1. 26 Nov, 2012 1 commit
    • Matthew Garrett's avatar
      Sign MokManager with a locally-generated key · ef8c9962
      Matthew Garrett authored
      shim needs to verify that MokManager hasn't been modified, but we want to
      be able to support configurations where shim is shipped without a vendor
      certificate. This patch adds support for generating a certificate at build
      time, incorporating the public half into shim and signing MokManager with
      the private half. It uses pesign and nss, but still requires openssl for
      key generation. Anyone using sbsign will need to figure this out for
      themselves.
      ef8c9962