Hi, were you able to update the certificates? I can test or otherwise help if a new image is available. Thanks!
________________________________
From: arch-releng on behalf of Anindya Mukherjee via arch-releng
Sent: October 2, 2019 9:47 AM
To: Santiago Torres-Arias
Cc: Anindya Mukherjee ; Arch Linux Release Engineering
Subject: Re: [arch-releng] ipxe.lkrn BIOS TLS issue
Thanks! The image I used is from https://www.archlinux.org/static/netboot/ipxe.08268867b45a.lkrn
I have a thread on the forums where I describe the issue, in case that is helpful:
https://bbs.archlinux.org/viewtopic.php?pid=1866379#p1866379
Let me now if I can do anything else.
ipxe.lkrn BIOS TLS issue / Installation / Arch Linux Forumshttps://bbs.archlinux.org/viewtopic.php?pid=1866379#p1866379
Netboot images are maintained by the release engineering people. You might want to file a bug report for "Release Engineering" or post to the arch-releng ML about this.
bbs.archlinux.org
www.archlinux.orghttps://www.archlinux.org/static/netboot/ipxe.08268867b45a.lkrn
®TUªëUHdrS H ÿÿÿÿÿ 1.0.0+ (b6ffe) h\ Ë1ÀŽÐ¼|üf‹ ( f…Òt+f‰×fƒç fÁÊ ŽÂW¹ÿÿò®÷Ñ^‰ç)σçð‰ü ó¤ f ·Ôf‹. f…íu fƒÍÿèC f1öf1ÿè[ ŽÓ¼Ð0Ph ËPSU…ÿt ˆ Gë » ´ u Í ° Í ][XÃP° èÛÿXÃP¬„Àt èÐÿëöXÃfÁÈ è fÁÈ †Äè †ÄÀÈ è ÀÈ P$ i/è¦ÿXÃfQgó¤fYÃfQP1ÀgóªXfYÃfPfUfh“Ïfhÿÿfh0 jÿfh° jÿfj j f ...
www.archlinux.orghttp://www.archlinux.org
________________________________
From: Santiago Torres-Arias
Sent: October 2, 2019 7:53 AM
To: Anindya Mukherjee
Cc: Arch Linux Release Engineering
Subject: Re: [arch-releng] ipxe.lkrn BIOS TLS issue
On Wed, Oct 02, 2019 at 02:21:22AM +0000, Anindya Mukherjee wrote:
I can load the .ipxe script from Firefox and display the certificate details:
Serial: 04:45:82:E5:7F:72:A5:7A:C1:D5:E9:ED:8C:57:3C:1E:BB:B0
SHA-256: AD:8D:28:BE:3D:A1:40:FB:08:AB:4C:1F:1E:B5:8E:B0:3E:4F:4A:52:23:69:AB:85:41:2D:60:A7:C2:80:25:80
SHA1 25:95:32:0A:21:2E:CA:EA:43:AB:3F:1D:89:BF:9A:F7:D9:9E:59:F7
Does that help? The certificate can be viewed by loading https://www.archlinux.org/releng/netboot/archlinux.ipxe in Firefox (for example) and clicking the green padlock.
Hmmm,
I wanted to get the certificate chain so I could see if the rootcerts on
the ipxe image trust that. I think this is an issue with us just
shipping one of the two LE certificates on the ipxe image.
Would you kindly share your image/anything else you have so I can debug
this? I may have some free time after work today...
Cheers!
-Santiago/Sangy