-
Committer:
Matthew Garrett
-
Date:
2012-11-26 18:43:50 UTC
-
mto:
(0.1.3)
-
mto:
This revision was merged to the branch mainline in
revision
58.
-
Revision ID:
git-v1:6d50f87a06ff70d2075863f4c145235c081263d6
Sign MokManager with a locally-generated key
shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.