summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/installation/secure-boot.rst20
1 files changed, 13 insertions, 7 deletions
diff --git a/docs/installation/secure-boot.rst b/docs/installation/secure-boot.rst
index 817ca663..b6685039 100644
--- a/docs/installation/secure-boot.rst
+++ b/docs/installation/secure-boot.rst
@@ -18,13 +18,19 @@ commands prior to your ISO image build:
.. code-block:: bash
cd vyos-build
- openssl req -new -x509 -newkey rsa:4096 \
- -keyout data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.key \
- -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \
- -outform DER -days 36500 -subj "/CN=MyMOK/" -nodes
- openssl x509 -inform der \
- -in data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \
- -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.pem
+ CA_DIR="data/certificates"
+ SHIM_CERT_NAME="vyos-dev-2025-shim"
+ VYOS_KERNEL_CERT_NAME="vyos-dev-2025-linux"
+
+ openssl req -new -x509 -newkey rsa:4096 -keyout ${CA_DIR}/${SHIM_CERT_NAME}.key -out ${CA_DIR}/${SHIM_CERT_NAME}.der \
+ -outform DER -days 36500 -subj "/CN=VyOS Networks Secure Boot CA/" -nodes
+ openssl x509 -inform der -in ${CA_DIR}/${SHIM_CERT_NAME}.der -out ${CA_DIR}/${SHIM_CERT_NAME}.pem
+
+ openssl req -newkey rsa:4096 -sha256 -nodes -keyout ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.key \
+ -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -outform PEM -days 3650 \
+ -subj "/CN=VyOS Networks Secure Boot Signer 2025 - linux/"
+ openssl x509 -req -in ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -CA ${CA_DIR}/${SHIM_CERT_NAME}.pem \
+ -CAkey ${CA_DIR}/${SHIM_CERT_NAME}.key -CAcreateserial -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.pem -days 3650 -sha256
************
Installation
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-20 04:26:10 +0000