Root cert attributes
Glasklar is setting up a CA (this repo).
Initially for issuing an EFI shim signing cert, but it can be used for any X.509 needs that we, or friends of us who need a trust root, might have in the future. Keys are being kept in YubiHSM2 devices.
We will start by generating an RSA-4096 root key because RSA is what we need for the shim signing.
One question is what validity (expiration date) we should use for the CA cert.
Edited by Linus Nordberg