В Wed, 30 Jul 2014 15:07:42 -0400
Roman Bysh
On 07/30/2014 12:59 AM, Andrey Borzenkov wrote:
On Tue, Jul 29, 2014 at 11:05 PM, Roman Bysh
wrote: Hello All,
What is the command to check if my kernel is signed?
Do you mean kernel RPM or kernel binary (EFI secure boot)?
It's for secure boot.
bor@opensuse:/tmp/x> certutil -d . -N bor@opensuse:/tmp/x> pesign -n . -S -i /boot/vmlinuz --------------------------------------------- certificate address is 0x7fd82572a238 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is openSUSE Secure Boot Signkey The signer's email address is build@opensuse.org Signing time: Tue Jun 17, 2014 There were certs or crls included. --------------------------------------------- bor@opensuse:/tmp/x> But I do not know where to get openSUSE certificate to validate signature against. Also you must init (empty) NSS store, otherwise pesign fails, it looks into /etc/nss/pesign by default. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org