1 This directory contains known public keys for Linux distributions and other
2 parties that sign boot loaders and kernels that should be verifiable by
3 shim. I'm providing these keys as a convenience to enable easy installation
4 of keys should you replace your distribution's version of shim with another
5 one and therefore require adding its public key as a machine owner key
8 Files come with three extensions. A filename ending in .crt is a
9 certificate file that can be used by sbverify to verify the authenticity of
12 $ sbverify --cert keys/refind.crt refind/refind_x64.efi
14 The .cer and .der filename extensions are equivalent, and are public key
15 files similar to .crt files, but in a different form. The MokManager
16 utility expects its input public keys in this form, so these are the files
17 you would use to add a key to the MOK list maintained by MokManager and
20 The files in this directory are, in alphabetical order:
22 - altlinux.cer -- The public key for ALT Linux (http://www.altlinux.com).
24 - canonical-uefi-ca.der -- Canonical's public key, used to sign Ubuntu
25 boot loaders and kernels.
27 - fedora-ca.cer -- Fedora's public key, used to sign Fedora 18's version of
28 shim and Fedora 18's kernels.
30 - refind.cer & refind.crt -- My own (Roderick W. Smith's) public key,
31 used to sign refind_x64.efi and the 64-bit rEFInd drivers.