On 5/14/19 2:34 PM, Chris Laprise wrote:
Hi all,
I'm about to embark on a coreboot build+flash per Mike Banon's G505s
page, but before building I want to verify signatures for the source.
These appear in only one place, on the coreboot.org Downloads page, and
are signed with the key:
D861AB74FB933260193399696B249D77269C04E1
The only problem is there is apparently no mention of the signing key
anywhere else on the coreboot website. I usually look for some explicit,
official reference (preferably in multiple contexts) to a person or
org's key ID before downloading it from a keyserver. Taking the key ID
from an object signature doesn't satisfy that requirement.
There are also several (apparently out-of-tree) patches referenced on
the G505s howto:
http://dangerousprototypes.com/docs/Lenovo_G505S_hacking
I'll have to get signatures or similar type of verification for these as
well. Any help in this regard would be appreciated.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
