On Fri, Apr 30, 2010 at 5:04 PM, Daniel Drake <d...@laptop.org> wrote: > Maybe I asked this already, but I can't find the discussion. When the > server communicates the time to the XO and the XO sets the clock based > on that, shouldn't the XO verify that the delegation has not expired? > By that I mean it should refuse to set a time/date that is beyond the > expiration of the delegation.
Fair enough. One of the problems is that normally the expiry check is done inside bitfrost lib and the code there only respects the system clock. So it's a bit messy. Rework bitfrost libs (with impact on users if the lib) or implement a bit of code that knows enough about the sig format to find out all the expiry dates and picks the lowest one... If you really want it, I'll try find the time, though it's... messy. > I don't see the benefit of reimplementing timegm() in the initramfs Maybe it wasn't included in the old initramfs. The current one includes lots of things. > If you're low on time, feel free to just mark these as a FIXME. It's > not important. FIXME for now :-/ > Finally, can you adjust the README to talk about the more simplistic > option of testing the initramfs without signing it? The process is > much simpler and you aren't always working on the security code. Sure - will do. m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel