]> code.delx.au - refind/commitdiff
delx.au / code / refind / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 315c068)
Public keys for Secure Boot/shim
authorsrs5694 <srs5694@users.sourceforge.net>
Mon, 17 Dec 2012 02:02:45 +0000 (21:02 -0500)
committersrs5694 <srs5694@users.sourceforge.net>
Mon, 17 Dec 2012 02:02:45 +0000 (21:02 -0500)
keys/README.txt [new file with mode: 0644] patch | blob
keys/canonical-uefi-ca.der [new file with mode: 0644] patch | blob
keys/refind.cer [new file with mode: 0644] patch | blob
keys/refind.crt [new file with mode: 0644] patch | blob

diff --git a/keys/README.txt b/keys/README.txt
new file mode 100644 (file)
index 0000000..5376570
--- /dev/null
+++ b/keys/README.txt
@@ -0,0 +1,26 @@
+This directory contains known public keys for Linux distributions and other
+parties that sign boot loaders and kernels that should be verifiable by
+shim. I'm providing these keys as a convenience to enable easy installation
+of keys should you replace your distribution's version of shim with another
+one and therefore require adding its public key as a machine owner key
+(MOK).
+
+Files come with three extensions. A filename ending in .crt is a
+certificate file that can be used by sbverify to verify the authenticity of
+a key, as in:
+
+$ sbverify --cert keys/refind.crt refind/refind_x64.efi
+
+The .cer and .der filename extensions are equivalent, and are public key
+files similar to .crt files, but in a different form. The MokManager
+utility expects its input public keys in this form, so these are the files
+you would use to add a key to the MOK list maintained by MokManager and
+used by shim.
+
+The files in this directory are:
+
+- canonical-uefi-ca.der -- Canonical's public key, used to sign Ubuntu
+  boot loaders and kernels.
+
+- refind.cer & refind.crt -- My own (Roderick W. Smith's) public key,
+  used to sign refind_x64.efi and the 64-bit rEFInd drivers.
diff --git a/keys/canonical-uefi-ca.der b/keys/canonical-uefi-ca.der
new file mode 100644 (file)
index 0000000..b4098d9
Binary files /dev/null and b/keys/canonical-uefi-ca.der differ
diff --git a/keys/refind.cer b/keys/refind.cer
new file mode 100644 (file)
index 0000000..9774f80
Binary files /dev/null and b/keys/refind.cer differ
diff --git a/keys/refind.crt b/keys/refind.crt
new file mode 100644 (file)
index 0000000..614f6d2
--- /dev/null
+++ b/keys/refind.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiOgAwIBAgIJAODF7HQMFVJOMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAMMKVJvZGVyaWNrIFcuIFNtaXRoLCByb2RzbWl0aEByb2RzYm9va3MuY29tMB4X
+DTEyMTIwNjIxMzgyOFoXDTMyMTIwMTIxMzgyOFowNDEyMDAGA1UEAwwpUm9kZXJp
+Y2sgVy4gU21pdGgsIHJvZHNtaXRoQHJvZHNib29rcy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqTnWTvfemH1XP4RqiCITm1Zuvwil1+XhccYx2
+YQ23IU/e1Dvdn5xtk6Qk0IQa8pYG8DrQdOQJkItv3PDYuOu0Zx/dHVm93okHBAS1
+X2JJcslswHv/hAATs0Xnv3fJt30mJ0ja+KDbSOZ3V0MH+pjBkc/6Pk7xHuOkWwjJ
+6iP5nePeD8oGvQcGuwZe9XhiK1NKa23j9WzVU8hl0buhyatBd/xASs9JnUsmEhsG
+dqasdmWp6QqTvj/QwWoJd7J5zmU0k5SGt5I0kKQGKo/epCU9XdAf5z198J0D6XyP
+fN3y2ZYTPGb/1rMNdceQXDxhl/ps3n4A/qIKiZW3Ks8cOj+HAgMBAAGjUDBOMB0G
+A1UdDgQWBBTTDAa9OVimbJh1fwmoCFXhdEpacDAfBgNVHSMEGDAWgBTTDAa9OVim
+bJh1fwmoCFXhdEpacDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCo
+9/vhRiG9oMEaJtihy4/pYTs9EiKCQ6ewzcbQaBz7mPXec7h5E4LuxhE7Rl/+1/xq
+39X8D7C0mbDyN0Drt3Ovf+hhzWdpkDIQ/7P6SdRTxAXE+/xUOj57jENPXZWV0jDt
+Uy1MGZN9IKAUXfnPfmv72FYN9XoUVv3d5yy9wSCc/9AlGHx8lGDJ/p7DJSXGmBKO
+BQV/1Y39GCxaSWdyrcjnV1swUBLO9tesfCRwfoo/rNh+wgK9P+emLbh+jSTL/zW/
+Ye1NS0VXD3pWTswA7M7XYOy6KON2vKupFyHhDj3NMzspq8/oDQHLvUzq1I8z99sd
+it92eWJ2JKoH6nSKDKXq
+-----END CERTIFICATE-----