Richard Hughes has two new blog posts, one with an update to LVFS, and one on how it parses firmware ‘blobs’:
[…]Specifically, firmware is now being checked for expired Authenticode certificates which expired more than 3 years before the upload date of the firmware. The LVFS is also looking for test signing certificates that really should not exist in production firmware. All existing firmware on the LVFS is being tested, and the test backlog should be complete by this afternoon. All test failures are currently waivable.[…]
Firmware Security 