pub 4096R/05E8C5B2 2016-08-18
Leah Rowe (Libreboot signing key) <email@example.com>
Fingerprint=CDC9 CAE3 2CB4 B7FC 84FD C804 969A 9795 05E8 C5B2
Download the key:
$ gpg --recv-keys 0x05E8C5B2
The GPG key can also be downloaded with this exported dump of the pubkey: lbkey.asc.
Download the SHA512 manifest and its corresponding GPG signature, for the release that you are using. Put the src, util and docs archives in the same directory as the SHA512 manifest file. Put your ROM image archives under rom/grub/ in that directory (or rom/depthcharge/, or rom/seabios/, if you use those payloads), and crossgcc tarballs under crossgcc/.
After you've done this, verify the SHA512 checksums:
$ sha512sum -c sha512sum.txt
You can verify the downloaded SHA512 manifest as follows:
$ gpg --verify sha512sum.txt.sig
Old GPG key (no longer used):
pub 4096R/656F212E 2014-07-04 Vingerafdruk van de sleutel = C923 4BA3 200C F688 9CC0 764D 6E97 D575 656F 212E uid Libreboot Releases (signing key) <firstname.lastname@example.org> sub 4096R/EC42160E 2014-07-04
The source code for this page is available from a git repository.