Re: [GIT PULL] Load keys from signed PE binaries
From: Matthew Garrett
Date: Wed Feb 27 2013 - 09:56:56 EST
On Wed, Feb 27, 2013 at 09:35:24AM +0000, ownssh wrote:
> I think, redhat should have their own root key to sign binary files.
> Bootloader of install media can be sign by MS certificates, but only use to add
> the redhat root key to UEFI database before install.
There's no way to update the UEFI key database without the update being
signed by an already trusted key, so what you're proposing isn't
Matthew Garrett | mjg59@xxxxxxxxxxxxx
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/