On Fri, Aug 9, 2019 at 8:31 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > Hello all, > > I'm not sure if this is the place for this, but if not perhaps you > could point me in the right direction? > > I'm looking for the certificate associated with the key used to sign > the Fedora kernels for UEFI Secure Boot. What little information I've > found indicates that it should be part of the "shim" package sources, > but it isn't there, and looking back and random points in it's history > I can't seem to find it. I've found the CA used to sign this mystery > certificate, but not the kernel's signing certificate. Any help you > can provide would be appreciated. > > For reference, this is the certificate I'm looking for: > > Signer #0: > Subject: /CN=Fedora Secure Boot Signer > Issuer : /CN=Fedora Secure Boot CA > Serial : 9976F70F > > ... and no, I'm obviously not asking for the private key, just an > authoritative source for the public key certificate :) Nobody knows where to find the "CN=Fedora Secure Boot Signer" certificate? That's a little scary :) I guess I can just extract it from the signed kernel image and verify it with the CA but that seems like a bad answer to me. -- paul moore www.paul-moore.com _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
