p11-kit.git - Clone of https://github.com/p11-glue/p11-kit

diff options

author	Laszlo Ersek <lersek@redhat.com>	2018-03-27 17:28:11 +0200
committer	Daiki Ueno <ueno@gnu.org>	2018-03-30 08:45:49 +0200
commit	ee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8 (patch)
tree	e519b7a0c031cd8cfedbabb289d2feefcd32b057 /p11-kit/modules.c
parent	59054e4f9fe3e95f8db881973901ab59a0b1ef8a (diff)

trust: implement the "edk2-cacerts" extractor

Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Diffstat (limited to 'p11-kit/modules.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: