Comment 3 for bug 2003701
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 2003701] [NEW] PKCS7: Message signed outside of X.509 validity window | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f5254ff
demo site
(Get the code!)
On Mon, Jan 23, 2023 at 11:19:56AM -0000, Dimitri John Ledkov wrote:
> UEFI specifications in general ignore signing time.
> IMHO we should remove / not include signing timestamp in the UEFI
> signatures to avoid this.
Doesn't this suggest it's actually a kernel bug for enforcing something here
that UEFI does not expect to be enforced?
Not including timestamps in signatures doesn't sound ideal to me.