Overview

File 0015-powerpc_ieee1275-Introduce-use_static_keys-flag.patch of Package grub2

From 8121618084abb8d8a763fef1418be00d4a4d38bb Mon Sep 17 00:00:00 2001
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date: Mon, 25 Aug 2025 16:38:37 +0530
Subject: [PATCH 15/18] powerpc_ieee1275: Introduce use_static_keys flag

Introduce the use_static_keys flag to indicate that static keys are to be used
rather than keys from the PKS storage's db variable. This flag is set when
Secure Boot is enabled with PKS but the db variable is not present in the PKS storage.
The appendedsig module would use this flag to extract the static keys from
the GRUB ELF Note and stored in the db list.

Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 .../kern/powerpc/ieee1275/platform_keystore.c | 21 ++++++++++++++++++-
 .../grub/powerpc/ieee1275/platform_keystore.h |  1 +
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/grub-core/kern/powerpc/ieee1275/platform_keystore.c b/grub-core/kern/powerpc/ieee1275/platform_keystore.c
index eeb569fd1..4a68f21a8 100644
--- a/grub-core/kern/powerpc/ieee1275/platform_keystore.c
+++ b/grub-core/kern/powerpc/ieee1275/platform_keystore.c
@@ -56,9 +56,18 @@ static grub_size_t pks_max_object_size;
  * use_keystore:
  * False: Static key management (use built-in Keys). This is default.
  * True: Dynamic key management (use Platform KeySotre).
+ *
+ * use_static_keys:
+ * False: Does not enforce the use of  the static key as a default key from
+          the GRUB ELF Note. This is default.
+ * True: Enforce the use of the static key as a default key from the
+ *       GRUB ELF Note if db variable is not available in PKS when use_keystore
+ *       is set to true
+ *
  */
 grub_pks_t grub_pks_keystore = { .db = NULL, .dbx = NULL, .db_entries = 0, .dbx_entries = 0,
-                                 .use_keystore = false, .pks_supported = false};
+                                 .use_keystore = false, .pks_supported = false,
+                                 .use_static_keys = false};
 
 /*
  * Import the Globally Unique Identifier (GUID), EFI Signature Database (ESD),
@@ -312,6 +321,16 @@ grub_pks_keystore_init (void)
       grub_memset (&grub_pks_keystore, 0, sizeof (grub_pks_t));
       /* Read db from PKS. */
       rc = read_sbvar_from_pks (0, DB, &grub_pks_keystore.db, &grub_pks_keystore.db_entries);
+      if (rc == GRUB_ERR_UNKNOWN_COMMAND)
+        {
+          rc = GRUB_ERR_NONE;
+          /*
+           * The db variable won't be available by default in PKS.
+           * So, it will use the static key as a default key from the GRUB ELF Note.
+           */
+          grub_pks_keystore.use_static_keys = true;
+        }
+
       if (rc == GRUB_ERR_NONE)
         {
           /* Read dbx from PKS. */
diff --git a/include/grub/powerpc/ieee1275/platform_keystore.h b/include/grub/powerpc/ieee1275/platform_keystore.h
index 8b6ba2e5f..d75cac5e1 100644
--- a/include/grub/powerpc/ieee1275/platform_keystore.h
+++ b/include/grub/powerpc/ieee1275/platform_keystore.h
@@ -97,6 +97,7 @@ struct grub_pks
   grub_uint32_t dbx_entries;/* Size of forbidden signature database. */
   bool pks_supported;       /* Flag to indicate the availability of PKS support. */
   bool use_keystore;        /* Flag to indicate the key management mode. */
+  bool use_static_keys;     /* Flag to indicate use of static keys. */
 } GRUB_PACKED;
 typedef struct grub_pks grub_pks_t;
 
-- 
2.43.0
openSUSE Build Service is sponsored by
Places