On Mon, Jul 14, 2025 at 11:05:02PM +0530, Sudhakar Kuppusamy wrote:
> This code allows us to parse:
>
> - X.509 certificates: at least enough to verify the signatures on the
>PKCS#7 messages. We expect that the certificates embedded in GRUB will
>be leaf certificates, not CA certificates.
This code allows us to parse:
- X.509 certificates: at least enough to verify the signatures on the
PKCS#7 messages. We expect that the certificates embedded in GRUB will
be leaf certificates, not CA certificates. The parser enforces this.
- X.509 certificates support the Extended Key Usa
