Commit ea1c89b0 authored by Gary Ching-Pang Lin's avatar Gary Ching-Pang Lin Committed by Peter Jones

Exclude ca.crt while signing EFI images

If ca.crt was added into the certificate database, ca.crt would be the first
certificate in the signature. Because shim couldn't verify ca.crt with the
embedded shim.cer, it failed to load MokManager.efi.signed and
Signed-off-by: default avatarGary Ching-Pang Lin <>
parent dcc52381
...@@ -73,7 +73,6 @@ version.c : ...@@ -73,7 +73,6 @@ version.c :
certdb/secmod.db: shim.crt certdb/secmod.db: shim.crt
-mkdir certdb -mkdir certdb
certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
pk12util -d certdb/ -i shim.p12 -W "" -K "" pk12util -d certdb/ -i shim.p12 -W "" -K ""
certutil -d certdb/ -A -i shim.crt -n shim -t u certutil -d certdb/ -A -i shim.crt -n shim -t u
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment