On 22 April 2016 at 11:25, Meenakshi Aggarwal <meenakshi.aggar...@nxp.com> wrote: > Hi Ard, > > > > I try after enrolling KEK.der into DB and kernel booted up successfully. > Thanks for your constant support. > > > I have one question... I have enrolled DB.der into DB previously, when I try > to enroll another KEK.der into DB then it didn' t allow me. > > Then I delete the previously enrolled DB.der and enrolled KEK.der. Enrollment > succeeded now. > > > > Does it mean we can't add more than one ".der" file into DB and we have to > sign all our images with same key? >
No, you can enroll multiple certificates into KEK and DB, but you need to do it from the bottom up, or they will have to be signed themselves as well So enroll DB first, then KEK then PK _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
