sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-05-08 15:02:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
93fc2123c3e12f0722a3487c5bb188a7a2935688
ipxe/.github/workflows
T
History
Michael Brown 93fc2123c3 [ci] Include CA certificate file alongside signed binaries 
Include the relevant CA certificate in the UEFI Secure Boot build
artifacts.  This allows for easy identification of test-signed builds
without having to extract the certificate from the signed binary.

This also eases the process of adding the ephemeral test-signing
certificate to the UEFI trusted certificate list, if a user wants to
test a non-release build with Secure Boot enabled.  (The corresponding
private key is deliberately not preserved, to minimise the attack
surface that this would otherwise open up on the user's system.)

Include the commit hash and build architecture within the ephemeral
test-signing certificate's subject name, to make it obvious that the
scope is limited to signing only that single build.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-02-17 16:29:20 +00:00
..
build.yml
[ci] Include CA certificate file alongside signed binaries
2026-02-17 16:29:20 +00:00
coverity.yml
[ci] Schedule Coverity Scan run via GitHub Actions
2026-02-13 23:49:47 +00:00