blob: 9629cb12d1624137a14c2cb940a5c978f1ca5890 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Description: Sign MokManager with sbsigntool instead of pesign
Ubuntu infrastructure uses sbsigntool for all other EFI signing, so we use
the same thing for signing MokManager with our ephemeral key. This also
avoids an additional build dependency on libnss3-tools.
Author: Steve Langasek <steve.langasek@canonical.com>
Forwarded: not-needed
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: b/Makefile
===================================================================
--- a/Makefile
+++ b/Makefile
@@ -158,8 +158,8 @@ endif
-j .note.gnu.build-id \
$(FORMAT) $^ $@.debug
-%.efi.signed: %.efi certdb/secmod.db
- pesign -n certdb -i $< -c "shim" -s -o $@ -f
+%.efi.signed: %.efi shim.crt
+ sbsign --key shim.key --cert shim.crt $<
clean:
$(MAKE) -C Cryptlib clean
|
