Viewing all changes in revision 41.2.64.
- Committer: Matthew Garrett
- Date: 2012-11-26 18:43:50 UTC
- mto: (0.1.3)
- mto: This revision was merged to the branch mainline in revision 58.
- Revision ID: git-v1:6d50f87a06ff70d2075863f4c145235c081263d6
Sign MokManager with a locally-generated key
shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.
shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.
- files added:
- make-certs
- files modified:
- Makefile
expand all
collapse all
added
removed
