From patchwork Tue Jul 14 10:55:39 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Heinrich Schuchardt <xypron.glpk@gmx.de>
X-Patchwork-Id: 241452
List-Id: U-Boot discussion <u-boot.lists.denx.de>
From: xypron.glpk at gmx.de (Heinrich Schuchardt)
Date: Tue, 14 Jul 2020 12:55:39 +0200
Subject: [PATCH 1/1] doc: provide links to Microsoft UEFI certificates
Message-ID: <20200714105539.68115-1-xypron.glpk@gmx.de>

Some distributions provide UEFI binaries like Shim that have been signed
using a Microsoft certificate. Provide the download paths for the public
keys.

Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
---
 doc/uefi/uefi.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

--
2.27.0

diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst
index 03d6fd0c6a..a72e729cc8 100644
--- a/doc/uefi/uefi.rst
+++ b/doc/uefi/uefi.rst
@@ -188,6 +188,15 @@ on the sandbox
     cd <U-Boot source directory>
     pytest.py test/py/tests/test_efi_secboot/test_signed.py --bd sandbox

+UEFI binaries may be signed by Microsoft using the following certificates:
+
+* KEK: Microsoft Corporation KEK CA 2011
+  http://go.microsoft.com/fwlink/?LinkId=321185.
+* db: Microsoft Windows Production PCA 2011
+  http://go.microsoft.com/fwlink/p/?linkid=321192.
+* db: Microsoft Corporation UEFI CA 2011
+  http://go.microsoft.com/fwlink/p/?linkid=321194.
+
 Using OP-TEE for EFI variables
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~