diff --git a/scripts/package/UEFI-CA-CERT/DEEPIN-UEFI-RSA.pem b/scripts/package/UEFI-CA-CERT/DEEPIN-UEFI-RSA.pem new file mode 100644 index 0000000000000..12e745fcd5b1c --- /dev/null +++ b/scripts/package/UEFI-CA-CERT/DEEPIN-UEFI-RSA.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGtDCCBJygAwIBAgIUDFaHlSuPfmjO99P5tuVXUFTY+6QwDQYJKoZIhvcNAQEL +BQAwgacxCzAJBgNVBAYTAkNOMQ4wDAYDVQQIDAVIdWJlaTEOMAwGA1UEBwwFV3Vo +YW4xKjAoBgNVBAoMIVd1aGFuIERlZXBpbiBUZWNobm9sb2d5IENvLiwgTHRkLjEs +MCoGA1UECwwjU2VjdXJlIEJvb3QgTWFpbnRlbmFuY2UgRGVwYXJ0bWVudC4xHjAc +BgNVBAMMFURlZXBpbiBTZWN1cmUgQm9vdCBDQTAgFw0yMDA2MTAxMjQyNTZaGA8y +MDUwMDYwMzEyNDI1NlowgacxCzAJBgNVBAYTAkNOMQ4wDAYDVQQIDAVIdWJlaTEO +MAwGA1UEBwwFV3VoYW4xKjAoBgNVBAoMIVd1aGFuIERlZXBpbiBUZWNobm9sb2d5 +IENvLiwgTHRkLjEsMCoGA1UECwwjU2VjdXJlIEJvb3QgTWFpbnRlbmFuY2UgRGVw +YXJ0bWVudC4xHjAcBgNVBAMMFURlZXBpbiBTZWN1cmUgQm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALbB/SCDzsADjCzQ6dRc8AnhS9Th7qNb +Ld3ctn1jc/cNdthbbgKsNlprqCLKZQw64SXnGUIOP2rAcbp8C+NFeKYS5EYQLkiv +qeIAAVXSrisDXQem6KBRClz8997xJXILT8XZnFj8c4osj/pNWj4IoHGPUBUa6JDo +SJpMXq2uqhBq9qdEi1aqOPW+0qxn+Rum8BBpa982rMqMUX2nZTN+jKbvILRzV5dM +S9EhWDneyE4dZLz8vnVb/qHJLxKP5fjPq3BoOZjfzaWMfOICa2X2qlEpTDoTaeZu +cBZZJqkq1vglrpssxqSNDKeaEzGcTOnOTC2pSt3pwMT3tCsxFxiYV/Y2Flbv/UGP +5HE9S94G2+6XZTEP1tu1gPP9ZS0vFhHbwiHXYWp1i/JneSBujv3n80Y4vr5V/tLm +2IMeKZgXquL4o2T1KNI5Ygec8IkpIAhg2NIh6jgOWHQhJEdMjPD31jsnXNUd0eZp +eLJnDI9qEZFVC3YgV6fD2waIvKomm0xpxS2E+MNSUelvENc24Qo0kTGaY5ZiblRR +KFON2So9gkyTxxbCwhvPss53vyq+r1wpZq0QNy10Fko4zzhoG7WdwgXJ34ArjozC +iOV0kK7gKNcIcEdzLZVrpQaUOQ3T2ACDmwlgneZzxCZXehtb7lC192lcHdKzRRPL +JxPxKCbwu8hbAgMBAAGjgdMwgdAwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzAC +hilodHRwczovL3d3dy5kZWVwaW4uY29tL2NydC9zZWN1cmUtYm9vdC1jYTARBglg +hkgBhvhCAQEEBAMCAPcwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQD +AgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEaEWUkU4Fmu4yeQaVdIoYXG +fYGgMB8GA1UdIwQYMBaAFEaEWUkU4Fmu4yeQaVdIoYXGfYGgMA0GCSqGSIb3DQEB +CwUAA4ICAQCMjf+W3stDuKnfqTG0HhgOUpTnjF3PDHjcCXVkWonZc3YH4gnkrQAH +wb4UDMj9//yOe+hKsUmopaXOT1p/UUbQmc/Cdp7IXQGxgPkxyExg9tNGA70uV+S4 +xe2ro9qTNjfy0wgMWtLO+WmdVT7OBseAf5e83YU4uB2lH/dyGodyinV58n/QjdSt +DZIuJCLLqKxo168NTY+dyvbcWz/NN6vAZjsx6R/Uhqsh/fCzhy+G7Ay7qJD8s23e +GCy0W6Gb7HQ5+xgChAPWJrfoVXNxPL2AZP4B7SdD3+LbonXB5U5Oh9PGZeTIBEYe +Ypq9YEcG2Gh++hiSAJDkLP0PImh5lk7JRe6DhrbQ+yNTV5hcnsV1YsoGwfqe3nqr +pe3e5PwPrtaOO5Z6F9O4Vir4nnrv5woZjPkSPgRUBbWAjoleWtQ8QsVfo7rcgBJn +o44c7AbLgI2jH7OglI2hlDEtflipJ1GL2aqQlHfgnJF08wEW/fnsbmgL67ULlPdT +9KBNrP/KBynQ0hDpxFWfuAHrUCIznNpUkdajhagv+Bw4kxrbV+wpjxtidZsJGkOr +3W3nN8FG7NyDNPp9PWW773A9J0on0mXZYkpzwQt1GG5iFyxGhEzcyawTeWy6bKNo +DidxLyvBA/ai5GVlvaB7pGbuypTxEUbdOpoRF8j7wwlAOuxT8UGiEQ== +-----END CERTIFICATE----- diff --git a/scripts/package/UEFI-CA-CERT/UOS-UEFI-RSA.pem b/scripts/package/UEFI-CA-CERT/UOS-UEFI-RSA.pem new file mode 100644 index 0000000000000..007e8a86d365e --- /dev/null +++ b/scripts/package/UEFI-CA-CERT/UOS-UEFI-RSA.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEbDCCA1SgAwIBAgIQSoLQeFszpJx5UcVgfaWU7zANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJDTjEMMAoGA1UECgwDVU9TMRswGQYDVQQDDBJVT1MgQVBQIFNp +Z25pbmcgQ0EwHhcNMjAwMTA4MTEyMzExWhcNMjMwMTA4MTEyMzExWjBfMQswCQYD +VQQGEwJDTjEnMCUGA1UECgwe57uf5L+h6L2v5Lu25oqA5pyv5pyJ6ZmQ5YWs5Y+4 +MScwJQYDVQQDDB7nu5/kv6Hova/ku7bmioDmnK/mnInpmZDlhazlj7gwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5qKfSG2vC9vzHDtGoXiUX8v7Iihs5 +Wj01YvsvNl2+8FgFanNJVJctk1c4spNmFZc2ROkfVInKGgvZ1VeD56HW1aY0aaBX +atPQY/q98X9hUM6NWGYevk9C8Sw2TnNxwr5TLzdawDcM8/KSWtTI6R7smeg7gR1C +HKXW55EqXEURroHyCZjN1JFR5S9AyNDGBbzK43+W97/23myIhVQJSepJ1PrmzeGg +6Anmzy5rzeUwjFvQwcPRq2ZgHwM82iW4htxHczxFUTdEIEXvLK4gA1yRUx8BPX8m +AMoTJx0bkM46KNRZIYo5ph2M99vdmycgyxIoXE4UkqrX+5q5YKlubmD9AgMBAAGj +ggFJMIIBRTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwCQYD +VR0TBAIwADAdBgNVHQ4EFgQUrlkcHIKwfcrqv0BMoNxd0PxU6ekwHwYDVR0jBBgw +FoAUUpOzguFP4xtF85SMFjCNb4RfkAYwXQYIKwYBBQUHAQEEUTBPMCAGCCsGAQUF +BzABhhRodHRwOi8vb2NzcC51b3NjYS5jbjArBggrBgEFBQcwAoYfaHR0cDovL2Fp +YS51b3NjYS5jbi91b3MtYXBwLmNlcjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8v +Y3JsLnVvc2NhLmNuL3Vvcy1hcHAuY3JsMEIGA1UdIAQ7MDkwNwYKKoEch4QeCQgG +ATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnVvc2NhLmNuL3BvbGljeS8wDQYJ +KoZIhvcNAQELBQADggEBADjl68v46pFZjKJBsAhHcCjr3KjxboyCRzJQBFn5ZaH/ +EOoVil4o/BTI2xYshvNlzaRXVYLgFDGt2iWa4P9/I8zq90Ko2+4nyT89R5t8Dzj1 +GoWLULkWyEKCH8hzKbboQeotKpKoaEkuP9YRsorC/Z68aVRjTC0lQcJrruwm63+W +d6t2bNw4pteP92BrV416kxhBEgeqcjqVZoduGbP9zlDmnZesYaDtXq/P1zqx85yr +PXIzyqcPm5URsmHlUAhfospvtNSVKNuNiLu2Fdg15jEJU8H/9uyYTOCg2sIZ+qY6 +jFLRwq0BLRSSOyJwsWA6RExbLzVQdAQhpEDqtQOxAiw= +-----END CERTIFICATE----- diff --git a/scripts/package/builddeb b/scripts/package/builddeb index d7dd0d04c70c9..30c4d308b4397 100755 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -92,6 +92,29 @@ install_linux_image () { esac cp "$(${MAKE} -s -f ${srctree}/Makefile image_name)" "${pdir}/${installed_image_path}" + # UEFI Secure Boot CA paths. + deepin_uefi_ca="${srctree}/scripts/package/UEFI-CA-CERT/DEEPIN-UEFI-RSA.pem" + uos_uefi_ca="${srctree}/scripts/package/UEFI-CA-CERT/UOS-UEFI-RSA.pem" + + # Sign the kernel image. + if [ -f "${srctree}/auto_deepin_sign_kernel" ];then + sbsign \ + --swkey \ + --ip 10.0.32.114 \ + --port 9090 \ + --cert "$deepin_uefi_ca" \ + --output "${pdir}/${installed_image_path}" \ + "${pdir}/${installed_image_path}" + elif [ -f "${srctree}/auto_sign_kernel" ];then + sbsign \ + --hwkey 1 \ + --ip 10.0.32.114 \ + --port 8080 \ + --cert "$uos_uefi_ca" \ + --output "${pdir}/${installed_image_path}" \ + "${pdir}/${installed_image_path}" + fi + # Install the maintainer scripts # Note: hook scripts under /etc/kernel are also executed by official Debian # kernel packages, as well as kernel packages built using make-kpkg.