proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-16 10:48:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Exclude ca.crt while signing EFI images

Browse Source 
If ca.crt was added into the certificate database, ca.crt would be the first
certificate in the signature. Because shim couldn't verify ca.crt with the
embedded shim.cer, it failed to load MokManager.efi.signed and
fallback.efi.signed.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
This commit is contained in:
Gary Ching-Pang Lin 2014-06-25 10:03:08 -04:00 committed by Peter Jones
parent dcc523811b
commit ea1c89b047
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -73,7 +73,6 @@ version.c : version.c.in
certdb/secmod.db: shim.crt certdb/secmod.db: shim.crt
-mkdir certdb -mkdir certdb
certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
pk12util -d certdb/ -i shim.p12 -W "" -K "" pk12util -d certdb/ -i shim.p12 -W "" -K ""
certutil -d certdb/ -A -i shim.crt -n shim -t u certutil -d certdb/ -A -i shim.crt -n shim -t u