From a02b10b2ba4197c4dcd84eef053e4ab94995295b Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 16 Mar 2025 20:10:09 +0100 Subject: T861: use secure-boot certificates from data/certificates --- data/certificates/.gitignore | 1 + .../includes.chroot/var/lib/shim-signed/mok/README.md | 11 ----------- 2 files changed, 1 insertion(+), 11 deletions(-) create mode 100644 data/certificates/.gitignore delete mode 100644 data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md (limited to 'data') diff --git a/data/certificates/.gitignore b/data/certificates/.gitignore new file mode 100644 index 00000000..c996e507 --- /dev/null +++ b/data/certificates/.gitignore @@ -0,0 +1 @@ +*.key diff --git a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md b/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md deleted file mode 100644 index abaaa97a..00000000 --- a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Secure Boot - -## CA - -Create Certificate Authority used for Kernel signing. CA is loaded into the -Machine Owner Key store on the target system. - -```bash -openssl req -new -x509 -newkey rsa:4096 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes -openssl x509 -inform der -in MOK.der -out MOK.pem -``` -- cgit v1.2.3