On Fri, Aug 9, 2019 at 8:31 AM Paul Moore <paul(a)paul-moore.com> wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you
could point me in the right direction?
I'm looking for the certificate associated with the key used to sign
the Fedora kernels for UEFI Secure Boot. What little information I've
found indicates that it should be part of the "shim" package sources,
but it isn't there, and looking back and random points in it's history
I can't seem to find it. I've found the CA used to sign this mystery
certificate, but not the kernel's signing certificate. Any help you
can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0:
Subject: /CN=Fedora Secure Boot Signer
Issuer : /CN=Fedora Secure Boot CA
Serial : 9976F70F
... and no, I'm obviously not asking for the private key, just an
authoritative source for the public key certificate :)
Nobody knows where to find the "CN=Fedora Secure Boot Signer"
certificate? That's a little scary :)
I guess I can just extract it from the signed kernel image and verify
it with the CA but that seems like a bad answer to me.
--
paul moore
www.paul-moore.com