[ubuntu-hardened] Secure boot certificates
James Wilson
jmw at fastmail.com
Sat Jan 15 20:27:53 UTC 2022
Where can I find copies of the certificates used by Canonical's secure
boot setup? I want to roll my own PK, KEK, and db lists and need the
certificates in PEM or DER form.
Specifically, I am looking for the two certificates in the following
chain on the bootloader:
% sudo sbverify --list /boot/efi/EFI/BOOT/BOOTX64.EFI
signature 1
image signature issuers:
- /C=GB/ST=Isle of Man/L=Douglas/O=Canonical Ltd./CN=Canonical Ltd.
Master Certificate Authority
image signature certificates:
- subject: /C=GB/ST=Isle of Man/O=Canonical Ltd./OU=Secure
Boot/CN=Canonical Ltd. Secure Boot Signing (2017)
issuer: /C=GB/ST=Isle of Man/L=Douglas/O=Canonical
Ltd./CN=Canonical Ltd. Master Certificate Authority
More information about the ubuntu-hardened
mailing list