diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-03-16 20:17:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-16 20:17:55 +0100 |
| commit | 234662d506b5406bbc316265773b37fd94391052 (patch) | |
| tree | 8a67fec4d761e7e992865f06bc1062e80fc0cb3c /docs/installation | |
| parent | a97a6563a4bcfe86718709132f5317befe8bbde1 (diff) | |
| download | vyos-documentation-t861-secure-boot-ca.tar.gz vyos-documentation-t861-secure-boot-ca.zip | |
T861: update secure-boot certificate handline examplet861-secure-boot-ca
Diffstat (limited to 'docs/installation')
| -rw-r--r-- | docs/installation/secure-boot.rst | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/docs/installation/secure-boot.rst b/docs/installation/secure-boot.rst index 817ca663..b6685039 100644 --- a/docs/installation/secure-boot.rst +++ b/docs/installation/secure-boot.rst @@ -18,13 +18,19 @@ commands prior to your ISO image build: .. code-block:: bash cd vyos-build - openssl req -new -x509 -newkey rsa:4096 \ - -keyout data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.key \ - -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \ - -outform DER -days 36500 -subj "/CN=MyMOK/" -nodes - openssl x509 -inform der \ - -in data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \ - -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.pem + CA_DIR="data/certificates" + SHIM_CERT_NAME="vyos-dev-2025-shim" + VYOS_KERNEL_CERT_NAME="vyos-dev-2025-linux" + + openssl req -new -x509 -newkey rsa:4096 -keyout ${CA_DIR}/${SHIM_CERT_NAME}.key -out ${CA_DIR}/${SHIM_CERT_NAME}.der \ + -outform DER -days 36500 -subj "/CN=VyOS Networks Secure Boot CA/" -nodes + openssl x509 -inform der -in ${CA_DIR}/${SHIM_CERT_NAME}.der -out ${CA_DIR}/${SHIM_CERT_NAME}.pem + + openssl req -newkey rsa:4096 -sha256 -nodes -keyout ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.key \ + -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -outform PEM -days 3650 \ + -subj "/CN=VyOS Networks Secure Boot Signer 2025 - linux/" + openssl x509 -req -in ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -CA ${CA_DIR}/${SHIM_CERT_NAME}.pem \ + -CAkey ${CA_DIR}/${SHIM_CERT_NAME}.key -CAcreateserial -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.pem -days 3650 -sha256 ************ Installation |