On Wed, 11 Jun 2025 at 13:57, Richard Hughes <richard@xxxxxxxxxxx> wrote: > > On Wednesday, 11 June 2025 at 12:28, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > > We want to unretire efitools because it's the only software that > > allows dealing with detached signatures for authvars. > > Out of interest, what are you trying to do? There's some support for this in fwupd, although it's more focused on parsing than building: https://github.com/fwupd/fwupd/blob/main/libfwupdplugin/tests/efi-signature-list.builder.xml Build a set of authvars for self-enrollment via systemd-boot. The signatures all happen offline in a generic rsa signing tool that gets hashes as inputs and provides RSA PKCS#1 signatures as outputs. efitools is the only collection of tools I could find that can be used in a script to create a list of efivars first, and later attach signatures, using the sign-efi-sig-list binary. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
