Hi Martin, When I left, you could read about the gory details on a page named something like "Signature procedure" on the internalwiki. I'm confident that cjb can find it for you. (Unfortunately, I really thought that Erik had rewritten a public copy of this as part of his http://wiki.laptop.org/go/OS_Image_Digestor writeup but I can't find it on that page or in the linked-to source code.)
Anyhow, the brief summary of that page is that the signatures are produced over the kernel, initramfs, and firmware by unpacking the build tarball, extracting the appropriate files from the build, copying the kernel, firmware and initramfs to local media, verifying that you have the files you want, manually signing the files on a protected machine, and then pushing the results back into the build. This is all handled by carefully following the written instructions mentioned above which, in turn, direct you on how to use the scripts and code in the 'bios-crypto' and 'users/cscott/upgrade-server' git modules. These integration scripts were typically run on updates.laptop.org and on the (protected) signing machine. As I recall, pilgrim itself only knows about signing keys as an artifact of the initial creation and testing of the signing infrastructure or perhaps in order to make it easier to test builds on test machines that have been "secured" with keys whose private halves have been published. Regards, Michael P.S. - Mitch -- are there public instructions for how to do the signing needed to make the multi-key support work that I can't find? _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
