Maybe I missed it. Is there signed firmware for release binaries? Thought I would upgrade my NitroKey Storage.
Something like gpg --verify xxxx.tar.gz.sig xxxx.tar.gz. Or at least sha sums preferably signed.
All the best
Erik
Maybe I missed it. Is there signed firmware for release binaries? Thought I would upgrade my NitroKey Storage.
Something like gpg --verify xxxx.tar.gz.sig xxxx.tar.gz. Or at least sha sums preferably signed.
All the best
Erik
Hi! Sorry for delay.
Here it is at v0.50 release page.
I have confirmed by second channel the firmware on Github is valid, made a signature and uploaded it along with my public GPG key (szczepan_at_nitrokey.gpg
).
Awesome. Thanks a lot =)
BTW, manual update signature verification is error-prone and likely many people forget it/do not do so. It would be better to automate that, on Linux with LVFS, which provides a much more seaming-less solution: