From: srs5694 Date: Mon, 17 Dec 2012 02:02:45 +0000 (-0500) Subject: Public keys for Secure Boot/shim X-Git-Url: https://code.delx.au/refind/commitdiff_plain/a68334a13cf243fb024644fcca6ae04a9825ffa7 Public keys for Secure Boot/shim --- diff --git a/keys/README.txt b/keys/README.txt new file mode 100644 index 0000000..5376570 --- /dev/null +++ b/keys/README.txt @@ -0,0 +1,26 @@ +This directory contains known public keys for Linux distributions and other +parties that sign boot loaders and kernels that should be verifiable by +shim. I'm providing these keys as a convenience to enable easy installation +of keys should you replace your distribution's version of shim with another +one and therefore require adding its public key as a machine owner key +(MOK). + +Files come with three extensions. A filename ending in .crt is a +certificate file that can be used by sbverify to verify the authenticity of +a key, as in: + +$ sbverify --cert keys/refind.crt refind/refind_x64.efi + +The .cer and .der filename extensions are equivalent, and are public key +files similar to .crt files, but in a different form. The MokManager +utility expects its input public keys in this form, so these are the files +you would use to add a key to the MOK list maintained by MokManager and +used by shim. + +The files in this directory are: + +- canonical-uefi-ca.der -- Canonical's public key, used to sign Ubuntu + boot loaders and kernels. + +- refind.cer & refind.crt -- My own (Roderick W. Smith's) public key, + used to sign refind_x64.efi and the 64-bit rEFInd drivers. diff --git a/keys/canonical-uefi-ca.der b/keys/canonical-uefi-ca.der new file mode 100644 index 0000000..b4098d9 Binary files /dev/null and b/keys/canonical-uefi-ca.der differ diff --git a/keys/refind.cer b/keys/refind.cer new file mode 100644 index 0000000..9774f80 Binary files /dev/null and b/keys/refind.cer differ diff --git a/keys/refind.crt b/keys/refind.crt new file mode 100644 index 0000000..614f6d2 --- /dev/null +++ b/keys/refind.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDOzCCAiOgAwIBAgIJAODF7HQMFVJOMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV +BAMMKVJvZGVyaWNrIFcuIFNtaXRoLCByb2RzbWl0aEByb2RzYm9va3MuY29tMB4X +DTEyMTIwNjIxMzgyOFoXDTMyMTIwMTIxMzgyOFowNDEyMDAGA1UEAwwpUm9kZXJp +Y2sgVy4gU21pdGgsIHJvZHNtaXRoQHJvZHNib29rcy5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqTnWTvfemH1XP4RqiCITm1Zuvwil1+XhccYx2 +YQ23IU/e1Dvdn5xtk6Qk0IQa8pYG8DrQdOQJkItv3PDYuOu0Zx/dHVm93okHBAS1 +X2JJcslswHv/hAATs0Xnv3fJt30mJ0ja+KDbSOZ3V0MH+pjBkc/6Pk7xHuOkWwjJ +6iP5nePeD8oGvQcGuwZe9XhiK1NKa23j9WzVU8hl0buhyatBd/xASs9JnUsmEhsG +dqasdmWp6QqTvj/QwWoJd7J5zmU0k5SGt5I0kKQGKo/epCU9XdAf5z198J0D6XyP +fN3y2ZYTPGb/1rMNdceQXDxhl/ps3n4A/qIKiZW3Ks8cOj+HAgMBAAGjUDBOMB0G +A1UdDgQWBBTTDAa9OVimbJh1fwmoCFXhdEpacDAfBgNVHSMEGDAWgBTTDAa9OVim +bJh1fwmoCFXhdEpacDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCo +9/vhRiG9oMEaJtihy4/pYTs9EiKCQ6ewzcbQaBz7mPXec7h5E4LuxhE7Rl/+1/xq +39X8D7C0mbDyN0Drt3Ovf+hhzWdpkDIQ/7P6SdRTxAXE+/xUOj57jENPXZWV0jDt +Uy1MGZN9IKAUXfnPfmv72FYN9XoUVv3d5yy9wSCc/9AlGHx8lGDJ/p7DJSXGmBKO +BQV/1Y39GCxaSWdyrcjnV1swUBLO9tesfCRwfoo/rNh+wgK9P+emLbh+jSTL/zW/ +Ye1NS0VXD3pWTswA7M7XYOy6KON2vKupFyHhDj3NMzspq8/oDQHLvUzq1I8z99sd +it92eWJ2JKoH6nSKDKXq +-----END CERTIFICATE-----