1 This directory contains known public keys for Linux distributions and other
2 parties that sign boot loaders and kernels that should be verifiable by
3 shim. I'm providing these keys as a convenience to enable easy installation
4 of keys should you replace your distribution's version of shim with another
5 one and therefore require adding its public key as a machine owner key
8 Files come with three extensions. A filename ending in .crt is a
9 certificate file that can be used by sbverify to verify the authenticity of
12 $ sbverify --cert keys/refind.crt refind/refind_x64.efi
14 The .cer and .der filename extensions are equivalent, and are public key
15 files similar to .crt files, but in a different form. The MokManager
16 utility expects its input public keys in this form, so these are the files
17 you would use to add a key to the MOK list maintained by MokManager and
20 The files in this directory are, in alphabetical order:
22 - altlinux.cer -- The public key for ALT Linux (http://www.altlinux.com).
24 - canonical-uefi-ca.crt & canonical-uefi-ca.der -- Canonical's public key,
25 used to sign Ubuntu boot loaders and kernels.
27 - fedora-ca.cer & fedora-ca.crt -- Fedora's public key, used to sign Fedora
28 18's version of shim and Fedora 18's kernels.
30 - openSUSE-UEFI-CA-Certificate.cer & openSUSE-UEFI-CA-Certificate.crt --
31 Public keys used to sign OpenSUSE 12.3.
33 - refind.cer & refind.crt -- My own (Roderick W. Smith's) public key,
34 used to sign refind_x64.efi and the 64-bit rEFInd drivers.
36 - SLES-UEFI-CA-Certificate.cer & SLES-UEFI-CA-Certificate.crt -- The
37 Public key for SUSE Linux Enterprise Server.