[{bionic, focal, groovy}:linux 3/4] UBUNTU: [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
Andy Whitcroft
apw at canonical.com
Thu Feb 18 15:08:55 UTC 2021
From: Dimitri John Ledkov <xnox at ubuntu.com>
Add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS, such that
livepatch modules signed by Canonical are trusted out of the box, on
locked-down secureboot systems.
BugLink: https://bugs.launchpad.net/bugs/1898716
Signed-off-by: Dimitri John Ledkov <xnox at ubuntu.com>
[apw at canonical.com: move certification to cert framework.]
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
debian/certs/canonical-livepatch-all.pem | 121 +++++++++++++++++++++++
1 file changed, 121 insertions(+)
create mode 100644 debian/certs/canonical-livepatch-all.pem
diff --git a/debian/certs/canonical-livepatch-all.pem b/debian/certs/canonical-livepatch-all.pem
new file mode 100644
index 000000000000..3f360f74344d
--- /dev/null
+++ b/debian/certs/canonical-livepatch-all.pem
@@ -0,0 +1,121 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c7:7e:51:6a:1c:25:cd:40
+ Signature Algorithm: sha512WithRSAEncryption
+ Issuer: CN = Canonical Ltd. Live Patch Signing
+ Validity
+ Not Before: Jul 18 23:41:27 2016 GMT
+ Not After : Jul 16 23:41:27 2026 GMT
+ Subject: CN = Canonical Ltd. Live Patch Signing
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (4096 bit)
+ Modulus:
+ 00:bd:74:ee:72:b3:4a:ab:e6:31:e8:29:24:c2:bd:
+ 46:98:32:c0:39:ee:a3:fb:8a:ad:fe:ab:1a:5b:a3:
+ 2e:a1:80:db:79:61:9e:47:79:2c:75:57:a2:21:f0:
+ 93:f6:87:f2:9b:4b:9d:2f:b3:58:61:28:3c:41:70:
+ 13:16:a1:72:90:c9:d5:16:71:7c:e0:30:f9:28:5e:
+ 48:20:36:00:69:b7:59:9f:a3:ec:a8:eb:55:41:9f:
+ 38:1e:22:4a:57:20:f4:83:59:49:c5:00:93:d3:33:
+ 02:92:d1:fc:f0:84:3b:4a:5b:8f:b6:73:9a:89:fa:
+ 30:1e:e6:2a:68:f2:91:ef:59:57:3d:dc:1c:52:6f:
+ 5e:e6:9b:b5:b8:7c:98:c9:13:d1:39:68:01:67:91:
+ e0:d3:67:72:16:0a:5e:16:83:45:31:4f:b5:2b:b3:
+ f6:40:86:89:3a:84:6e:6f:16:61:bc:70:84:be:5a:
+ 13:36:7b:82:ea:07:19:fc:18:c1:16:c6:32:0b:7d:
+ 2c:6b:c4:21:b9:38:6b:31:dc:d9:0c:ad:56:40:68:
+ 7c:e3:c6:64:8e:bf:1c:e0:72:3e:6c:db:d2:73:79:
+ da:d7:c5:2f:5d:04:7d:b0:07:1e:95:dd:2a:47:5e:
+ bf:3e:3a:c8:66:f6:67:0f:d4:2a:f1:e2:71:59:d2:
+ 6c:7b:a0:37:ac:e6:97:80:30:13:97:48:d5:74:fc:
+ 38:68:e4:57:cb:99:69:5a:84:27:ac:98:51:e4:64:
+ bd:91:62:e8:58:27:06:2a:b9:0b:b8:08:e5:e5:b4:
+ 51:a7:a2:10:df:4e:07:6c:a0:3b:96:f2:6e:df:75:
+ 8c:97:1e:64:a0:9a:86:9b:98:26:f9:d8:b7:de:5b:
+ 21:b7:af:89:01:a3:f7:98:6b:da:19:ba:86:ef:ef:
+ f1:ce:bb:2f:89:ed:c0:b6:1b:e5:5b:f8:90:11:9a:
+ 52:93:e9:be:f7:35:b9:08:cb:ba:c3:ed:2f:73:af:
+ cc:96:07:55:b5:de:f6:03:f6:f1:89:f9:21:40:76:
+ c1:69:f2:61:cc:9a:94:df:9c:ec:6a:65:38:be:d1:
+ 4e:2a:87:c7:2f:3e:53:ae:8b:9f:54:a1:09:59:64:
+ 25:aa:a9:d8:44:a9:a8:a0:71:e1:32:aa:4c:32:fd:
+ 44:28:cc:9c:6f:8e:db:81:7e:6f:fa:00:56:c5:e5:
+ 03:46:63:fb:8e:71:8d:e3:13:91:9f:ac:60:3e:64:
+ f3:df:25:34:09:fa:2d:96:9f:16:05:ea:93:f5:e6:
+ 00:08:27:32:7b:3c:bd:ee:70:24:6c:3b:55:e9:db:
+ f4:10:2d:20:06:b4:ca:e9:29:65:55:ad:f6:52:54:
+ 5f:e5:a3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature
+ X509v3 Subject Key Identifier:
+ 14:DF:34:D1:A8:7C:F3:76:25:AB:EC:03:9E:F2:BF:52:12:49:B9:69
+ X509v3 Authority Key Identifier:
+ keyid:14:DF:34:D1:A8:7C:F3:76:25:AB:EC:03:9E:F2:BF:52:12:49:B9:69
+
+ Signature Algorithm: sha512WithRSAEncryption
+ 30:e7:48:02:37:e9:28:cf:04:a2:4d:5c:fa:d8:4e:c9:76:c7:
+ 14:3f:bd:2c:51:3d:33:f0:1a:bc:49:f1:47:95:8f:69:d8:a9:
+ 54:14:44:6c:4d:9f:55:82:08:1e:c6:5b:d5:91:d9:bc:2e:b0:
+ af:d6:25:65:74:96:aa:36:de:ae:31:a8:11:f2:a4:2c:5a:e1:
+ 4f:73:f8:4a:c3:35:b0:76:96:71:f2:b5:7d:4b:75:ee:5d:bf:
+ 86:a5:ba:0b:a9:52:cb:ec:ab:e5:23:4b:f2:74:55:28:17:1e:
+ b3:ac:27:ad:45:13:6e:69:b3:5a:be:42:36:29:48:db:e7:5c:
+ 22:58:a0:90:82:2c:2a:21:2b:db:f4:64:b7:91:5d:1f:2c:48:
+ a4:1a:85:e3:86:a5:aa:19:cd:19:e8:a5:fb:a3:7b:94:77:48:
+ 25:a4:cf:a0:cf:71:82:5c:6f:71:22:7c:d6:97:a0:53:bb:ec:
+ 30:f6:cb:16:fb:7b:fd:16:94:7a:53:6e:bd:04:64:a2:01:10:
+ 9f:f0:5b:b5:a6:73:41:9d:5f:6f:45:73:0d:05:f7:30:6d:39:
+ 90:b6:7d:55:7d:4c:2f:ae:5f:38:56:2f:8b:df:f4:bf:12:06:
+ 93:6e:0d:02:23:bf:71:91:57:88:e8:bd:62:72:99:00:40:29:
+ 1e:c9:13:11:da:7e:8e:e1:d2:a5:0d:bf:f7:d6:ec:01:0d:89:
+ 41:cd:d5:dc:d2:f7:5f:33:0d:4c:2f:85:b7:85:b7:81:e4:17:
+ 29:f0:74:cf:0e:15:8c:1a:50:0b:08:63:1a:91:4f:e7:76:97:
+ f1:d4:3b:7e:72:d4:c5:45:58:0c:6a:e9:0d:f2:85:d8:91:1e:
+ 37:bd:78:e3:39:4d:2e:fd:85:31:c1:a6:3b:6a:cc:2c:53:72:
+ 1d:8e:7b:f0:e6:76:86:09:6f:1a:f3:e4:a1:e2:dd:76:5f:b0:
+ 8c:e2:2a:54:5d:c1:88:49:90:10:15:42:7d:05:24:53:8c:54:
+ ff:48:18:1a:36:e3:31:d3:54:32:78:0d:fe:f2:3d:aa:0d:37:
+ 15:84:b4:36:47:31:e8:85:6e:0b:58:38:ff:21:91:09:c9:a8:
+ 43:a3:ea:60:cb:7e:ed:f7:41:6f:4e:91:c1:fd:77:46:e7:d4:
+ e7:86:c0:1b:fd:50:6c:aa:be:00:b3:63:02:ff:4e:c7:a5:57:
+ 6e:29:64:e9:54:d5:30:63:38:5f:2d:5a:db:49:5f:14:14:22:
+ d2:81:1f:61:9e:ee:ee:16:66:d6:bc:bd:ac:1b:5c:fb:38:31:
+ 95:33:2e:84:6e:7a:de:ee:b9:fc:97:17:06:13:bf:70:1c:6e:
+ 76:ed:66:38:e2:70:08:00
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIJAMd+UWocJc1AMA0GCSqGSIb3DQEBDQUAMCwxKjAoBgNV
+BAMMIUNhbm9uaWNhbCBMdGQuIExpdmUgUGF0Y2ggU2lnbmluZzAeFw0xNjA3MTgy
+MzQxMjdaFw0yNjA3MTYyMzQxMjdaMCwxKjAoBgNVBAMMIUNhbm9uaWNhbCBMdGQu
+IExpdmUgUGF0Y2ggU2lnbmluZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAL107nKzSqvmMegpJMK9RpgywDnuo/uKrf6rGlujLqGA23lhnkd5LHVXoiHw
+k/aH8ptLnS+zWGEoPEFwExahcpDJ1RZxfOAw+SheSCA2AGm3WZ+j7KjrVUGfOB4i
+Slcg9INZScUAk9MzApLR/PCEO0pbj7Zzmon6MB7mKmjyke9ZVz3cHFJvXuabtbh8
+mMkT0TloAWeR4NNnchYKXhaDRTFPtSuz9kCGiTqEbm8WYbxwhL5aEzZ7guoHGfwY
+wRbGMgt9LGvEIbk4azHc2QytVkBofOPGZI6/HOByPmzb0nN52tfFL10EfbAHHpXd
+Kkdevz46yGb2Zw/UKvHicVnSbHugN6zml4AwE5dI1XT8OGjkV8uZaVqEJ6yYUeRk
+vZFi6FgnBiq5C7gI5eW0UaeiEN9OB2ygO5bybt91jJceZKCahpuYJvnYt95bIbev
+iQGj95hr2hm6hu/v8c67L4ntwLYb5Vv4kBGaUpPpvvc1uQjLusPtL3OvzJYHVbXe
+9gP28Yn5IUB2wWnyYcyalN+c7GplOL7RTiqHxy8+U66Ln1ShCVlkJaqp2ESpqKBx
+4TKqTDL9RCjMnG+O24F+b/oAVsXlA0Zj+45xjeMTkZ+sYD5k898lNAn6LZafFgXq
+k/XmAAgnMns8ve5wJGw7Venb9BAtIAa0yukpZVWt9lJUX+WjAgMBAAGjXTBbMAwG
+A1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQU3zTRqHzzdiWr7AOe
+8r9SEkm5aTAfBgNVHSMEGDAWgBQU3zTRqHzzdiWr7AOe8r9SEkm5aTANBgkqhkiG
+9w0BAQ0FAAOCAgEAMOdIAjfpKM8Eok1c+thOyXbHFD+9LFE9M/AavEnxR5WPadip
+VBREbE2fVYIIHsZb1ZHZvC6wr9YlZXSWqjberjGoEfKkLFrhT3P4SsM1sHaWcfK1
+fUt17l2/hqW6C6lSy+yr5SNL8nRVKBces6wnrUUTbmmzWr5CNilI2+dcIligkIIs
+KiEr2/Rkt5FdHyxIpBqF44alqhnNGeil+6N7lHdIJaTPoM9xglxvcSJ81pegU7vs
+MPbLFvt7/RaUelNuvQRkogEQn/BbtaZzQZ1fb0VzDQX3MG05kLZ9VX1ML65fOFYv
+i9/0vxIGk24NAiO/cZFXiOi9YnKZAEApHskTEdp+juHSpQ2/99bsAQ2JQc3V3NL3
+XzMNTC+Ft4W3geQXKfB0zw4VjBpQCwhjGpFP53aX8dQ7fnLUxUVYDGrpDfKF2JEe
+N7144zlNLv2FMcGmO2rMLFNyHY578OZ2hglvGvPkoeLddl+wjOIqVF3BiEmQEBVC
+fQUkU4xU/0gYGjbjMdNUMngN/vI9qg03FYS0Nkcx6IVuC1g4/yGRCcmoQ6PqYMt+
+7fdBb06Rwf13RufU54bAG/1QbKq+ALNjAv9Ox6VXbilk6VTVMGM4Xy1a20lfFBQi
+0oEfYZ7u7hZm1ry9rBtc+zgxlTMuhG563u65/JcXBhO/cBxudu1mOOJwCAA=
+-----END CERTIFICATE-----
--
2.29.2
More information about the kernel-team
mailing list