git.proxmox.com Git - efi-boot-shim.git/commit

]> git.proxmox.com Git - efi-boot-shim.git/commit - Makefile

author	Matthew Garrett <mjg59@srcf.ucam.org>
	Mon, 26 Nov 2012 18:43:50 +0000 (13:43 -0500)
committer	Matthew Garrett <mjg59@srcf.ucam.org>
	Mon, 26 Nov 2012 18:43:50 +0000 (13:43 -0500)
commit	ef8c9962a8bab7068acd47f0845df45616c0fda1
tree	c4b5cbc61497794dcb274aa2e89d9518827d9e3f	tree
parent	e4d55afe6a27f2f149f9267d3c43bb636ace9a5a	commit \| diff

Sign MokManager with a locally-generated key

shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.

Makefile		diff \| blob \| blame \| history
make-certs	[new file with mode: 0755]	blob
shim.c		diff \| blob \| blame \| history

shim, a first-stage UEFI bootloader adapted for Proxmox projects

RSS Atom