We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
linux-surface
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: ba8e475d3b
Branches Tags
linux-surface
/
pkg
/
fedora
/
kernel-surface
/
secureboot
/
0001-secureboot.patch

0001-secureboot.patch 2.2 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. From 71133b4337411ddd550d5e5ef68a12c510740b2c Mon Sep 17 00:00:00 2001
    2. 

  2. From: Dorian Stoll <dorian.stoll@tmsp.io>
    3. 

  3. Date: Sat, 22 Jul 2023 10:45:33 +0200
    4. 

  4. Subject: [PATCH] Use a custom key and certificate for Secure Boot signing
    5. 

  5. 

  6. Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
    7. 

  7. ---
    8. 

  8.  redhat/kernel.spec.template | 15 +++++++++------
    9. 

  9.  1 file changed, 9 insertions(+), 6 deletions(-)
    10. 

  10. 

  11. diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
    12. 

  12. index 28df94e561d4..fd44abc4118a 100644
    13. 

  13. --- a/redhat/kernel.spec.template
    14. 

  14. +++ b/redhat/kernel.spec.template
    15. 

  15. @@ -805,6 +805,7 @@ BuildRequires: system-sb-certs
    16. 

  16.  %ifarch x86_64 aarch64
    17. 

  17.  BuildRequires: nss-tools
    18. 

  18.  BuildRequires: pesign >= 0.10-4
    19. 

  19. +BuildRequires: sbsigntools
    20. 

  20.  %endif
    21. 

  21.  %endif
    22. 

  22.  %endif
    23. 

  23. @@ -864,6 +865,13 @@ Source1: Makefile.rhelver
    24. 

  24.  %define signing_key_filename kernel-signing-s390.cer
    25. 

  25.  %endif
    26. 

  26.  
    27. 

  27. +%ifarch x86_64 aarch64
    28. 

  28. +
    29. 

  29. +Source7001: MOK.key
    30. 

  30. +Source7002: MOK.crt
    31. 

  31. +
    32. 

  32. +%endif
    33. 

  33. +
    34. 

  34.  %if %{?released_kernel}
    35. 

  35.  
    36. 

  36.  Source10: redhatsecurebootca5.cer
    37. 

  37. @@ -2096,9 +2104,7 @@ BuildKernel() {
    38. 

  38.      SignImage=$KernelImage
    39. 

  39.  
    40. 

  40.      %ifarch x86_64 aarch64
    41. 

  41. -    %pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
    42. 

  42. -    %pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
    43. 

  43. -    rm vmlinuz.tmp
    44. 

  44. +    sbsign --key %{SOURCE7001} --cert %{SOURCE7002} --output vmlinuz.signed $SignImage
    45. 

  45.      %endif
    46. 

  46.      %ifarch s390x ppc64le
    47. 

  47.      if [ -x /usr/bin/rpm-sign ]; then
    48. 

  48. @@ -2650,9 +2656,6 @@ BuildKernel() {
    49. 

  49.      # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
    50. 

  50.      mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
    51. 

  51.      %ifarch x86_64 aarch64
    52. 

  52. -       install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
    53. 

  53. -       install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer
    54. 

  54. -       ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
    55. 

  55.      %else
    56. 

  56.         install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
    57. 

  57.      %endif
    58. 

  58. -- 
    59. 

  59. 2.41.0
    60. 

  60.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5