97f7001e19
If secure boot is enabled with static key management mode, the trusted certificates will be extracted from the GRUB ELF Note and added to db list. If secure boot is enabled with dynamic key management mode, the trusted certificates and certificate/binary hash will be extracted from the PKS and added to db list. The distrusted certificates, certificate/binary hash are read from the PKS and added to dbx list. Both dbx and db lists usage is added by a subsequent patch. Note: - If db does not exist in the PKS storage, then read the static keys as a db default keys from the GRUB ELF Note and add them into the db list. - If the certificate or the certificate hash exists in the dbx list, then do not add that certificate/certificate hash to the db list. Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. See the file MAINTAINERS for information about the GRUB maintainers, etc. If you found a security vulnerability in the GRUB please check the SECURITY file to get more information how to properly report this kind of bugs to the maintainers. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'