Prolific open-source developer Richard Hughes of Red Hat who has been responsible for the creation of PackageKit, the ColorHug colorimeter hardware, GNOME Software, and for the past number of years focused on the Fwupd firmware updating utility and Linux Vendor Firmware Service (LVFS) has a new open-source project.

Brought on by his LVFS development work, Hughes began developing Jcat as a new open-source project providing an alternative to Microsoft Catalog files. Due to Microsoft still not having documented the Catalog file format that hosts security catalog information and with that the inability to reliably generate Catalog files from Linux, Richard Hughes began developing Jcat. Jcat and Microsoft Catalog files are focused on holding arbitrary signatures for external files. This is of importance for LVFS for ensuring BIOS/firmware files are not tampered with and in fact originated from the LVFS platform.

Jcat amounts to being a gzipped JSON file of detached signatures. It's designed to be easy to support in varying languages / platforms and overcomes the issues of Microsoft Catalog files handling. Hughes currently has a work-in-progress branch supporting Jcat files within fwupd and LVFS.

Those wanting to learn more can do so via Richard's blog in announcing the new effort today.