rafeOS/rafeOS
1
0
Fork 0
Code Actions Packages Releases Activity

Formalize secure-boot signing keys name

Browse source
This commit is contained in:
Tobias Strobel 2024-03-12 15:11:00 +01:00
parent 3630d25d6e
commit a8bd0d8a8b
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
mkosi.conf
View file

@ -13,10 +13,10 @@ MinimumVersion=20.2
[Validation] [Validation]
# Use RSA 2048 keys for wide UEFI compatibility # Use RSA 2048 keys for wide UEFI compatibility
SecureBootKey=signing-keys/rafeOS_secureboot.key SecureBootKey=signing-keys/rafeOS.secure-boot.key
SecureBootCertificate=signing-keys/rafeOS_secureboot.crt SecureBootCertificate=signing-keys/rafeOS.secure-boot.crt
VerityKey=signing-keys/rafeOS_secureboot.key VerityKey=signing-keys/rafeOS.secure-boot.key
VerityCertificate=signing-keys/rafeOS_secureboot.crt VerityCertificate=signing-keys/rafeOS.secure-boot.crt
[Host] [Host]
Incremental=true Incremental=true

6
signing-keys/genkeys.sh
View file

@ -24,8 +24,8 @@ generate_key_pair() {
fi fi
# Default filenames # Default filenames
PRIVATE_KEY_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.key" PRIVATE_KEY_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.key"
CERTIFICATE_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.crt" CERTIFICATE_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.crt"
# Period of validity (in days) for the created certificate. # Period of validity (in days) for the created certificate.
# Defaults to 3650, i.e. 10 years. # Defaults to 3650, i.e. 10 years.
@ -79,7 +79,7 @@ generate_key_pair() {
} }
generate_secureboot_keys() { generate_secureboot_keys() {
generate_key_pair "secureboot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa" generate_key_pair "secure-boot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
} }
generate_verity_keys() { generate_verity_keys() {