Exclude ca.crt while signing EFI images

If ca.crt was added into the certificate database, ca.crt would be the first certificate in the signature. Because shim couldn't verify ca.crt with the embedded shim.cer, it failed to load MokManager.efi.signed and fallback.efi.signed. Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2014-06-25 10:03:08 -0400
committer: Peter Jones <pjones@redhat.com> 2014-06-25 10:03:08 -0400
commit: ea1c89b047eb4b071efb533808b7d6ca6ae6e719 (patch)
tree: b164914b7daab55a48528cf8a8504051eb7fca0f
parent: dcc523811b7763036682ba42cc83cbf88f42a8f2 (diff)
download: efi-boot-shim-ea1c89b047eb4b071efb533808b7d6ca6ae6e719.tar.gz
efi-boot-shim-ea1c89b047eb4b071efb533808b7d6ca6ae6e719.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 46e5ef93..df190a25 100644
--- a/Makefile
+++ b/Makefile
@@ -73,7 +73,6 @@ version.c : version.c.in
 
 certdb/secmod.db: shim.crt
 	-mkdir certdb
-	certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
 	pk12util -d certdb/ -i shim.p12 -W "" -K ""
 	certutil -d certdb/ -A -i shim.crt -n shim -t u
author	Gary Ching-Pang Lin <glin@suse.com>	2014-06-25 10:03:08 -0400
committer	Peter Jones <pjones@redhat.com>	2014-06-25 10:03:08 -0400
commit	ea1c89b047eb4b071efb533808b7d6ca6ae6e719 (patch)
tree	b164914b7daab55a48528cf8a8504051eb7fca0f
parent	dcc523811b7763036682ba42cc83cbf88f42a8f2 (diff)
download	efi-boot-shim-ea1c89b047eb4b071efb533808b7d6ca6ae6e719.tar.gz efi-boot-shim-ea1c89b047eb4b071efb533808b7d6ca6ae6e719.zip