7d6210e4b1
SignedData can have multiple certificates, but the current implementation of sbsign only allows a single one (as a signer). With this patch, "-addcert" options will be available on command line to specify a file in which any number of intermediate certificates in PEM format can be concatenated. $ sign --key <key> --cert <cert> --addcert <morecerts> [...] image_file Background: I'm working on implementing UEFI secure boot on U-Boot and want to test my code against PE images with intermediate certificates in certificate chain. As far as I know, the only tool that supports it in signing is Microsoft's signtool.exe. So I'd like to have some corresponding tool on linux. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> |
||
|---|---|---|
| docs | ||
| lib | ||
| src | ||
| tests | ||
| .gitmodules | ||
| autogen.sh | ||
| configure.ac | ||
| COPYING | ||
| LICENSE.GPLv3 | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
sbsigntool - Signing utility for UEFI secure boot Copyright (C) 2102 Jeremy Kerr <jeremy.kerr@canonical.com> Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. See file ./INSTALL for building and installation instructions. Original development was done at: git://kernel.ubuntu.com/jk/sbsigntool.git The current maintained fork resides at: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/ And a very low volume mailing list for bugs and patches is setup at sbsigntools@groups.io Thanks to groups.io policies, non-members can post to this list, but non-member postings are moderated until released (so they won't show up immediately). The list archives are available: https://groups.io/g/sbsigntools/topics sbsigntool is free software. See the file COPYING for copying conditions.