arrfab / rpms / shim

Forked from rpms/shim 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta
  1.   4210fa29b612e855faf4f21a52d62dd0eadbc44a
  2.   SOURCES
  3.   0034-Exclude-ca.crt-while-signing-EFI-images.patch
Blob History Raw
4210fa 
From 09283f08f001305db5a3299b53acba85bf6c9876 Mon Sep 17 00:00:00 2001
4210fa 
From: Gary Ching-Pang Lin <glin@suse.com>
4210fa 
Date: Mon, 4 Nov 2013 17:51:55 +0800
4210fa 
Subject: [PATCH 34/74] Exclude ca.crt while signing EFI images
4210fa
4210fa 
If ca.crt was added into the certificate database, ca.crt would be the first
4210fa 
certificate in the signature. Because shim couldn't verify ca.crt with the
4210fa 
embedded shim.cer, it failed to load MokManager.efi.signed and
4210fa 
fallback.efi.signed.
4210fa
4210fa 
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
4210fa 
---
4210fa 
 Makefile | 1 -
4210fa 
 1 file changed, 1 deletion(-)
4210fa
4210fa 
diff --git a/Makefile b/Makefile
4210fa 
index 46e5ef9..df190a2 100644
4210fa 
--- a/Makefile
4210fa 
+++ b/Makefile
4210fa 
@@ -73,7 +73,6 @@ version.c : version.c.in
4210fa
4210fa 
 certdb/secmod.db: shim.crt
4210fa 
 	-mkdir certdb
4210fa 
-	certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
4210fa 
 	pk12util -d certdb/ -i shim.p12 -W "" -K ""
4210fa 
 	certutil -d certdb/ -A -i shim.crt -n shim -t u
4210fa
4210fa 
--
4210fa 
1.9.3
4210fa

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation