHNpZy5jCmluZGV4IDFlNTYxMGRkZi4uZjY5NmVmNDc2IDEwMDY0NAot LS0gYS9ncnViLWNvcmUvY29tbWFuZHMvYXBwZW5kZWRzaWcvYXBwZW5kZWRzaWcuYworKysgYi9n cnViLWNvcmUvY29tbWFuZHMvYXBwZW5kZWRzaWcvYXBwZW5kZWRzaWcuYwpAQCAtNDYwLDYgKzQ2 MCw3NiBAQCB2ZXJpZnlfc2lnbmF0dXJlIChjb25zdCBnY3J5X21waV90ICpwa21waSwgY29uc3Qg Z2NyeV9tcGlfdCBobXBpLAogICByZXR1cm4gR1JVQl9FUlJfTk9ORTsKIH0KIAorc3RhdGljIGdy dWJfZXJyX3QKK2dldF9iaW5hcnlfaGFzaCAoY29uc3QgZ3J1Yl9zaXplX3QgYmluYXJ5X2hhc2hf c2l6ZSwgY29uc3QgZ3J1Yl91aW50OF90ICpkYXRhLAorICAgICAgICAgICAgICAgICBjb25zdCBn cnViX3NpemVfdCBkYXRhX3NpemUsIGdydWJfdWludDhfdCAqaGFzaCwgZ3J1Yl9zaXplX3QgKmhh c2hfc2l6ZSkKK3sKKyAgZ3J1Yl9wYWNrZWRfZ3VpZF90IGd1aWQgPSB7IDAgfTsKKworICAvKiBz dXBwb3J0IFNIQTI1NiwgU0hBMzg0IGFuZCBTSEE1MTIgZm9yIGJpbmFyeSBoYXNoICovCisgIGlm IChiaW5hcnlfaGFzaF9zaXplID09IDMyKQorICAgIGdydWJfbWVtY3B5ICgmZ3VpZCwgJkdSVUJf UEtTX0NFUlRfU0hBMjU2X0dVSUQsIEdSVUJfUEFDS0VEX0dVSURfU0laRSk7CisgIGVsc2UgaWYg KGJpbmFyeV9oYXNoX3NpemUgPT0gNDgpCisgICAgZ3J1Yl9tZW1jcHkgKCZndWlkLCAmR1JVQl9Q S1NfQ0VSVF9TSEEzODRfR1VJRCwgR1JVQl9QQUNLRURfR1VJRF9TSVpFKTsKKyAgZWxzZSBpZiAo YmluYXJ5X2hhc2hfc2l6ZSA9PSA2NCkKKyAgICBncnViX21lbWNweSAoJmd1aWQsICZHUlVCX1BL U19DRVJUX1NIQTUxMl9HVUlELCBHUlVCX1BBQ0tFRF9HVUlEX1NJWkUpOworICBlbHNlCisgICAg eworICAgICAgZ3J1Yl9kcHJpbnRmICgiYXBwZW5kZWRzaWciLCAidW5zdXBwb3J0ZWQgaGFzaCB0 eXBlICglIiBQUkl1R1JVQl9TSVpFICIpIGFuZCAiCisgICAgICAgICAgICAgICAgICAgICJza2lw cGVkXG4iLCBiaW5hcnlfaGFzaF9zaXplKTsKKyAgICAgIHJldHVybiBHUlVCX0VSUl9VTktOT1dO X0NPTU1BTkQ7CisgICAgfQorCisgIHJldHVybiBnZXRfaGFzaCAoJmd1aWQsIGRhdGEsIGRhdGFf c2l6ZSwgaGFzaCwgaGFzaF9zaXplKTsKK30KKworLyoKKyAqIFZlcmlmeSBiaW5hcnkgaGFzaCBh Z2FpbnN0IHRoZSBkYiBhbmQgZGJ4IGxpc3QuCisgKiBUaGUgZm9sbG93aW5nIGVycm9ycyBjYW4g b2NjdXI6CisgKiAgLSBHUlVCX0VSUl9CQURfU0lHTkFUVVJFOiBpbmRpY2F0ZXMgdGhhdCB0aGUg aGFzaCBpcyBpbiBkYnggbGlzdC4KKyAqICAtIEdSVUJfRVJSX0VPRjogdGhlIGhhc2ggY291bGQg bm90IGJlIGZvdW5kIGluIHRoZSBkYiBhbmQgZGJ4IGxpc3QuCisgKiAgLSBHUlVCX0VSUl9OT05F OiB0aGUgaGFzaCBpcyBmb3VuZCBpbiBkYiBsaXN0LgorICovCitzdGF0aWMgZ3J1Yl9lcnJfdAor dmVyaWZ5X2JpbmFyeV9oYXNoIChjb25zdCBncnViX3VpbnQ4X3QgKmRhdGEsIGNvbnN0IGdydWJf c2l6ZV90IGRhdGFfc2l6ZSkKK3sKKyAgZ3J1Yl9lcnJfdCByYyA9IEdSVUJfRVJSX05PTkU7Cisg IGdydWJfc2l6ZV90IGkgPSAwLCBoYXNoX3NpemUgPSAwOworICBncnViX3VpbnQ4X3QgaGFzaFtH UlVCX01BWF9IQVNIX1NJWkVdID0geyAwIH07CisKKyAgZm9yIChpID0gMDsgaSA8IGRieC5zaWdu YXR1cmVfZW50cmllczsgaSsrKQorICAgIHsKKyAgICAgIHJjID0gZ2V0X2JpbmFyeV9oYXNoIChk Ynguc2lnbmF0dXJlX3NpemVbaV0sIGRhdGEsIGRhdGFfc2l6ZSwgaGFzaCwgJmhhc2hfc2l6ZSk7 CisgICAgICBpZiAocmMgIT0gR1JVQl9FUlJfTk9ORSkKKyAgICAgICAgY29udGludWU7CisKKyAg ICAgIGlmIChoYXNoX3NpemUgPT0gZGJ4LnNpZ25hdHVyZV9zaXplW2ldICYmCisgICAgICAgICAg Z3J1Yl9tZW1jbXAgKGRieC5zaWduYXR1cmVzW2ldLCBoYXNoLCBoYXNoX3NpemUpID09IDApCisg ICAgICAgIHsKKyAgICAgICAgICBncnViX2RwcmludGYgKCJhcHBlbmRlZHNpZyIsICJ0aGUgaGFz aCAoJTAyeCUwMnglMDJ4JTAyeCkgaXMgcHJlc2VudCBpbiB0aGUgZGJ4IGxpc3RcbiIsCisgICAg ICAgICAgICAgICAgICAgICAgICBoYXNoWzBdLCBoYXNoWzFdLCBoYXNoWzJdLCBoYXNoWzNdKTsK KyAgICAgICAgICByZXR1cm4gR1JVQl9FUlJfQkFEX1NJR05BVFVSRTsKKyAgICAgICAgfQorICAg IH0KKworICBmb3IgKGkgPSAwOyBpIDwgZGIuc2lnbmF0dXJlX2VudHJpZXM7IGkrKykKKyAgICB7 CisgICAgICByYyA9IGdldF9iaW5hcnlfaGFzaCAoZGIuc2lnbmF0dXJlX3NpemVbaV0sIGRhdGEs IGRhdGFfc2l6ZSwgaGFzaCwgJmhhc2hfc2l6ZSk7CisgICAgICBpZiAocmMgIT0gR1JVQl9FUlJf Tk9ORSkKKyAgICAgICAgY29udGludWU7CisKKyAgICAgIGlmIChoYXNoX3NpemUgPT0gZGIuc2ln bmF0dXJlX3NpemVbaV0gJiYKKyAgICAgICAgICBncnViX21lbWNtcCAoZGIuc2lnbmF0dXJlc1tp XSwgaGFzaCwgaGFzaF9zaXplKSA9PSAwKQorICAgICAgICB7CisgICAgICAgICAgZ3J1Yl9kcHJp bnRmICgiYXBwZW5kZWRzaWciLCAidmVyaWZpZWQgd2l0aCBhIHRydXN0ZWQgaGFzaCAoJTAyeCUw MnglMDJ4JTAyeClcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICBoYXNoWzBdLCBoYXNoWzFd LCBoYXNoWzJdLCBoYXNoWzNdKTsKKyAgICAgICAgICByZXR1cm4gR1JVQl9FUlJfTk9ORTsKKyAg ICAgICAgfQorICAgIH0KKworICByZXR1cm4gR1JVQl9FUlJfRU9GOworfQorCiBzdGF0aWMgZ3J1 Yl9lcnJfdAogZ3J1Yl92ZXJpZnlfYXBwZW5kZWRfc2lnbmF0dXJlIChjb25zdCBncnViX3VpbnQ4 X3QgKmJ1ZiwgZ3J1Yl9zaXplX3QgYnVmc2l6ZSkKIHsKQEAgLTQ3Miw4ICs1NDIsOCBAQCBncnVi X3ZlcmlmeV9hcHBlbmRlZF9zaWduYXR1cmUgKGNvbnN0IGdydWJfdWludDhfdCAqYnVmLCBncnVi X3NpemVfdCBidWZzaXplKQogICBzdHJ1Y3QgcGtjczdfc2lnbmVySW5mbyAqc2k7CiAgIGludCBp OwogCi0gIGlmICghZGIuY2VydF9lbnRyaWVzKQotICAgIHJldHVybiBncnViX2Vycm9yIChHUlVC X0VSUl9CQURfU0lHTkFUVVJFLCAibm8gdHJ1c3RlZCBrZXlzIHRvIHZlcmlmeSBhZ2FpbnN0Iik7 CisgIGlmICghZGIuY2VydF9lbnRyaWVzICYmICFkYi5zaWduYXR1cmVfZW50cmllcykKKyAgICBy ZXR1cm4gZ3J1Yl9lcnJvciAoR1JVQl9FUlJfQkFEX1NJR05BVFVSRSwgIm5vIHRydXN0ZWQga2V5 cy9oYXNoZXMgdG8gdmVyaWZ5IGFnYWluc3QiKTsKIAogICBlcnIgPSBleHRyYWN0X2FwcGVuZGVk X3NpZ25hdHVyZSAoYnVmLCBidWZzaXplLCAmc2lnKTsKICAgaWYgKGVyciAhPSBHUlVCX0VSUl9O T05FKQpAQCAtNDgyLDYgKzU1MiwxNiBAQCBncnViX3ZlcmlmeV9hcHBlbmRlZF9zaWduYXR1cmUg KGNvbnN0IGdydWJfdWludDhfdCAqYnVmLCBncnViX3NpemVfdCBidWZzaXplKQogICBhcHBlbmRf c2lnX2xlbiA9IHNpZy5zaWduYXR1cmVfbGVuOwogICBkYXRhc2l6ZSA9IGJ1ZnNpemUgLSBzaWcu c2lnbmF0dXJlX2xlbjsKIAorICAvKiBWZXJpZnkgYmluYXJ5IGhhc2ggYWdhaW5zdCB0aGUgZGIg YW5kIGRieCBsaXN0LiAqLworICBlcnIgPSB2ZXJpZnlfYmluYXJ5X2hhc2ggKGJ1ZiwgZGF0YXNp emUpOworICBpZiAoZXJyID09IEdSVUJfRVJSX0JBRF9TSUdOQVRVUkUpCisgICAgeworICAgICAg cGtjczdfc2lnbmVkRGF0YV9yZWxlYXNlICgmc2lnLnBrY3M3KTsKKyAgICAgIHJldHVybiBncnVi X2Vycm9yIChlcnIsCisgICAgICAgICAgICAgICAgICAgICAgICAgImZhaWxlZCB0byB2ZXJpZnkg dGhlIGJpbmFyeSBoYXNoIGFnYWluc3QgYSB0cnVzdGVkIGJpbmFyeSBoYXNoXG4iKTsKKyAgICB9 CisKKyAgLyogVmVyaWZ5IHNpZ25hdHVyZSB1c2luZyB0cnVzdGVkIGtleXMgZnJvbSBkYiBsaXN0 LiAqLwogICBmb3IgKGkgPSAwOyBpIDwgc2lnLnBrY3M3LnNpZ25lckluZm9fY291bnQ7IGkrKykK ICAgICB7CiAgICAgICAvKgotLSAKMi4zOS41IChBcHBsZSBHaXQtMTU0KQoKCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkdydWItZGV2ZWwgbWFpbGluZyBs aXN0CkdydWItZGV2ZWxAZ251Lm9yZwpodHRwczovL2xpc3RzLmdudS5vcmcvbWFpbG1hbi9saXN0 aW5mby9ncnViLWRldmVsCg==