New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement support for PCK signing. #87696
base: master
Are you sure you want to change the base?
Conversation
38f7db6
to
4b2f83b
Compare
f415c9c
to
aa0a137
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a pretty thorough implementation. I have yet to test it to see how the flow is like. This will require extensive user documentation so they know how to use it (we're currently also lacking in documentation for the script signing, we have a page about compiling custom templates but no real mention of it in the Exporting section of the docs).
I'd like @Faless to review the crypto related changes.
And overall this requires some discussion with maintainers and users to see how desirable this feature would be. It adds a bit of complexity, so we need to make sure it's something users would actually use.
There's significant demand for better obfuscation / protection of PCKs, so this seems to go in the right direction for this use case, but we need to make sure those users would be happy with this solution.
This looks extremely good. In fact, I am not sure if we should also just deprecate the old encryption menu and keep signing with private key only. |
I'm not sure if I see how it's related: encryption is used to hide information and signing to prevent modification, it's different stuff for different purpose. ECDSA is not suitable for encryption (and ECIES is not supported by mbedtls), and using the same key as both public key and encryption key is usually considered unsafe. |
As with encryption, custom build is required to enable validation (using environment variables a build time):