Please sign in to comment.
Sign MokManager with a locally-generated key
shim needs to verify that MokManager hasn't been modified, but we want to be able to support configurations where shim is shipped without a vendor certificate. This patch adds support for generating a certificate at build time, incorporating the public half into shim and signing MokManager with the private half. It uses pesign and nss, but still requires openssl for key generation. Anyone using sbsign will need to figure this out for themselves.
- Loading branch information...
Showing with 597 additions and 9 deletions.
Oops, something went wrong.