git.ipfire.org Git - thirdparty/grub.git/commit

author	Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
	Mon, 6 Oct 2025 07:25:00 +0000 (12:55 +0530)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Sat, 11 Oct 2025 13:36:53 +0000 (15:36 +0200)
commit	6cb58b1c9e045c1ecf89e09592f9dabbdd4fd1a6
tree	13f7b6fde98f15f9dd8dc2d30e709b65c2d1b11e	tree \| snapshot
parent	ab7b1771784052417654cab1f34eff00f1839397	commit \| diff

appended signatures: GRUB commands to manage the certificates

Introducing the following GRUB commands to manage the certificates.

1. append_list_db:
      Show the list of trusted certificates from the db list
2. append_add_db_cert:
      Add the trusted certificate to the db list
3. append_add_dbx_cert:
      Add the distrusted certificate to the dbx list
4. append_verify:
      Verify the signed file using db list

Note that if signature verification (check_appended_signatures) is set to yes,
the append_add_db_cert and append_add_dbx_cert commands only accept the file
‘X509_certificate’ that is signed with an appended signature.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Tested-by: Sridhar Markonda <sridharm@linux.ibm.com>
Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>