generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
sign.conf
37 lines (31 loc) · 1.43 KB
/
sign.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# /etc/sign/sign.conf
#
# Do not edit this file, create a file called /etc/sign/local.conf and override
#
X509_CA_COMMON_NAME="CN=CA Secure Boot Custom,OU=Development,O=ACME,L=Redwood Shores,ST=CA,C=US"
X509_KERNEL_COMMON_NAME="CN=Secure Boot Kernel Signer,OU=Development,O=ACME,L=Redwood Shores,ST=CA,C=US"
X509_MODULE_COMMON_NAME="CN=Secure Boot Module Signer,OU=Development,O=ACME,L=Redwood Shores,ST=CA,C=US"
X509_IMA_COMMON_NAME="CN=Custom IMA Signer"
X509_DB_COMMON_NAME="CN=DB Custom Secure Boot,OU=Development,O=ACME,L=Redwood Shores,ST=CA,C=US"
X509_KEK_COMMON_NAME="CN=KEK Custom Secure Boot,OU=Development,O=ACME,L=Redwood Shores,ST=CA,C=US"
X509_PK_COMMON_NAME="CN=PK Custom Secure Boot,OU=Development,O=ACME,L=Redwood Shores,ST=CA,C=US"
NSSDIR=/etc/pki/pesign
NSSDIR_OL=/etc/pki/pesign-ol-test
MOK_KERNEL_CERT="/etc/sign/mokkernalcert.der"
MOK_KERNEL_KEY="/etc/sign/kernel.p12"
MOK_MODULE_CERT="/etc/sign/mokmodulecert.der"
MOK_MODULE_KEY="/etc/sign/module.p12"
MOK_CA_CERT="/etc/sign/mokcacert.der"
IMA_PRIV_KEY="/etc/sign/privkey_ima.pem"
IMA_CERT="/etc/sign/x509_ima.der"
IMA_CA_KEY="/etc/sign/ima.p12"
DB_CERT="/etc/sign/db.der"
DB_KEY="/etc/sign/db.p12"
KEK_CERT="/etc/sign/kek.der"
KEK_KEY="/etc/sign/kek.p12"
PK_CERT="/etc/sign/pk.der"
PK_KEY="/etc/sign/pk.12"
X509_TEST_NICKNAME="Oracle Linux Test Certificate"
TEST_CERT="/etc/sign/test.der"
# TODO come up with a better way to do this
SIGN_FILE="/usr/src/kernels/*/scripts/sign-file"