[Ksummit-discuss] [TECH TOPIC] Firmware signing
David Woodhouse
dwmw2 at infradead.org
Tue Jul 28 19:19:28 UTC 2015
On Tue, 2015-07-28 at 10:03 -0700, Andy Lutomirski wrote:
>
> This will require that we take any firmware vendor's key and rewrap it
> somehow into a new X.509 blob with a key usage constraint.
There are established ways of handling those constraints as external
objects (see how NSS does it in its trust tokens, and thus p11-kit
-trust does too).
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20150728/c11c05e7/attachment.bin>
More information about the Ksummit-discuss
mailing list