Exclude ca.crt while signing EFI images

If ca.crt was added into the certificate database, ca.crt would be the first certificate in the signature. Because shim couldn't verify ca.crt with the embedded shim.cer, it failed to load MokManager.efi.signed and fallback.efi.signed. Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2013-11-04 17:51:55 +0800
committer: Peter Jones <pjones@redhat.com> 2014-06-25 10:03:08 -0400
commit: 09283f08f001305db5a3299b53acba85bf6c9876 (patch)
tree: b164914b7daab55a48528cf8a8504051eb7fca0f
parent: 22254e2633d58edd0176ccdfab9dd35171f89963 (diff)
download: efi-boot-shim-09283f08f001305db5a3299b53acba85bf6c9876.tar.gz
efi-boot-shim-09283f08f001305db5a3299b53acba85bf6c9876.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 46e5ef93..df190a25 100644
--- a/Makefile
+++ b/Makefile
@@ -73,7 +73,6 @@ version.c : version.c.in
 
 certdb/secmod.db: shim.crt
 	-mkdir certdb
-	certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
 	pk12util -d certdb/ -i shim.p12 -W "" -K ""
 	certutil -d certdb/ -A -i shim.crt -n shim -t u
author	Gary Ching-Pang Lin <glin@suse.com>	2013-11-04 17:51:55 +0800
committer	Peter Jones <pjones@redhat.com>	2014-06-25 10:03:08 -0400
commit	09283f08f001305db5a3299b53acba85bf6c9876 (patch)
tree	b164914b7daab55a48528cf8a8504051eb7fca0f
parent	22254e2633d58edd0176ccdfab9dd35171f89963 (diff)
download	efi-boot-shim-09283f08f001305db5a3299b53acba85bf6c9876.tar.gz efi-boot-shim-09283f08f001305db5a3299b53acba85bf6c9876.zip