From 7ea6a05162f625766e915c4c16e55f7f0171e368 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Thu, 18 Feb 2021 17:17:00 +0100 Subject: [PATCH] UBUNTU: [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS Add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS, such that livepatch modules signed by Canonical are trusted out of the box, on locked-down secureboot systems. BugLink: https://bugs.launchpad.net/bugs/1898716 Signed-off-by: Dimitri John Ledkov [apw@canonical.com: move certification to cert framework.] Signed-off-by: Andy Whitcroft Acked-by: Stefan Bader Acked-by: Seth Forshee Signed-off-by: Stefan Bader Signed-off-by: Timo Aaltonen --- debian/certs/canonical-livepatch-all.pem | 121 +++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 debian/certs/canonical-livepatch-all.pem diff --git a/debian/certs/canonical-livepatch-all.pem b/debian/certs/canonical-livepatch-all.pem new file mode 100644 index 0000000000000..3f360f74344d8 --- /dev/null +++ b/debian/certs/canonical-livepatch-all.pem @@ -0,0 +1,121 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c7:7e:51:6a:1c:25:cd:40 + Signature Algorithm: sha512WithRSAEncryption + Issuer: CN = Canonical Ltd. Live Patch Signing + Validity + Not Before: Jul 18 23:41:27 2016 GMT + Not After : Jul 16 23:41:27 2026 GMT + Subject: CN = Canonical Ltd. Live Patch Signing + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:bd:74:ee:72:b3:4a:ab:e6:31:e8:29:24:c2:bd: + 46:98:32:c0:39:ee:a3:fb:8a:ad:fe:ab:1a:5b:a3: + 2e:a1:80:db:79:61:9e:47:79:2c:75:57:a2:21:f0: + 93:f6:87:f2:9b:4b:9d:2f:b3:58:61:28:3c:41:70: + 13:16:a1:72:90:c9:d5:16:71:7c:e0:30:f9:28:5e: + 48:20:36:00:69:b7:59:9f:a3:ec:a8:eb:55:41:9f: + 38:1e:22:4a:57:20:f4:83:59:49:c5:00:93:d3:33: + 02:92:d1:fc:f0:84:3b:4a:5b:8f:b6:73:9a:89:fa: + 30:1e:e6:2a:68:f2:91:ef:59:57:3d:dc:1c:52:6f: + 5e:e6:9b:b5:b8:7c:98:c9:13:d1:39:68:01:67:91: + e0:d3:67:72:16:0a:5e:16:83:45:31:4f:b5:2b:b3: + f6:40:86:89:3a:84:6e:6f:16:61:bc:70:84:be:5a: + 13:36:7b:82:ea:07:19:fc:18:c1:16:c6:32:0b:7d: + 2c:6b:c4:21:b9:38:6b:31:dc:d9:0c:ad:56:40:68: + 7c:e3:c6:64:8e:bf:1c:e0:72:3e:6c:db:d2:73:79: + da:d7:c5:2f:5d:04:7d:b0:07:1e:95:dd:2a:47:5e: + bf:3e:3a:c8:66:f6:67:0f:d4:2a:f1:e2:71:59:d2: + 6c:7b:a0:37:ac:e6:97:80:30:13:97:48:d5:74:fc: + 38:68:e4:57:cb:99:69:5a:84:27:ac:98:51:e4:64: + bd:91:62:e8:58:27:06:2a:b9:0b:b8:08:e5:e5:b4: + 51:a7:a2:10:df:4e:07:6c:a0:3b:96:f2:6e:df:75: + 8c:97:1e:64:a0:9a:86:9b:98:26:f9:d8:b7:de:5b: + 21:b7:af:89:01:a3:f7:98:6b:da:19:ba:86:ef:ef: + f1:ce:bb:2f:89:ed:c0:b6:1b:e5:5b:f8:90:11:9a: + 52:93:e9:be:f7:35:b9:08:cb:ba:c3:ed:2f:73:af: + cc:96:07:55:b5:de:f6:03:f6:f1:89:f9:21:40:76: + c1:69:f2:61:cc:9a:94:df:9c:ec:6a:65:38:be:d1: + 4e:2a:87:c7:2f:3e:53:ae:8b:9f:54:a1:09:59:64: + 25:aa:a9:d8:44:a9:a8:a0:71:e1:32:aa:4c:32:fd: + 44:28:cc:9c:6f:8e:db:81:7e:6f:fa:00:56:c5:e5: + 03:46:63:fb:8e:71:8d:e3:13:91:9f:ac:60:3e:64: + f3:df:25:34:09:fa:2d:96:9f:16:05:ea:93:f5:e6: + 00:08:27:32:7b:3c:bd:ee:70:24:6c:3b:55:e9:db: + f4:10:2d:20:06:b4:ca:e9:29:65:55:ad:f6:52:54: + 5f:e5:a3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Subject Key Identifier: + 14:DF:34:D1:A8:7C:F3:76:25:AB:EC:03:9E:F2:BF:52:12:49:B9:69 + X509v3 Authority Key Identifier: + keyid:14:DF:34:D1:A8:7C:F3:76:25:AB:EC:03:9E:F2:BF:52:12:49:B9:69 + + Signature Algorithm: sha512WithRSAEncryption + 30:e7:48:02:37:e9:28:cf:04:a2:4d:5c:fa:d8:4e:c9:76:c7: + 14:3f:bd:2c:51:3d:33:f0:1a:bc:49:f1:47:95:8f:69:d8:a9: + 54:14:44:6c:4d:9f:55:82:08:1e:c6:5b:d5:91:d9:bc:2e:b0: + af:d6:25:65:74:96:aa:36:de:ae:31:a8:11:f2:a4:2c:5a:e1: + 4f:73:f8:4a:c3:35:b0:76:96:71:f2:b5:7d:4b:75:ee:5d:bf: + 86:a5:ba:0b:a9:52:cb:ec:ab:e5:23:4b:f2:74:55:28:17:1e: + b3:ac:27:ad:45:13:6e:69:b3:5a:be:42:36:29:48:db:e7:5c: + 22:58:a0:90:82:2c:2a:21:2b:db:f4:64:b7:91:5d:1f:2c:48: + a4:1a:85:e3:86:a5:aa:19:cd:19:e8:a5:fb:a3:7b:94:77:48: + 25:a4:cf:a0:cf:71:82:5c:6f:71:22:7c:d6:97:a0:53:bb:ec: + 30:f6:cb:16:fb:7b:fd:16:94:7a:53:6e:bd:04:64:a2:01:10: + 9f:f0:5b:b5:a6:73:41:9d:5f:6f:45:73:0d:05:f7:30:6d:39: + 90:b6:7d:55:7d:4c:2f:ae:5f:38:56:2f:8b:df:f4:bf:12:06: + 93:6e:0d:02:23:bf:71:91:57:88:e8:bd:62:72:99:00:40:29: + 1e:c9:13:11:da:7e:8e:e1:d2:a5:0d:bf:f7:d6:ec:01:0d:89: + 41:cd:d5:dc:d2:f7:5f:33:0d:4c:2f:85:b7:85:b7:81:e4:17: + 29:f0:74:cf:0e:15:8c:1a:50:0b:08:63:1a:91:4f:e7:76:97: + f1:d4:3b:7e:72:d4:c5:45:58:0c:6a:e9:0d:f2:85:d8:91:1e: + 37:bd:78:e3:39:4d:2e:fd:85:31:c1:a6:3b:6a:cc:2c:53:72: + 1d:8e:7b:f0:e6:76:86:09:6f:1a:f3:e4:a1:e2:dd:76:5f:b0: + 8c:e2:2a:54:5d:c1:88:49:90:10:15:42:7d:05:24:53:8c:54: + ff:48:18:1a:36:e3:31:d3:54:32:78:0d:fe:f2:3d:aa:0d:37: + 15:84:b4:36:47:31:e8:85:6e:0b:58:38:ff:21:91:09:c9:a8: + 43:a3:ea:60:cb:7e:ed:f7:41:6f:4e:91:c1:fd:77:46:e7:d4: + e7:86:c0:1b:fd:50:6c:aa:be:00:b3:63:02:ff:4e:c7:a5:57: + 6e:29:64:e9:54:d5:30:63:38:5f:2d:5a:db:49:5f:14:14:22: + d2:81:1f:61:9e:ee:ee:16:66:d6:bc:bd:ac:1b:5c:fb:38:31: + 95:33:2e:84:6e:7a:de:ee:b9:fc:97:17:06:13:bf:70:1c:6e: + 76:ed:66:38:e2:70:08:00 +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIJAMd+UWocJc1AMA0GCSqGSIb3DQEBDQUAMCwxKjAoBgNV +BAMMIUNhbm9uaWNhbCBMdGQuIExpdmUgUGF0Y2ggU2lnbmluZzAeFw0xNjA3MTgy +MzQxMjdaFw0yNjA3MTYyMzQxMjdaMCwxKjAoBgNVBAMMIUNhbm9uaWNhbCBMdGQu +IExpdmUgUGF0Y2ggU2lnbmluZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAL107nKzSqvmMegpJMK9RpgywDnuo/uKrf6rGlujLqGA23lhnkd5LHVXoiHw +k/aH8ptLnS+zWGEoPEFwExahcpDJ1RZxfOAw+SheSCA2AGm3WZ+j7KjrVUGfOB4i +Slcg9INZScUAk9MzApLR/PCEO0pbj7Zzmon6MB7mKmjyke9ZVz3cHFJvXuabtbh8 +mMkT0TloAWeR4NNnchYKXhaDRTFPtSuz9kCGiTqEbm8WYbxwhL5aEzZ7guoHGfwY +wRbGMgt9LGvEIbk4azHc2QytVkBofOPGZI6/HOByPmzb0nN52tfFL10EfbAHHpXd +Kkdevz46yGb2Zw/UKvHicVnSbHugN6zml4AwE5dI1XT8OGjkV8uZaVqEJ6yYUeRk +vZFi6FgnBiq5C7gI5eW0UaeiEN9OB2ygO5bybt91jJceZKCahpuYJvnYt95bIbev +iQGj95hr2hm6hu/v8c67L4ntwLYb5Vv4kBGaUpPpvvc1uQjLusPtL3OvzJYHVbXe +9gP28Yn5IUB2wWnyYcyalN+c7GplOL7RTiqHxy8+U66Ln1ShCVlkJaqp2ESpqKBx +4TKqTDL9RCjMnG+O24F+b/oAVsXlA0Zj+45xjeMTkZ+sYD5k898lNAn6LZafFgXq +k/XmAAgnMns8ve5wJGw7Venb9BAtIAa0yukpZVWt9lJUX+WjAgMBAAGjXTBbMAwG +A1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQU3zTRqHzzdiWr7AOe +8r9SEkm5aTAfBgNVHSMEGDAWgBQU3zTRqHzzdiWr7AOe8r9SEkm5aTANBgkqhkiG +9w0BAQ0FAAOCAgEAMOdIAjfpKM8Eok1c+thOyXbHFD+9LFE9M/AavEnxR5WPadip +VBREbE2fVYIIHsZb1ZHZvC6wr9YlZXSWqjberjGoEfKkLFrhT3P4SsM1sHaWcfK1 +fUt17l2/hqW6C6lSy+yr5SNL8nRVKBces6wnrUUTbmmzWr5CNilI2+dcIligkIIs +KiEr2/Rkt5FdHyxIpBqF44alqhnNGeil+6N7lHdIJaTPoM9xglxvcSJ81pegU7vs +MPbLFvt7/RaUelNuvQRkogEQn/BbtaZzQZ1fb0VzDQX3MG05kLZ9VX1ML65fOFYv +i9/0vxIGk24NAiO/cZFXiOi9YnKZAEApHskTEdp+juHSpQ2/99bsAQ2JQc3V3NL3 +XzMNTC+Ft4W3geQXKfB0zw4VjBpQCwhjGpFP53aX8dQ7fnLUxUVYDGrpDfKF2JEe +N7144zlNLv2FMcGmO2rMLFNyHY578OZ2hglvGvPkoeLddl+wjOIqVF3BiEmQEBVC +fQUkU4xU/0gYGjbjMdNUMngN/vI9qg03FYS0Nkcx6IVuC1g4/yGRCcmoQ6PqYMt+ +7fdBb06Rwf13RufU54bAG/1QbKq+ALNjAv9Ox6VXbilk6VTVMGM4Xy1a20lfFBQi +0oEfYZ7u7hZm1ry9rBtc+zgxlTMuhG563u65/JcXBhO/cBxudu1mOOJwCAA= +-----END CERTIFICATE-----