Skip to content

Please add ca-netboot-xyz.crt to version management #1605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhangyoufu opened this issue Apr 3, 2025 · 0 comments
Open

Please add ca-netboot-xyz.crt to version management #1605

zhangyoufu opened this issue Apr 3, 2025 · 0 comments
Labels
enhancement

Comments

@zhangyoufu
Copy link

Is your feature request related to a problem? Please describe.
The ca-netboot-xyz.crt is the trust anchor for this project. It is resonable to check https://boot.netboot.xyz/sigs/menu.ipxe.sig against this CA cert before chainloading. I am not aware where I can find this CA certificate, except extracting it from .sig files.

Describe the solution you'd like
Add ca-netboot-xyz.crt and codesign.crt into this repo, so that whoever interested in chain of trust could find and consume them more easily.

Describe alternatives you've considered
Something like https://ca.ipxe.org ? netboot.xyz does not cross-sign WebPKI root CAs, so may be too heavy.
But make the CA cert available via http/https URL is still helpful.

Additional context
ca-netboot-xyz.crt is about to expire on Jan 28 16:37:31 2026 GMT. Could you please schedule a rotation and annouce it?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zhangyoufu