On Tue, Jul 2, 2019 at 8:43 AM Francois Ozog <[email protected]> wrote:
> > > Le mar. 2 juil. 2019 à 08:32, Peter Robinson <[email protected]> a > écrit : > >> Hi AKASHI, >> >> > I'm now working on implementing UEFI secure boot on U-boot, >> > in particular, adding "dbt" (timestamp-based revocation) support >> > as described in UEFI specification, section 32.5.1 paragraph#7. >> > >> > # To be honest, the description is quite hard for me to understand. >> > # I've got what it means only after reading corresponding EDK2 code. >> > >> > My question is: Is there any signing tool on linux, with which >> > we can directly "timestamp" a PE image with RFC3161-compliant timestamp? >> >> I believe we (the RH distros) use pesign tool for this [1] but pjones >> would know all the intricate details of that. >> >> > I know that "signtool" in Microsoft's Windows SDK has this feature, >> > but I wonder what tool major distros use for this purpose. >> > (They also need to use windows for creating their own distributions?) >> > >> > I don't think it is very difficult to add the feature to existing >> > tools like "sbsign," but it would be nice to use "proven" tools >> > for testing. >> >> Peter >> > Thanks peter. > Should we want to contribute say « file_fit » to sign FIT image, does this > sound reasonable ? > pjones would be the best person to answer to that as he's the maintainer but it sounds fine to me. Peter _______________________________________________ boot-architecture mailing list [email protected] https://lists.linaro.org/mailman/listinfo/boot-architecture
