GPG signing key

pub  4096R/05E8C5B2 2016-08-18
Leah Rowe (Libreboot signing key) <info@minifree.org>
Fingerprint=CDC9 CAE3 2CB4 B7FC 84FD  C804 969A 9795 05E8 C5B2

Download the key:
$ gpg --recv-keys 0x05E8C5B2

The GPG key can also be downloaded with this exported dump of the pubkey: lbkey.asc.

Download the SHA512 manifest and its corresponding GPG signature, for the release that you are using. Put the src, util and docs archives in the same directory as the SHA512 manifest file. Put your ROM image archives under rom/grub/ in that directory (or rom/depthcharge/, or rom/seabios/, if you use those payloads), and crossgcc tarballs under crossgcc/.

After you've done this, verify the SHA512 checksums:
$ sha512sum -c sha512sum.txt

You can verify the downloaded SHA512 manifest as follows:
$ gpg --verify sha512sum.txt.sig

Back to home page

Old GPG key (no longer used):

pub   4096R/656F212E 2014-07-04
      Vingerafdruk van de sleutel = C923 4BA3 200C F688 9CC0  764D 6E97 D575 656F 212E
      uid                  Libreboot Releases (signing key) <releases@libreboot.org>
      sub   4096R/EC42160E 2014-07-04

The source code for this page is available from a git repository.