Sign MokManager with a locally-generated key - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Matthew Garrett <mjg59@srcf.ucam.org>	2012-11-26 13:43:50 -0500
committer	Matthew Garrett <mjg59@srcf.ucam.org>	2012-11-26 13:43:50 -0500
commit	ef8c9962a8bab7068acd47f0845df45616c0fda1 (patch)
tree	c4b5cbc61497794dcb274aa2e89d9518827d9e3f /Cryptlib/Hash
parent	e4d55afe6a27f2f149f9267d3c43bb636ace9a5a (diff)
download	efi-boot-shim-ef8c9962a8bab7068acd47f0845df45616c0fda1.tar.gz efi-boot-shim-ef8c9962a8bab7068acd47f0845df45616c0fda1.zip

Sign MokManager with a locally-generated key

shim needs to verify that MokManager hasn't been modified, but we want to be able to support configurations where shim is shipped without a vendor certificate. This patch adds support for generating a certificate at build time, incorporating the public half into shim and signing MokManager with the private half. It uses pesign and nss, but still requires openssl for key generation. Anyone using sbsign will need to figure this out for themselves.

Diffstat (limited to 'Cryptlib/Hash')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: