diff --git a/tools/kernelmanager/kernel_repack/v1/BUILD b/tools/kernelmanager/kernel_repack/v1/BUILD index 47e79942..99337979 100644 --- a/tools/kernelmanager/kernel_repack/v1/BUILD +++ b/tools/kernelmanager/kernel_repack/v1/BUILD @@ -17,7 +17,8 @@ go_library( "data/kvm_stat.logrotate", "data/mod-denylist.sh", "data/mod-sign.sh", - "data/rocky-sigkernel.cer", + "data/secureboot-sig-kernel-x86_64.cer", + "data/secureboot-sig-kernel-aarch64.cer", "data/rockykpatch1.x509", "data/x509.genkey", "data/rockydup1.x509", diff --git a/tools/kernelmanager/kernel_repack/v1/data/ml.spec b/tools/kernelmanager/kernel_repack/v1/data/ml.spec index 59f2d2a0..992e6c1e 100644 --- a/tools/kernelmanager/kernel_repack/v1/data/ml.spec +++ b/tools/kernelmanager/kernel_repack/v1/data/ml.spec @@ -240,11 +240,18 @@ Source2000: cpupower.service Source2001: cpupower.config Source2002: kvm_stat.logrotate -Source3000: rocky-sigkernel.cer +Source3000: secureboot-sig-kernel-x86_64.cer +Source3001: secureboot-sig-kernel-aarch64.cer %if %{signkernel} %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer + +%ifarch x86_64 %define secureboot_key_0 %{SOURCE3000} +%endif +%ifarch aarch64 +%define secureboot_key_0 %{SOURCE3001} +%endif %define pesign_name_0 rockybootsigningsigkernelcert %endif diff --git a/tools/kernelmanager/kernel_repack/v1/data/secureboot-sig-kernel-aarch64.cer b/tools/kernelmanager/kernel_repack/v1/data/secureboot-sig-kernel-aarch64.cer new file mode 100644 index 00000000..23435536 --- /dev/null +++ b/tools/kernelmanager/kernel_repack/v1/data/secureboot-sig-kernel-aarch64.cer @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCBB2gAwIBAgIBHzANBgkqhkiG9w0BAQsFADCB1DELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCERlbGF3YXJlMQ4wDAYDVQQHDAVEb3ZlcjEtMCsGA1UECgwkUm9j +a3kgRW50ZXJwcmlzZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMSEwHwYDVQQLDBhSZWxl +YXNlIGVuZ2luZWVyaW5nIHRlYW0xKDAmBgNVBAMMH1JvY2t5IExpbnV4IFNlY3Vy +ZSBCb290IFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF3NlY3VyaXR5QHJvY2t5bGlu +dXgub3JnMB4XDTIzMTAyMDE5Mzc1NVoXDTI0MTAxOTE5Mzc1NVowgewxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTEOMAwGA1UEBwwFRG92ZXIxLTArBgNV +BAoMJFJvY2t5IEVudGVycHJpc2UgU29mdHdhcmUgRm91bmRhdGlvbjEhMB8GA1UE +CwwYUmVsZWFzZSBlbmdpbmVlcmluZyB0ZWFtMUAwPgYDVQQDDDdSb2NreSBMaW51 +eCBLZXJuZWwgU0lHIENsb3VkIFNpZ25pbmcgQ2VydCAxMDEgKGFhcmNoNjQpMSYw +JAYJKoZIhvcNAQkBFhdzZWN1cml0eUByb2NreWxpbnV4Lm9yZzCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBANeeFAidePL6Fp9Q7SqUxfnm/F9fweqbvlfc +RM1bjJ7hoS8tfThq6R7tXHoxIv29uxyjStYhfU11/aEyApwDU7cBhxZt8puoWfLt +ShQDBtPsli5kgHgLnGhvBhnM/+8GSsXiIwyUwPbgmou5K03vWlOzpSIL9cXg8ph4 +KR0PLCjrMTqQUQ9Zp98TW8r4ValyBOsPXHdrQLrd7S8DxLj9QGMB2lor8V2hW2Q9 +SHRlfFASRhlKCjFNAkU3ROR8Yu8KgFueCKM0n8xiSHa/JS8zCjPO1T+WtU+BzqZU +615up4PpzVr+QlnVnSJRKdA0BL8Xmdv0g3IhDnR1EGFqhySNJnfj9uZOytwA+Q9G ++LotGO9eAFBYGoNww7G5pfZt2NIs9ImIXbuUwtMcHzemp+jYUK0RQ0spBuLAgr9g +IcSTG2pvQfskA+cU03SHwOKgjRSpfdlEsNg6wEj+oD3sWqfMelcv0bUKATLSqBpo +yuxdhehaaQiX1sZWLwsa3kN+ITKkBwIDAQABo3gwdjAMBgNVHRMBAf8EAjAAMA4G +A1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU +MyTKdKkjaD9kANx3ZVE2ygSOZ3IwHwYDVR0jBBgwFoAUTCxr19ZO6BWByrjphmYf +ZeIWb8QwDQYJKoZIhvcNAQELBQADggEBAIUYmXPad9TkT1oyLZg1uE1ec+muj9Ra +wI8/bE4dDdZC4KT6MYeOgacRxPdb3fRqI6oCu35t9fHgamjC3iKEzljz7yCvRsGa +DJiT0gIcHAGxzOn6g0c9xMWnRRsWHAJgZJWb+TpogngqakR4mNdiV2N45Wgh/VuP +iS/c9xO163MgVgPneTk3Wp1q7lykhBF3N8H3cprEH0hIcUNgQXDez08EMtVAc9m9 +7XQ+6U/Vjl7yJinUBzDR8WU31NfqApRW9399uRSegAL5t6TeiaJfp4hR62pQ1Ken +/KZUrmLiMCVCT5me1ryZn3hJaNe+4Hz6I4Bs/3CbpjZcl1UCru0PN8Y= +-----END CERTIFICATE----- diff --git a/tools/kernelmanager/kernel_repack/v1/data/rocky-sigkernel.cer b/tools/kernelmanager/kernel_repack/v1/data/secureboot-sig-kernel-x86_64.cer similarity index 100% rename from tools/kernelmanager/kernel_repack/v1/data/rocky-sigkernel.cer rename to tools/kernelmanager/kernel_repack/v1/data/secureboot-sig-kernel-x86_64.cer