| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The way that the create-user-key-store.sh script creates what it has
been calling "extra_system_trusted_key" is really what would be
considered a "secondary" trusted key as it is signed by the primary key
that we create. To make this clearer, as there are other cases for an
"extra trusted system key" that are not this key, update the variables,
package names, etc, to reflect "secondary" not "extra system".
Requested-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
| |
|
|
|
|
| |
The previous cannot be handled by gpg v2 properly when importing it.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
The DB and KEK now are self-signed.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
- Remove USER@host from the certificate subject field
- IMA signing key is protected by a password
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
trusted key
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
