Bug#906124: Another attempt
Vladislav Yarmak
vladislav at vm-0.com
Wed Oct 2 14:27:42 BST 2019
Hello,
Let's make another attempt to fix this.
Last time I submitted patch there was one major problem with it
(apart from less critical ones): if we rely on PGP signature and allow
shim check to be skipped in favour of PGP verification, it is possible
to enable PGP in unsigned config and circumvent shim signature check.
We can put stronger requirement when PGP signature is trustworthy for
kernel verification. Special "tainted" flag can be introduced, which
initially has state "not tainted" and being set to "tainted" when
PGP module has trusted key without verification (due to --skip-sig
option of "trust" command or because enforce mode was not enabled prior
to trusting key).
This flag can be local to PGP module, so we can query it when we need
to know it's state.
What do you think? Is this approach looks sound to you?
--
Best Regards,
Vladislav Yarmak
More information about the Pkg-grub-devel
mailing list