| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST
format that is
- defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object
per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID),
- and expected by edk2's HttpDxe when it configures the certificate list
for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the
TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c").
The intended command line is
p11-kit extract \
--format=edk2-cacerts \
--filter=ca-anchors \
--overwrite \
--purpose=server-auth \
$DEST/edk2/cacerts.bin
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
