securebootcert: Checking MS CA cert presence
ivanhu
ivan.hu at canonical.com
Fri Sep 11 08:50:16 UTC 2015
Hi Matt,
For the securebootcert test on fwts is for testing the readiness on
Linux platform with secure boot.
Most shim on Linux now are signed by MS CA, so that's why I add the test
for MS CA.
That's true it's strict for those which want to roll their own chain of
trust.
I'll will modify the test with warnings or info instead of failures.
Cheers,
Ivan
On 2015年09月10日 21:35, Matt Fleming wrote:
> Folks,
>
> Someone recently reported that securebootcert_data_base() is failing
> when they enable Secure Boot without importing Microsoft's CA
> certficate into db.
>
> It's not hard to see why the test failed, but I'm wondering whether
> FWTS should be more forgiving of those platforms that want to roll
> their own chain of trust that doesn't include Microsoft's
> certificates.
>
> What do people think about turning the failure into a skip or info
> message?
>
More information about the fwts-discuss
mailing list