73a13fb7e3
The EFI standard is ambiguous about which one to use for variable
updates (it is definite about using PKCS7 for signed binaries). Until
recently, the reference platform, tianocore, accepted both. However
after patch
commit c035e37335ae43229d7e68de74a65f2c01ebc0af
Author: Zhang Lubo <lubo.zhang@intel.com>
Date: Thu Jan 5 14:58:05 2017 +0800
SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.
The acceptance of PKCS7 got broken. This breakage seems to be
propagating to the UEFI ecosystem, so update the variable signing
tools to emit the SignedData type (which all previous EFI
implementations accepted).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
||
|---|---|---|
| docs | ||
| lib | ||
| src | ||
| tests | ||
| .gitmodules | ||
| autogen.sh | ||
| configure.ac | ||
| COPYING | ||
| LICENSE.GPLv3 | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
sbsigntool - Signing utility for UEFI secure boot Copyright (C) 2102 Jeremy Kerr <jeremy.kerr@canonical.com> Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. See file ./INSTALL for building and installation instructions. Main git repository: git://kernel.ubuntu.com/jk/sbsigntool.git sbsigntool is free software. See the file COPYING for copying conditions.