Hi, I'm now working on implementing UEFI secure boot on U-boot, in particular, adding "dbt" (timestamp-based revocation) support as described in UEFI specification, section 32.5.1 paragraph#7.
# To be honest, the description is quite hard for me to understand. # I've got what it means only after reading corresponding EDK2 code. My question is: Is there any signing tool on linux, with which we can directly "timestamp" a PE image with RFC3161-compliant timestamp? I know that "signtool" in Microsoft's Windows SDK has this feature, but I wonder what tool major distros use for this purpose. (They also need to use windows for creating their own distributions?) I don't think it is very difficult to add the feature to existing tools like "sbsign," but it would be nice to use "proven" tools for testing. Thanks, -Takahiro Akashi _______________________________________________ boot-architecture mailing list [email protected] https://lists.linaro.org/mailman/listinfo/boot-architecture
