From patchwork Mon Aug 23 13:33:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1519699 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=RFDDIIzG; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GtYBG6KYLz9sWq; Mon, 23 Aug 2021 23:34:30 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1mIA5r-0008Q0-DK; Mon, 23 Aug 2021 13:34:27 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1mIA5g-0008LQ-II for kernel-team@lists.ubuntu.com; Mon, 23 Aug 2021 13:34:16 +0000 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 5D6E440202 for ; Mon, 23 Aug 2021 13:34:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1629725656; bh=CgxNPtggAhqkSBZQS4UMlVSOczX2fttmSUe+kEKMigY=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=RFDDIIzGsDR4MzOycIOe+dJU4zZcDzRcN4UR+xkUVCxLGRRIzQRWgtdpKkxnuHZbd 0oXykFqNb65r6K3Ye3RUt7Q+iD3Bd2Hq/bHE9zT3KE/OyJwAQg5/x+Lxt4HlSKLSz+ vJCsaPAGYvIUKlkBTv8IipPyc4tLTQP3BEdx0be4A4+4X7Zhrtj5lRQsCNel30jVTk 8QIIAVJuq7Sw98pxiQmqtTWLmtEuxNGwV+/xMp32FeSIsjxDYcmvuS3/VivnBidKQE /yLZN/a/7QBSLzaGlmhczAJDRontI50qz1SvReXd0IcmJjxlfr6zHA3Q5WA/56MWU4 zJj5C9J0Ha7Og== Received: by mail-wm1-f69.google.com with SMTP id z15-20020a7bc7cf0000b02902e6a68ffd3cso4473612wmk.2 for ; Mon, 23 Aug 2021 06:34:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CgxNPtggAhqkSBZQS4UMlVSOczX2fttmSUe+kEKMigY=; b=DgnvJDMBaXJwBoPo5IaUPkL4fkQuFyWZvhdX2yaIKOeWJrRw5OiClCPCx97BnHBO2j 7UuwYyb62HecM0QK5uZiTq6TRG1vtHzOfWUYqRPgdxTxTlKbL3BdBWA4MLLRLs6wTPgE IrDb4zgPFHA8NcuDW2q93AIQoW1g080zDQYmWwOaJLHsWpJ49ftwA4rXV6zsQHm/U9UB 03/3YKjxBdjcDiQl6aulTHC+hnXNwxwVqUU/Gb0wjUhD+z57hnjDsvzFij0M3vK1vFa3 lx/6CGdAWI7fGgq9p7HacsqLIISf8ZV/4YttmouVIyBfUmYepUyDAPh29VN3TP6fkscb sLgA== X-Gm-Message-State: AOAM5325Cda4NZff20bWrvEY217tWX3+n0qFukucJ44rgd20/lvCsoQH IAMrrgBvTA+94f9rhJmq40YGSGlEd3SUQ7MHsRAbRss2vzCx7P+VPxL6ICZZqzxYmS3Fm5MMcPg OJC6L997zDAzauPi5JInB8YYoId8CoqmsTX+5gppvoQ== X-Received: by 2002:a7b:c0d2:: with SMTP id s18mr2735806wmh.75.1629725655785; Mon, 23 Aug 2021 06:34:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwb8lGTI5FmgihCQ1m1kYZzXviNkxQNO9PlYUyjPHIPuGmE/55NMPou/zsOyQFvuCpF1SNTvQ== X-Received: by 2002:a7b:c0d2:: with SMTP id s18mr2735753wmh.75.1629725655477; Mon, 23 Aug 2021 06:34:15 -0700 (PDT) Received: from localhost ([2a01:4b00:85fd:d700:79d7:6045:c3:b370]) by smtp.gmail.com with ESMTPSA id h4sm15267231wrm.42.2021.08.23.06.34.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Aug 2021 06:34:14 -0700 (PDT) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [FOCAL][linux-oem-5.10][PATCH 09/10] UBUNTU: [Packaging] Revoke 2012 UEFI signing certificate as built-in Date: Mon, 23 Aug 2021 14:33:52 +0100 Message-Id: <20210823133353.37046-10-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210823133353.37046-1-dimitri.ledkov@canonical.com> References: <20210823133353.37046-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1932029 Signed-off-by: Dimitri John Ledkov Signed-off-by: Andrea Righi (cherry picked from commit 3f72ce72f0b51b6da2638cdded93bb32b9dad2ec) Signed-off-by: Dimitri John Ledkov Acked-by: Stefan Bader Acked-by: Andy Whitcroft [KelseyS: SHA1 from cherry pick line is from Impish. Patch has been submitted to upstream, though not yet reviewed/applied.] Signed-off-by: Kelsey Skunberg --- .../revoked-certs/canonical-uefi-2012-all.pem | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 debian/revoked-certs/canonical-uefi-2012-all.pem diff --git a/debian/revoked-certs/canonical-uefi-2012-all.pem b/debian/revoked-certs/canonical-uefi-2012-all.pem new file mode 100644 index 0000000000..06c116eec5 --- /dev/null +++ b/debian/revoked-certs/canonical-uefi-2012-all.pem @@ -0,0 +1,86 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Master Certificate Authority + Validity + Not Before: Apr 12 11:39:08 2012 GMT + Not After : Apr 11 11:39:08 2042 GMT + Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c9:5f:9b:62:8f:0b:b0:64:82:ac:be:c9:e2:62: + e3:4b:d2:9f:1e:8a:d5:61:1a:2b:5d:38:f4:b7:ce: + b9:9a:b8:43:b8:43:97:77:ab:4f:7f:0c:70:46:0b: + fc:7f:6d:c6:6d:ea:80:5e:01:d2:b7:66:1e:87:de: + 0d:6d:d0:41:97:a8:a5:af:0c:63:4f:f7:7c:c2:52: + cc:a0:31:a9:bb:89:5d:99:1e:46:6f:55:73:b9:76: + 69:ec:d7:c1:fc:21:d6:c6:07:e7:4f:bd:22:de:e4: + a8:5b:2d:db:95:34:19:97:d6:28:4b:21:4c:ca:bb: + 1d:79:a6:17:7f:5a:f9:67:e6:5c:78:45:3d:10:6d: + b0:17:59:26:11:c5:57:e3:7f:4e:82:ba:f6:2c:4e: + c8:37:4d:ff:85:15:84:47:e0:ed:3b:7c:7f:bc:af: + e9:01:05:a7:0c:6f:c3:e9:8d:a3:ce:be:a6:e3:cd: + 3c:b5:58:2c:9e:c2:03:1c:60:22:37:39:ff:41:02: + c1:29:a4:65:51:ff:33:34:aa:42:15:f9:95:78:fc: + 2d:f5:da:8a:85:7c:82:9d:fb:37:2c:6b:a5:a8:df: + 7c:55:0b:80:2e:3c:b0:63:e1:cd:38:48:89:e8:14: + 06:0b:82:bc:fd:d4:07:68:1b:0f:3e:d9:15:dd:94: + 11:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Extended Key Usage: + Code Signing, 1.3.6.1.4.1.311.10.3.6 + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 61:48:2A:A2:83:0D:0A:B2:AD:5A:F1:0B:72:50:DA:90:33:DD:CE:F0 + X509v3 Authority Key Identifier: + keyid:AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63 + + Signature Algorithm: sha256WithRSAEncryption + 8f:8a:a1:06:1f:29:b7:0a:4a:d5:c5:fd:81:ab:25:ea:c0:7d: + e2:fc:6a:96:a0:79:93:67:ee:05:0e:25:12:25:e4:5a:f6:aa: + 1a:f1:12:f3:05:8d:87:5e:f1:5a:5c:cb:8d:23:73:65:1d:15: + b9:de:22:6b:d6:49:67:c9:a3:c6:d7:62:4e:5c:b5:f9:03:83: + 40:81:dc:87:9c:3c:3f:1c:0d:51:9f:94:65:0a:84:48:67:e4: + a2:f8:a6:4a:f0:e7:cd:cd:bd:94:e3:09:d2:5d:2d:16:1b:05: + 15:0b:cb:44:b4:3e:61:42:22:c4:2a:5c:4e:c5:1d:a3:e2:e0: + 52:b2:eb:f4:8b:2b:dc:38:39:5d:fb:88:a1:56:65:5f:2b:4f: + 26:ff:06:78:10:12:eb:8c:5d:32:e3:c6:45:af:25:9b:a0:ff: + 8e:ef:47:09:a3:e9:8b:37:92:92:69:76:7e:34:3b:92:05:67: + 4e:b0:25:ed:bc:5e:5f:8f:b4:d6:ca:40:ff:e4:e2:31:23:0c: + 85:25:ae:0c:55:01:ec:e5:47:5e:df:5b:bc:14:33:e3:c6:f5: + 18:b6:d9:f7:dd:b3:b4:a1:31:d3:5a:5c:5d:7d:3e:bf:0a:e4: + e4:e8:b4:59:7d:3b:b4:8c:a3:1b:b5:20:a3:b9:3e:84:6f:8c: + 21:00:c3:39 +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCR0Ix +FDASBgNVBAgMC0lzbGUgb2YgTWFuMRAwDgYDVQQHDAdEb3VnbGFzMRcwFQYDVQQK +DA5DYW5vbmljYWwgTHRkLjE0MDIGA1UEAwwrQ2Fub25pY2FsIEx0ZC4gTWFzdGVy +IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMjA0MTIxMTM5MDhaFw00MjA0MTEx +MTM5MDhaMH8xCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9mIE1hbjEXMBUG +A1UECgwOQ2Fub25pY2FsIEx0ZC4xFDASBgNVBAsMC1NlY3VyZSBCb290MSswKQYD +VQQDDCJDYW5vbmljYWwgTHRkLiBTZWN1cmUgQm9vdCBTaWduaW5nMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyV+bYo8LsGSCrL7J4mLjS9KfHorVYRor +XTj0t865mrhDuEOXd6tPfwxwRgv8f23GbeqAXgHSt2Yeh94NbdBBl6ilrwxjT/d8 +wlLMoDGpu4ldmR5Gb1VzuXZp7NfB/CHWxgfnT70i3uSoWy3blTQZl9YoSyFMyrsd +eaYXf1r5Z+ZceEU9EG2wF1kmEcVX439Ogrr2LE7IN03/hRWER+DtO3x/vK/pAQWn +DG/D6Y2jzr6m4808tVgsnsIDHGAiNzn/QQLBKaRlUf8zNKpCFfmVePwt9dqKhXyC +nfs3LGulqN98VQuALjywY+HNOEiJ6BQGC4K8/dQHaBsPPtkV3ZQRGwIDAQABo4Gg +MIGdMAwGA1UdEwEB/wQCMAAwHwYDVR0lBBgwFgYIKwYBBQUHAwMGCisGAQQBgjcK +AwYwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl +MB0GA1UdDgQWBBRhSCqigw0Ksq1a8QtyUNqQM93O8DAfBgNVHSMEGDAWgBStkZkL +wiqx9RcEjCO2ZVomjjRaYzANBgkqhkiG9w0BAQsFAAOCAQEAj4qhBh8ptwpK1cX9 +gasl6sB94vxqlqB5k2fuBQ4lEiXkWvaqGvES8wWNh17xWlzLjSNzZR0Vud4ia9ZJ +Z8mjxtdiTly1+QODQIHch5w8PxwNUZ+UZQqESGfkovimSvDnzc29lOMJ0l0tFhsF +FQvLRLQ+YUIixCpcTsUdo+LgUrLr9Isr3Dg5XfuIoVZlXytPJv8GeBAS64xdMuPG +Ra8lm6D/ju9HCaPpizeSkml2fjQ7kgVnTrAl7bxeX4+01spA/+TiMSMMhSWuDFUB +7OVHXt9bvBQz48b1GLbZ992ztKEx01pcXX0+vwrk5Oi0WX07tIyjG7Ugo7k+hG+M +IQDDOQ== +-----END CERTIFICATE-----