certs: Add certificate for production key used in Debian signing service

2018-08-02 13:11:02 +08:00 · 2018-08-02 13:11:02 +08:00 · b91655bf3e
parent 16dec97798
commit b91655bf3e
4 changed files with 25 additions and 2 deletions
--- a/debian/certs/debian-uefi-ca.pem
+++ b/debian/certs/debian-uefi-ca.pem
@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIRAO1UodWvh0iUjZ+JMu6cfDQwDQYJKoZIhvcNAQELBQAw
+IDEeMBwGA1UEAxMVRGViaWFuIFNlY3VyZSBCb290IENBMB4XDTE2MDgxNjE4MDkx
+OFoXDTQ2MDgwOTE4MDkxOFowIDEeMBwGA1UEAxMVRGViaWFuIFNlY3VyZSBCb290
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZXUi5vaEKwuyoI3
+waTLSsMbQpPCeinTbt1kr4Cv6maiG2GcgwzFa7k1Jf/F++gpQ97OSz3GEk2x7yZD
+lWjNBBH+wiSb3hTYhlHoOEO9sZoV5Qhr+FRQi7NLX/wU5DVQfAux4gOEqDZI5IDo
+6p/6v8UYe17OHL4sgHhJNRXAIc/vZtWKlggrZi9IF7Hn7IKPB+bK4F9xJDlQCo7R
+cihQpZ0h9ONhugkDZsjfTiY2CxUPYx8rr6vEKKJWZIWNplVBrjyIld3Qbdkp29jE
+aLX89FeJaxTb4O/uQA1iH+pY1KPYugOmly7FaxOkkXemta0jp+sKSRRGfHbpnjK0
+ia9XeQIDAQABo4HSMIHPMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAoYlaHR0
+cHM6Ly9kc2EuZGViaWFuLm9yZy9zZWN1cmUtYm9vdC1jYTAfBgNVHSMEGDAWgBRs
+zs5+TGwNH2FJ890n38xcu0GeoTAUBglghkgBhvhCAQEBAf8EBAMCAPcwEwYDVR0l
+BAwwCgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFGzOzn5MbA0fYUnz3SffzFy7QZ6hMA0GCSqGSIb3DQEBCwUAA4IB
+AQB3lj5Hyc4Jz4uJzlntJg4mC7mtqSu9oeuIeQL/Md7+9WoH72ETEXAev5xOZmzh
+YhKXAVdlR91Kxvf03qjxE2LMg1esPKaRFa9VJnJpLhTN3U2z0WAkLTJPGWwRXvKj
+8qFfYg8wrq3xSGZkfTZEDQY0PS6vjp3DrcKR2Dfg7npfgjtnjgCKxKTfNRbCcitM
+UdeTk566CA1Zl/LiKaBETeru+D4CYMoVz06aJZGEP7dax+68a4Cj2f2ybXoeYxTr
+7/GwQCXV6A6B62v3y//lIQAiLC6aNWASS1tfOEaEDAacz3KTYhjuXJjWs30GJTmV
+305gdrAGewiwbuNknyFWrTkP
+-----END CERTIFICATE-----
--- a/debian/changelog
+++ b/debian/changelog
@ -12,6 +12,7 @@ linux (4.18~rc7-1~exp1) UNRELEASED; urgency=medium
  [ Ben Hutchings ]
  * certs: Remove certificates for test key used in Debian signing service and
    for my personal signing key
+  * certs: Add certificate for production key used in Debian signing service

 -- Uwe Kleine-König <ukleinek@debian.org>  Sat, 21 Jul 2018 16:52:01 +0200

--- a/debian/config/config
+++ b/debian/config/config
@ -71,7 +71,7 @@ CONFIG_EFI_PARTITION=y
 #. Signatures are added in linux-signed
 CONFIG_MODULE_SIG_KEY=""
 #. Actually a file containing X.509 certificates, not keys
-CONFIG_SYSTEM_TRUSTED_KEYS=""
+CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/debian-uefi-ca.pem"

 ##
 ## file: crypto/Kconfig
--- a/debian/config/featureset-rt/config
+++ b/debian/config/featureset-rt/config
@ -2,7 +2,7 @@
 ## file: certs/Kconfig
 ##
 #. Certificate paths are resolved relative to debian/build/source_rt
-CONFIG_SYSTEM_TRUSTED_KEYS=""
+CONFIG_SYSTEM_TRUSTED_KEYS="../../certs/debian-uefi-ca.pem"

 ##
 ## file: kernel/Kconfig.preempt