Re: https booting

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: https booting

From:	Gerd Hoffmann
Subject:	Re: https booting
Date:	Wed, 22 Jul 2020 15:55:38 +0200

> > How does edk2 handle the root ca problem?
> 
> There are two fw_cfg paths
> 
>   - etc/edk2/https/ciphers
>   - etc/edk2/https/cacerts
> 
> The first sets the cipher algorithms that are permitted and their
> priority, the second sets the CA certificate bundle.

Ok, ipxe should be able to fetch them.  Would be roughly the same as
compiling in the certificates, except that they don't take up space in
the rom and are much easier to update.

What is in cacerts?
Basically /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem of the host
machine?

thanks,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

https booting, Gerd Hoffmann, 2020/07/22
- Re: https booting, Daniel P . Berrangé, 2020/07/22
  - Re: https booting, Gerd Hoffmann <=
    - Re: https booting, Daniel P . Berrangé, 2020/07/22
    - Re: https booting, Laszlo Ersek, 2020/07/22
    - Re: [ipxe-devel] https booting, Michael Brown, 2020/07/24
- Re: [ipxe-devel] https booting, Michael Brown, 2020/07/22
  - Re: [ipxe-devel] https booting, Michael Brown, 2020/07/22
- Re: https booting, Laszlo Ersek, 2020/07/22

Prev by Date: Re: [PATCH 3/4] io/channel-socket: implement non-blocking connect
Next by Date: Re: OVMF and PCI0 UID
Previous by thread: Re: https booting
Next by thread: Re: https booting
Index(es):
- Date
- Thread