From c466cc2ca5d0e935bfaa6f6f4ab594a0c242e84b Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Tue, 7 Mar 2023 15:51:00 -0700 Subject: [PATCH] Add System76 Secure Boot keys Signed-off-by: Tim Crawford --- .../keys/db-system76.crt | Bin 0 -> 875 bytes .../keys/{kek.crt => kek-microsoft.crt} | Bin .../keys/kek-system76.crt | Bin 0 -> 883 bytes .../SecureBootEnrollDefaultKeys/keys/pk.crt | Bin 1053 -> 875 bytes UefiPayloadPkg/UefiPayloadPkg.fdf | 4 +++- 5 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt rename UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/{kek.crt => kek-microsoft.crt} (100%) create mode 100644 UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt new file mode 100644 index 0000000000000000000000000000000000000000..2f5285bcf1e6019e3fac342b3377787151cd1387 GIT binary patch literal 875 zcmXqLVoo<`V)ADav8tMKerH?nol6s0mAnIdLpJ`rWMRO|#;Mij(e|B}k&&B~!Jxp9 z+klgeIh2J>m?<>aP|$!M#NpuKaL&)kFG@_wH{=Iu0SdA6u(_n>m8BNJ)Nt`|1XmW9 zq~@BN8EP45fYdPaD8hskf>V=Ai&7Pw^7Bg+ToOwXlM;(l6}(d`4dldmjf@QpjSUS= zfuwPiIIl5~Yh(fC4uFfA7?qHNg^`tkxrvdV!Jvtei>Zl`kzq%Dm~`v6-1ELV_3{&q z=jH$F{9$pSE^^DBJ0e2+b*@iwUn0QGIa#K3^~o95DjHs&zb5b8!m9gOIo#Sjh>z1K z#6M%p711=!h`C30pZoW0|8z0830y%te=b%aA)oY;-nP z*RDLRxi=$E#nR5iL$aetlT$|n1N^q&x=d0=5uc4YCoh4vRVaut-;zAZhu zcy0KUQ|rzC%(=}e##zey;91!{_8*T!uWrmRSkrA>s^<1XZ0FME@5e$!)-K*U=~`T9 zS+?yC?vT9S=EX(fuRTIi9p3iu{$il9fPKZvjS;K-Bcz#IRgGOM4)*I`y~FjZM9cb- YSM;%Gcim0%%X<^*US(X3c>m@B00hENoB#j- literal 0 HcmV?d00001 diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-microsoft.crt similarity index 100% rename from UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt rename to UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-microsoft.crt diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt new file mode 100644 index 0000000000000000000000000000000000000000..ceb5d96fdb3e6d49ff8d5e5005bd16ad6418eafc GIT binary patch literal 883 zcmXqLV$L^cVhU#x@%Xqq^zyst{y23G^9YZ-|4*76oMgbu#;Mij(e|B}k&&B~!Jx#D z+klgeIh2J>m?<>aP|$!M#NpuKaL&)kFG@_wH{=Iu0SdA6u(_n>m8BNJ)Nt`|1XmW9 zq~@BN8R{A6fYdPasKSI4f>V=Ai&7Pw^7Bg+yi+R`Tq}|@67$kiK^y})ab6>114Cm& zLsKAW93{?c4CESFK)D0tswPGy@ri|MQoh z{d?wLly|7o@&{E9WHQrI%!4kLA1X-vFK%)=FJJMcy;Z-b>sOX&^GUUukG!Wcg(mKK zX;l*(cd@nFzrd3%pVRWbTYibl+;3fdT$@*=Evo47HP%;YjI_*hTVVR23PKDiy=!G~G=kbN}UQUO)XK{TQ|{6TYC%u zkwXZWfPf*y$WYAg?R)WH(UX8(cbSXq;*#~7osP=grXtqQR1UVF{7`jz&rUp^by6_%X+GROGbGK;xs ztFxw_*kcgkJV`9;)HFY78;12hin*oT9xFXM9H*Jt{(rh*pOx%!e<6t;4PK|(Hl;7h zOOCVLuvvI^Y3-j6cfQK(b_-#AbYgMT)_cBH>lR)~-t<*a>wSw%%&m=6R`!{^*mBvw zXbtO@V>1q2+B_q0Y1#$(8_Zjuo;W1WnNZ}`8^oshbjNW^$D$L5H$UjtSh;Fj?X{o? Yr&*y1K0DUDDcPgI?&EdxM9j5W07+v`%>V!Z literal 0 HcmV?d00001 diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/pk.crt index a374b28a5ee19fbb586a3289e5d6efb94e3850f4..64f6046aee73954a725d3b578c6c4e6aeefea25a 100644 GIT binary patch literal 875 zcmXqLVoo<`V)ADa5zjwpcyHDMp)LFsqV3@|>vVVBQ8VCWn?`H*K1Qbk3W@DmMeU=sP%f@?HlVKigbHx6m37UoM~RU)jZ8? z<_izM#Pg*t+wQMhA|PoDThx%9z~-YU6^-dqs!hOmo&E*A2KelP(0Bo_gwjO#GE^AnU@@Lck#Wld?T|}aa-p$ zhK+|8&eYr+6?@6)k!?|d)pg6jwNt|`&U&Hz?{yORH+07EB78QE)Mb~!zSA5cHvbteCb7!q6 zKP1`Gw|e(PvC#hEpcfd}oWAF0f7NyR&oi)(g_dpNK79 YZoB#j- literal 1053 zcmXqLVv#gxVrE>x%*4pVBqAV^xtN4hM|pMPM$%f_kI=F#?@mywa1 zmBFBKwjs9xCmVAp3!5;Li>o1z0T+nF!Ncqq6mG~5R1V~^^RPMPCufxA8p;{SfCRXB zL@iTuQgc)DN{SU6(^K=3D;3;xlRON?3`9Wk+&sL_l}V{Z!KulmMVTd)h9U++AaQ0M z?$FenV^Cn-P*Ck9``uch4 zzsw_Pi_;$)ud!PF-TB=Y2}hF{?t@#`3og;x&20bGBb+J9k;Bk`ZB&Z)c`0+xn@zi> z`m(AvMU?r51-?$YaBiNS`h-0vFZ_vmwNz-%cjK?`Oy(}Re6C^F)=w9-Wvdo$DVDmP zeC7Rw3Ey8T`CglL$xOjv!LP|j1>PpuE?J@d{)9x<=DdkKfnA@n=bPQW`KH)I*!A&@ z4}D8@?+0>hUdOg{$=+Du<`c2GehFrm)xR|^v%aYid_wq1hqmTkyy9`CW8RwBcqV2>2FAs~ z27$n2z#J;e$0Eie($q5Va`d?;jqMA0=M{gAovk6Z=YWAcNLrai!a%G6y8?cY0%1nR z|17Kq%s>h`*nz1W80?G;Gd$PZUu!7fiM3gJ@Lp7ScxH?02G{LM5ob*r6gV%|s$R0q zTVA2%e`dzIqpq)0Rqk91Ja?k6^zzafTp3NCzNf`kx9j+>pY`iDkQN3XYa9Xr8%$*C(#)!rNCn zKjr;$y*bHJRE>GhA_nVdm1Ri>!#~ez@w;hbYawHx%Ix;GkWGE*-0xq^H6p~CUYLdV z%(;;w9=7j3pTOP!)pchc_na(gz4vPOo+)0tf;PYI`R#OZ`Wue8^IsJw=_#LIYg#H; e|M$d7pNB%re;RY_75|!39JRH!<;Tx2S9$?qFp2U2 diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf index 2b41c5396d..ef639ceef7 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -260,11 +260,13 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf } FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { - SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek.crt + SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-system76.crt + SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/kek-microsoft.crt SECTION UI = "KEK Default" } FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-system76.crt SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-1.crt SECTION RAW = UefiPayloadPkg/SecureBootEnrollDefaultKeys/keys/db-2.crt SECTION UI = "DB Default"