[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UEFI Secure Boot - the plan for stretch

On Tue, Apr 19, 2016 at 10:08:43PM +0200, Tollef Fog Heen wrote:
>
>I've now gotten to the point of actually being able to sign binaries,
>with the key stored on a yubikey, so that's pretty promising.
>
>I ran out of steam after this, so I haven't actually tested it, but it
>sure looks promising:
>
>$ pesign -S -i signed.efi
>---------------------------------------------
>certificate address is 0x7f52e4841808
>Content was not encrypted.
>Content is detached; signature cannot be verified.
>The signer's common name is Debian Test Secure Boot Signer 2
>No signer email address.
>Signing time: Tue Apr 19, 2016
>There were certs or crls included.
>---------------------------------------------
>
>I'm going to see if I can make this work correctly over the next couple
>of days, and assuming it works fine, other folks should be unblocked
>quickly.

Awesome! :-)

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"Further comment on how I feel about IBM will appear once I've worked out
 whether they're being malicious or incompetent. Capital letters are forecast."
 Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html
Reply to: