[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #56423] module verification falls through to tpm, which approves it

From: Benjamin Doron
Subject: [bug #56423] module verification falls through to tpm, which approves it automatically
Date: Sat, 6 Jul 2019 11:24:52 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36

Follow-up Comment #2, bug #56423 (project grub):

Update: I observe the same behaviour on the 2.04 release, but I think that
I've resolved the issue. Setting check_signatures to "enforce" results in the
expected behaviour (modules load if pgp signed, even with the tpm module

While an argument could be made for treating modules separately to regular
signature verification (i.e, check their signatures even if signatures for
other files aren't being checked), I'd consider this partially resolved. The
bugs that I numbered 2 and 3 still remain, although these possibly are out of
scope of the bug that I filed.

Most importantly, in my opinion, the documentation should be updated to
clarify the standard behaviour here, as others might understand it as I did.
(I could possibly do this.)


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]