Allow signing multiple certificates for secure boot variables

balena-os / balena-sign

Service used to sign data over the network and retrieve the respective public keys

Apache License 2.0

3 stars 0 forks source link

Allow signing multiple certificates for secure boot variables #31

Closed mtoman closed 1 year ago

mtoman commented 1 year ago

In order to be able to properly rotate keys, we need to be able to distribute updates that contain multiple certificates valid during overlapping periods. This PR makes it possible to specify a list of certificates when signing PK, KEK and db.

mtoman commented 1 year ago

lgtm