diff --git a/debian/certs/debian-uefi-ca.pem b/debian/certs/debian-uefi-ca.pem new file mode 100644 index 000000000..315301e73 --- /dev/null +++ b/debian/certs/debian-uefi-ca.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnjCCAoagAwIBAgIRAO1UodWvh0iUjZ+JMu6cfDQwDQYJKoZIhvcNAQELBQAw +IDEeMBwGA1UEAxMVRGViaWFuIFNlY3VyZSBCb290IENBMB4XDTE2MDgxNjE4MDkx +OFoXDTQ2MDgwOTE4MDkxOFowIDEeMBwGA1UEAxMVRGViaWFuIFNlY3VyZSBCb290 +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZXUi5vaEKwuyoI3 +waTLSsMbQpPCeinTbt1kr4Cv6maiG2GcgwzFa7k1Jf/F++gpQ97OSz3GEk2x7yZD +lWjNBBH+wiSb3hTYhlHoOEO9sZoV5Qhr+FRQi7NLX/wU5DVQfAux4gOEqDZI5IDo +6p/6v8UYe17OHL4sgHhJNRXAIc/vZtWKlggrZi9IF7Hn7IKPB+bK4F9xJDlQCo7R +cihQpZ0h9ONhugkDZsjfTiY2CxUPYx8rr6vEKKJWZIWNplVBrjyIld3Qbdkp29jE +aLX89FeJaxTb4O/uQA1iH+pY1KPYugOmly7FaxOkkXemta0jp+sKSRRGfHbpnjK0 +ia9XeQIDAQABo4HSMIHPMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAoYlaHR0 +cHM6Ly9kc2EuZGViaWFuLm9yZy9zZWN1cmUtYm9vdC1jYTAfBgNVHSMEGDAWgBRs +zs5+TGwNH2FJ890n38xcu0GeoTAUBglghkgBhvhCAQEBAf8EBAMCAPcwEwYDVR0l +BAwwCgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w +HQYDVR0OBBYEFGzOzn5MbA0fYUnz3SffzFy7QZ6hMA0GCSqGSIb3DQEBCwUAA4IB +AQB3lj5Hyc4Jz4uJzlntJg4mC7mtqSu9oeuIeQL/Md7+9WoH72ETEXAev5xOZmzh +YhKXAVdlR91Kxvf03qjxE2LMg1esPKaRFa9VJnJpLhTN3U2z0WAkLTJPGWwRXvKj +8qFfYg8wrq3xSGZkfTZEDQY0PS6vjp3DrcKR2Dfg7npfgjtnjgCKxKTfNRbCcitM +UdeTk566CA1Zl/LiKaBETeru+D4CYMoVz06aJZGEP7dax+68a4Cj2f2ybXoeYxTr +7/GwQCXV6A6B62v3y//lIQAiLC6aNWASS1tfOEaEDAacz3KTYhjuXJjWs30GJTmV +305gdrAGewiwbuNknyFWrTkP +-----END CERTIFICATE----- diff --git a/debian/certs/test-signing-certs.pem b/debian/certs/test-signing-certs.pem deleted file mode 100644 index bab513093..000000000 --- a/debian/certs/test-signing-certs.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJjCCAg6gAwIBAgIJAOmHdbieZFH0MA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV -BAMMHXNlY3VyZS1ib290LXRlc3Qta2V5LWxmYXJhb25lMB4XDTE4MDQwODA5NDYz -OFoXDTE4MDUwODA5NDYzOFowKDEmMCQGA1UEAwwdc2VjdXJlLWJvb3QtdGVzdC1r -ZXktbGZhcmFvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2ZKT -CXiUNldWounP5xoLtG6uavjCARJSXhWskBOOKoHsPSekv2db5l8iBLDlkIkuox0B -ozN+tuw/9wv3BVUYyRCLkLhvgHq+EpLUxnmRViO4YuxtkmXkJ8QFy/4RozjKTpPt -ViToFpaFdgJrWwSaIjJVSyeRWX3nm/ir4TCrQB32QG2Fm7rN+k28nigeiSsvDscu -A8zQsdvk3tI1p8Kxez9lFwUvfHPraL0wgA47GE71Lu+8aqrIsjBA+6ZVCwD6OGSN -brqFkYnE43+Yo3HDabu67It7tU+e1+c+Pw2lVij2lWMX9jj0qSShnIby/iqC7nb1 -NgIrjs4WqntGRsD/AgMBAAGjUzBRMB0GA1UdDgQWBBSXwbJc3fmHPKeKWPPXO/cn -0s94/zAfBgNVHSMEGDAWgBSXwbJc3fmHPKeKWPPXO/cn0s94/zAPBgNVHRMBAf8E -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAjbSD3myNwzu32tHIJhbiIXX/qtSPt -TNDiWNdMU/GN7NljirWbKG2GJERkmLyuQw1odcEGWcErvyznLzFTHJefCm0PkwwE -zLH3eKwwloR3a/zY+CQsvrC+FIduq3XvRsOKilVR/JSx4PHY75zvntYh0/lvYmFN -4mCTZzHeig9E5ybVOdab4V3WIzWW6f840uTHDoAQ9u194OtAEBabThO/q0uslovj -n0cDwTzuVFIR/GtVlI9ig+jWX/JKuXi3TjLMQckt2s4yog6H6NqiBpje/IYXO8P+ -lsPViykeO1tGalEB2OvB78OBHWWx5IQUqPYvsZnjJA6D3sPmjEBVQz+S ------END CERTIFICATE----- diff --git a/debian/changelog b/debian/changelog index 67ea7b4e3..f6a723d65 100644 --- a/debian/changelog +++ b/debian/changelog @@ -687,6 +687,7 @@ linux (4.19.28-1) UNRELEASED; urgency=medium * udeb: Move drivers from {hyperv,virtio}-modules to {fb,input,nic,scsi}-modules * debian/bin/gencontrol.py: Add rules to build debian/build/config.* + * certs: Replace test signing certificate with production signing certificate [ Wookey ] * linux-perf: Enable coresight trace (libopencsd) support in perf diff --git a/debian/config/config b/debian/config/config index 0610a3bb3..5f20b0e38 100644 --- a/debian/config/config +++ b/debian/config/config @@ -75,7 +75,7 @@ CONFIG_EFI_PARTITION=y #. Signatures are added in linux-signed CONFIG_MODULE_SIG_KEY="" #. Actually a file containing X.509 certificates, not keys -CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/test-signing-certs.pem" +CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/debian-uefi-ca.pem" ## ## file: crypto/Kconfig diff --git a/debian/config/featureset-rt/config b/debian/config/featureset-rt/config index 7c5dc9f2a..7c7989648 100644 --- a/debian/config/featureset-rt/config +++ b/debian/config/featureset-rt/config @@ -2,7 +2,7 @@ ## file: certs/Kconfig ## #. Certificate paths are resolved relative to debian/build/source_rt -CONFIG_SYSTEM_TRUSTED_KEYS="../../certs/test-signing-certs.pem" +CONFIG_SYSTEM_TRUSTED_KEYS="../../certs/debian-uefi-ca.pem" ## ## file: kernel/Kconfig.preempt