• Matthew Garrett's avatar
    Sign MokManager with a locally-generated key · ef8c9962
    Matthew Garrett authored
    shim needs to verify that MokManager hasn't been modified, but we want to
    be able to support configurations where shim is shipped without a vendor
    certificate. This patch adds support for generating a certificate at build
    time, incorporating the public half into shim and signing MokManager with
    the private half. It uses pesign and nss, but still requires openssl for
    key generation. Anyone using sbsign will need to figure this out for
    themselves.
    ef8c9962