shared: generalize signature schemes #303
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RaitoBezarius
force-pushed
the
refactor-signature
branch
3 times, most recently
from
a8fabe0 to
0ca99b0
Compare
RaitoBezarius
force-pushed
the
refactor-signature
branch
from
0ca99b0 to
1b40d87
Compare
|
@blitz I added more documentation (overview too), let me know if this is what you had in mind or where would you like me to expand. |
blitz
reviewed
Mar 19, 2024
blitz
reviewed
Mar 19, 2024
blitz
reviewed
Mar 19, 2024
blitz
requested changes
Mar 19, 2024
RaitoBezarius
force-pushed
the
refactor-signature
branch
2 times, most recently
from
a416d9e to
a2ecf9d
Compare
…t packages Now, it is possible to build any package of the workspace in a fine grained fashion.
We want here to capture the required data to assemble a stub, here is a partial structure modulo ESP generation paths. Other pieces of code can consume this structure, validate it before passing it to the PE assembler and the signer. We convert everything into owned structures because we cannot really do deserialization in any context with lifetimes going around, but, allocations are generally very cheap in this context.
In order to offer more flexible signature mechanisms in lanzaboote, we need to take a step back and offer a general PE signature trait. After this, we will be able to plug various different implementations.
RaitoBezarius
force-pushed
the
refactor-signature
branch
from
1c231ee to
80407b3
Compare
|
@blitz This is ready for a review again, I think. |
nikstur
reviewed
Sep 3, 2024
Our lanzaboote integration tests are getting more and more sophisticated and ambitious. Let's extract them into a "lanzalib", so they can be used with multiple backends.
We didn't test if there *was* a signature, idempotency of removal of signatures (i.e. removing an non-existent signature is the identity operation) could fool us into believing we had a signed thing then not signed.
We fabricated a lot of initrds which were exactly the same as the one in our store when we had no initrd secrets. This ends this practice.
We moved into docstrings the module-level README. Signed-off-by: Raito Bezarius <[email protected]>
Signed-off-by: Raito Bezarius <[email protected]>
Signed-off-by: Raito Bezarius <[email protected]>
RaitoBezarius
force-pushed
the
refactor-signature
branch
from
80407b3 to
8373fae
Compare
nikstur
approved these changes
Sep 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Split off #278. Contains only signature generalization contents and misc refactoring to make things easier for the remote signing PR.