)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"64da1d6b9d52afad8f495a4d6f29768903bea3ce","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"d1630555_47d57395","updated":"2022-08-04 20:51:12.000000000","message":"Hi Scott, can you please review this?\nThanks!","commit_id":"cb0d5054dc72c6b042727b9a066834867ae782af"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"5ee1795467ba029b1aa5cd3838040eb340ea5628","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"be26263c_981073d9","updated":"2022-08-04 21:12:35.000000000","message":"Thanks for the review Scott","commit_id":"fcea5b22e4473461b7002b78c5ee3f83c843bca2"}],"doc/source/security/kubernetes/use-uefi-secure-boot.rst":[{"author":{"_account_id":28410,"name":"Scott Little","email":"scott.little@windriver.com","username":"slittle1"},"change_message_id":"a7731e6711f205821c2e8b3fa0fe781cd48e9da4","unresolved":true,"context_lines":[{"line_number":45,"context_line":"Secure boot must be enabled in the |UEFI| firmware of each node for that node"},{"line_number":46,"context_line":"to be protected by secure boot."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"The following environmental variables should be defined before attempting to"},{"line_number":50,"context_line":"request a secure boot signing:"},{"line_number":51,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d75e5d9b_39bda492","line":48,"updated":"2022-08-04 20:57:28.000000000","message":"The StarlingX build environment has provisions for calling out to a signing server for purposes of creating a secure boot load.  At this time StarlingX does not include an implementation of the signing server.  The following describes how the signing process is intended to work in the context of a CentOS build. You may find it helpful in implementing your own signing server.","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"5ee1795467ba029b1aa5cd3838040eb340ea5628","unresolved":false,"context_lines":[{"line_number":45,"context_line":"Secure boot must be enabled in the |UEFI| firmware of each node for that node"},{"line_number":46,"context_line":"to be protected by secure boot."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"The following environmental variables should be defined before attempting to"},{"line_number":50,"context_line":"request a secure boot signing:"},{"line_number":51,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"340d4133_b42b3d05","line":48,"in_reply_to":"d75e5d9b_39bda492","updated":"2022-08-04 21:12:35.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    export FORMAL_BUILD\u003d1"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"If that is satisfied, it calls into ``sign-secure-boot``."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"This is an example of the call sequence should look like:"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"9c59b19b_c8bc2244","line":62,"range":{"start_line":62,"start_character":3,"end_line":62,"end_character":21},"updated":"2022-08-04 20:34:19.000000000","message":"the above criteria is met..","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    export FORMAL_BUILD\u003d1"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"If that is satisfied, it calls into ``sign-secure-boot``."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"This is an example of the call sequence should look like:"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"19ff256f_6cd06bd2","line":62,"range":{"start_line":62,"start_character":3,"end_line":62,"end_character":21},"in_reply_to":"9c59b19b_c8bc2244","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"If that is satisfied, it calls into ``sign-secure-boot``."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"This is an example of the call sequence should look like:"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":".. code-block:: none"},{"line_number":67,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"bef35af7_b22c8efa","line":64,"range":{"start_line":64,"start_character":40,"end_line":64,"end_character":57},"updated":"2022-08-04 20:34:19.000000000","message":"remove","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"If that is satisfied, it calls into ``sign-secure-boot``."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"This is an example of the call sequence should look like:"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":".. code-block:: none"},{"line_number":67,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"66a3faa2_0291e505","line":64,"range":{"start_line":64,"start_character":40,"end_line":64,"end_character":57},"in_reply_to":"bef35af7_b22c8efa","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"}],"source_content_type":"text/x-rst","patch_set":2,"id":"d83ec54d_e73c7151","line":83,"range":{"start_line":83,"start_character":70,"end_line":83,"end_character":78},"updated":"2022-08-04 20:34:19.000000000","message":"be manually...","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9e9f0fea_23e5a7b8","line":83,"range":{"start_line":83,"start_character":70,"end_line":83,"end_character":78},"in_reply_to":"d83ec54d_e73c7151","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"e13aa831_14182826","line":84,"range":{"start_line":84,"start_character":37,"end_line":84,"end_character":45},"updated":"2022-08-04 20:34:19.000000000","message":"the firmware...","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":28410,"name":"Scott Little","email":"scott.little@windriver.com","username":"slittle1"},"change_message_id":"a7731e6711f205821c2e8b3fa0fe781cd48e9da4","unresolved":true,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"24f084cd_2fc5af16","line":84,"range":{"start_line":84,"start_character":69,"end_line":84,"end_character":74},"updated":"2022-08-04 20:57:28.000000000","message":"the first","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"ea2f23ca_db40e6f3","line":84,"range":{"start_line":84,"start_character":69,"end_line":84,"end_character":74},"updated":"2022-08-04 20:34:19.000000000","message":"the first....","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"5ee1795467ba029b1aa5cd3838040eb340ea5628","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"7f669e6c_7535524d","line":84,"range":{"start_line":84,"start_character":69,"end_line":84,"end_character":74},"in_reply_to":"24f084cd_2fc5af16","updated":"2022-08-04 21:12:35.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"05210ec8_a51faa2e","line":84,"range":{"start_line":84,"start_character":37,"end_line":84,"end_character":45},"in_reply_to":"e13aa831_14182826","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Within the signing server there are two keys used for signing, known as the"},{"line_number":83,"context_line":"`boot` key and the `shim` key. The public half of the `boot` key must manually"},{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"150db04a_aaa69a2a","line":84,"range":{"start_line":84,"start_character":69,"end_line":84,"end_character":74},"in_reply_to":"ea2f23ca_db40e6f3","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"},{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"53fd2447_8ea00e43","line":87,"range":{"start_line":87,"start_character":11,"end_line":87,"end_character":15},"updated":"2022-08-04 20:34:19.000000000","message":"the grub....","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":28410,"name":"Scott Little","email":"scott.little@windriver.com","username":"slittle1"},"change_message_id":"a7731e6711f205821c2e8b3fa0fe781cd48e9da4","unresolved":true,"context_lines":[{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"},{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"f0bfac88_4254ff52","line":87,"range":{"start_line":87,"start_character":72,"end_line":87,"end_character":75},"updated":"2022-08-04 20:57:28.000000000","message":"the private","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"},{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"308ec723_8e3a7f78","line":87,"range":{"start_line":87,"start_character":11,"end_line":87,"end_character":15},"in_reply_to":"53fd2447_8ea00e43","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"5ee1795467ba029b1aa5cd3838040eb340ea5628","unresolved":false,"context_lines":[{"line_number":84,"context_line":"added to the secure boot keychain in firmware.  The `boot` key signs first"},{"line_number":85,"context_line":"executable loaded, contained in the `shim` package. The first executable must"},{"line_number":86,"context_line":"then install the public half of the `shim` key (automatically) before passing"},{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"},{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"addc4e27_3d09956d","line":87,"range":{"start_line":87,"start_character":72,"end_line":87,"end_character":75},"in_reply_to":"f0bfac88_4254ff52","updated":"2022-08-04 21:12:35.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"},{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"},{"line_number":91,"context_line":"unpacked, the relevant binaries signed with correct keys, and the rpms"},{"line_number":92,"context_line":"reassembled."},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"54a27099_bff5912a","line":90,"range":{"start_line":90,"start_character":60,"end_line":90,"end_character":64},"updated":"2022-08-04 20:34:19.000000000","message":"RPMs...change everywhere and capitalize","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":87,"context_line":"control to grub, and ultimately the kernel, both of which are signed by the"},{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"},{"line_number":91,"context_line":"unpacked, the relevant binaries signed with correct keys, and the rpms"},{"line_number":92,"context_line":"reassembled."},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1475c042_e39e6e22","line":90,"range":{"start_line":90,"start_character":60,"end_line":90,"end_character":64},"in_reply_to":"54a27099_bff5912a","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"},{"line_number":91,"context_line":"unpacked, the relevant binaries signed with correct keys, and the rpms"},{"line_number":92,"context_line":"reassembled."},{"line_number":93,"context_line":""},{"line_number":94,"context_line":".. code-block:: none"}],"source_content_type":"text/x-rst","patch_set":2,"id":"577074c3_b2a9af50","line":91,"range":{"start_line":91,"start_character":44,"end_line":91,"end_character":51},"updated":"2022-08-04 20:34:19.000000000","message":"the correct...\n\nRPMs","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":88,"context_line":"`shim` key."},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Three packages need to be passed to the signing server. The rpms need to be"},{"line_number":91,"context_line":"unpacked, the relevant binaries signed with correct keys, and the rpms"},{"line_number":92,"context_line":"reassembled."},{"line_number":93,"context_line":""},{"line_number":94,"context_line":".. code-block:: none"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9c829761_e25f6a55","line":91,"range":{"start_line":91,"start_character":44,"end_line":91,"end_character":51},"in_reply_to":"577074c3_b2a9af50","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. note::"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    `shim` files to sign might include a ``.efi`` or ``.EFI`` suffix. Sign"},{"line_number":106,"context_line":"    those as well."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    Some files may be absent in newer packages."}],"source_content_type":"text/x-rst","patch_set":2,"id":"7317aed7_ee18101e","line":105,"range":{"start_line":105,"start_character":17,"end_line":105,"end_character":24},"updated":"2022-08-04 20:34:19.000000000","message":"that are required to be signed might......","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. note::"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    `shim` files to sign might include a ``.efi`` or ``.EFI`` suffix. Sign"},{"line_number":106,"context_line":"    those as well."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    Some files may be absent in newer packages."}],"source_content_type":"text/x-rst","patch_set":2,"id":"ea3f3bb0_a93ab7bb","line":105,"range":{"start_line":105,"start_character":17,"end_line":105,"end_character":24},"in_reply_to":"7317aed7_ee18101e","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":103,"context_line":".. note::"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    `shim` files to sign might include a ``.efi`` or ``.EFI`` suffix. Sign"},{"line_number":106,"context_line":"    those as well."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    Some files may be absent in newer packages."},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"4a7ee152_dd44aaf0","line":106,"range":{"start_line":106,"start_character":4,"end_line":106,"end_character":18},"updated":"2022-08-04 20:34:19.000000000","message":"Remove Sign those as well...","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":103,"context_line":".. note::"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    `shim` files to sign might include a ``.efi`` or ``.EFI`` suffix. Sign"},{"line_number":106,"context_line":"    those as well."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    Some files may be absent in newer packages."},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"12af4e4e_901b3145","line":106,"range":{"start_line":106,"start_character":4,"end_line":106,"end_character":18},"in_reply_to":"4a7ee152_dd44aaf0","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"0aecc7b3aee402fee63714748d6778265c45ac36","unresolved":true,"context_lines":[{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    Some files may be absent in newer packages."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"Example of how the signing looks like:"},{"line_number":111,"context_line":""},{"line_number":112,"context_line":".. code-block:: none"},{"line_number":113,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"7810a3b1_f2c2dc68","line":110,"range":{"start_line":110,"start_character":8,"end_line":110,"end_character":38},"updated":"2022-08-04 20:34:19.000000000","message":"remove....","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e4cb02a8a9893f5bcfd78354ec0d96ba42356d3e","unresolved":false,"context_lines":[{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    Some files may be absent in newer packages."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"Example of how the signing looks like:"},{"line_number":111,"context_line":""},{"line_number":112,"context_line":".. code-block:: none"},{"line_number":113,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"66ed2aa5_cc4c6e88","line":110,"range":{"start_line":110,"start_character":8,"end_line":110,"end_character":38},"in_reply_to":"7810a3b1_f2c2dc68","updated":"2022-08-04 20:50:54.000000000","message":"Done","commit_id":"d0697602529dd629482084bf2c1eedf3ef2e909a"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"b13a80d93767dcc2306726bc2c83a3d13f7b7502","unresolved":true,"context_lines":[{"line_number":45,"context_line":"Secure boot must be enabled in the |UEFI| firmware of each node for that node"},{"line_number":46,"context_line":"to be protected by secure boot."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The |prod| build environment has provisions for calling out to a signing"},{"line_number":49,"context_line":"server for purposes of creating a secure boot load.  At this time |prod|"},{"line_number":50,"context_line":"does not include an implementation of the signing server.  The following"},{"line_number":51,"context_line":"describes how the signing process is intended to work in the context of a"}],"source_content_type":"text/x-rst","patch_set":6,"id":"55ad58e7_fb1580e3","line":48,"updated":"2022-08-05 18:18:12.000000000","message":"THIS WHOLE SECTION should be marked as starlingx ONLY.\nand I would add a sub-section title of \"Build considerations for signing packages for UEFI Secure Boot\"\n\n\n( WRCP users do NOT build loads. )","commit_id":"8d819e38a232017c88e747a4a96e732e3593836a"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"360f6c8122d68091901337de0671de33c8c126d0","unresolved":false,"context_lines":[{"line_number":45,"context_line":"Secure boot must be enabled in the |UEFI| firmware of each node for that node"},{"line_number":46,"context_line":"to be protected by secure boot."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The |prod| build environment has provisions for calling out to a signing"},{"line_number":49,"context_line":"server for purposes of creating a secure boot load.  At this time |prod|"},{"line_number":50,"context_line":"does not include an implementation of the signing server.  The following"},{"line_number":51,"context_line":"describes how the signing process is intended to work in the context of a"}],"source_content_type":"text/x-rst","patch_set":6,"id":"2bec6b83_9cf9571e","line":48,"in_reply_to":"55ad58e7_fb1580e3","updated":"2022-08-05 18:59:14.000000000","message":"Done","commit_id":"8d819e38a232017c88e747a4a96e732e3593836a"}]}