{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":549315153,"defaultBranch":"main","name":"trust","ownerLogin":"project-machine","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-10-11T02:07:54.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/110929452?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1693578991.0","currentOid":""},"activityList":{"items":[{"before":"9b9f39cffa840e6030aa6411ec65de25cb9669b7","after":"3cd5201d5e02a85ddd7b0e2962cef68e95de7ef0","ref":"refs/heads/main","pushedAt":"2023-09-06T01:34:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Update readme to point at the new code location\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Update readme to point at the new code location"}},{"before":"ae2c14b8bd6c46de54cfec2e039d67898370efc2","after":"9b9f39cffa840e6030aa6411ec65de25cb9669b7","ref":"refs/heads/main","pushedAt":"2023-09-01T14:35:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Update bootkit again\n\nTo get the initrd with fixed mosctl.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Update bootkit again"}},{"before":"85ef2a6d870d01f7c9c320dbba75a1123d9d4a3e","after":"ae2c14b8bd6c46de54cfec2e039d67898370efc2","ref":"refs/heads/main","pushedAt":"2023-09-01T13:02:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Update the bootkit version\n\nWe need new bootkit to fix wrong pcr7 values\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Update the bootkit version"}},{"before":"56bf07d3b011c7edf963dd95d007f1815e06c682","after":"85ef2a6d870d01f7c9c320dbba75a1123d9d4a3e","ref":"refs/heads/main","pushedAt":"2023-09-01T12:47:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"SetupBootkit: sign kernel with production key\n\nI accidentally had it signing with limited key.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"SetupBootkit: sign kernel with production key"}},{"before":"b03c99aa969678fd4d61e70ca67ea07acad0bbe7","after":"56bf07d3b011c7edf963dd95d007f1815e06c682","ref":"refs/heads/main","pushedAt":"2023-09-01T12:47:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"SetupBootkit: use the ovmf-vars.fd that shipped with bootkit\n\nInstead of relying on the host to have a reasonable one.\n\nAt least on ubuntu jammy, right now those are the same thing.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"SetupBootkit: use the ovmf-vars.fd that shipped with bootkit"}},{"before":"2eafacbbce23cc162e5c22ba6a94fae8682d40b5","after":"b03c99aa969678fd4d61e70ca67ea07acad0bbe7","ref":"refs/heads/main","pushedAt":"2023-08-28T18:01:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"ReplaceManifestCert: also append pcr7data to the initrd\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"ReplaceManifestCert: also append pcr7data to the initrd"}},{"before":"c97a4873acbb7061e6b70d1283ab7427f8cca9e7","after":"2eafacbbce23cc162e5c22ba6a94fae8682d40b5","ref":"refs/heads/main","pushedAt":"2023-08-28T15:18:21.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"addPcr7data: use keysetname in path\n\nDon't hardcode 'snakeoil' into filenames when creating a different\nkeyset.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"addPcr7data: use keysetname in path"}},{"before":"35efe3fdf6ab12180247401e697eb0a1a1004ee0","after":"c97a4873acbb7061e6b70d1283ab7427f8cca9e7","ref":"refs/heads/main","pushedAt":"2023-08-25T21:10:07.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"use new bootkit file layout\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"use new bootkit file layout"}},{"before":"38d116db19fe54902f3b74b0369b4229a31d9a0c","after":"35efe3fdf6ab12180247401e697eb0a1a1004ee0","ref":"refs/heads/main","pushedAt":"2023-08-25T13:48:23.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"smoser","name":"Scott Moser","path":"/smoser","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/18865?s=80&v=4"},"commit":{"message":"Reduce code in extractPubkey by using readCertificateFromFile.\n\nLess software in the world.\n\nSigned-off-by: Scott Moser <smoser@brickies.net>","shortMessageHtmlLink":"Reduce code in extractPubkey by using readCertificateFromFile."}},{"before":"40acbfff442d4668df6a64d80d99f85d32b45216","after":"38d116db19fe54902f3b74b0369b4229a31d9a0c","ref":"refs/heads/main","pushedAt":"2023-08-25T00:59:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"update golang version in arm\n\nCo-authored-by: Ryan Harper <rharper@woxford.com>\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"update golang version in arm"}},{"before":"464228042c6b9736d49ad94099f7bfb1a2b1c937","after":"40acbfff442d4668df6a64d80d99f85d32b45216","ref":"refs/heads/main","pushedAt":"2023-08-24T20:07:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"github action: update go version to 1.21\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"github action: update go version to 1.21"}},{"before":"f9f56e50dbb4e55438c59432fddc03c245be863c","after":"464228042c6b9736d49ad94099f7bfb1a2b1c937","ref":"refs/heads/main","pushedAt":"2023-08-24T19:48:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"update to newest bootkit pkg\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"update to newest bootkit pkg"}},{"before":"5cc5a700b771e00a8524dbb302dc1ecbbfed29ce","after":"f9f56e50dbb4e55438c59432fddc03c245be863c","ref":"refs/heads/main","pushedAt":"2023-08-24T16:54:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Generate bootkit artifacts for snakeoil as well\n\nAlso, simply do nothing if not on amd64, since we don't have\narm64 artifacts.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Generate bootkit artifacts for snakeoil as well"}},{"before":"49e71af7db0ee233d744c86dd6ad8d618b9a5e51","after":"5cc5a700b771e00a8524dbb302dc1ecbbfed29ce","ref":"refs/heads/main","pushedAt":"2023-08-24T15:55:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Set the app version\n\nSo that 'trust --version' will show a meaningful value instead\nof always 0.10.\n\nAlso update the arm64 job to set the git safedir option, because\nthat appeared to be causing failures later on.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Set the app version"}},{"before":"16fffc3bd4787af8544c4c2182592d425dd75248","after":"49e71af7db0ee233d744c86dd6ad8d618b9a5e51","ref":"refs/heads/main","pushedAt":"2023-08-21T21:07:56.000Z","pushType":"pr_merge","commitsCount":5,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"keyset add test: skip non-x86_64 arch\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"keyset add test: skip non-x86_64 arch"}},{"before":"2720dcfb4cc2dd5d7c0a054329a1f80fe6f4636d","after":"16fffc3bd4787af8544c4c2182592d425dd75248","ref":"refs/heads/main","pushedAt":"2023-08-18T22:37:17.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Use : after manifest key to select a specific project manifest to show\n\nAllow the keydir 'manifest' to accept a project value after a colon:\n\n```\n$ ./trust keyset show snakeoil manifest\n2023/08/18 15:18:23 fatal keyset key 'manifest' requires a project value, use 'trust project list snakeoil' to list projects for this keyset\n$ ./trust keyset show snakeoil manifest:default --path\n/home/ubuntu/.local/share/machine/trust/keys/snakeoil/manifest/default/cert.pem\n/home/ubuntu/.local/share/machine/trust/keys/snakeoil/manifest/default/privkey.pem\n/home/ubuntu/.local/share/machine/trust/keys/snakeoil/manifest/default/uuid\n```\n\nFixes: #59\n\nSigned-off-by: Ryan Harper <rharper@woxford.com>","shortMessageHtmlLink":"Use : after manifest key to select a specific project manifest to show"}},{"before":"c502fdc9114f2b93bc5295694f891b5135f76370","after":"2720dcfb4cc2dd5d7c0a054329a1f80fe6f4636d","ref":"refs/heads/main","pushedAt":"2023-08-18T15:04:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"RFC: keyset: switch 'PuzzlesOS' to 'Project'\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"RFC: keyset: switch 'PuzzlesOS' to 'Project'"}},{"before":"a86cd94f40de7defee8a269e22621093bf72bd86","after":"c502fdc9114f2b93bc5295694f891b5135f76370","ref":"refs/heads/main","pushedAt":"2023-08-01T20:01:20.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Add buildvcs=false to Makefile\n\nThe buildvcs flag indicates whether to stamp binaries with version control information. Disabling it is needed for the arm runner to work.\n\nSigned-off-by: Ashwin Gopalan <agopalan@berkeley.edu>","shortMessageHtmlLink":"Add buildvcs=false to Makefile"}},{"before":"3765c8e1643edff93b91f5e15f4fadd41c5e6c6b","after":"a86cd94f40de7defee8a269e22621093bf72bd86","ref":"refs/heads/main","pushedAt":"2023-08-01T17:43:27.000Z","pushType":"pr_merge","commitsCount":4,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Generate and add signdata info to a new keyset.\n\nSigned-off-by: Joy Latten <jlatten@cisco.com>","shortMessageHtmlLink":"Generate and add signdata info to a new keyset."}},{"before":"f464673307596d9cea6207ac8877c06daa52cbfc","after":"3765c8e1643edff93b91f5e15f4fadd41c5e6c6b","ref":"refs/heads/main","pushedAt":"2023-07-26T14:58:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Generate tpm policies using go-tpm2 package.\n\nThis commit replaces tpm-tools commands with golang\ngo-tpm2 module to generate tpm ea policies.\nDefaults are set for the outputs (policy digest files).\nInputs must be given (the pcr7 files). The policyversion\nis anticipated to stay constant for a while so a default\nis set for it.\n\nChangelog: 07/26: Serge pushed for a whitespace fix\n\nSigned-off-by: Joy Latten <jlatten@cisco.com>\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Generate tpm policies using go-tpm2 package."}},{"before":"44d0eaada993527bbed7b50e38bff36d8f136375","after":"f464673307596d9cea6207ac8877c06daa52cbfc","ref":"refs/heads/main","pushedAt":"2023-07-24T19:32:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Add subcommand \"computePCR7\" to compute pcr7 for a keyset\n\nThis subcommand takes the keysetName as an argument. It\ncomputes the expected pcr7 value based on expected order of tpm\nevents that occur during a secureboot boot.\nExpected uefi secureboot variables, including key databases, and\ncertificates known to extend into pcr7 during boot are generated\naccording to tpm specs using the specified keyset and measured to\nproduce expected pcr7 value.\n\nShould additional drivers and uefi programs be added to the boot, then\nthis implementation would need to be revisited to include those certificates\nthat would be extended into pcr7.\n\nThe DBX hash and guid is hardcoded from the DBX value in current ovmf_vars.fd\nfrom bootkit. Should this change or when we decide how to manage DBX, this\ncode will need to be revisited.\n\nBecause the mos shim includes 3 uki keys, \"computePCR7\" returns 3 pcr7 values,\none for each key in the order, pcr7 value, for production, limited, tpm.\n\nSigned-off-by: Joy Latten <jlatten@cisco.com>","shortMessageHtmlLink":"Add subcommand \"computePCR7\" to compute pcr7 for a keyset"}},{"before":"95f9d92de57b43b775c323768cf4ab891300dbb1","after":"44d0eaada993527bbed7b50e38bff36d8f136375","ref":"refs/heads/main","pushedAt":"2023-07-12T19:53:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"joylatten","name":null,"path":"/joylatten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1036781?s=80&v=4"},"commit":{"message":"Update the live/README and provisioning-stacker.yaml\n\nCloses #48\n\nAdd a few missing instructions.\nMake sure the ROOTFS_VERSION is set.\nDownload a newer mosctl binary.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Update the live/README and provisioning-stacker.yaml"}},{"before":"b588fd25e996d3a0d0c287eb48d64ff4e17d6d98","after":"95f9d92de57b43b775c323768cf4ab891300dbb1","ref":"refs/heads/main","pushedAt":"2023-05-12T15:06:58.360Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"build-livecd-rfs: Do not add '.' to PATH, but instead $PWD\n\nGolang now refuses to execute a program if it is found in '.'.\nIt will return the ErrDot error.\n\nThis change just adds the full directory path to the current\ndirectory instead.\n\nSigned-off-by: Scott Moser <smoser@brickies.net>","shortMessageHtmlLink":"build-livecd-rfs: Do not add '.' to PATH, but instead $PWD"}},{"before":"1b98eabe5157388d1cca39d7a0c7a804ca920668","after":"b588fd25e996d3a0d0c287eb48d64ff4e17d6d98","ref":"refs/heads/main","pushedAt":"2023-05-08T20:13:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Add ability to generate pcr7data for an existing keyset\n\nSigned-off-by: Joy Latten <jlatten@cisco.com>","shortMessageHtmlLink":"Add ability to generate pcr7data for an existing keyset"}},{"before":"d77d77111ebed2d67a3c75267b9f943d7fa5502d","after":"1b98eabe5157388d1cca39d7a0c7a804ca920668","ref":"refs/heads/main","pushedAt":"2023-05-08T17:50:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"initrd-setup: create /priv/factory\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"initrd-setup: create /priv/factory"}},{"before":"85fe1d884837f903adc35fcf46cffbec8718b9fb","after":"d77d77111ebed2d67a3c75267b9f943d7fa5502d","ref":"refs/heads/main","pushedAt":"2023-05-05T16:43:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"address old todo - choose free port for temporary zot\n\nSigned-off-by: Serge Hallyn <shallyn@cisco.com>","shortMessageHtmlLink":"address old todo - choose free port for temporary zot"}},{"before":"827d6b96221f3614696c3918d7d9daba498a2bfb","after":"85fe1d884837f903adc35fcf46cffbec8718b9fb","ref":"refs/heads/main","pushedAt":"2023-05-01T22:02:38.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"trust/build-livecd-rfs: fix localhost in demo script\n\nUsing 'localhost' instead of 127.0.0.1 can fail.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"trust/build-livecd-rfs: fix localhost in demo script"}},{"before":"a608b169e743064077b8435a8a12991a9b8c62f5","after":"827d6b96221f3614696c3918d7d9daba498a2bfb","ref":"refs/heads/main","pushedAt":"2023-04-21T20:49:20.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Add SignEFI and VerifyEFI to sign and verify efi binaries\n\nSigned-off-by: Joy Latten <jlatten@cisco.com>","shortMessageHtmlLink":"Add SignEFI and VerifyEFI to sign and verify efi binaries"}},{"before":"873e9013d0d6cfe73c8b9d2f7a991e04293d9c7f","after":"a608b169e743064077b8435a8a12991a9b8c62f5","ref":"refs/heads/main","pushedAt":"2023-04-21T20:39:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Add trust keyset show command to discover contents and locations\n\nOther Project-Machine components current just \"know\" where trust\nstores keysets on user's system.  In bootkit it also \"knows\" various\nkeys present within a keyset.  The keyset show command is meant to\nexpose the contents of the keyset via helpful summary output and\nspecific flags (--path, --value) which can dump the value or path of\na particular keyset component.\n\nFor example, bootkit extracts the uefi-db's certificate and guid, this\nis accomplished a couple of ways:\n\nProduce the value:\n$ ./trust keyset show snakeoil uefi-db guid --value\n326aa6de-a82d-4fd7-8015-2db804aea8e7\n\nGet the path:\n$ ./trust keyset show snakeoil uefi-db guid --path\n/home/rharper/.local/share/machine/trust/keys/snakeoil/uefi-db/guid\n\nGet all of the paths/values:\n\n$ ./trust keyset show snakeoil uefi-db\n/home/rharper/.local/share/machine/trust/keys/snakeoil/uefi-db/cert.pem\n-----BEGIN CERTIFICATE-----\nMIIDbTCCAlWgAwIBAgIRAJKSmG1+wTSQRQtppwRDJQUwDQYJKoZIhvcNAQELBQAw\nTjEOMAwGA1UEChMFQ2lzY28xKjAoBgNVBAsTIVB1enpsZU9TIE1hY2hpbmUgUHJv\namVjdCBzbmFrZW9pbDEQMA4GA1UEAxMHVUVGSSBEQjAeFw0yMzAxMTAxNjM4NTha\nFw00ODAxMTAxNjM4NThaME4xDjAMBgNVBAoTBUNpc2NvMSowKAYDVQQLEyFQdXp6\nbGVPUyBNYWNoaW5lIFByb2plY3Qgc25ha2VvaWwxEDAOBgNVBAMTB1VFRkkgREIw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbuCi96/CJ3mfLmLCVLpmo\nFt24qirUJ4FcV8f3Kml6Og68PEfrJsrEwpP79PXMz+edcR7Iwm4Pk5jmRH7DeNAX\n802VB2PWC5c/7JiLBn0gE3J3092FwMcAnyMMGAkLIp25tJq5xzJaBpby4+tbZxWt\n+Ri2AHYbSS6uQeRtblDA+FL2gzNn2/Rqbx5IM8HqRoldp5ayRoWIYFhBCQOVAva0\nZS4LKmWA2BXKr/fmb4MHV2TO03xy95uA+bxMLKqmnOb1xlqRFhiotKG0ik2Hj88g\naPqz+R7VEf7KAFrMEC4RfTfvkIiGUWnkksbtCIW856Q+hvbTT/IbrZNIdNjuOCBT\nAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAd\nBgNVHQ4EFgQU5UFHSGDuAm/ogSz1PzjkJvf3XEcwDQYJKoZIhvcNAQELBQADggEB\nAFrVT1POyiXbwirOTagkOgBrjDf8cB1uSiuJi+1yUBJq/aisiQDFy5efVuO9n1az\nRgI5fxxx3MB9OZKJvvlk0mi2bwYX0oB+8SE0J9Stb6klIF2T8tgeGhDmRvp20Ch6\nyv7/3YnsOGeaxgubaYNue0C7IMQLsl2i+jClbLgnpcMRT2osMJDXY7rbwOEQwYyi\nkjn4URm7Wb9dDMeHInIWC3ZmZWXdBeLCqr9vDktWIlQk0iFfN2ezVqUNEbdGijKn\nbvlmGsZgFa491cCFtg/6SilS/3LrY6y8vhdcya7ZNra5nYlM1Dc7CG/1qD8ZU2A3\n7nd6W+bAEh4sUMjD3PtXuD8=\n-----END CERTIFICATE-----\n\n/home/rharper/.local/share/machine/trust/keys/snakeoil/uefi-db/guid\n326aa6de-a82d-4fd7-8015-2db804aea8e7\n\nFor discovery (look at my hacky tree-like output):\n\n$ ./trust keyset show snakeoil\n/home/rharper/.local/share/machine/trust/keys/snakeoil\n├── manifest\n│   └── default\n│       ├── cert.pem\n│       ├── privkey.pem\n│       └── sudi\n│           └── 4cc76b82-948c-44b8-948c-1cc9a7d460d0\n│               ├── cert.pem\n│               └── privkey.pem\n├── manifest-ca\n│   ├── cert.pem\n│   └── privkey.pem\n├── pcr7data\n│   └── policy-2\n│       └── 4d\n│           └── 25381df754d21a702fd046a837a59880185b41ec0157dc247e142a1661a0ee\n│               ├── info.json\n│               └── tpm_passwd.policy.signed\n├── sudi-ca\n│   ├── cert.pem\n│   └── privkey.pem\n├── tpmpol-admin\n│   ├── cert.pem\n│   └── privkey.pem\n├── tpmpol-luks\n│   ├── cert.pem\n│   └── privkey.pem\n├── uefi-db\n│   ├── cert.pem\n│   ├── guid\n│   └── privkey.pem\n├── uefi-kek\n│   ├── cert.pem\n│   ├── guid\n│   └── privkey.pem\n├── uefi-pk\n│   ├── cert.pem\n│   ├── guid\n│   └── privkey.pem\n├── uki-limited\n│   ├── cert.pem\n│   ├── guid\n│   └── privkey.pem\n├── uki-production\n│   ├── cert.pem\n│   ├── guid\n│   └── privkey.pem\n└── uki-tpm\n    ├── cert.pem\n    ├── guid\n    └── privkey.pem\n\nSigned-off-by: Ryan Harper <rharper@woxford.com>","shortMessageHtmlLink":"Add trust keyset show command to discover contents and locations"}},{"before":"18c3e951ec684919dda123e039c7b2439bd5c8f9","after":"873e9013d0d6cfe73c8b9d2f7a991e04293d9c7f","ref":"refs/heads/main","pushedAt":"2023-04-21T20:39:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hallyn","name":"Serge Hallyn","path":"/hallyn","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1359441?s=80&v=4"},"commit":{"message":"Fix policy generation\n\nCloses #33\n\nFor some reason, EA policy generation using tutil didn't build\nthe binary policies we expect.  Switch to using the tpm2-tools\ncommands as is known to work.\n\nAdd a testcase.  However, github runners don't have a tpm, so\ndisable that test by default.\n\nSigned-off-by: Serge Hallyn <serge@hallyn.com>","shortMessageHtmlLink":"Fix policy generation"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyMy0wOS0wNlQwMTozNDowOC4wMDAwMDBazwAAAAN6LLDG","startCursor":"Y3Vyc29yOnYyOpK7MjAyMy0wOS0wNlQwMTozNDowOC4wMDAwMDBazwAAAAN6LLDG","endCursor":"Y3Vyc29yOnYyOpK7MjAyMy0wNC0yMVQyMDozOToyNC4wMDAwMDBazwAAAAMd4Oij"}},"title":"Activity · project-machine/trust"}