From patchwork Fri Jan 13 14:08:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1725957 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=cfrtkgEQ; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NtjwG3h03z23fd for ; Sat, 14 Jan 2023 01:09:33 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pGKkC-0000up-H1; Fri, 13 Jan 2023 14:09:20 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pGKk7-0000tp-Ox for kernel-team@lists.ubuntu.com; Fri, 13 Jan 2023 14:09:15 +0000 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id CD7B53F764 for ; Fri, 13 Jan 2023 14:09:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1673618953; bh=fi6u8zPNzOBx+7jjIZbooC1Rw0WbfFOapBbfCqQGnc8=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=cfrtkgEQlL3e8tuqPpoL4yrCO6ksHAQBEkSoiKIyEVxwR+bFJRGuHTa1qgRJcGsxw qxAed4DNF+QwbF0DMGU/n+L271oeX0BbJ3YoBijl7UvYke7NBIDyibnfoc7GjqRWXp uBzBUi3cyoHHMZ6qALnw5SHYsVfBQISpSikjZwOn+pIAh9Qzb1qIn/9T1YIrujIH5D uhHkGJ9noaSO+vMVrMrZPOhZKVoZ2n7+WOuqIOYS50VPQ3wJQu1WQdHgwS1hMK5A3+ GGup/fHgKn4tTuGC3VL4G8ZXD2Bahijs5/FMh0f2xj73R7lNH9Fr8f5UWJ7u+hk9nf 5gSx30KnSBP9A== Received: by mail-wm1-f69.google.com with SMTP id l31-20020a05600c1d1f00b003d9720d2a0eso14248489wms.7 for ; Fri, 13 Jan 2023 06:09:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fi6u8zPNzOBx+7jjIZbooC1Rw0WbfFOapBbfCqQGnc8=; b=dUClGQyWIyKDDVcP2PeI9AlWUWUef20Y3YpvWSnt3kkw29odk9tHcuIXrocE68cU32 WDozagrUAR9hVIkk09eGALw1U+sdSPsANB2GJjCMH6QiB5wValvPvaXU9TK/BYdTV+ex srNVJLBeSCGLyb9F/BOFN1jS3ZHa5e0jk8WsIqAinpAAgyMKQawwPHxA623OclvPqdhn qUAWjEGrpEmlUxDHQDYCXgnmXOHrwgbUODndJ2yVhLf3yK1CiuNaWyZs7TuOjLlwJioj S3q4sPoXFYGfS2SfsPP27OPCYc7MGVu2Qkfey9zJu7TLShIO1YYRUBrujcMaYYa4VN8n 24bA== X-Gm-Message-State: AFqh2krgmpCBIE4BcCfKZPogan2QDfj7KG1NRsVK8YoZsI5HOHE3kQKU nR2fzYLWNa8+V5fWYO35QIjkuzlnIgojgZQOU3M87/1MaZ0OIPkG01d8VSFd1cVox5/GAf+PE85 Z7zogW6wrLsgDkAZMarOgbWIciojciymDcyG3IxIOzg== X-Received: by 2002:a05:600c:1c1d:b0:3da:2501:91e7 with SMTP id j29-20020a05600c1c1d00b003da250191e7mr1491800wms.19.1673618951867; Fri, 13 Jan 2023 06:09:11 -0800 (PST) X-Google-Smtp-Source: AMrXdXsY8x3IgVqGuQq5kx/2vNvA80iFUD+SmoYeIAlXjyMLcZBm0Mcc/boYPfsKKSEXHNG0blTjWg== X-Received: by 2002:a05:600c:1c1d:b0:3da:2501:91e7 with SMTP id j29-20020a05600c1c1d00b003da250191e7mr1491727wms.19.1673618950635; Fri, 13 Jan 2023 06:09:10 -0800 (PST) Received: from localhost ([137.220.91.195]) by smtp.gmail.com with ESMTPSA id c7-20020a05600c0a4700b003c6bbe910fdsm35338622wmq.9.2023.01.13.06.09.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 06:09:10 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [B][SRU][PATCH] UBUNTU: [Packaging] Revoke and rotate to new signing key Date: Fri, 13 Jan 2023 14:08:58 +0000 Message-Id: <20230113140901.534207-1-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2002812 Update revocations, which match the next Ubuntu shim v15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. TPM PCR values and measurements will change when changing the signing key. Signed-off-by: Dimitri John Ledkov --- .../revoked-certs/canonical-uefi-2012-all.pem | 36 ++++---- .../revoked-certs/canonical-uefi-2017-all.pem | 86 +++++++++++++++++++ .../revoked-certs/canonical-uefi-2018-all.pem | 86 +++++++++++++++++++ .../revoked-certs/canonical-uefi-2019-all.pem | 86 +++++++++++++++++++ .../canonical-uefi-2021v1-all.pem | 86 +++++++++++++++++++ .../canonical-uefi-2021v2-all.pem | 86 +++++++++++++++++++ .../canonical-uefi-2021v3-all.pem | 86 +++++++++++++++++++ .../canonical-uefi-uc2019-all.pem | 86 +++++++++++++++++++ debian/rules | 5 ++ 9 files changed, 625 insertions(+), 18 deletions(-) create mode 100644 debian/revoked-certs/canonical-uefi-2017-all.pem create mode 100644 debian/revoked-certs/canonical-uefi-2018-all.pem create mode 100644 debian/revoked-certs/canonical-uefi-2019-all.pem create mode 100644 debian/revoked-certs/canonical-uefi-2021v1-all.pem create mode 100644 debian/revoked-certs/canonical-uefi-2021v2-all.pem create mode 100644 debian/revoked-certs/canonical-uefi-2021v3-all.pem create mode 100644 debian/revoked-certs/canonical-uefi-uc2019-all.pem diff --git a/debian/revoked-certs/canonical-uefi-2012-all.pem b/debian/revoked-certs/canonical-uefi-2012-all.pem index 06c116eec5..4bdd9a3c26 100644 --- a/debian/revoked-certs/canonical-uefi-2012-all.pem +++ b/debian/revoked-certs/canonical-uefi-2012-all.pem @@ -10,7 +10,7 @@ Certificate: Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) + Public-Key: (2048 bit) Modulus: 00:c9:5f:9b:62:8f:0b:b0:64:82:ac:be:c9:e2:62: e3:4b:d2:9f:1e:8a:d5:61:1a:2b:5d:38:f4:b7:ce: @@ -41,24 +41,24 @@ Certificate: X509v3 Subject Key Identifier: 61:48:2A:A2:83:0D:0A:B2:AD:5A:F1:0B:72:50:DA:90:33:DD:CE:F0 X509v3 Authority Key Identifier: - keyid:AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 - + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 Signature Algorithm: sha256WithRSAEncryption - 8f:8a:a1:06:1f:29:b7:0a:4a:d5:c5:fd:81:ab:25:ea:c0:7d: - e2:fc:6a:96:a0:79:93:67:ee:05:0e:25:12:25:e4:5a:f6:aa: - 1a:f1:12:f3:05:8d:87:5e:f1:5a:5c:cb:8d:23:73:65:1d:15: - b9:de:22:6b:d6:49:67:c9:a3:c6:d7:62:4e:5c:b5:f9:03:83: - 40:81:dc:87:9c:3c:3f:1c:0d:51:9f:94:65:0a:84:48:67:e4: - a2:f8:a6:4a:f0:e7:cd:cd:bd:94:e3:09:d2:5d:2d:16:1b:05: - 15:0b:cb:44:b4:3e:61:42:22:c4:2a:5c:4e:c5:1d:a3:e2:e0: - 52:b2:eb:f4:8b:2b:dc:38:39:5d:fb:88:a1:56:65:5f:2b:4f: - 26:ff:06:78:10:12:eb:8c:5d:32:e3:c6:45:af:25:9b:a0:ff: - 8e:ef:47:09:a3:e9:8b:37:92:92:69:76:7e:34:3b:92:05:67: - 4e:b0:25:ed:bc:5e:5f:8f:b4:d6:ca:40:ff:e4:e2:31:23:0c: - 85:25:ae:0c:55:01:ec:e5:47:5e:df:5b:bc:14:33:e3:c6:f5: - 18:b6:d9:f7:dd:b3:b4:a1:31:d3:5a:5c:5d:7d:3e:bf:0a:e4: - e4:e8:b4:59:7d:3b:b4:8c:a3:1b:b5:20:a3:b9:3e:84:6f:8c: - 21:00:c3:39 + Signature Value: + 8f:8a:a1:06:1f:29:b7:0a:4a:d5:c5:fd:81:ab:25:ea:c0:7d: + e2:fc:6a:96:a0:79:93:67:ee:05:0e:25:12:25:e4:5a:f6:aa: + 1a:f1:12:f3:05:8d:87:5e:f1:5a:5c:cb:8d:23:73:65:1d:15: + b9:de:22:6b:d6:49:67:c9:a3:c6:d7:62:4e:5c:b5:f9:03:83: + 40:81:dc:87:9c:3c:3f:1c:0d:51:9f:94:65:0a:84:48:67:e4: + a2:f8:a6:4a:f0:e7:cd:cd:bd:94:e3:09:d2:5d:2d:16:1b:05: + 15:0b:cb:44:b4:3e:61:42:22:c4:2a:5c:4e:c5:1d:a3:e2:e0: + 52:b2:eb:f4:8b:2b:dc:38:39:5d:fb:88:a1:56:65:5f:2b:4f: + 26:ff:06:78:10:12:eb:8c:5d:32:e3:c6:45:af:25:9b:a0:ff: + 8e:ef:47:09:a3:e9:8b:37:92:92:69:76:7e:34:3b:92:05:67: + 4e:b0:25:ed:bc:5e:5f:8f:b4:d6:ca:40:ff:e4:e2:31:23:0c: + 85:25:ae:0c:55:01:ec:e5:47:5e:df:5b:bc:14:33:e3:c6:f5: + 18:b6:d9:f7:dd:b3:b4:a1:31:d3:5a:5c:5d:7d:3e:bf:0a:e4: + e4:e8:b4:59:7d:3b:b4:8c:a3:1b:b5:20:a3:b9:3e:84:6f:8c: + 21:00:c3:39 -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK diff --git a/debian/revoked-certs/canonical-uefi-2017-all.pem b/debian/revoked-certs/canonical-uefi-2017-all.pem new file mode 100644 index 0000000000..6f722331d1 --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2017-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Sep 26 21:52:11 2017 GMT + Not After : Sep 25 21:52:11 2047 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (2017) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ef:9f:fa:9f:19:3a:9d:38:23:91:cc:c4:f9:42: + e0:f8:54:12:82:dc:97:2c:d6:5b:c1:35:eb:ff:4a: + 74:06:b5:9d:32:aa:7b:f3:fc:31:5a:34:3e:a1:a4: + 44:db:7b:6d:16:af:35:76:e0:9b:99:ad:21:11:c6: + 12:4b:ae:24:8f:bb:d3:b2:00:fe:c5:1d:9b:3a:1a: + 4a:6c:ca:fa:16:37:85:22:f9:ff:22:fc:40:e0:58: + 35:c1:39:27:b4:c6:42:1a:96:d8:a5:c5:95:2e:f7: + c5:1e:21:6e:36:84:f7:a9:a1:e1:f1:03:08:96:65: + 71:f8:eb:83:cf:82:f7:9a:44:58:72:00:14:39:29: + 4b:e9:78:2f:65:20:b3:80:76:3b:ba:0d:2d:46:f6: + 37:05:e7:05:fe:bd:6c:c7:a2:65:b5:06:6e:07:24: + 99:a1:c1:cf:e1:0e:5e:49:41:71:17:a8:50:e7:38: + 99:e5:6e:b6:db:9f:63:db:56:f4:9c:7d:89:f6:d2: + 03:6c:99:83:e0:99:23:39:36:bd:cb:b5:26:7c:7d: + b0:c6:fe:82:7c:52:ed:f9:2c:8f:79:71:3d:a9:2f: + b5:aa:7e:77:a0:fd:69:f9:97:10:a8:b2:c6:7d:88: + 9e:a2:19:bd:31:b8:02:2d:34:4d:9d:98:60:82:ad: + 04:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 24:2A:DE:75:AC:4A:15:E5:0D:50:C8:4B:0D:45:FF:3E:AE:70:7A:03 + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 00:b2:b7:57:b5:2b:5d:16:d3:04:88:6a:d7:77:d5:0d:89:f1: + d2:6e:11:d1:8e:f5:62:05:c4:6a:57:df:eb:d2:86:68:f2:fd: + a7:37:11:3c:f4:ce:5d:fe:32:5f:31:a2:6b:3a:da:28:c2:88: + fa:7f:70:b5:25:99:ea:27:9a:56:6a:9d:b2:0f:14:99:e2:b7: + c6:39:1e:8e:a7:76:31:d9:ed:c5:05:8d:48:ae:1b:68:18:14: + 51:a1:7d:f6:c7:df:cb:9d:eb:a4:3b:0b:ff:c2:07:c5:42:bc: + 0d:b2:11:fa:37:17:2b:1c:b5:84:48:2d:f9:31:4a:57:49:8e: + 61:a6:82:11:06:4c:34:ea:9c:2a:47:4d:eb:e0:26:af:da:d2: + c2:08:a0:37:35:7b:73:71:de:0b:c4:ba:c8:34:de:20:04:03: + 6f:46:26:0d:b9:91:02:5b:71:76:cc:45:e4:08:d0:a6:dd:a4: + 50:d3:d9:04:91:2b:d9:5c:34:88:fc:c2:37:fd:c6:d4:3e:57: + f7:6b:ba:7b:d7:02:7a:84:0c:c8:c1:19:cc:bc:fa:52:d5:7f: + b3:35:c4:53:5d:70:0a:f6:44:60:8d:a9:11:7a:1b:7d:ae:7b: + 20:5a:4c:8d:44:f6:c1:a9:61:cb:dc:cb:90:37:d5:28:24:73: + 87:d0:e0:d8 +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzA5MjYyMTUyMTFaFw00NzA5MjUy +MTUyMTFaMIGGMQswCQYDVQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xFzAV +BgNVBAoMDkNhbm9uaWNhbCBMdGQuMRQwEgYDVQQLDAtTZWN1cmUgQm9vdDEyMDAG +A1UEAwwpQ2Fub25pY2FsIEx0ZC4gU2VjdXJlIEJvb3QgU2lnbmluZyAoMjAxNykw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvn/qfGTqdOCORzMT5QuD4 +VBKC3Jcs1lvBNev/SnQGtZ0yqnvz/DFaND6hpETbe20WrzV24JuZrSERxhJLriSP +u9OyAP7FHZs6GkpsyvoWN4Ui+f8i/EDgWDXBOSe0xkIaltilxZUu98UeIW42hPep +oeHxAwiWZXH464PPgveaRFhyABQ5KUvpeC9lILOAdju6DS1G9jcF5wX+vWzHomW1 +Bm4HJJmhwc/hDl5JQXEXqFDnOJnlbrbbn2PbVvScfYn20gNsmYPgmSM5Nr3LtSZ8 +fbDG/oJ8Uu35LI95cT2pL7Wqfneg/Wn5lxCossZ9iJ6iGb0xuAItNE2dmGCCrQT/ +AgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADAfBgNVHSUEGDAWBggrBgEFBQcDAwYK +KwYBBAGCNwoDBjAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy +dGlmaWNhdGUwHQYDVR0OBBYEFCQq3nWsShXlDVDISw1F/z6ucHoDMB8GA1UdIwQY +MBaAFK2RmQvCKrH1FwSMI7ZlWiaONFpjMA0GCSqGSIb3DQEBCwUAA4IBAQAAsrdX +tStdFtMEiGrXd9UNifHSbhHRjvViBcRqV9/r0oZo8v2nNxE89M5d/jJfMaJrOtoo +woj6f3C1JZnqJ5pWap2yDxSZ4rfGOR6Op3Yx2e3FBY1IrhtoGBRRoX32x9/Lneuk +Owv/wgfFQrwNshH6NxcrHLWESC35MUpXSY5hpoIRBkw06pwqR03r4Cav2tLCCKA3 +NXtzcd4LxLrINN4gBANvRiYNuZECW3F2zEXkCNCm3aRQ09kEkSvZXDSI/MI3/cbU +Plf3a7p71wJ6hAzIwRnMvPpS1X+zNcRTXXAK9kRgjakReht9rnsgWkyNRPbBqWHL +3MuQN9UoJHOH0ODY +-----END CERTIFICATE----- diff --git a/debian/revoked-certs/canonical-uefi-2018-all.pem b/debian/revoked-certs/canonical-uefi-2018-all.pem new file mode 100644 index 0000000000..4a591b2107 --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2018-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Oct 26 18:31:14 2018 GMT + Not After : Oct 24 18:31:14 2048 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (ESM 2018) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:6a:e5:6d:55:7a:ec:7a:11:37:45:9c:4c:8f: + 6b:2d:56:d3:74:2b:32:ac:84:2d:ba:cb:cc:ec:8d: + 92:22:69:48:a5:d4:f6:75:11:66:2f:cb:b2:fd:9e: + 56:ab:e6:f1:52:8e:75:3e:50:bd:25:b3:50:fc:ef: + 3d:76:f3:3f:7f:03:f6:e2:a1:25:69:5c:14:98:54: + bd:11:bf:e9:a5:ac:46:91:4b:1d:de:b7:18:2b:c8: + 22:83:15:a7:4a:00:8d:9d:e4:c0:da:f7:41:02:fd: + 9f:5f:79:93:56:cc:86:e1:b5:e0:39:0e:3c:a2:5b: + fe:c0:56:f0:92:50:5a:2b:67:67:93:56:d7:7a:75: + 99:6a:25:b4:63:a8:5f:69:7e:3a:49:58:2a:a7:80: + f6:5a:b4:be:b2:be:a8:8c:45:41:c9:f2:fc:76:a8: + 65:ef:99:29:0d:c9:9c:54:6b:0a:f0:4a:0e:61:0d: + ed:99:32:af:12:e2:12:7b:9f:7b:ec:05:c4:e0:b6: + d5:c3:71:28:ae:dd:0b:ba:97:ad:68:0b:76:e9:bf: + e7:01:7e:64:54:39:23:85:36:c8:9d:dd:27:a1:ff: + df:46:36:14:7e:cb:cc:a1:cd:49:0b:6d:c2:0c:45: + 99:56:58:7c:87:0d:59:9a:dc:4a:39:3b:1d:d9:15: + 2e:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 36:51:88:C1:D3:74:D6:B0:7C:3C:8F:24:0F:8E:F7:22:43:3D:6A:8B + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4c:0f:cd:77:60:b4:6f:53:87:f3:3c:4f:e6:81:5f:a7:1c:cc: + 60:29:b6:34:6c:4d:08:9b:e2:d2:bd:f6:17:1a:62:79:b8:17: + bc:a2:60:59:fd:03:51:c3:b7:6b:de:73:b3:48:95:f5:0b:aa: + b6:3c:b4:34:dc:1d:0b:c4:97:62:87:e7:48:d5:8f:c9:ea:e8: + 91:8f:2a:40:cd:b7:b3:ee:b2:98:9e:fb:37:31:29:e6:8e:2f: + 0a:39:99:1e:c6:aa:b8:05:62:85:d3:a8:3e:60:38:98:0f:f0: + fe:c7:ab:01:a5:6a:a5:7f:70:a6:26:94:76:23:2f:08:89:74: + 97:c2:2a:ca:22:3e:7a:ea:22:22:08:07:f4:bb:f6:bc:69:9c: + 4e:44:33:e2:8e:70:17:b0:9b:cb:33:94:66:6d:ff:9a:7d:e9: + 50:b2:e8:90:14:e4:2b:91:cb:a0:c5:2e:0e:cf:19:ef:44:ef: + 84:f0:bd:57:9e:26:c2:63:3d:df:fc:a1:84:de:5c:d7:5f:3b: + fb:94:61:f0:93:89:1f:cf:c3:b2:d1:90:97:35:7d:b9:8a:ad: + e6:05:f0:e8:3b:a1:7c:af:2b:c4:af:18:33:2e:5e:87:db:9d: + 80:b5:04:fd:00:d0:60:ab:ff:85:77:0f:cb:47:22:c9:b2:85: + a8:48:16:e2 +-----BEGIN CERTIFICATE----- +MIIELDCCAxSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xODEwMjYxODMxMTRaFw00ODEwMjQx +ODMxMTRaMIGKMQswCQYDVQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xFzAV +BgNVBAoMDkNhbm9uaWNhbCBMdGQuMRQwEgYDVQQLDAtTZWN1cmUgQm9vdDE2MDQG +A1UEAwwtQ2Fub25pY2FsIEx0ZC4gU2VjdXJlIEJvb3QgU2lnbmluZyAoRVNNIDIw +MTgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2rlbVV67HoRN0Wc +TI9rLVbTdCsyrIQtusvM7I2SImlIpdT2dRFmL8uy/Z5Wq+bxUo51PlC9JbNQ/O89 +dvM/fwP24qElaVwUmFS9Eb/ppaxGkUsd3rcYK8gigxWnSgCNneTA2vdBAv2fX3mT +VsyG4bXgOQ48olv+wFbwklBaK2dnk1bXenWZaiW0Y6hfaX46SVgqp4D2WrS+sr6o +jEVByfL8dqhl75kpDcmcVGsK8EoOYQ3tmTKvEuISe5977AXE4LbVw3Eort0Lupet +aAt26b/nAX5kVDkjhTbInd0nof/fRjYUfsvMoc1JC23CDEWZVlh8hw1ZmtxKOTsd +2RUutQIDAQABo4GgMIGdMAwGA1UdEwEB/wQCMAAwHwYDVR0lBBgwFgYIKwYBBQUH +AwMGCisGAQQBgjcKAwYwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk +IENlcnRpZmljYXRlMB0GA1UdDgQWBBQ2UYjB03TWsHw8jyQPjvciQz1qizAfBgNV +HSMEGDAWgBStkZkLwiqx9RcEjCO2ZVomjjRaYzANBgkqhkiG9w0BAQsFAAOCAQEA +TA/Nd2C0b1OH8zxP5oFfpxzMYCm2NGxNCJvi0r32FxpiebgXvKJgWf0DUcO3a95z +s0iV9Quqtjy0NNwdC8SXYofnSNWPyerokY8qQM23s+6ymJ77NzEp5o4vCjmZHsaq +uAVihdOoPmA4mA/w/serAaVqpX9wpiaUdiMvCIl0l8IqyiI+euoiIggH9Lv2vGmc +TkQz4o5wF7CbyzOUZm3/mn3pULLokBTkK5HLoMUuDs8Z70TvhPC9V54mwmM93/yh +hN5c1187+5Rh8JOJH8/DstGQlzV9uYqt5gXw6DuhfK8rxK8YMy5eh9udgLUE/QDQ +YKv/hXcPy0ciybKFqEgW4g== +-----END CERTIFICATE----- diff --git a/debian/revoked-certs/canonical-uefi-2019-all.pem b/debian/revoked-certs/canonical-uefi-2019-all.pem new file mode 100644 index 0000000000..c4a89e10eb --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2019-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Sep 18 16:10:17 2019 GMT + Not After : Sep 16 16:10:17 2049 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (2019) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e6:47:d8:75:e5:87:59:26:87:83:7d:5b:7a:b8: + 58:3d:7c:ef:36:f8:a0:7a:b7:14:56:58:7d:01:f1: + 1c:3b:8c:e6:5b:03:77:7d:a0:ed:47:0a:45:e6:75: + 5c:de:95:38:0d:38:fa:41:79:89:56:31:87:e7:a3: + 9a:36:70:b6:cf:24:2f:99:26:89:08:39:0e:14:c3: + 35:be:02:8b:52:e1:8e:7b:0c:a6:9d:78:ff:01:60: + d7:f5:c3:d5:f0:5e:dc:e4:23:09:59:72:93:d3:b5: + 22:af:7c:cd:e0:84:0f:af:11:2d:bc:c6:72:42:af: + ea:67:63:c4:10:41:78:02:80:62:0d:43:74:b4:1c: + ed:50:d7:94:f1:b0:bb:f9:57:80:e4:69:0f:83:4b: + a2:e6:2c:4a:9a:e1:7d:7c:62:19:29:27:97:1f:4c: + f1:85:f0:39:f5:31:9f:3a:39:0e:d4:4d:07:3a:40: + 55:4b:a6:6c:9d:04:89:51:2d:7c:b0:ef:40:b5:42: + 29:16:cc:65:73:38:62:21:f6:e3:2c:17:50:9d:74: + 34:4e:df:7c:4a:33:a4:bb:40:cf:d5:e5:ed:05:07: + cd:4c:f9:af:7f:a6:5c:b9:f7:c5:16:45:4e:44:40: + d7:85:32:de:ac:e5:75:ad:9b:d7:c0:26:33:1f:77: + a5:37 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + C0:74:6F:D6:C5:DA:3A:E8:27:86:46:51:AD:66:AE:47:FE:24:B3:E8 + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + aa:12:6c:d1:9d:6a:da:f0:ec:7c:17:46:3b:57:b8:d6:76:5f: + 24:e6:06:a2:0a:55:1f:2f:d3:5e:8f:de:cf:02:f2:ff:e0:dd: + d3:c7:bd:75:59:aa:cd:34:f3:28:80:73:cc:28:69:e7:a2:70: + 88:a2:c7:dc:66:f0:92:0e:ff:64:bf:30:04:54:01:1b:96:ad: + 15:c5:61:fd:32:61:d7:5e:b5:ba:91:fd:31:fc:6b:15:df:ee: + 22:d9:e4:1f:f3:cc:8b:0c:9f:f5:e8:f7:e2:62:3f:40:52:c9: + f0:f1:1c:63:fc:6c:90:e1:5b:74:03:b9:df:d1:3e:a8:ec:db: + 2b:6e:83:6f:9f:7f:ba:b4:79:fc:3d:e7:12:2f:4a:e7:17:8c: + 2b:77:a5:90:74:3c:bd:cf:75:83:0d:1a:95:d5:56:ef:07:9b: + a6:b3:31:e3:8c:97:ce:68:11:b5:7b:25:03:72:1c:ea:67:e9: + 7c:3e:73:c7:7c:3e:fc:f5:ae:8a:b2:07:0d:15:6a:66:09:d7: + 23:b9:5d:80:7a:26:d6:b6:22:30:aa:84:af:c0:42:e9:75:c3: + 59:ab:a3:84:87:6b:0c:b7:ab:4e:92:69:ae:2c:82:6f:ab:01: + 24:ab:ff:78:6d:59:85:c2:3b:23:c0:bd:0d:d8:6e:3a:29:82: + e1:c4:5f:db +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xOTA5MTgxNjEwMTdaFw00OTA5MTYx +NjEwMTdaMIGGMQswCQYDVQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xFzAV +BgNVBAoMDkNhbm9uaWNhbCBMdGQuMRQwEgYDVQQLDAtTZWN1cmUgQm9vdDEyMDAG +A1UEAwwpQ2Fub25pY2FsIEx0ZC4gU2VjdXJlIEJvb3QgU2lnbmluZyAoMjAxOSkw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmR9h15YdZJoeDfVt6uFg9 +fO82+KB6txRWWH0B8Rw7jOZbA3d9oO1HCkXmdVzelTgNOPpBeYlWMYfno5o2cLbP +JC+ZJokIOQ4UwzW+AotS4Y57DKadeP8BYNf1w9XwXtzkIwlZcpPTtSKvfM3ghA+v +ES28xnJCr+pnY8QQQXgCgGINQ3S0HO1Q15TxsLv5V4DkaQ+DS6LmLEqa4X18Yhkp +J5cfTPGF8Dn1MZ86OQ7UTQc6QFVLpmydBIlRLXyw70C1QikWzGVzOGIh9uMsF1Cd +dDRO33xKM6S7QM/V5e0FB81M+a9/ply598UWRU5EQNeFMt6s5XWtm9fAJjMfd6U3 +AgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADAfBgNVHSUEGDAWBggrBgEFBQcDAwYK +KwYBBAGCNwoDBjAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy +dGlmaWNhdGUwHQYDVR0OBBYEFMB0b9bF2jroJ4ZGUa1mrkf+JLPoMB8GA1UdIwQY +MBaAFK2RmQvCKrH1FwSMI7ZlWiaONFpjMA0GCSqGSIb3DQEBCwUAA4IBAQCqEmzR +nWra8Ox8F0Y7V7jWdl8k5gaiClUfL9Nej97PAvL/4N3Tx711WarNNPMogHPMKGnn +onCIosfcZvCSDv9kvzAEVAEblq0VxWH9MmHXXrW6kf0x/GsV3+4i2eQf88yLDJ/1 +6PfiYj9AUsnw8Rxj/GyQ4Vt0A7nf0T6o7NsrboNvn3+6tHn8PecSL0rnF4wrd6WQ +dDy9z3WDDRqV1VbvB5umszHjjJfOaBG1eyUDchzqZ+l8PnPHfD789a6KsgcNFWpm +CdcjuV2AeibWtiIwqoSvwELpdcNZq6OEh2sMt6tOkmmuLIJvqwEkq/94bVmFwjsj +wL0N2G46KYLhxF/b +-----END CERTIFICATE----- diff --git a/debian/revoked-certs/canonical-uefi-2021v1-all.pem b/debian/revoked-certs/canonical-uefi-2021v1-all.pem new file mode 100644 index 0000000000..a573a2cb7e --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2021v1-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Sep 23 19:29:32 2021 GMT + Not After : Sep 22 19:29:32 2051 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (2021 v1) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:aa:b8:34:5b:b6:ae:44:bf:41:e1:78:11:b9:7a: + c8:88:b3:b0:26:50:10:9c:98:d1:f3:98:9f:23:50: + 64:f6:39:dd:50:3a:23:44:53:65:fc:f3:9f:f5:a5: + 8b:ae:8b:df:47:9f:e9:d5:a0:92:19:f1:21:ea:cc: + 59:3a:74:df:45:71:bc:de:64:15:a5:f6:db:ca:71: + fa:19:d4:44:0d:12:ec:47:3a:43:e2:f2:dd:8b:fe: + 0d:7b:dc:4d:db:53:06:22:61:e5:8b:35:49:b6:33: + c4:0a:69:5f:5b:81:09:84:6b:42:33:18:09:9d:a0: + 35:f7:9c:1e:de:6e:de:90:69:1a:e8:32:e4:49:ad: + c3:31:e9:f8:4a:a2:28:1d:db:0d:29:b6:48:0a:44: + 93:86:41:62:8f:73:97:60:10:8a:74:46:66:55:fe: + a0:95:35:9e:ef:9f:af:11:fa:5b:a3:7c:c2:35:64: + 11:67:28:1e:14:0a:7d:68:61:9c:cd:c7:46:39:30: + 31:79:94:56:b3:45:16:9a:b5:77:66:fe:41:43:0f: + 00:48:6e:99:dd:0c:d4:47:2c:86:8c:50:04:61:20: + dd:aa:8e:73:4f:21:b4:ee:09:4d:d3:40:01:d0:f2: + a7:5b:7d:05:3d:c1:e7:65:26:aa:8c:9a:58:5a:7c: + 6d:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + A8:D5:4B:BB:38:25:CF:B9:4F:A1:3C:9F:8A:59:4A:19:5C:10:7B:8D + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 24:25:25:7e:01:a5:c8:3d:54:8c:1b:05:73:d1:06:d8:db:d4: + 3a:71:d5:19:9d:97:1c:85:3c:ca:38:5a:0c:25:25:39:1a:67: + bc:6c:9d:98:6c:f3:7d:5f:b7:40:f9:73:a0:f5:7b:40:a8:66: + a5:f1:53:b1:78:80:24:3f:19:50:2f:02:09:ec:a1:8a:e6:0d: + df:c4:ae:24:9e:69:0d:5c:dc:44:4c:38:3a:53:4e:4b:a1:4b: + 92:9f:43:a4:9d:1e:76:33:18:1b:bf:62:e5:f5:bc:93:3c:4e: + 21:d5:5b:20:69:11:28:c1:c5:93:b5:8e:96:1d:1b:ca:72:79: + 24:de:67:2a:50:9d:ce:8b:41:dd:3e:82:dd:a5:04:75:54:fb: + 35:70:98:87:b4:f3:ea:41:23:23:80:0e:99:d7:03:16:ee:7e: + 11:e2:c8:29:ab:73:c5:6d:5c:a8:2f:32:03:9f:8e:66:d6:cb: + 54:84:55:75:ab:9a:dd:95:fd:05:1e:11:85:37:1e:63:d2:f4: + 7f:34:64:32:a1:63:91:91:50:39:14:1a:ea:54:78:e6:0d:04: + 23:c7:83:51:c5:25:27:07:6c:f8:65:b7:da:95:89:76:83:cc: + f3:7e:06:74:d3:6c:ef:e9:17:de:29:1e:ab:5c:d7:ec:df:f1: + 98:b8:e9:66 +-----BEGIN CERTIFICATE----- +MIIELTCCAxWgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0yMTA5MjMxOTI5MzJaGA8yMDUxMDky +MjE5MjkzMlowgYkxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9mIE1hbjEX +MBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4xFDASBgNVBAsMC1NlY3VyZSBCb290MTUw +MwYDVQQDDCxDYW5vbmljYWwgTHRkLiBTZWN1cmUgQm9vdCBTaWduaW5nICgyMDIx +IHYxKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKq4NFu2rkS/QeF4 +Ebl6yIizsCZQEJyY0fOYnyNQZPY53VA6I0RTZfzzn/Wli66L30ef6dWgkhnxIerM +WTp030VxvN5kFaX228px+hnURA0S7Ec6Q+Ly3Yv+DXvcTdtTBiJh5Ys1SbYzxApp +X1uBCYRrQjMYCZ2gNfecHt5u3pBpGugy5EmtwzHp+EqiKB3bDSm2SApEk4ZBYo9z +l2AQinRGZlX+oJU1nu+frxH6W6N8wjVkEWcoHhQKfWhhnM3HRjkwMXmUVrNFFpq1 +d2b+QUMPAEhumd0M1EcshoxQBGEg3aqOc08htO4JTdNAAdDyp1t9BT3B52Umqoya +WFp8bW8CAwEAAaOBoDCBnTAMBgNVHRMBAf8EAjAAMB8GA1UdJQQYMBYGCCsGAQUF +BwMDBgorBgEEAYI3CgMGMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUqNVLuzglz7lPoTyfillKGVwQe40wHwYD +VR0jBBgwFoAUrZGZC8IqsfUXBIwjtmVaJo40WmMwDQYJKoZIhvcNAQELBQADggEB +ACQlJX4Bpcg9VIwbBXPRBtjb1Dpx1RmdlxyFPMo4WgwlJTkaZ7xsnZhs831ft0D5 +c6D1e0CoZqXxU7F4gCQ/GVAvAgnsoYrmDd/EriSeaQ1c3ERMODpTTkuhS5KfQ6Sd +HnYzGBu/YuX1vJM8TiHVWyBpESjBxZO1jpYdG8pyeSTeZypQnc6LQd0+gt2lBHVU ++zVwmIe08+pBIyOADpnXAxbufhHiyCmrc8VtXKgvMgOfjmbWy1SEVXWrmt2V/QUe +EYU3HmPS9H80ZDKhY5GRUDkUGupUeOYNBCPHg1HFJScHbPhlt9qViXaDzPN+BnTT +bO/pF94pHqtc1+zf8Zi46WY= +-----END CERTIFICATE----- diff --git a/debian/revoked-certs/canonical-uefi-2021v2-all.pem b/debian/revoked-certs/canonical-uefi-2021v2-all.pem new file mode 100644 index 0000000000..6c68bcc97a --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2021v2-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Sep 23 19:29:42 2021 GMT + Not After : Sep 22 19:29:42 2051 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (2021 v2) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:06:8b:ee:58:b7:8b:49:7b:53:7a:d1:df:02: + e3:f2:d8:b0:8c:03:5c:f4:2d:0b:d8:18:3b:23:fa: + 68:b0:e8:e9:9d:dc:a2:eb:5e:d3:06:a9:28:d4:9f: + 14:b6:1e:1c:1d:ef:69:0e:7f:44:f2:cc:4a:f1:b1: + d0:71:30:6a:50:1e:b0:d3:f8:a4:19:d0:4a:f1:e3: + eb:7a:e5:57:4c:a1:fb:d1:87:b9:48:e0:55:37:52: + f9:de:99:2e:95:85:36:ce:d3:1d:67:2f:14:cb:7f: + 05:82:75:21:b6:aa:a5:14:ac:da:4a:f4:fe:fa:5c: + 33:49:3d:6f:de:fd:9d:75:ba:e2:c4:02:38:b5:69: + f5:ff:a8:67:4b:3a:e0:34:f6:3b:07:03:a5:7e:59: + 6f:3a:d2:28:a4:2f:25:ac:d8:a9:1f:59:52:5d:24: + 36:58:51:b5:f0:12:a8:d3:78:56:57:b1:e0:a9:df: + 14:05:65:7c:b5:a5:00:f0:88:39:14:44:18:85:2d: + 0c:28:69:7b:b9:b4:1c:47:6f:43:66:4c:22:ad:f7: + f6:19:75:e1:14:2c:0d:33:3f:c1:3f:fc:73:56:b2: + 68:05:b5:92:03:9b:65:6b:81:80:92:35:03:9b:66: + 68:58:c5:66:11:b6:8c:7f:05:09:9a:45:a6:0e:5e: + 5f:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 4C:F0:46:89:2D:6F:D3:C9:A5:B0:3F:98:D8:45:F9:08:51:DC:6A:8C + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 93:9d:49:7d:9f:3e:3e:27:79:97:d9:c2:fc:0b:f7:30:b7:f4: + 78:b2:c9:e4:5e:42:d3:27:26:70:cf:88:96:d1:f2:ea:a0:75: + 7e:3c:f6:b7:d2:e7:95:30:e3:a6:67:a7:ee:b9:53:8f:fd:b2: + cb:db:e1:98:32:be:98:79:09:46:c6:63:6a:57:87:4d:b2:26: + 46:f6:34:5e:18:75:ca:82:80:8e:33:c2:1d:c7:76:d7:14:57: + ef:2e:0e:9e:58:5c:81:8e:ed:53:2c:07:46:0a:8a:fc:2f:f5: + b2:c8:58:f5:fa:fa:bb:f9:7d:47:13:39:f0:f2:1c:15:9c:75: + 90:40:bd:08:04:b3:6a:de:c2:cd:34:21:7e:ba:31:48:bc:a1: + 23:bc:ee:93:b2:62:96:27:30:86:c2:d4:f7:b4:e6:3c:71:47: + 37:84:ff:3d:0c:1e:ec:f3:0e:da:6b:dc:64:7a:b8:c0:7e:45: + 13:09:bf:02:b3:b7:5b:6d:09:2d:6a:4e:0b:93:94:29:4c:a6: + c3:c7:05:fa:69:08:04:53:3c:4c:64:c0:7e:89:00:91:1b:a6: + c2:d7:ea:c4:db:86:38:fe:66:03:85:7b:fc:39:24:99:4c:2a: + 3e:10:8b:91:c3:6e:20:9d:0c:ee:51:70:b5:98:58:f3:5c:ac: + 16:98:7b:ce +-----BEGIN CERTIFICATE----- +MIIELTCCAxWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0yMTA5MjMxOTI5NDJaGA8yMDUxMDky +MjE5Mjk0MlowgYkxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9mIE1hbjEX +MBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4xFDASBgNVBAsMC1NlY3VyZSBCb290MTUw +MwYDVQQDDCxDYW5vbmljYWwgTHRkLiBTZWN1cmUgQm9vdCBTaWduaW5nICgyMDIx +IHYyKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoGi+5Yt4tJe1N6 +0d8C4/LYsIwDXPQtC9gYOyP6aLDo6Z3coute0wapKNSfFLYeHB3vaQ5/RPLMSvGx +0HEwalAesNP4pBnQSvHj63rlV0yh+9GHuUjgVTdS+d6ZLpWFNs7THWcvFMt/BYJ1 +IbaqpRSs2kr0/vpcM0k9b979nXW64sQCOLVp9f+oZ0s64DT2OwcDpX5ZbzrSKKQv +JazYqR9ZUl0kNlhRtfASqNN4Vlex4KnfFAVlfLWlAPCIORREGIUtDChpe7m0HEdv +Q2ZMIq339hl14RQsDTM/wT/8c1ayaAW1kgObZWuBgJI1A5tmaFjFZhG2jH8FCZpF +pg5eX78CAwEAAaOBoDCBnTAMBgNVHRMBAf8EAjAAMB8GA1UdJQQYMBYGCCsGAQUF +BwMDBgorBgEEAYI3CgMGMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUTPBGiS1v08mlsD+Y2EX5CFHcaowwHwYD +VR0jBBgwFoAUrZGZC8IqsfUXBIwjtmVaJo40WmMwDQYJKoZIhvcNAQELBQADggEB +AJOdSX2fPj4neZfZwvwL9zC39HiyyeReQtMnJnDPiJbR8uqgdX489rfS55Uw46Zn +p+65U4/9ssvb4Zgyvph5CUbGY2pXh02yJkb2NF4YdcqCgI4zwh3HdtcUV+8uDp5Y +XIGO7VMsB0YKivwv9bLIWPX6+rv5fUcTOfDyHBWcdZBAvQgEs2rews00IX66MUi8 +oSO87pOyYpYnMIbC1Pe05jxxRzeE/z0MHuzzDtpr3GR6uMB+RRMJvwKzt1ttCS1q +TguTlClMpsPHBfppCARTPExkwH6JAJEbpsLX6sTbhjj+ZgOFe/w5JJlMKj4Qi5HD +biCdDO5RcLWYWPNcrBaYe84= +-----END CERTIFICATE----- diff --git a/debian/revoked-certs/canonical-uefi-2021v3-all.pem b/debian/revoked-certs/canonical-uefi-2021v3-all.pem new file mode 100644 index 0000000000..679684ed76 --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2021v3-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Sep 23 19:30:02 2021 GMT + Not After : Sep 22 19:30:02 2051 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (2021 v3) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d6:29:96:87:ae:07:42:45:bb:65:09:b2:9b:de: + 5d:8e:78:61:10:d5:6d:ae:ae:26:08:6a:06:ec:4a: + dd:2b:e7:1a:a9:ad:78:e3:fc:cf:8f:d1:47:bd:1e: + 33:d8:7a:e3:66:9b:e9:73:c1:5f:42:e2:fe:bc:c3: + 41:f7:cd:d7:85:d7:42:c9:ea:31:e5:47:b1:93:5b: + 43:2b:07:51:b8:75:08:ad:0f:e7:0d:81:38:5a:21: + df:b1:43:5b:db:37:c5:ac:aa:14:3a:33:19:6a:26: + e0:05:fe:cd:41:31:af:5d:a8:ab:31:77:44:fc:da: + 00:e2:7a:44:33:c3:a7:ed:13:54:9f:19:5d:c9:98: + a2:3b:af:4d:0d:87:29:9c:90:9e:42:9e:9a:06:6a: + 70:27:c5:aa:f7:a2:f2:88:e0:b9:66:9a:72:a0:f6: + 61:7e:30:8f:14:9f:44:0d:dd:54:ae:47:c8:82:ba: + d2:b2:db:6f:24:c1:f4:0a:81:07:90:47:49:5f:57: + d6:3f:bf:2a:73:98:f2:f6:24:1a:74:03:d7:35:f0: + 42:d8:14:c5:94:27:5d:3c:49:0c:b0:f0:7a:61:1b: + d7:5a:e3:a3:40:57:e9:a4:07:ee:02:a3:32:27:94: + bb:f3:36:c5:5f:ef:d3:07:04:3a:80:4c:9c:0a:b7: + 88:9f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 10:04:37:BB:6D:E6:E4:69:B5:81:E6:1C:D6:6B:CE:3E:F4:ED:53:AF + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 3b:37:d6:a8:8d:cd:d2:df:13:35:ac:8c:92:d6:b0:ac:d1:38: + a8:00:97:47:59:b8:4a:84:8c:80:a5:1d:c7:29:bf:00:66:e5: + 10:40:26:2e:31:f5:e1:13:c0:1b:29:f3:0b:7e:2d:71:d8:db: + e1:32:8f:79:8e:e3:97:0c:40:a9:a0:12:c1:fc:c2:50:88:72: + 44:c5:bc:8b:45:6e:28:fd:d2:37:d6:db:17:cf:4e:61:33:08: + 5a:5d:08:94:73:44:e2:76:00:44:1b:b8:00:a1:86:00:64:8a: + f1:42:32:3c:28:11:67:7c:8b:aa:06:34:74:58:e8:b3:3a:36: + 8d:f6:04:5d:37:f5:66:52:c9:48:b0:a7:6f:34:09:dd:60:2a: + 86:b9:14:f1:09:f6:06:16:56:e0:51:b1:e8:75:7f:fa:37:dc: + e0:98:a7:69:ae:7b:1a:73:89:0d:06:67:cc:01:ef:80:31:45: + 9e:bb:03:2a:eb:89:70:d6:19:b2:c7:ce:bc:81:df:da:c8:6f: + a9:4b:2d:d7:a7:e1:af:c6:e8:fb:f0:61:c9:cd:d2:91:cd:8b: + c2:6c:ef:e0:b6:7f:f1:c4:81:f9:bb:76:9c:26:e3:fa:a1:a0: + cd:5e:05:de:ee:f9:1b:5b:50:0a:8b:0f:47:e3:90:32:ac:2a: + e7:65:02:80 +-----BEGIN CERTIFICATE----- +MIIELTCCAxWgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0yMTA5MjMxOTMwMDJaGA8yMDUxMDky +MjE5MzAwMlowgYkxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9mIE1hbjEX +MBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4xFDASBgNVBAsMC1NlY3VyZSBCb290MTUw +MwYDVQQDDCxDYW5vbmljYWwgTHRkLiBTZWN1cmUgQm9vdCBTaWduaW5nICgyMDIx +IHYzKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYploeuB0JFu2UJ +spveXY54YRDVba6uJghqBuxK3SvnGqmteOP8z4/RR70eM9h642ab6XPBX0Li/rzD +QffN14XXQsnqMeVHsZNbQysHUbh1CK0P5w2BOFoh37FDW9s3xayqFDozGWom4AX+ +zUExr12oqzF3RPzaAOJ6RDPDp+0TVJ8ZXcmYojuvTQ2HKZyQnkKemgZqcCfFqvei +8ojguWaacqD2YX4wjxSfRA3dVK5HyIK60rLbbyTB9AqBB5BHSV9X1j+/KnOY8vYk +GnQD1zXwQtgUxZQnXTxJDLDwemEb11rjo0BX6aQH7gKjMieUu/M2xV/v0wcEOoBM +nAq3iJ8CAwEAAaOBoDCBnTAMBgNVHRMBAf8EAjAAMB8GA1UdJQQYMBYGCCsGAQUF +BwMDBgorBgEEAYI3CgMGMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUEAQ3u23m5Gm1geYc1mvOPvTtU68wHwYD +VR0jBBgwFoAUrZGZC8IqsfUXBIwjtmVaJo40WmMwDQYJKoZIhvcNAQELBQADggEB +ADs31qiNzdLfEzWsjJLWsKzROKgAl0dZuEqEjIClHccpvwBm5RBAJi4x9eETwBsp +8wt+LXHY2+Eyj3mO45cMQKmgEsH8wlCIckTFvItFbij90jfW2xfPTmEzCFpdCJRz +ROJ2AEQbuAChhgBkivFCMjwoEWd8i6oGNHRY6LM6No32BF039WZSyUiwp280Cd1g +Koa5FPEJ9gYWVuBRseh1f/o33OCYp2muexpziQ0GZ8wB74AxRZ67AyrriXDWGbLH +zryB39rIb6lLLden4a/G6PvwYcnN0pHNi8Js7+C2f/HEgfm7dpwm4/qhoM1eBd7u ++RtbUAqLD0fjkDKsKudlAoA= +-----END CERTIFICATE----- diff --git a/debian/revoked-certs/canonical-uefi-uc2019-all.pem b/debian/revoked-certs/canonical-uefi-uc2019-all.pem new file mode 100644 index 0000000000..1424ebb7a1 --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-uc2019-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Mar 4 10:27:14 2020 GMT + Not After : Mar 3 10:27:14 2050 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:10:47:2e:75:5d:f3:10:23:bb:a0:75:d2:fa: + 02:2d:ff:22:df:c1:e6:cd:38:7c:36:0f:ae:74:15: + 6e:a5:34:52:2b:c3:a4:3a:60:d7:06:ee:1d:99:93: + ff:66:91:a3:18:52:2c:8c:58:e6:b4:2f:4b:c5:fb: + 83:e6:f3:19:bd:1b:ca:23:ec:97:1f:d8:f1:9a:f1: + 04:da:da:10:04:53:4b:ec:1d:b6:26:47:7c:bb:8f: + a7:0a:6e:2e:e8:91:e6:c4:bb:64:34:78:3c:fa:09: + 15:1c:8f:9e:eb:04:99:36:22:c6:8d:07:15:0f:b9: + 69:08:fa:ff:4b:45:bd:ba:2b:cd:01:0e:e7:01:23: + c9:e5:7a:39:3b:91:b0:45:3c:d5:77:ba:ca:f9:29: + 3d:11:3f:1c:6b:5b:8e:6c:4b:3f:c9:29:05:cb:59: + d6:b1:c1:c0:2d:56:88:70:27:fa:73:05:5c:c2:11: + d4:27:11:f7:0b:c2:d5:68:d3:1a:cd:ed:d0:e4:10: + ff:34:cb:b7:45:70:34:2c:23:53:b6:9c:30:70:b4: + 5c:d1:e2:64:18:82:8f:62:b1:5e:aa:0b:d4:89:f2: + 1c:53:c4:32:7d:ef:53:ee:9b:6e:02:ab:78:bd:25: + 67:8b:39:36:d8:84:3b:06:99:02:d6:75:73:4e:f2: + f6:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + C1:D5:7B:8F:6B:74:3F:23:EE:41:F4:F7:EE:29:2F:06:EE:CA:DF:B9 + X509v3 Authority Key Identifier: + AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2d:b5:11:a8:d2:a0:af:81:a0:18:22:18:2c:08:d0:f4:63:e8: + 8f:9a:f4:f5:20:dd:eb:22:77:19:9a:1a:09:3d:7f:aa:7d:c9: + 81:bc:26:98:65:94:46:30:4b:c2:51:7c:f7:21:41:63:87:31: + fc:a4:c9:41:28:c7:2e:2a:2e:d8:a8:75:7a:72:77:3b:1b:9f: + 72:15:0d:0c:96:8d:8b:51:f3:ce:37:b6:ca:9f:ca:59:40:4a: + fc:73:7a:94:12:99:aa:c2:8d:52:ce:91:19:2e:b4:da:ff:e5: + 2c:67:74:d9:58:47:38:2f:61:88:c5:cf:a7:48:e1:08:ba:bc: + ec:d5:3a:47:d9:8c:dc:c3:bc:cb:98:2b:79:7a:02:46:ef:85: + 19:2f:03:4b:05:84:eb:56:98:5f:6d:cf:a5:8b:a2:b6:e5:50: + 51:7c:33:44:bd:7a:94:2e:0d:90:39:39:3e:62:60:ae:3a:e2: + f5:17:fa:f1:94:06:1d:ae:a3:f8:19:20:7f:4b:4c:07:c4:e6: + 2d:0d:e5:94:84:51:6d:6f:0f:c4:c6:79:1d:f0:e8:0e:23:9e: + fd:f9:46:2c:b9:ec:97:38:56:7e:b8:13:f6:d2:e1:8e:a5:93: + 02:7b:6e:dd:33:9a:bf:10:a8:1b:3d:fa:c4:f2:15:f0:27:73: + 26:a6:94:d1 +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0yMDAzMDQxMDI3MTRaGA8yMDUwMDMw +MzEwMjcxNFowgZIxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9mIE1hbjEX +MBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4xFDASBgNVBAsMC1NlY3VyZSBCb290MT4w +PAYDVQQDDDVDYW5vbmljYWwgTHRkLiBTZWN1cmUgQm9vdCBTaWduaW5nIChVYnVu +dHUgQ29yZSAyMDE5KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkQ +Ry51XfMQI7ugddL6Ai3/It/B5s04fDYPrnQVbqU0UivDpDpg1wbuHZmT/2aRoxhS +LIxY5rQvS8X7g+bzGb0byiPslx/Y8ZrxBNraEARTS+wdtiZHfLuPpwpuLuiR5sS7 +ZDR4PPoJFRyPnusEmTYixo0HFQ+5aQj6/0tFvborzQEO5wEjyeV6OTuRsEU81Xe6 +yvkpPRE/HGtbjmxLP8kpBctZ1rHBwC1WiHAn+nMFXMIR1CcR9wvC1WjTGs3t0OQQ +/zTLt0VwNCwjU7acMHC0XNHiZBiCj2KxXqoL1InyHFPEMn3vU+6bbgKreL0lZ4s5 +NtiEOwaZAtZ1c07y9rkCAwEAAaOBoDCBnTAMBgNVHRMBAf8EAjAAMB8GA1UdJQQY +MBYGCCsGAQUFBwMDBgorBgEEAYI3CgMGMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwdV7j2t0PyPuQfT37ikv +Bu7K37kwHwYDVR0jBBgwFoAUrZGZC8IqsfUXBIwjtmVaJo40WmMwDQYJKoZIhvcN +AQELBQADggEBAC21EajSoK+BoBgiGCwI0PRj6I+a9PUg3esidxmaGgk9f6p9yYG8 +JphllEYwS8JRfPchQWOHMfykyUEoxy4qLtiodXpydzsbn3IVDQyWjYtR8843tsqf +yllASvxzepQSmarCjVLOkRkutNr/5SxndNlYRzgvYYjFz6dI4Qi6vOzVOkfZjNzD +vMuYK3l6AkbvhRkvA0sFhOtWmF9tz6WLorblUFF8M0S9epQuDZA5OT5iYK464vUX ++vGUBh2uo/gZIH9LTAfE5i0N5ZSEUW1vD8TGeR3w6A4jnv35Riy57Jc4Vn64E/bS +4Y6lkwJ7bt0zmr8QqBs9+sTyFfAncyamlNE= +-----END CERTIFICATE----- diff --git a/debian/rules b/debian/rules index ca87ccf8f9..d742490a63 100755 --- a/debian/rules +++ b/debian/rules @@ -176,11 +176,15 @@ include $(DROOT)/rules.d/3-binary-indep.mk # Various checks to be performed on builds include $(DROOT)/rules.d/4-checks.mk +# Calculate Ubuntu Compatible Signing levels +UBUNTU_COMPATIBLE_SIGNING=$(shell grep -qx ' *Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing (2021 v3)' debian/canonical-revoked-certs.pem && echo ubuntu/4 pro/3) + # Misc stuff .PHONY: $(DEBIAN)/control.stub $(DEBIAN)/control.stub: \ $(DROOT)/scripts/control-create \ $(DEBIAN)/control.stub.in \ + debian/canonical-revoked-certs.pem \ $(DEBIAN)/changelog \ $(wildcard $(DEBIAN)/control.d/* $(DEBIAN)/sub-flavours/*.vars) for i in $(DEBIAN)/control.stub.in; do \ @@ -189,6 +193,7 @@ $(DEBIAN)/control.stub: \ -e 's/ABINUM/$(abinum)/g' \ -e 's/SRCPKGNAME/$(src_pkg_name)/g' \ -e 's/=HUMAN=/$(human_arch)/g' \ + -e 's|\(^Maintainer:.*\)|\1\nXSC-Ubuntu-Compatible-Signing: $(UBUNTU_COMPATIBLE_SIGNING)|g' \ > $$new; \ done flavours="$(sort $(wildcard $(DEBIAN)/control.d/vars.* $(DEBIAN)/sub-flavours/*.vars))";\