vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 01:31:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

T861: update secure-boot certificate handline example

Browse Source
This commit is contained in:
Christian Breunig 2025-03-16 20:17:55 +01:00 committed by GitHub
parent a97a6563a4
commit 234662d506
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/installation/secure-boot.rst
View File

@ -18,13 +18,19 @@ commands prior to your ISO image build:
.. code-block:: bash
cd vyos-build
openssl req -new -x509 -newkey rsa:4096 \
-keyout data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.key \
-out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \
-outform DER -days 36500 -subj "/CN=MyMOK/" -nodes
openssl x509 -inform der \
-in data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \
-out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.pem
CA_DIR="data/certificates"
SHIM_CERT_NAME="vyos-dev-2025-shim"
VYOS_KERNEL_CERT_NAME="vyos-dev-2025-linux"
openssl req -new -x509 -newkey rsa:4096 -keyout ${CA_DIR}/${SHIM_CERT_NAME}.key -out ${CA_DIR}/${SHIM_CERT_NAME}.der \
-outform DER -days 36500 -subj "/CN=VyOS Networks Secure Boot CA/" -nodes
openssl x509 -inform der -in ${CA_DIR}/${SHIM_CERT_NAME}.der -out ${CA_DIR}/${SHIM_CERT_NAME}.pem
openssl req -newkey rsa:4096 -sha256 -nodes -keyout ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.key \
-out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -outform PEM -days 3650 \
-subj "/CN=VyOS Networks Secure Boot Signer 2025 - linux/"
openssl x509 -req -in ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -CA ${CA_DIR}/${SHIM_CERT_NAME}.pem \
-CAkey ${CA_DIR}/${SHIM_CERT_NAME}.key -CAcreateserial -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.pem -days 3650 -sha256
************
Installation