rafeOS
/
rafeOS
1
0
Fork 0
Code Actions Packages Releases Activity

Formalize secure-boot signing keys name

This commit is contained in:
Tobias Strobel 2024-03-12 15:11:00 +01:00
parent 3630d25d6e
commit a8bd0d8a8b
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mkosi.conf
View File

@ -13,10 +13,10 @@ MinimumVersion=20.2
[Validation]
# Use RSA 2048 keys for wide UEFI compatibility
SecureBootKey=signing-keys/rafeOS_secureboot.key
SecureBootCertificate=signing-keys/rafeOS_secureboot.crt
VerityKey=signing-keys/rafeOS_secureboot.key
VerityCertificate=signing-keys/rafeOS_secureboot.crt
SecureBootKey=signing-keys/rafeOS.secure-boot.key
SecureBootCertificate=signing-keys/rafeOS.secure-boot.crt
VerityKey=signing-keys/rafeOS.secure-boot.key
VerityCertificate=signing-keys/rafeOS.secure-boot.crt
[Host]
Incremental=true

6
signing-keys/genkeys.sh
View File

@ -24,8 +24,8 @@ generate_key_pair() {
fi
# Default filenames
PRIVATE_KEY_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.key"
CERTIFICATE_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.crt"
PRIVATE_KEY_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.key"
CERTIFICATE_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.crt"
# Period of validity (in days) for the created certificate.
# Defaults to 3650, i.e. 10 years.
@ -79,7 +79,7 @@ generate_key_pair() {
}
generate_secureboot_keys() {
generate_key_pair "secureboot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
generate_key_pair "secure-boot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
}
generate_verity_keys() {