<feed xmlns='http://www.w3.org/2005/Atom'>
<title>shim-signed.git/verify_combine_sigs, branch rolling</title>
<subtitle>VyOS code for the shim-signed package (mirror of https://github.com/vyos/shim-signed.git)
</subtitle>
<id>https://git.amelek.net/vyos/shim-signed.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/shim-signed.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/'/>
<updated>2026-05-14T05:38:14+00:00</updated>
<entry>
<title>Grab the sha1 fingerprint of each used cert as we match them</title>
<updated>2026-05-14T05:38:14+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-13T23:18:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=51d7291fc779e9c961c942fb503ffa2d02205b3c'/>
<id>urn:sha1:51d7291fc779e9c961c942fb503ffa2d02205b3c</id>
<content type='text'>
Later, install that data alongside the shim binaries in the package.

We can then use this data to check that we can boot the signed shim
we're installing.
</content>
</entry>
<entry>
<title>Fix up cert filenames and explicitly sort them before use</title>
<updated>2026-05-13T22:06:06+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-06T22:58:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=d26ca79bcb7a6e2c59f7b6f9292c28b7189d431a'/>
<id>urn:sha1:d26ca79bcb7a6e2c59f7b6f9292c28b7189d431a</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Add support for verifying and then combining signatures</title>
<updated>2026-04-28T16:35:25+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-04-28T13:01:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=e2a56d673c66989136c41a6f1c997ff1aad10097'/>
<id>urn:sha1:e2a56d673c66989136c41a6f1c997ff1aad10097</id>
<content type='text'>
from multiple signed shims.

* Move the verification logic out into a new helper script
  verify_combine_sigs - see comments there for how it works.
* Rename the existing shim binaries and CA cert to match
* Include some extra certs and binaries for testing with
</content>
</entry>
</feed>
