| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Sample keys are required in order for the signing to succeed when
using grub boot verification. The keys are only used when
GRUB_SIGN_VERIFY = "1", and it is intended that and user would
generate new keys with the create-user-key-store.sh.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The way that the create-user-key-store.sh script creates what it has
been calling "extra_system_trusted_key" is really what would be
considered a "secondary" trusted key as it is signed by the primary key
that we create. To make this clearer, as there are other cases for an
"extra trusted system key" that are not this key, update the variables,
package names, etc, to reflect "secondary" not "extra system".
Requested-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
| |
|
|
|
|
| |
The previous cannot be handled by gpg v2 properly when importing it.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
The DB and KEK now are self-signed.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
- Remove USER@host from the certificate subject field
- IMA signing key is protected by a password
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
trusted key
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
