vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
my fork of https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git
172 commits 2 branches 8 tags 366 KiB
C 91.9%
Shell 4.4%
Makefile 2.2%
M4 1.5%
Find a file
James Bottomley df27a417b9 sbverify: fix verification with intermediate certificates 
sbverify is currently failing if an intermediate certificate is added
on signing but the binary is verified with the singing certificate.
It fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.

This is happening because the x509_STORE only contains the signing
certificate but the pkcs7 bundle in the binary contains the issuer
certificate as well.  Fix this by unconditionally approving any
locally missing certificates on verify.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2020-06-05 18:33:41 -07:00
docs docs: Create man pages for sbvarsign & sbsiglist 2012-08-13 15:10:21 +08:00
lib autoconfiscate 2012-05-28 22:35:48 +08:00
src sbverify: fix verification with intermediate certificates 2020-06-05 18:33:41 -07:00
tests Fix Fedora Build 2018-02-20 15:36:19 -05:00
.gitmodules Move ccan submodule 2012-05-24 15:17:18 +08:00
autogen.sh Update the PE checksum field using the somewhat-underdocumented 2016-01-27 11:38:00 -08:00
configure.ac Version 0.9.3 2020-01-09 09:33:38 -08:00
COPYING license: Add OpenSSL exception to GPLv3 terms 2012-06-28 15:06:31 +08:00
LICENSE.GPLv3 license: Add OpenSSL exception to GPLv3 terms 2012-06-28 15:06:31 +08:00
Makefile.am Move sources to src/ subdirectory 2012-08-13 15:10:21 +08:00
NEWS sbkeysync: change default efivarfs mountpoint to /sys/.../efivars/ 2012-10-08 12:07:43 +08:00
README README: update git location and add mailing list information 2020-01-09 09:29:39 -08:00

README 

sbsigntool - Signing utility for UEFI secure boot

  Copyright (C) 2102 Jeremy Kerr <jeremy.kerr@canonical.com>

  Copying and distribution of this file, with or without modification,
  are permitted in any medium without royalty provided the copyright
  notice and this notice are preserved.

See file ./INSTALL for building and installation instructions.

Original development was done at:
  git://kernel.ubuntu.com/jk/sbsigntool.git

The current maintained fork resides at:

  https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/

And a very low volume mailing list for bugs and patches is setup at

 sbsigntools@groups.io

Thanks to groups.io policies, non-members can post to this list, but
non-member postings are moderated until released (so they won't show
up immediately).  The list archives are available:

 https://groups.io/g/sbsigntools/topics

sbsigntool is free software.  See the file COPYING for copying conditions.