Comment 0 for bug 1916632

for a custom uefi signing upload it would be useful to generate metadata and signature log

i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate.

Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.

But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.