diff --git a/debian/certs/debian-uefi-ca.pem b/debian/certs/debian-uefi-certs.pem similarity index 54% rename from debian/certs/debian-uefi-ca.pem rename to debian/certs/debian-uefi-certs.pem index 315301e73..b16b0c93a 100644 --- a/debian/certs/debian-uefi-ca.pem +++ b/debian/certs/debian-uefi-certs.pem @@ -20,3 +20,21 @@ UdeTk566CA1Zl/LiKaBETeru+D4CYMoVz06aJZGEP7dax+68a4Cj2f2ybXoeYxTr 7/GwQCXV6A6B62v3y//lIQAiLC6aNWASS1tfOEaEDAacz3KTYhjuXJjWs30GJTmV 305gdrAGewiwbuNknyFWrTkP -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC/DCCAeSgAwIBAgIFAKdGje8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UEAxMV +RGViaWFuIFNlY3VyZSBCb290IENBMB4XDTE2MDgxNjE4MjI1MFoXDTI2MDgxNjE4 +MjI1MFowJDEiMCAGA1UEAxMZRGViaWFuIFNlY3VyZSBCb290IFNpZ25lcjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANPRg5AP2mWiLwdaYJXr98eGfCCG +2mWjphLrWzvOyPs/oXJLnt9QxQMzpAwrX9ZBBA22z5VI7YqyrdblATdOYM2ySjgE +s0SAlK+fblTbqB88t0sw3iGBbwmjZrpqK5bWmmF3DNTtPNBxu62M8CJcPiXMbSIu +YZeVr5suTVi2fngCww65+rJbJ959or4MFKxz7JewFV7t7eWldT944HHOL86D7VMx +MJhO5vkBooiIpiMIfA23VDoWle1eeV6QTv7Nqt6C/PaWcU5JSbnT6bCrf9cqR7dT +MCd83GaYCW/RfvV/PT7UomqIWQIvLz3IxijeQv7ZUj0kwvxAmBH2dr+Mu2UCAwEA +AaM5MDcwEQYJYIZIAYb4QgEBBAQDAgQQMBUGA1UdJQQOMAwGCisGAQQBgjcKAwEw +CwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBXG6RgTCnp8n1rXJPbzGyf +GD9pSJp13mTzg0oJqSYh7ulWXeE+2XXLzH+/TeToiT1+EUKHQMPV4HF53ABs4XFi +x5jCyycLL5/M7PqLsvMLnvPyw8mf2yWTkKTNuwHljvTXVai0dUEx/U5dAxigwqzF +3kbn3BzPEtWd6Eedk4wyzUTVdMcwmlelVtB+zwURtPTzKfnbm1PSvS+tanUmRWS6 +uiiWh4638HlX+noOPEo4krzylfLnKND32JgaXjmetWWAvfPaEj9Qdmcpn9ELCh6H +l1xy2/MBdErdB7p26Wr83SLbRgLXrwrF7RW8Dyup242/f2+torfFTUpHs8FWkLYX +-----END CERTIFICATE----- diff --git a/debian/changelog b/debian/changelog index cf41fc6a4..feea5920f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,10 @@ linux (4.19.28-2) UNRELEASED; urgency=medium * [arm64] Enable I2C_GPIO as a module. * [arm64] Enable MESON_EFUSE as a module. + [ Yves-Alexis Perez ] + * certs: include both root CA and direct signing certificate. + closes: #924545 + -- Ben Hutchings Tue, 12 Mar 2019 15:44:31 +0000 linux (4.19.28-1) unstable; urgency=medium diff --git a/debian/config/config b/debian/config/config index 08bee25b9..e6c3c573b 100644 --- a/debian/config/config +++ b/debian/config/config @@ -77,7 +77,7 @@ CONFIG_MODULE_SIG_KEY="" #. Actually a file containing X.509 certificates, not keys. #. Whenever the filename changes, this also needs to be updated in #. debian/featureset-*/config -CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/debian-uefi-ca.pem" +CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/debian-uefi-certs.pem" ## ## file: crypto/Kconfig diff --git a/debian/config/featureset-rt/config b/debian/config/featureset-rt/config index 7c7989648..088c60e7f 100644 --- a/debian/config/featureset-rt/config +++ b/debian/config/featureset-rt/config @@ -2,7 +2,7 @@ ## file: certs/Kconfig ## #. Certificate paths are resolved relative to debian/build/source_rt -CONFIG_SYSTEM_TRUSTED_KEYS="../../certs/debian-uefi-ca.pem" +CONFIG_SYSTEM_TRUSTED_KEYS="../../certs/debian-uefi-certs.pem" ## ## file: kernel/Kconfig.preempt