Pilgrim workflow: Getting signatures into images?

[Michael Stone]

Hi Martin,

When I left, you could read about the gory details on a page named something
like "Signature procedure" on the internalwiki. I'm confident that cjb can find
it for you. (Unfortunately, I really thought that Erik had rewritten a public
copy of this as part of his http://wiki.laptop.org/go/OS_Image_Digestor writeup
but I can't find it on that page or in the linked-to source code.)

Anyhow, the brief summary of that page is that the signatures are produced over
the kernel, initramfs, and firmware by unpacking the build tarball, extracting
the appropriate files from the build, copying the kernel, firmware and
initramfs to local media, verifying that you have the files you want, manually
signing the files on a protected machine, and then pushing the results back
into the build.

This is all handled by carefully following the written instructions mentioned
above which, in turn, direct you on how to use the scripts and code in the
'bios-crypto' and 'users/cscott/upgrade-server' git modules.

These integration scripts were typically run on updates.laptop.org and on the
(protected) signing machine.

As I recall, pilgrim itself only knows about signing keys as an artifact of the
initial creation and testing of the signing infrastructure or perhaps in order
to make it easier to test builds on test machines that have been "secured" with
keys whose private halves have been published.

Regards,

Michael

P.S. - Mitch -- are there public instructions for how to do the signing needed
to make the multi-key support work that I can't find?