From a68334a13cf243fb024644fcca6ae04a9825ffa7 Mon Sep 17 00:00:00 2001
From: srs5694 <srs5694@users.sourceforge.net>
Date: Sun, 16 Dec 2012 21:02:45 -0500
Subject: [PATCH] Public keys for Secure Boot/shim

---
 keys/README.txt            |  26 ++++++++++++++++++++++++++
 keys/canonical-uefi-ca.der | Bin 0 -> 1080 bytes
 keys/refind.cer            | Bin 0 -> 831 bytes
 keys/refind.crt            |  20 ++++++++++++++++++++
 4 files changed, 46 insertions(+)
 create mode 100644 keys/README.txt
 create mode 100644 keys/canonical-uefi-ca.der
 create mode 100644 keys/refind.cer
 create mode 100644 keys/refind.crt

diff --git a/keys/README.txt b/keys/README.txt
new file mode 100644
index 0000000..5376570
--- /dev/null
+++ b/keys/README.txt
@@ -0,0 +1,26 @@
+This directory contains known public keys for Linux distributions and other
+parties that sign boot loaders and kernels that should be verifiable by
+shim. I'm providing these keys as a convenience to enable easy installation
+of keys should you replace your distribution's version of shim with another
+one and therefore require adding its public key as a machine owner key
+(MOK).
+
+Files come with three extensions. A filename ending in .crt is a
+certificate file that can be used by sbverify to verify the authenticity of
+a key, as in:
+
+$ sbverify --cert keys/refind.crt refind/refind_x64.efi
+
+The .cer and .der filename extensions are equivalent, and are public key
+files similar to .crt files, but in a different form. The MokManager
+utility expects its input public keys in this form, so these are the files
+you would use to add a key to the MOK list maintained by MokManager and
+used by shim.
+
+The files in this directory are:
+
+- canonical-uefi-ca.der -- Canonical's public key, used to sign Ubuntu
+  boot loaders and kernels.
+
+- refind.cer & refind.crt -- My own (Roderick W. Smith's) public key,
+  used to sign refind_x64.efi and the 64-bit rEFInd drivers.
diff --git a/keys/canonical-uefi-ca.der b/keys/canonical-uefi-ca.der
new file mode 100644
index 0000000000000000000000000000000000000000..b4098d9cd81ea586602804afcf876e6247230081
GIT binary patch
literal 1080
zcmXqLVlgpjVwPFJ%*4pV#L2MJQDuRI&ZKk$UN%mxHjlRNyo`+8tPBQ?Er#3%oNUaY
zENsF|?oNgx20|bX2M@PraZaj2ewu=BVxFOZ0Ut<|orm2ezcf83vDi@DKolgx#lz>E
zn3tcInVguT;8T*KXJ}$z1d?Fp(MFX3np0eoTBP8dT2zvm22@{?s^C~!l96AOSyE{r
zC(dhVWME=wWN2t;WNH{C&T9hVf&hp+Se)6!sDvDVjI0dIO^o~u22G4yOihf84Ev+4
z#7f>N#;!|zJ2!02-h20oKHsg=^-1Dib0F7)L-2fW_wPh`^)rHbH$!bLLtZ;rZ`}Q;
z)ui&&_v-z-s!j;#O4hE8JiqM9OF#Zw>w;eS%$soT*i2r(^wf&jpBJxMczIRzPo7gR
zwYc^6xnJGi4=qyEogLz6DiAK*o3lrgEx@bp)y$O{%dL;IOB>BwAlc4WxjSQ~Zr$Xd
zr{7+moc&Y#?T!r3JvXNYI7A=aRJiJOO!&RRpAKAiqu0o_=mtmyU3>UBJ8wdYfAp5u
z3QrORZbf}~^~C8q<B@-g@;7%L2$|~C7*r(hnNoEkN97|&0k`kc1x6Pa$b_%(eY}2Y
zA1kY!fb&8oW=00a#f{4h8W$VL0+WF(ABz}^$l8fBxesY={3_1Uqr5FOO0CZ%D%n6D
zB(2OMVIbCkT>(ExfiNTEe->5)W*}w24HDpIVF9M-HUno6N1nyTz{<d4f!P9+HlvJ^
zk^(Dz{qpj1y<}LD)Jx9K)h|v>E-gycP0G(N(ai-XLfzy<z2u@C<fsJZ1z=P%GT7IC
zD_gp`d5d<{h1?)1=H??p%LC@PPdam8N_o?zb>W+5vV1kNIu<I+ep_f|*smK`$`oEd
zIUIO<R?M79_7cUnrerOgY0<N!BlqAR%fbsKWn#>BValdgL*1jLWE~G(7V^3Ce;wDP
zIZ0gNjB|<~#BKb$=h{|D!K%8mcFc8Yx1(2_wDbu4AN+8RVemw0Yk^W`@m<dvnHr`P
z__%GKvcXpLtb8BSgAAtr-#^`DYZoydV-Gws>&)A`=NHGmowR%3#lO$q$QuV1v+T1e
z+EB~!gYo~2+S79$WLlQ1x)*kA>{VZ?x8l2fd_(4RyOm#NirhZO%*UN}L?(Cd4)yYb
MPE+>&$>Q1r029B9o&W#<

literal 0
HcmV?d00001

diff --git a/keys/refind.cer b/keys/refind.cer
new file mode 100644
index 0000000000000000000000000000000000000000..9774f80c201b0d18221c35585d9f6d8e0fa7283a
GIT binary patch
literal 831
zcmXqLVzxGDVp3kf%*4pV#L4jB=$jHA(I7tqUN%mxHjlRNyo`*jtPBPwhDHVkY|No7
z%siSw`6;PInaSA-;d%<extS#yItoSkDa9a`1Bj87pPyZ<mz<w#AScdiXav-0W@Kn=
zVPp{{&T9<f0>!{wGEHq_R6=$hBP#=Q6C*!^K@%evQxhX2!z#bh$$P&qlMg-rP-+oJ
z%d@Mq*B{a>{aF!H*i)9syIs-$-WBV+^XKGFUZQfLMe5TuwhvYpN}g~|=+3|M;l_^F
zThit4%0}+J*U8SpvNb-*v*={bf$IM)48ogTpYJa}xxH3R-Q(7e1-Ct(m4`dC|C(`d
z;`v{8ejnu?FNx+j`AYfc+{gF$PqFP~XWPvd_q8HPJJ>5b_wm=9tHCEyFYaD=a<yam
z9|y1Vo^!p`grwQZmaQpEUHOu0@;>_u2eUZKH&vcXHJLo6ZTlpX2}{_t`tL1KwT-<X
z|J=6r!(8T<HT^YrKi!-rY?Jo?+GgI;;}c?R5~u&lxmU;VZxL7L)a_d5WvuMmnV1<F
z7#9Z^_!-CoV@#HhMT|w{G7sBc%ZOz;GfL|@S8#+rEb)peFpvjHE3-%#h&5nWzynes
z%))BG%*gm3In04c0vP6u3@g6>e(0vScfmm^wHpgh_rFZEwiQxpa$dgS?6C_OGQVeh
zy;r=WQn=~eF+pp$_<z^`WZl2|hkwJCnHxTtJG|aryuSWL;@R}f2}T0{H~;dy5`2X9
z$nQTPR(91r&i=7er(QC68?5UiIk{G0fk^Dn^L5$3Z-nuFtr7|Qd-u7{-h&Er{$Eg)
zsHvHfaPr^0!>X#sW(f7MvesYi{VSmp<(Xcz_Qdn>XoCQubKkD7sZlAY>#|>SqwWyX
zUi;_Eba&MCs+|6Bx<B!)ueWPBe^r>@8HP9Kt|z?NrSZ6I&+3)piVyj0&l+26u0H>Q
gm+|yopI2A<jlbWP?Ydu9nN+5-iv3kd7thjH03B*vjsO4v

literal 0
HcmV?d00001

diff --git a/keys/refind.crt b/keys/refind.crt
new file mode 100644
index 0000000..614f6d2
--- /dev/null
+++ b/keys/refind.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiOgAwIBAgIJAODF7HQMFVJOMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAMMKVJvZGVyaWNrIFcuIFNtaXRoLCByb2RzbWl0aEByb2RzYm9va3MuY29tMB4X
+DTEyMTIwNjIxMzgyOFoXDTMyMTIwMTIxMzgyOFowNDEyMDAGA1UEAwwpUm9kZXJp
+Y2sgVy4gU21pdGgsIHJvZHNtaXRoQHJvZHNib29rcy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqTnWTvfemH1XP4RqiCITm1Zuvwil1+XhccYx2
+YQ23IU/e1Dvdn5xtk6Qk0IQa8pYG8DrQdOQJkItv3PDYuOu0Zx/dHVm93okHBAS1
+X2JJcslswHv/hAATs0Xnv3fJt30mJ0ja+KDbSOZ3V0MH+pjBkc/6Pk7xHuOkWwjJ
+6iP5nePeD8oGvQcGuwZe9XhiK1NKa23j9WzVU8hl0buhyatBd/xASs9JnUsmEhsG
+dqasdmWp6QqTvj/QwWoJd7J5zmU0k5SGt5I0kKQGKo/epCU9XdAf5z198J0D6XyP
+fN3y2ZYTPGb/1rMNdceQXDxhl/ps3n4A/qIKiZW3Ks8cOj+HAgMBAAGjUDBOMB0G
+A1UdDgQWBBTTDAa9OVimbJh1fwmoCFXhdEpacDAfBgNVHSMEGDAWgBTTDAa9OVim
+bJh1fwmoCFXhdEpacDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCo
+9/vhRiG9oMEaJtihy4/pYTs9EiKCQ6ewzcbQaBz7mPXec7h5E4LuxhE7Rl/+1/xq
+39X8D7C0mbDyN0Drt3Ovf+hhzWdpkDIQ/7P6SdRTxAXE+/xUOj57jENPXZWV0jDt
+Uy1MGZN9IKAUXfnPfmv72FYN9XoUVv3d5yy9wSCc/9AlGHx8lGDJ/p7DJSXGmBKO
+BQV/1Y39GCxaSWdyrcjnV1swUBLO9tesfCRwfoo/rNh+wgK9P+emLbh+jSTL/zW/
+Ye1NS0VXD3pWTswA7M7XYOy6KON2vKupFyHhDj3NMzspq8/oDQHLvUzq1I8z99sd
+it92eWJ2JKoH6nSKDKXq
+-----END CERTIFICATE-----
-- 
2.39.2