|
 |
4210fa |
From aa818fe639f103d9c40fcbc8342edd82ff5d49d2 Mon Sep 17 00:00:00 2001
|
|
|
4210fa |
From: Peter Jones <pjones@redhat.com>
|
|
|
4210fa |
Date: Wed, 1 Oct 2014 23:42:11 -0400
|
|
|
4210fa |
Subject: [PATCH 66/74] Fix some minor testplan errors.
|
|
|
4210fa |
|
|
|
4210fa |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
4210fa |
---
|
|
|
4210fa |
testplan.txt | 6 ++++--
|
|
|
4210fa |
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
4210fa |
|
|
|
4210fa |
diff --git a/testplan.txt b/testplan.txt
|
|
|
4210fa |
index 2fbf238..ab88781 100644
|
|
|
4210fa |
--- a/testplan.txt
|
|
|
4210fa |
+++ b/testplan.txt
|
|
|
4210fa |
@@ -12,7 +12,7 @@ How to test a new shim build for RHEL/fedora:
|
|
|
4210fa |
-s -c "Red Hat Test Certificate"
|
|
|
4210fa |
6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi
|
|
|
4210fa |
cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \
|
|
|
4210fa |
- /boot/efi/EFI/test/test.efi
|
|
|
4210fa |
+ /boot/efi/EFI/test/grubx64.efi
|
|
|
4210fa |
7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also
|
|
|
4210fa |
leave an unsigned copy there:
|
|
|
4210fa |
pesign -i /boot/efi/EFI/redhat/grubx64.efi \
|
|
|
4210fa |
@@ -38,7 +38,9 @@ How to test a new shim build for RHEL/fedora:
|
|
|
4210fa |
12) put shim.efi there as well
|
|
|
4210fa |
cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI
|
|
|
4210fa |
13) enroll the current kernel's certificate with mokutil:
|
|
|
4210fa |
- mokutil --import ~/redhatsecurebootca2.cer
|
|
|
4210fa |
+ # this should be a /different/ cert than the one signing pesign-test-app.
|
|
|
4210fa |
+ # for instance use a RHEL cert for p-t-a and a fedora cert+kernel here.
|
|
|
4210fa |
+ mokutil --import ~/fedora-ca.cer
|
|
|
4210fa |
14) put machine in setup mode
|
|
|
4210fa |
15) boot to the UEFI shell
|
|
|
4210fa |
16) run lockdown.efi from #4:
|
|
|
4210fa |
--
|
|
|
4210fa |
1.9.3
|
|
|
4210fa |
|