On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote: > On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > > The way this is supposed to work is by using a timestamp from a > > trusted timestamp server to show the certificate was valid at the > > time the code was signed. > > That would be great. Unfortunately, if the UEFI firmware were suddenly > to start insisting upon that then a lot of operating systems would no > longer boot.
Which operating systems would that be? As far as I know Windows 7 required this if you wanted to have your drivers stay valid for longer than 2 years and Windows 10 just always requires it. So I would hope that they actually do this for all of their own software. Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev