tablet/grub - grub - Gitea: Git with a cup of tea.... and pages of fanfiction!

tablet/grub

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sudhakar Kuppusamy	e95c52f1f4	appended signatures: Parse X.509 certificates This code allows us to parse: - X.509 certificates: at least enough to verify the signatures on the PKCS#7 messages. We expect that the certificates embedded in GRUB will be leaf certificates, not CA certificates. The parser enforces this. - X.509 certificates support the Extended Key Usage extension and handle it by verifying that the certificate has a Code Signing usage. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> # EKU support Reported-by: Michal Suchanek <msuchanek@suse.com> # key usage issue Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-10-11 15:36:35 +02:00

Author

SHA1

Message

Date

Sudhakar Kuppusamy

e95c52f1f4

appended signatures: Parse X.509 certificates

This code allows us to parse:

 - X.509 certificates: at least enough to verify the signatures on the PKCS#7
   messages. We expect that the certificates embedded in GRUB will be leaf
   certificates, not CA certificates. The parser enforces this.

 - X.509 certificates support the Extended Key Usage extension and handle it by
   verifying that the certificate has a Code Signing usage.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> # EKU support
Reported-by: Michal Suchanek <msuchanek@suse.com> # key usage issue
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

2025-10-11 15:36:35 +02:00

1 Commits