proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-05-28 15:05:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
aa20ca2e7a
fwupd/data/remotes.d
History
Richard Hughes 7403dc505f Optionally use GnuTLS to verify PKCS7 certificates 
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.

If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.

Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
2017-08-14 09:42:48 +01:00
..
fwupd.conf Optionally use GnuTLS to verify PKCS7 certificates 2017-08-14 09:42:48 +01:00
lvfs-testing.conf Optionally use GnuTLS to verify PKCS7 certificates 2017-08-14 09:42:48 +01:00
lvfs.conf Optionally use GnuTLS to verify PKCS7 certificates 2017-08-14 09:42:48 +01:00
meson.build Support embedded devices with local firmware metadata 2017-07-28 17:41:24 +01:00
README.md Optionally use GnuTLS to verify PKCS7 certificates 2017-08-14 09:42:48 +01:00
vendor.conf Optionally use GnuTLS to verify PKCS7 certificates 2017-08-14 09:42:48 +01:00

README.md

Vendor Firmware

These are the steps to add vendor that is installed as part of an OSTree image:

  • Change /etc/fwupd/remotes.d/vendor.conf to have Enabled=true
  • Deploy the firmware to /usr/share/fwupd/remotes.d/vendor/firmware
  • Deploy the metadata to /usr/share/fwupd/remotes.d/vendor/vendor.xml

The metadata should be of the form:

<?xml version="1.0" encoding="UTF-8"?>
<components version="0.9">
  <component type="firmware">
    <id>FIXME.firmware</id>
    <name>FIXME</name>
    <summary>FIXME</summary>
    <developer_name>FIXME</developer_name>
    <project_license>FIXME</project_license>
    <description><p>FIXME</p></description>
    <url type="homepage">http://FIXME</url>
    <releases>
      <release version="FIXME" date="2017-07-27" urgency="high">
        <size type="installed">86406</size>
        <location>firmware/FIXME.cab</location>
        <checksum filename="FIXME.hex" target="content" type="sha1">96a92915c9ebaf3dd232cfc7dcc41c1c6f942877</checksum>
        <description><p>FIXME.</p></description>
      </release>
    </releases>
    <provides>
      <firmware type="flashed">FIXME</firmware>
    </provides>
  </component>
</components>

Ideally, the metadata and firmware should be signed by either GPG or a PKCS7 certificate. If this is the case also change Keyring=gpg or Keyring=pkcs7 in /etc/fwupd/remotes.d/vendor.conf and ensure the correct public key or signing certificate is installed in the /etc/pki/fwupd location.