[coreboot] buildgcc certs and signature hashes
Peter Stuge
peter at stuge.se
Wed Aug 3 15:49:31 CEST 2016
Trammell Hudson wrote:
> I'm worried that this introduces a minor, but potential security
> issue for the build process.
Yes, it certainly does.
Noone has spent time on solving the problem so far. Distributing and
using some trust anchors is difficult without adding many dependencies
to the build process.
Some people work with coreboot on Windows, making things even more
complicated.
I would like to see individual downloaded files to be verified, as
opposed to only a server certificate check.
//Peter
More information about the coreboot
mailing list