Hello, I am installing OpenBSD on an old xps13 9380. The WiFi is not supported and so I am using a usb dongle for which I need the athn-firmware. I get it to work and now wanting to prep a USB disk with all necessary firmware. I'm following the FAQ#4 on the website (I suppose it works with more firmware than just the WiFi).
So, now to my question. Using fw_update -F to the current dir does download all firmware (5 files) and SHA256.sig. However, the file SHA256.sig does not include the signature, using signify like so: signify -Cp /etc/signify/openbsd-73-fw.pub -x SHA256.sig * Fails with message: invalid comment in SHA256.sig; must start with 'untrusted comment: ' Downloading the SHA256.sig from firmware.openbsd.org/firmware/7.3/SHA256.sig which includes the signature does work. Is it that normal behaviour? Since the firmware.openbsd.org site is not HTTPS, and that, at least for me, fw_update does not download signed SHA256.sig, would it not be possible to download unintended files? Thanks in advance, Thomas
