BMC Image Signing Proposal
Adriana Kobylak
anoo at linux.vnet.ibm.com
Tue Feb 20 08:04:02 AEDT 2018
>
> What do you mean unsharable?
>
The public keys only apply to the BMC where the firmware image is being
installed on and not are not intended to be shared with other BMCs /
hosts. "Shareable files can be stored on one host and used on several
others" (http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch02.html).
On another note, I'll be adding the gerrit links to the main epic
(https://github.com/openbmc/openbmc/issues/356) as changes start getting
submitted for anyone that wants to leave comments or follow along. The
first ones are:
https://gerrit.openbmc-project.xyz/#/c/8949/ - Add image signing
framework and open keys
https://gerrit.openbmc-project.xyz/#/c/9025/ - BMC Digital Signature
documentation
More information about the openbmc
mailing list