Image Signing Approvals¶
Overview¶
Image signing approvals provide a controlled authorization step for signing operations. When a client submits an image for signing, it may require approval from an authorized user before the signing operation proceeds. The Image Signing Approvals page displays all pending signing requests awaiting a decision.
This approval mechanism ensures that signing operations — particularly those affecting production firmware, boot images, and other security-critical artifacts — are reviewed by authorized personnel before execution.
Approval notifications
Check the Dashboard for a count of pending approval tasks across all categories. Image signing approvals are included in the total pending approvals count.
Reviewing Requests¶
The approvals list displays pending signing requests in a paginated table. Select a request to review its details before making a decision.
Request Summary¶
| Column | Description |
|---|---|
| ID | The unique identifier of the signing request |
| Name | The name of the signing request |
| Description | A description of the signing operation |
Request Details¶
Expand a request row to see the full details:
| Field | Description |
|---|---|
| Request ID | The unique identifier for tracking |
| Created | When the request was submitted |
| User OID | The identity of the requesting user |
| Product Name | The product associated with this signing request |
| Product ID | The product's unique identifier |
| Operation Name | The specific operation being requested |
| Operation ID | The operation's unique identifier |
| Operation Type | The type of signing operation (e.g., SIGN_HAB, SIGN_OCI) |
Payload Information¶
The expanded view also shows payload details:
| Field | Description |
|---|---|
| Payload Name | The name of the artifact being signed |
| SHA-256 Hash | The cryptographic hash of the payload content for verification |
| Metadata | Key-value pairs providing additional context about the signing request |
Verify before approving
Always review the payload hash and metadata to ensure the signing request is legitimate. Compare the SHA-256 hash against expected values from your build pipeline to confirm the correct artifact is being signed.
Approval Actions¶
After selecting a request and reviewing its details, you can take one of two actions:
| Action | Effect | Description |
|---|---|---|
| Approve | Authorizes the signing operation | The signing service proceeds with the operation using the configured keys and algorithms |
| Reject | Denies the signing request | The signing operation is blocked and the requesting client is notified of the rejection |
Making a Decision¶
- Select a pending request from the list.
- Review the request details in the expanded panel.
- Click Approve or Reject.
- Confirm your decision in the confirmation dialog.
- The list refreshes automatically after the action is processed.
Approval groups
Only users belonging to the approval groups configured for the product operation can approve or reject requests. If you cannot see the approve/reject buttons, verify your security group membership with your administrator.
Troubleshooting¶
| Issue | Possible Cause | Resolution |
|---|---|---|
| No pending requests visible | There are no pending signing requests, or you lack the required approval group membership | Verify your security group assignments with your administrator |
| Approve/Reject buttons are disabled | No request is selected | Click on a request row to select it before taking action |
| Approval action fails | The request may have already been processed by another approver | Refresh the list; the request may no longer be pending |