On Fri, 2016-08-12 at 18:08 +0530, Vinod Koul wrote:
> Any solution needs to comprehend that additional signing might be
> present.

I would go further than that: Any solution needs to be able to *use*
existing signatures. I don't like your use of the term "additional
signing".

It's for that reason that I think we actually want to (hold our noses
and) support Authenticode signatures too. Because some firmware images
we want to use are available with original signatures in that form.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@intel.com                              Intel Corporation