mbox series

[0/7] GRUB: Supporting Secure Boot of xen.gz

Message ID 20240313150748.791236-1-ross.lagerwall@citrix.com (mailing list archive)
Headers show
Series GRUB: Supporting Secure Boot of xen.gz | expand

Message

Ross Lagerwall March 13, 2024, 3:07 p.m. UTC
This patch series implements support for loading and verifying a signed
xen.gz binary. This would allow the same xen.gz binary to be used for
BIOS boot, UEFI boot, and UEFI boot with Secure Boot verification.
There is an accompanying Xen patch series.

The first two patches update the multiboot2 specification with the
necessary changes.

Patches 3 through 5 implement the spec changes.
Patches 6 and 7 are a couple of small changes to allow the Secure Boot
verification to happen.

Ross

Diff stat for 0001 and 0002 (to be applied to  the "multiboot2" branch)
Ross Lagerwall (2):
  multiboot2: Add load type header and support for the PE binary type
  multiboot2: Allow 64-bit entry tags

 doc/multiboot.texi | 71 ++++++++++++++++++++++++++++++++++------------
 doc/multiboot2.h   | 19 ++++++++++++-
 2 files changed, 71 insertions(+), 19 deletions(-)

Diff stat for 0003 to 0007 (to be applied to the "master" branch)
Ross Lagerwall (5):
  multiboot2: Add support for the load type header tag
  multiboot2: Add PE load support
  multiboot2: Add support for 64-bit entry addresses
  efi: Allow loading multiboot modules without verification
  verifiers: Verify after decompression

 grub-core/Makefile.core.def       |   1 +
 grub-core/kern/efi/sb.c           |   1 +
 grub-core/loader/multiboot_mbi2.c |  66 ++-
 grub-core/loader/multiboot_pe.c   | 694 ++++++++++++++++++++++++++++++
 include/grub/efi/pe32.h           |  64 +++
 include/grub/file.h               |   2 +-
 include/grub/multiboot2.h         |   4 +
 include/multiboot2.h              |  19 +-
 8 files changed, 844 insertions(+), 7 deletions(-)
 create mode 100644 grub-core/loader/multiboot_pe.c