> > How does edk2 handle the root ca problem? > > There are two fw_cfg paths > > - etc/edk2/https/ciphers > - etc/edk2/https/cacerts > > The first sets the cipher algorithms that are permitted and their > priority, the second sets the CA certificate bundle.
Ok, ipxe should be able to fetch them. Would be roughly the same as compiling in the certificates, except that they don't take up space in the rom and are much easier to update. What is in cacerts? Basically /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem of the host machine? thanks, Gerd
