git.proxmox.com Git - efi-boot-shim.git/commit

]> git.proxmox.com Git - efi-boot-shim.git/commit

author	Matthew Garrett <mjg59@srcf.ucam.org>
	Sat, 24 Nov 2012 05:07:11 +0000 (00:07 -0500)
committer	Matthew Garrett <mjg59@srcf.ucam.org>
	Mon, 26 Nov 2012 18:43:50 +0000 (13:43 -0500)
commit	6d50f87a06ff70d2075863f4c145235c081263d6
tree	c4b5cbc61497794dcb274aa2e89d9518827d9e3f	tree
parent	2fd180a92d11b24dccfbf3d8cef7c330124faae8	commit \| diff

Sign MokManager with a locally-generated key

shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.

Makefile		diff \| blob \| blame \| history
make-certs	[new file with mode: 0755]	blob
shim.c		diff \| blob \| blame \| history

shim, a first-stage UEFI bootloader adapted for Proxmox projects

RSS Atom