nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0350-docs-grub-Document-signing-grub-under-UEFI.patch

80913e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
80913e
From: Daniel Axtens <dja@axtens.net>
80913e
Date: Sat, 15 Aug 2020 02:00:57 +1000
80913e
Subject: [PATCH] docs/grub: Document signing grub under UEFI
80913e
80913e
Before adding information about how grub is signed with an appended
80913e
signature scheme, it's worth adding some information about how it
80913e
can currently be signed for UEFI.
80913e
80913e
(adjusted from upstream - s/grub/grub2/ in the docs)
80913e
Signed-off-by: Daniel Axtens <dja@axtens.net>
80913e
---
80913e
 docs/grub.texi | 19 ++++++++++++++++++-
80913e
 1 file changed, 18 insertions(+), 1 deletion(-)
80913e
80913e
diff --git a/docs/grub.texi b/docs/grub.texi
b32e65
index fa11cc0af..acace6c07 100644
80913e
--- a/docs/grub.texi
80913e
+++ b/docs/grub.texi
80913e
@@ -5610,6 +5610,7 @@ environment variables and commands are listed in the same order.
80913e
 @menu
80913e
 * Authentication and authorisation:: Users and access control
80913e
 * Using digital signatures::         Booting digitally signed code
80913e
+* Signing GRUB itself::              Ensuring the integrity of the GRUB core image
80913e
 @end menu
80913e
 
80913e
 @node Authentication and authorisation
80913e
@@ -5687,7 +5688,7 @@ commands.
80913e
 
80913e
 GRUB's @file{core.img} can optionally provide enforcement that all files
80913e
 subsequently read from disk are covered by a valid digital signature.
80913e
-This document does @strong{not} cover how to ensure that your
80913e
+This section does @strong{not} cover how to ensure that your
80913e
 platform's firmware (e.g., Coreboot) validates @file{core.img}.
80913e
 
80913e
 If environment variable @code{check_signatures}
80913e
@@ -5772,6 +5773,22 @@ or BIOS) configuration to cause the machine to boot from a different
80913e
 (attacker-controlled) device.  GRUB is at best only one link in a
80913e
 secure boot chain.
80913e
 
80913e
+@node Signing GRUB itself
80913e
+@section Signing GRUB itself
80913e
+
80913e
+To ensure a complete secure-boot chain, there must be a way for the code that
80913e
+loads GRUB to verify the integrity of the core image.
80913e
+
80913e
+This is ultimately platform-specific and individual platforms can define their
80913e
+own mechanisms. However, there are general-purpose mechanisms that can be used
80913e
+with GRUB.
80913e
+
80913e
+@section Signing GRUB for UEFI secure boot
80913e
+
80913e
+On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed
80913e
+with a tool such as @command{pesign} or @command{sbsign}. It will also be
80913e
+necessary to enrol the public key used into a relevant firmware key database.
80913e
+
80913e
 @node Platform limitations
80913e
 @chapter Platform limitations
80913e