rpms
/
edk2
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i9
rpms:i9c
rpms:c9
rpms:i8c
rpms:c8
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9-beta
rpms:i9c-beta
rpms:i8c-beta
rpms:c8-beta
rpms:c9-beta
...
pull from: rpms:i9-beta
Branches Tags
rpms:i9
rpms:i9c
rpms:c9
rpms:i8c
rpms:c8
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9-beta
rpms:i9c-beta
rpms:i8c-beta
rpms:c8-beta
rpms:c9-beta

No commits in common. 'c9' and 'i9-beta' have entirely different histories.
c9 ... i9-beta

22 changed files with 1099 additions and 632 deletions
Show Stats

5
.edk2.metadata
Unescape View File

@ -1,3 +1,2 @@
de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin
6da44cf37c27ab03f2940769c58515b07271e047 SOURCES/edk2-3e722403cd.tar.xz
0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
703fd1d0fad7fc0d2e815a6e293e5d53e4c62bf6 SOURCES/openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz
6da44cf37c27ab03f2940769c58515b07271e047 SOURCES/edk2-3e722403cd.tar.xz

3
.gitignore vendored
Unescape View File

@ -1,3 +1,2 @@
SOURCES/DBXUpdate-20230509.x64.bin
SOURCES/openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz
SOURCES/edk2-3e722403cd.tar.xz
SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz

BIN
SOURCES/DBXUpdate-20230509.x64.bin
View File

Binary file not shown.

14
SOURCES/certs_add.sh
Unescape View File

@ -0,0 +1,14 @@
#!/bin/bash
IMAGE="$1"
[ -f "$IMAGE" ] || { echo "File $IMAGE is not found!"; exit 1; }
GUID=$(virt-fw-vars -i $IMAGE -p -v 2>/dev/null | awk '{if($1 ~ /name=db$/){sub(/guid=guid:/,"",$2);print $2}}')
[ -n "$GUID" ] || { echo "GUID is not set!"; exit 1; }
for F in `ls ./*.pem`; do
echo "virt-fw-vars --add-db $GUID $F -i $IMAGE -o $IMAGE";
virt-fw-vars --add-db $GUID $F -i $IMAGE -o $IMAGE;
done

50
SOURCES/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
Unescape View File

@ -1,50 +0,0 @@
From 10d25d4d502e419476c3846e0243bbf6be24d8e4 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 1 Oct 2024 18:40:41 -0400
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 95: MdePkg: Fix overflow issue in BasePeCoffLib
RH-Jira: RHEL-60831
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 2f345a9e5f277598a78edc1aab33c6acc96c6caa
JIRA: https://issues.redhat.com/browse/RHEL-60831
CVE: CVE-2024-38796
Upstream: Merged
commit c95233b8525ca6828921affd1496146cff262e65
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Sep 27 12:08:55 2024 -0700
MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 86ff2e769b..128090d98e 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
ImageContext,
--
2.39.3

350
SOURCES/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
Unescape View File

@ -1,350 +0,0 @@
From fb1162845ff2d0e5f7fc7bb890896a4a6bde2981 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 12:40:12 +0100
Subject: [PATCH 1/2] OvmfPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 101: Add a Fallback RNG (RH only)
RH-Jira: RHEL-65735
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/2] d4aec962fd120ac2903b91403d87b86af944bd83
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
.../PlatformBootManagerLib/BdsPlatform.c | 7 +
.../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++
.../PlatformBootManagerLib/FallbackRng.h | 20 ++
.../PlatformBootManagerLib.inf | 5 +
4 files changed, 254 insertions(+)
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index d9f61757cf..87d1ac3142 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -15,6 +15,8 @@
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/XenPlatformLib.h>
+#include "FallbackRng.h"
+
//
// Global data
//
@@ -539,6 +541,9 @@ PlatformBootManagerBeforeConsole (
ConnectVirtioPciRng,
NULL
);
+
+ FallbackRngCheckAndInstall ();
+
}
EFI_STATUS
@@ -1778,6 +1783,8 @@ PlatformBootManagerAfterConsole (
DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
+ FallbackRngPrintWarning ();
+
if (PcdGetBool (PcdOvmfFlashVariablesEnable)) {
DEBUG ((
DEBUG_INFO,
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
new file mode 100644
index 0000000000..bba60e29d5
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
@@ -0,0 +1,222 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Protocol/Rng.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DxeServicesTableLib.h>
+
+#include "FallbackRng.h"
+
+typedef struct {
+ EFI_RNG_PROTOCOL Rng;
+ EFI_HANDLE Handle;
+} FALLBACK_RNG_DEV;
+
+/**
+ Returns information about the random number generation implementation.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
+ RNGAlgorithmList.
+ On output with a return code of
+ EFI_SUCCESS, the size in bytes of the
+ data returned in RNGAlgorithmList. On
+ output with a return code of
+ EFI_BUFFER_TOO_SMALL, the size of
+ RNGAlgorithmList required to obtain the
+ list.
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled
+ by the driver with one EFI_RNG_ALGORITHM
+ element for each supported RNG algorithm.
+ The list must not change across multiple
+ calls to the same driver. The first
+ algorithm in the list is the default
+ algorithm for the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was returned
+ successfully.
+ @retval EFI_UNSUPPORTED The services is not supported by this
+ driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be
+ retrieved due to a hardware or firmware
+ error.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are
+ incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small
+ to hold the result.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ )
+{
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) {
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (RNGAlgorithmList == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG
+ algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that
+ identifies the RNG algorithm to use. May
+ be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer
+ pointed to by RNGValue. The driver shall
+ return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled
+ by the driver with the resulting RNG
+ value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm
+ is not supported by this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due
+ to a hardware or firmware error.
+ @retval EFI_NOT_READY There is not enough random data available
+ to satisfy the length requested by
+ RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is
+ zero.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ UINT64 RandomData;
+ EFI_STATUS Status;
+ UINTN i;
+
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // We only support the raw algorithm, so reject requests for anything else
+ //
+ if ((RNGAlgorithm != NULL) &&
+ !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw))
+ {
+ return EFI_UNSUPPORTED;
+ }
+
+ for (i = 0; i < RNGValueLength; ++i) {
+ if (i % 4 == 0) {
+ Status = GetRandomNumber64 (&RandomData);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+static FALLBACK_RNG_DEV Dev = {
+ .Rng.GetInfo = FallbackRngGetInfo,
+ .Rng.GetRNG = FallbackRngGetRNG,
+ .Handle = NULL,
+};
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINTN HandleCount = 0;
+
+ if (Dev.Handle != NULL) {
+ DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n"));
+ return EFI_ALREADY_STARTED;
+ }
+
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiRngProtocolGuid,
+ NULL,
+ &HandleCount,
+ &HandleBuffer
+ );
+
+ gBS->FreePool (HandleBuffer);
+
+ if (Status == EFI_NOT_FOUND) {
+ HandleCount = 0;
+ } else if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status));
+ return Status;
+ }
+
+ DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount));
+
+ if (HandleCount == 0) {
+ // Install RNG
+ Status = gBS->InstallProtocolInterface (
+ &Dev.Handle,
+ &gEfiRngProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Dev.Rng
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status));
+ return Status;
+ }
+
+ gDS->Dispatch ();
+ }
+
+ return EFI_SUCCESS;
+}
+
+VOID
+FallbackRngPrintWarning (
+ )
+{
+ if (Dev.Handle != NULL) {
+ Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n");
+ DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"));
+ gBS->Stall (2000000);
+ }
+}
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
new file mode 100644
index 0000000000..77332bc51c
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
@@ -0,0 +1,20 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _FALLBACK_RNG_H_
+#define _FALLBACK_RNG_H_
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ );
+
+VOID
+FallbackRngPrintWarning (
+ );
+
+#endif
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c6ffc1ed9e..211716e30d 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -25,6 +25,8 @@
PlatformData.c
QemuKernel.c
BdsPlatform.h
+ FallbackRng.c
+ FallbackRng.h
[Packages]
MdePkg/MdePkg.dec
@@ -56,6 +58,7 @@
PlatformBmPrintScLib
Tcg2PhysicalPresenceLib
XenPlatformLib
+ RngLib
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
@@ -80,6 +83,7 @@
gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED
+ gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
[Guids]
gEfiEndOfDxeEventGroupGuid
@@ -87,3 +91,4 @@
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
gGrubFileGuid
+ gEfiRngAlgorithmRaw
--
2.39.3

101
SOURCES/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
Unescape View File

@ -1,101 +0,0 @@
From 194fa0cc8ba8c0c2b8ca4e478ce80f17e25812d9 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Thu, 7 Nov 2024 11:36:22 +0100
Subject: [PATCH 2/2] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 101: Add a Fallback RNG (RH only)
RH-Jira: RHEL-65735
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/2] 8bf84d42332ab54f6d1f768c8abe62485e7a12c9
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
This patch adds the fallback RNG which was introduced in a
previous commit also to the ArmVirtPkg PlatformBootManagerLib.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++
.../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
index 8e93f3cfed..8aa1e8e2df 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
@@ -30,6 +30,7 @@
#include <Guid/GlobalVariable.h>
#include <Guid/RootBridgesConnectedEventGroup.h>
#include <Guid/SerialPortLibVendor.h>
+#include "FallbackRng.h"
#include "PlatformBm.h"
@@ -1029,6 +1030,7 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+
//
// Add the hardcoded short-form USB keyboard device path to ConIn.
//
@@ -1110,6 +1112,8 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
+
+ FallbackRngCheckAndInstall ();
}
/**
@@ -1175,6 +1179,8 @@ PlatformBootManagerAfterConsole (
RETURN_STATUS Status;
BOOLEAN Uninstall;
+ FallbackRngPrintWarning ();
+
//
// Show the splash screen.
//
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
index 8e7cd5605f..4583c05ef4 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
@@ -27,6 +27,8 @@
PlatformBm.c
PlatformBm.h
QemuKernel.c
+ ../PlatformBootManagerLib/FallbackRng.h
+ ../PlatformBootManagerLib/FallbackRng.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@@ -53,6 +55,7 @@
UefiBootServicesTableLib
UefiLib
UefiRuntimeServicesTableLib
+ RngLib
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
@@ -70,6 +73,7 @@
gEfiGlobalVariableGuid
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
+ gEfiRngAlgorithmRaw
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
@@ -77,3 +81,4 @@
gEfiMemoryAttributeProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gVirtioDeviceProtocolGuid
+ gEfiRngProtocolGuid
--
2.39.3

46
SOURCES/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
Unescape View File

@ -1,46 +0,0 @@
From 33ebaa6f0d476008ca6ba264657ac37faf63b723 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH 1/2] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 74: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56974
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] e1fb3f4db68457ec9f59ca5db47606bf4c34e6c5 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU
hot-unplug operation is complete, which in turn makes sure the ACPI lock
is released only after the CPU hot-unplug operation is complete.
Some background: The CPU hotplug SMI is triggered from an ACPI function
which is protected by an ACPI lock. The ACPI function is in the ACPI
tables generated by qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
upstream: submitted (https://github.com/tianocore/edk2/pull/6138)
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index d504163026..5af78211d3 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -355,6 +355,11 @@ EjectCpu (
//
QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum];
if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) {
+ /* wait until BSP is done */
+ while (mCpuHotEjectData->Handler != NULL) {
+ CpuPause ();
+ }
+
return;
}
--
2.39.3

45
SOURCES/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
Unescape View File

@ -1,45 +0,0 @@
From 203d30bedd01e953a2f5962877c87da7a1d6fcc3 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 19:00:11 +0100
Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 105: OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Jira: RHEL-63094
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/1] 87d0a3f9392d3b7788193148ee74f6edfe719a3e
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
The latter is initialized during the BDS phase.
To ensure all depending (network) modules are also started, we need to
run the dispatcher once more after the device was initialized.
Without this, network boot is not available under certain hardware
configurations.
Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 87d1ac3142..1f1298eb0b 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
if (EFI_ERROR (Status)) {
goto Error;
}
+
+ gDS->Dispatch ();
}
return EFI_SUCCESS;
--
2.45.1

86
SOURCES/msvsphereca1.pem
Unescape View File

@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:17:7c:cc:f0:fd:5d:71:2f:84:89:87:48:d3:d9:07:71:f5:c3:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = MSVSphere IMA CA, O = NCSD LLC, C = RU, ST = Moscow, L = Moscow, emailAddress = security@msvsphere-os.ru, OU = MSVSphere Certification Authority
Validity
Not Before: Oct 17 14:50:46 2023 GMT
Not After : May 31 14:50:46 2040 GMT
Subject: CN = MSVSphere IMA CA, O = NCSD LLC, C = RU, ST = Moscow, L = Moscow, emailAddress = security@msvsphere-os.ru, OU = MSVSphere Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a7:93:2f:b8:68:02:6e:4c:a8:ec:d4:b5:5c:24:
f9:30:e9:ef:4a:16:2e:d6:19:f8:44:0f:b8:f1:7d:
32:74:2a:05:d4:2d:3b:36:89:70:d7:59:f9:c8:b1:
9c:7e:71:c5:61:72:59:b6:c5:c8:d1:a2:d6:57:f4:
14:f2:c1:67:bd:a3:aa:75:df:f2:f9:48:cb:13:f2:
b9:f0:94:02:a5:3c:cf:9b:43:f1:a1:b2:8c:ff:c7:
20:3b:1e:75:14:d6:e6:0c:01:04:6d:82:f7:56:25:
9a:d8:e3:72:b2:1b:17:87:3a:3c:da:6f:5d:06:c2:
8c:b9:de:ef:e1:f5:38:ae:d4:c9:26:3c:57:be:af:
b2:57:5d:ec:ce:cd:14:98:39:77:cd:b8:f5:ad:a4:
3c:a7:1c:c3:2b:80:d2:89:b8:7e:22:9a:67:00:91:
d8:c1:52:e7:b3:61:21:3c:8c:80:39:68:8c:1e:ee:
23:a5:86:6a:80:16:e1:4a:27:fa:37:fd:69:62:89:
28:d6:5c:cd:cb:3e:d4:d7:f4:23:57:ce:cb:c2:ec:
ca:ff:4a:04:ec:98:b4:cd:b9:f6:81:3c:fd:ab:bc:
83:b1:ed:47:be:65:8e:93:14:13:d3:bd:df:99:8b:
fa:93:ca:55:9c:c1:2e:74:54:f5:ae:86:a1:20:29:
b2:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:00:6F:8D:E0:2B:DC:27:EA:D8:DB:F4:C1:DA:12:AD:BF:6E:05:EC
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:
77:00:6F:8D:E0:2B:DC:27:EA:D8:DB:F4:C1:DA:12:AD:BF:6E:05:EC
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a3:d4:fc:8d:25:5c:d9:3a:60:c3:6d:41:e1:c1:d9:7b:aa:bf:
13:97:71:9f:8f:c1:a6:c9:fe:8d:50:49:cb:14:cc:03:76:80:
69:8a:9a:af:84:e0:b8:9b:ef:8e:03:04:ea:38:01:5c:c0:cd:
f0:af:85:e0:de:9f:f8:05:1e:6c:36:13:c5:24:f3:57:4d:0d:
97:ef:f2:ef:18:e9:82:c0:ce:1f:4a:b5:55:94:1b:c5:06:33:
29:de:c8:45:1a:c3:10:2b:c9:ba:9f:8e:66:50:24:b8:78:a8:
42:72:28:54:2e:67:1c:4f:74:d2:bf:45:cc:cb:f2:b9:44:86:
01:1a:54:e0:58:19:e7:dc:00:15:80:0a:47:6e:5a:25:9a:21:
7c:47:c6:de:c4:73:82:7a:0e:2c:3b:4a:e8:1a:4d:32:33:b1:
f2:02:1f:dc:f3:b2:45:79:db:5f:3d:67:a7:b5:b3:90:41:e4:
49:e6:40:29:39:d3:b6:72:06:17:d5:96:80:c1:20:29:4b:f1:
51:03:18:60:66:e3:b3:14:50:b3:0e:72:ad:d7:d6:a2:eb:94:
8f:2f:7f:db:02:1f:a6:a9:f5:a4:2e:fc:73:43:8f:0e:84:96:
8b:d5:c5:60:f1:2d:9f:e4:ca:07:ea:af:5f:68:93:9f:41:73:
31:8b:b6:a7
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIUUhd8zPD9XXEvhImHSNPZB3H1w8EwDQYJKoZIhvcNAQEL
BQAwgbIxGTAXBgNVBAMMEE1TVlNwaGVyZSBJTUEgQ0ExETAPBgNVBAoMCE5DU0Qg
TExDMQswCQYDVQQGEwJSVTEPMA0GA1UECAwGTW9zY293MQ8wDQYDVQQHDAZNb3Nj
b3cxJzAlBgkqhkiG9w0BCQEWGHNlY3VyaXR5QG1zdnNwaGVyZS1vcy5ydTEqMCgG
A1UECwwhTVNWU3BoZXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIzMTAx
NzE0NTA0NloXDTQwMDUzMTE0NTA0NlowgbIxGTAXBgNVBAMMEE1TVlNwaGVyZSBJ
TUEgQ0ExETAPBgNVBAoMCE5DU0QgTExDMQswCQYDVQQGEwJSVTEPMA0GA1UECAwG
TW9zY293MQ8wDQYDVQQHDAZNb3Njb3cxJzAlBgkqhkiG9w0BCQEWGHNlY3VyaXR5
QG1zdnNwaGVyZS1vcy5ydTEqMCgGA1UECwwhTVNWU3BoZXJlIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5Mv
uGgCbkyo7NS1XCT5MOnvShYu1hn4RA+48X0ydCoF1C07Nolw11n5yLGcfnHFYXJZ
tsXI0aLWV/QU8sFnvaOqdd/y+UjLE/K58JQCpTzPm0PxobKM/8cgOx51FNbmDAEE
bYL3ViWa2ONyshsXhzo82m9dBsKMud7v4fU4rtTJJjxXvq+yV13szs0UmDl3zbj1
raQ8pxzDK4DSibh+IppnAJHYwVLns2EhPIyAOWiMHu4jpYZqgBbhSif6N/1pYoko
1lzNyz7U1/QjV87LwuzK/0oE7Ji0zbn2gTz9q7yDse1HvmWOkxQT073fmYv6k8pV
nMEudFT1roahICmy2QIDAQABo2MwYTAdBgNVHQ4EFgQUdwBvjeAr3Cfq2Nv0wdoS
rb9uBewwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBR3AG+N4CvcJ+rY2/TB
2hKtv24F7DAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKPU/I0l
XNk6YMNtQeHB2XuqvxOXcZ+PwabJ/o1QScsUzAN2gGmKmq+E4Lib744DBOo4AVzA
zfCvheDen/gFHmw2E8Uk81dNDZfv8u8Y6YLAzh9KtVWUG8UGMyneyEUawxArybqf
jmZQJLh4qEJyKFQuZxxPdNK/RczL8rlEhgEaVOBYGefcABWACkduWiWaIXxHxt7E
c4J6Diw7SugaTTIzsfICH9zzskV52189Z6e1s5BB5EnmQCk507ZyBhfVloDBIClL
8VEDGGBm47MUULMOcq3X1qLrlI8vf9sCH6ap9aQu/HNDjw6ElovVxWDxLZ/kygfq
r19ok59BczGLtqc=
-----END CERTIFICATE-----

86
SOURCES/msvspheredup1.pem
Unescape View File

@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d6:39:17:e7:e5:6a:47:54:b8:56:f2:eb:47:6b:f8:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Secure Boot CA
Validity
Not Before: Mar 22 16:42:54 2023 GMT
Not After : Mar 22 16:42:54 2053 GMT
Subject: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Driver update signing key
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ba:09:cd:1d:80:9c:00:59:96:07:ce:1f:69:a2:
d7:8b:29:2e:68:13:6f:87:42:5e:ff:42:58:19:b1:
75:b2:ba:af:5d:84:37:74:50:0e:dd:5a:1d:45:f2:
f1:e0:9b:b5:f3:9c:d5:a8:29:5a:cd:8c:85:8a:13:
d4:60:b9:52:ad:c9:fe:0c:4f:fe:af:08:25:ec:a7:
c6:2a:e3:ff:66:b8:b0:89:69:5a:fe:b1:a8:68:8a:
de:79:1e:68:e7:a8:14:01:c8:45:5b:0e:00:54:98:
32:40:4a:5d:e7:18:55:ce:bd:bc:77:3d:94:38:ac:
db:e8:5e:71:d2:be:e4:38:60:39:f8:e1:9a:ee:1a:
84:df:14:33:ce:ce:db:c4:57:c8:cf:d1:3e:72:a9:
eb:b5:7e:50:57:a1:51:06:d5:07:9c:e2:57:1a:1c:
66:8c:ba:05:aa:50:dc:e2:19:d5:04:fd:a8:bd:83:
eb:70:06:19:81:f0:ab:2a:3f:ec:cd:f3:0f:ce:ee:
75:87:87:93:1b:0e:44:e1:f9:ba:e5:53:91:ef:09:
6e:d8:63:8e:69:00:6e:37:1d:90:83:99:3f:23:c7:
33:d7:ae:13:cb:c8:fa:76:d8:5d:26:b5:9f:5a:5e:
18:22:b1:3a:c5:84:6c:67:20:e3:72:98:07:02:43:
83:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
49:59:67:B5:13:6C:C8:DF:7E:64:B9:22:E3:A9:35:50:6B:95:84:D5
X509v3 Extended Key Usage:
Code Signing, 1.3.6.1.4.1.2312.16.1.2
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
20:11:38:3B:AE:1E:E8:65:DE:29:6E:C4:7B:90:7F:4D:38:27:EB:DE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
82:29:45:3f:f4:79:e2:b5:d4:4a:a3:22:1e:16:75:68:38:44:
46:61:0d:4c:74:cc:7d:11:f5:e2:db:c3:a3:ba:5f:03:77:95:
9e:37:b8:72:68:ea:ee:a9:f2:09:a9:d6:07:d7:45:27:6c:fa:
a1:b8:20:77:fb:22:f1:59:26:70:fa:4c:2f:1c:6e:fc:ec:4a:
15:91:c2:90:d6:89:b8:50:9e:c6:56:e3:1f:4a:e2:20:e5:90:
09:16:80:a2:89:a9:90:a8:f2:37:e8:6e:29:d8:9a:61:31:d2:
2b:2a:23:2f:69:1a:7c:9f:7f:66:e0:93:29:1f:5f:9b:78:0b:
ec:74:5b:58:33:6f:bc:62:9e:98:87:9b:ae:38:b5:ed:4f:f3:
b6:48:24:16:da:18:72:09:a0:b1:01:ee:d7:6e:e4:b4:c3:eb:
b8:06:5f:38:69:78:c8:bb:40:6d:c7:8a:e9:82:69:fa:db:28:
54:2d:8c:c0:83:4c:4f:d7:8f:a5:fd:a0:96:b7:e9:c7:b1:78:
e7:09:72:e7:62:37:44:67:3f:53:b8:4c:17:17:c8:a8:1f:ec:
a5:5f:2a:18:4d:3d:aa:1a:f5:7d:c3:17:5b:42:ba:28:68:f8:
36:ad:6a:28:6b:a8:a9:aa:be:82:96:11:a8:0e:88:b5:20:52:
c1:23:aa:15
-----BEGIN CERTIFICATE-----
MIIEeTCCA2GgAwIBAgIRANY5F+flakdUuFby60dr+MMwDQYJKoZIhvcNAQELBQAw
gbcxKjAoBgNVBAsTIU1TVlNwaGVyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEk
MCIGCSqGSIb3DQEJARYVc2VjdXJpdHlAbXN2c3BoZXJlLnJ1MQ8wDQYDVQQHEwZN
b3Njb3cxDzANBgNVBAgTBk1vc2NvdzELMAkGA1UEBhMCUlUxETAPBgNVBAoTCE5D
U0QgTExDMSEwHwYDVQQDExhNU1ZTcGhlcmUgU2VjdXJlIEJvb3QgQ0EwIBcNMjMw
MzIyMTY0MjU0WhgPMjA1MzAzMjIxNjQyNTRaMIHCMSowKAYDVQQLEyFNU1ZTcGhl
cmUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFXNlY3Vy
aXR5QG1zdnNwaGVyZS5ydTEPMA0GA1UEBxMGTW9zY293MQ8wDQYDVQQIEwZNb3Nj
b3cxCzAJBgNVBAYTAlJVMREwDwYDVQQKEwhOQ1NEIExMQzEsMCoGA1UEAxMjTVNW
U3BoZXJlIERyaXZlciB1cGRhdGUgc2lnbmluZyBrZXkwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC6Cc0dgJwAWZYHzh9poteLKS5oE2+HQl7/QlgZsXWy
uq9dhDd0UA7dWh1F8vHgm7XznNWoKVrNjIWKE9RguVKtyf4MT/6vCCXsp8Yq4/9m
uLCJaVr+sahoit55HmjnqBQByEVbDgBUmDJASl3nGFXOvbx3PZQ4rNvoXnHSvuQ4
YDn44ZruGoTfFDPOztvEV8jP0T5yqeu1flBXoVEG1Qec4lcaHGaMugWqUNziGdUE
/ai9g+twBhmB8KsqP+zN8w/O7nWHh5MbDkTh+brlU5HvCW7YY45pAG43HZCDmT8j
xzPXrhPLyPp22F0mtZ9aXhgisTrFhGxnIONymAcCQ4NVAgMBAAGjcTBvMB8GA1Ud
IwQYMBaAFElZZ7UTbMjffmS5IuOpNVBrlYTVMB8GA1UdJQQYMBYGCCsGAQUFBwMD
BgorBgEEAZIIEAECMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCARODuuHuhl3ilu
xHuQf004J+veMA0GCSqGSIb3DQEBCwUAA4IBAQCCKUU/9HnitdRKoyIeFnVoOERG
YQ1MdMx9EfXi28Ojul8Dd5WeN7hyaOruqfIJqdYH10UnbPqhuCB3+yLxWSZw+kwv
HG787EoVkcKQ1om4UJ7GVuMfSuIg5ZAJFoCiiamQqPI36G4p2JphMdIrKiMvaRp8
n39m4JMpH1+beAvsdFtYM2+8Yp6Yh5uuOLXtT/O2SCQW2hhyCaCxAe7XbuS0w+u4
Bl84aXjIu0Btx4rpgmn62yhULYzAg0xP14+l/aCWt+nHsXjnCXLnYjdEZz9TuEwX
F8ioH+ylXyoYTT2qGvV9wxdbQrooaPg2rWooa6ipqr6ClhGoDoi1IFLBI6oV
-----END CERTIFICATE-----

75
SOURCES/msvsphereima.pem
Unescape View File

@ -0,0 +1,75 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:a3:0f:db:5d:68:ba:11:ad:0d:d7:a2:bb:f2:9b:33:69:22:69:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = MSVSphere IMA CA, O = NCSD LLC, C = RU, ST = Moscow, L = Moscow, emailAddress = security@msvsphere-os.ru, OU = MSVSphere Certification Authority
Validity
Not Before: Oct 17 14:52:34 2023 GMT
Not After : May 31 14:52:34 2040 GMT
Subject: CN = MSVSphere 9 IMA release key, O = NCSD LLC, C = RU, ST = Moscow, L = Moscow, emailAddress = security@msvsphere-os.ru, OU = MSVSphere Certification Authority
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:8f:3a:c4:74:50:a0:dd:2b:7c:eb:48:63:06:f9:
ec:a5:f9:c2:ef:1a:5a:64:79:95:14:9c:2a:da:3a:
f7:bb:50:36:16:51:ca:2d:e4:0f:2e:a1:a5:16:9a:
63:a6:f0:ce:c2:69:2a:aa:08:ce:40:17:8f:db:de:
16:08:47:02:6d:0b:39:36:80:bd:0d:12:f5:aa:9e:
80:8d:ae:c9:90:d6:d3:5e:a4:c0:26:a6:78:83:04:
ce:9e:09:17:b7:3e:52
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Subject Key Identifier:
90:88:18:27:43:0F:80:32:F8:AB:35:AC:DE:28:6D:3B:B9:F5:55:E0
X509v3 Authority Key Identifier:
77:00:6F:8D:E0:2B:DC:27:EA:D8:DB:F4:C1:DA:12:AD:BF:6E:05:EC
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
18:6a:36:58:96:ad:13:f2:48:97:e6:87:14:ec:00:43:2d:a4:
9a:43:80:5a:92:06:fb:cb:26:62:fe:04:23:b2:11:e8:d4:7a:
25:6e:14:e4:2b:c0:8d:27:2e:92:b1:19:41:2d:ce:e4:e5:30:
99:72:d5:fd:86:b2:d6:15:32:86:91:20:5f:02:da:be:fe:2d:
b0:24:60:48:7b:df:41:11:36:0e:df:97:d0:a3:36:4a:0b:88:
ec:7c:32:b7:9e:a0:72:6f:f5:4f:b4:bb:c0:71:1d:6c:38:22:
3c:e8:e8:9d:58:40:54:7d:86:1d:43:f3:02:df:16:07:89:1b:
5b:d0:d5:ea:9c:4d:b5:04:5d:99:f1:64:42:67:ab:d7:15:e6:
44:3f:2e:a8:03:51:ae:3a:df:7e:9c:8b:3d:91:5c:ce:a1:b2:
b7:69:81:43:ed:a1:f7:63:93:e8:f7:b7:0f:7d:5d:94:55:18:
f4:0a:35:13:01:d6:4b:06:57:50:ca:7c:ea:23:b3:e5:9c:ed:
87:80:23:7e:0b:64:09:49:98:a2:22:51:83:3c:b8:e4:0b:8b:
16:c2:3a:11:ee:78:6a:f2:a4:c7:13:de:b0:3d:97:c6:d5:84:
f5:6a:8e:4a:5e:1d:c1:f3:d8:80:b6:71:f5:8f:3b:fd:ad:15:
d6:c9:78:d6
-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIUcaMP211ouhGtDdeiu/KbM2kiaRswDQYJKoZIhvcNAQEL
BQAwgbIxGTAXBgNVBAMMEE1TVlNwaGVyZSBJTUEgQ0ExETAPBgNVBAoMCE5DU0Qg
TExDMQswCQYDVQQGEwJSVTEPMA0GA1UECAwGTW9zY293MQ8wDQYDVQQHDAZNb3Nj
b3cxJzAlBgkqhkiG9w0BCQEWGHNlY3VyaXR5QG1zdnNwaGVyZS1vcy5ydTEqMCgG
A1UECwwhTVNWU3BoZXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIzMTAx
NzE0NTIzNFoXDTQwMDUzMTE0NTIzNFowgb0xJDAiBgNVBAMMG01TVlNwaGVyZSA5
IElNQSByZWxlYXNlIGtleTERMA8GA1UECgwITkNTRCBMTEMxCzAJBgNVBAYTAlJV
MQ8wDQYDVQQIDAZNb3Njb3cxDzANBgNVBAcMBk1vc2NvdzEnMCUGCSqGSIb3DQEJ
ARYYc2VjdXJpdHlAbXN2c3BoZXJlLW9zLnJ1MSowKAYDVQQLDCFNU1ZTcGhlcmUg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASP
OsR0UKDdK3zrSGMG+eyl+cLvGlpkeZUUnCraOve7UDYWUcot5A8uoaUWmmOm8M7C
aSqqCM5AF4/b3hYIRwJtCzk2gL0NEvWqnoCNrsmQ1tNepMAmpniDBM6eCRe3PlKj
eDB2MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoG
CCsGAQUFBwMDMB0GA1UdDgQWBBSQiBgnQw+AMvirNazeKG07ufVV4DAfBgNVHSME
GDAWgBR3AG+N4CvcJ+rY2/TB2hKtv24F7DANBgkqhkiG9w0BAQsFAAOCAQEAGGo2
WJatE/JIl+aHFOwAQy2kmkOAWpIG+8smYv4EI7IR6NR6JW4U5CvAjScukrEZQS3O
5OUwmXLV/Yay1hUyhpEgXwLavv4tsCRgSHvfQRE2Dt+X0KM2SguI7Hwyt56gcm/1
T7S7wHEdbDgiPOjonVhAVH2GHUPzAt8WB4kbW9DV6pxNtQRdmfFkQmer1xXmRD8u
qANRrjrffpyLPZFczqGyt2mBQ+2h92OT6Pe3D31dlFUY9Ao1EwHWSwZXUMp86iOz
5Zzth4AjfgtkCUmYoiJRgzy45AuLFsI6Ee54avKkxxPesD2XxtWE9WqOSl4dwfPY
gLZx9Y87/a0V1sl41g==
-----END CERTIFICATE-----

86
SOURCES/msvspherepatch1.pem
Unescape View File

@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f3:41:d2:7d:2e:b9:42:05:b5:8d:9a:39:b4:a8:dd:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Secure Boot CA
Validity
Not Before: Mar 22 16:42:54 2023 GMT
Not After : Mar 22 16:42:54 2053 GMT
Subject: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere kpatch signing key
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e1:8d:77:fe:7c:63:d5:a8:03:20:d3:ce:f0:96:
2a:84:1b:9c:e3:8f:01:f7:a0:76:c3:f8:ee:17:44:
10:cc:0d:58:df:65:73:2c:30:78:55:13:80:f9:9f:
af:88:87:4b:ef:98:cd:06:ff:62:37:f9:2d:ce:1c:
5e:7d:e9:b0:ac:4e:0f:08:70:45:ff:a3:a4:d8:f8:
d4:65:ed:1a:93:ab:bc:31:a6:de:ea:9c:81:f6:e6:
5b:c7:5c:d1:47:8d:e2:4f:3d:e9:17:c8:3e:c8:66:
51:4d:a8:df:14:f8:1f:55:df:31:2c:f4:a0:fb:8d:
39:3b:79:f7:3d:4e:cc:5f:e5:56:59:6a:77:0c:bf:
eb:fc:84:7d:ea:5b:51:34:fc:bc:4e:7a:be:7d:a3:
af:79:e0:9f:29:49:dc:f5:11:c8:3d:9e:39:89:25:
bb:63:57:7c:23:b0:e0:f8:ec:7b:4c:cb:bc:c9:92:
fb:f0:8f:8f:13:b0:ba:5f:65:68:78:f5:6e:dc:e1:
57:3d:50:c0:94:b1:41:63:23:ff:07:c9:c1:2a:e3:
68:94:c9:42:a4:52:4f:1f:dd:e0:9a:d9:c4:91:73:
ba:2e:29:24:67:e8:9c:92:3e:82:46:d8:f3:15:08:
f1:85:07:17:c8:f9:9b:ba:9c:87:ed:0f:d1:88:dc:
71:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
49:59:67:B5:13:6C:C8:DF:7E:64:B9:22:E3:A9:35:50:6B:95:84:D5
X509v3 Extended Key Usage:
Code Signing, 1.3.6.1.4.1.2312.16.1.2
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E0:DA:A8:81:5B:FF:F2:CC:A3:53:F9:46:E2:33:E2:E7:AC:2A:E0:FA
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7e:95:d0:2f:4f:e6:6b:e6:9b:ad:b2:a4:72:4e:bd:f1:c9:68:
23:cd:c6:31:35:ab:34:15:c2:ed:8d:ef:0f:82:f3:8a:12:16:
16:82:a9:d9:5a:b5:98:20:b6:f5:d2:24:53:58:c3:b9:ec:79:
40:ca:b4:4a:7b:9c:74:b9:1e:2b:a9:66:5c:b3:57:46:f2:98:
9b:96:23:48:a2:4f:0b:86:96:a2:30:0d:b7:8f:fb:83:95:3a:
29:96:24:80:d3:23:78:05:a9:ee:6f:af:e6:5c:70:61:4f:15:
5d:2c:75:22:a8:22:9a:6f:cf:86:52:01:03:73:ce:8c:86:67:
90:3c:f5:38:50:04:59:70:f0:25:35:da:34:cc:3e:84:e7:4f:
93:4c:01:33:34:3d:6c:e7:ea:d8:1e:63:43:1d:6a:b1:bf:01:
1b:20:a8:27:df:62:9e:af:7c:bd:52:95:fe:ad:0c:68:a5:1a:
b0:fc:59:b0:f9:c0:38:b0:5f:b2:3c:7d:ec:32:3a:a2:73:53:
c8:91:7e:cb:3b:cb:7f:85:de:d8:5d:f1:92:80:e6:61:7d:6d:
c3:8f:e8:a7:ce:14:33:d2:22:c1:7e:f6:ab:c1:75:8c:c3:70:
dd:ab:fd:c4:e9:db:9e:1a:bb:98:32:94:2b:56:d7:e1:31:99:
84:5e:c6:4d
-----BEGIN CERTIFICATE-----
MIIEcjCCA1qgAwIBAgIRAPNB0n0uuUIFtY2aObSo3c8wDQYJKoZIhvcNAQELBQAw
gbcxKjAoBgNVBAsTIU1TVlNwaGVyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEk
MCIGCSqGSIb3DQEJARYVc2VjdXJpdHlAbXN2c3BoZXJlLnJ1MQ8wDQYDVQQHEwZN
b3Njb3cxDzANBgNVBAgTBk1vc2NvdzELMAkGA1UEBhMCUlUxETAPBgNVBAoTCE5D
U0QgTExDMSEwHwYDVQQDExhNU1ZTcGhlcmUgU2VjdXJlIEJvb3QgQ0EwIBcNMjMw
MzIyMTY0MjU0WhgPMjA1MzAzMjIxNjQyNTRaMIG7MSowKAYDVQQLEyFNU1ZTcGhl
cmUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFXNlY3Vy
aXR5QG1zdnNwaGVyZS5ydTEPMA0GA1UEBxMGTW9zY293MQ8wDQYDVQQIEwZNb3Nj
b3cxCzAJBgNVBAYTAlJVMREwDwYDVQQKEwhOQ1NEIExMQzElMCMGA1UEAxMcTVNW
U3BoZXJlIGtwYXRjaCBzaWduaW5nIGtleTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOGNd/58Y9WoAyDTzvCWKoQbnOOPAfegdsP47hdEEMwNWN9lcyww
eFUTgPmfr4iHS++YzQb/Yjf5Lc4cXn3psKxODwhwRf+jpNj41GXtGpOrvDGm3uqc
gfbmW8dc0UeN4k896RfIPshmUU2o3xT4H1XfMSz0oPuNOTt59z1OzF/lVllqdwy/
6/yEfepbUTT8vE56vn2jr3ngnylJ3PURyD2eOYklu2NXfCOw4Pjse0zLvMmS+/CP
jxOwul9laHj1btzhVz1QwJSxQWMj/wfJwSrjaJTJQqRSTx/d4JrZxJFzui4pJGfo
nJI+gkbY8xUI8YUHF8j5m7qch+0P0YjccQUCAwEAAaNxMG8wHwYDVR0jBBgwFoAU
SVlntRNsyN9+ZLki46k1UGuVhNUwHwYDVR0lBBgwFgYIKwYBBQUHAwMGCisGAQQB
kggQAQIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU4NqogVv/8syjU/lG4jPi56wq
4PowDQYJKoZIhvcNAQELBQADggEBAH6V0C9P5mvmm62ypHJOvfHJaCPNxjE1qzQV
wu2N7w+C84oSFhaCqdlatZggtvXSJFNYw7nseUDKtEp7nHS5HiupZlyzV0bymJuW
I0iiTwuGlqIwDbeP+4OVOimWJIDTI3gFqe5vr+ZccGFPFV0sdSKoIppvz4ZSAQNz
zoyGZ5A89ThQBFlw8CU12jTMPoTnT5NMATM0PWzn6tgeY0MdarG/ARsgqCffYp6v
fL1Slf6tDGilGrD8WbD5wDiwX7I8fewyOqJzU8iRfss7y3+F3thd8ZKA5mF9bcOP
6KfOFDPSIsF+9qvBdYzDcN2r/cTp254au5gylCtW1+ExmYRexk0=
-----END CERTIFICATE-----

125
SOURCES/nvidiagpuoot001.pem
Unescape View File

@ -0,0 +1,125 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:2a:b8:18:9b:cc:bb:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Nvidia GPU OOT CA, emailAddress = secalert@redhat.com
Validity
Not Before: Nov 28 17:57:33 2023 GMT
Not After : Jan 18 17:57:33 2038 GMT
Subject: CN = Nvidia GPU OOT signing 001, emailAddress = secalert@redhat.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:aa:e7:0f:55:10:c8:19:46:a2:de:ec:0a:54:88:
f3:72:72:47:2b:0d:f9:13:28:e8:db:c8:76:17:51:
26:ab:da:31:e9:2f:f4:ec:a1:08:df:72:6a:e0:86:
1e:27:00:4f:a2:00:e7:14:c1:92:2a:0b:b5:6f:38:
f1:79:8b:0b:f3:7d:bb:e4:31:2f:34:12:9e:f5:8f:
fb:e4:f6:06:b4:92:1f:b4:11:21:bf:e4:bc:1f:93:
d6:88:d4:b5:f5:a1:a4:1c:a1:1f:15:40:ef:ff:b6:
2e:bf:b9:a9:10:a5:fe:0c:4b:a0:1d:7c:98:ea:2c:
12:8b:3c:f2:b0:5f:f6:22:89:c8:ca:d1:ec:3d:cb:
9c:e7:7c:d9:af:02:d5:69:77:6e:e4:98:a9:dd:92:
bd:62:1e:a6:2f:03:69:e5:3b:53:93:8d:88:54:c0:
db:d7:63:ad:82:3b:5b:74:90:6b:4e:91:2b:e4:9f:
5b:23:fc:8b:28:a5:68:01:88:b1:e1:90:a2:4b:e6:
ff:e0:e4:16:ae:a2:f6:64:57:4b:c7:a9:68:a8:c4:
45:fb:54:3c:cf:ef:fd:4e:b1:c6:08:4e:da:ae:51:
f8:5f:2a:b4:12:06:b1:03:60:1a:e7:45:22:f9:cd:
59:a1:91:36:2d:dd:6f:ec:42:35:98:2e:92:d9:31:
9b:4d:c3:00:4b:ea:8b:70:d6:dc:34:da:b3:66:2a:
f3:5e:00:4e:83:14:21:24:71:7a:ed:ea:09:c7:57:
2c:58:39:32:1e:24:1f:ef:52:7b:bc:8d:18:47:ba:
b3:16:a4:56:65:e3:9d:fe:ae:44:59:93:a1:c4:c6:
ec:64:03:71:ed:35:54:9e:2d:dc:b3:ad:2b:cc:74:
1f:db:66:8f:73:19:47:5d:19:bf:e3:5c:48:bd:5d:
3b:10:b3:9c:a2:ed:30:af:a0:2e:ac:cc:6a:bf:d6:
1b:83:c2:98:86:bb:92:26:f3:ce:57:41:d2:68:74:
57:f3:3a:f4:71:e4:52:8f:26:9b:60:65:cd:c3:87:
3d:af:dd:06:99:30:70:08:ba:39:91:47:18:ea:c6:
68:aa:ad:f4:e7:6f:26:bf:51:ff:be:1a:3c:52:45:
9c:a0:03:7a:f5:e8:cc:55:89:ac:16:1a:6c:c2:18:
75:3a:51:68:3d:8a:9c:b3:8e:ce:ed:00:a9:ac:47:
a1:1e:04:14:b7:fd:d3:75:ca:97:52:90:6e:d0:96:
94:bf:44:2c:75:63:7b:78:3c:40:cc:13:bc:52:dd:
71:14:ef:ee:d8:45:6c:37:85:bd:a8:01:df:ce:e6:
b1:fb:9c:4d:72:e7:47:fd:cb:a4:6e:cd:a7:4e:cb:
01:b9:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Subject Key Identifier:
55:E1:CE:F8:81:93:E6:04:19:F0:B0:EC:37:9C:49:F7:75:45:AC:F0
X509v3 Authority Key Identifier:
5E:D6:FB:11:3F:AB:FD:E7:63:F0:13:73:E9:E2:D1:51:FB:B3:85:12
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
45:40:c8:30:a9:1a:1a:94:82:1c:65:49:99:1e:82:34:2d:bd:
8b:ee:f9:93:a3:5d:89:b1:57:68:ec:d2:c7:3c:ea:2c:6a:14:
6d:44:39:7e:63:b5:e5:38:0e:7e:a9:25:2d:5e:69:b0:18:8a:
c0:80:f7:0e:99:4c:26:f9:74:54:95:ad:08:46:5a:c5:ee:0c:
24:7a:07:75:cc:26:41:ff:c0:69:46:d2:08:08:7f:2b:2f:0c:
37:50:7a:7e:59:09:7d:00:26:fe:e8:1b:3b:92:62:f4:62:5a:
c2:b1:30:8d:12:12:07:ce:4f:a9:78:09:f8:a6:6e:26:24:b4:
e8:a7:ac:ac:b8:ba:62:f1:79:b9:71:34:0b:45:f5:c0:32:f3:
fa:d6:7c:05:4d:94:b3:c3:19:61:6f:0e:af:d3:90:29:aa:29:
70:bf:90:bd:8b:53:d6:7f:5b:ac:f9:41:9b:39:b8:55:1e:0b:
65:cd:2e:96:1c:1b:f9:65:1e:30:7b:ab:04:d8:44:f1:41:5d:
13:3c:e1:c4:cf:fc:be:0c:75:dc:a8:47:e3:d6:3f:cf:c1:15:
d4:e4:e3:db:aa:9d:70:7b:13:10:4d:46:de:63:57:28:3a:70:
f9:3e:e6:d3:a6:52:dd:8f:fe:1f:97:e5:03:63:d1:7e:c4:9a:
f7:11:ea:6c:06:ee:58:4e:e5:a8:fb:d5:ff:46:b0:f6:13:a7:
aa:f2:7b:df:32:80:73:27:0f:4a:55:0c:e6:b9:f3:a7:0d:61:
2e:20:6b:d9:b1:d2:07:9a:d3:89:af:99:89:87:90:ab:b0:1f:
89:74:19:bd:7a:24:66:ef:ab:55:34:d5:f5:9a:74:62:02:81:
22:67:71:ae:c2:bf:9d:b6:08:7c:88:83:df:42:35:95:5e:75:
82:bc:40:83:ca:11:96:01:e1:1a:f1:c6:f0:36:fa:57:3f:4f:
ce:87:6a:3d:92:52:a9:bf:13:cd:92:a9:8f:b2:02:32:1d:94:
b3:ba:af:58:e7:0d:d4:a2:03:69:ac:b4:af:d9:b3:ae:57:01:
24:60:7a:bc:27:7d:37:89:e6:d8:7b:27:b1:ea:0f:97:3e:bc:
7b:e8:6d:ad:5e:7c:6f:9b:ed:65:f0:86:2b:28:9c:50:a6:43:
e6:2c:4c:03:31:70:64:25:4e:60:25:b3:27:4e:1a:59:8e:7a:
cd:c2:28:c9:e0:a4:e0:31:12:39:8f:c0:f1:f6:cd:e5:8e:69:
c4:ca:0e:d7:37:50:7b:3d:cd:51:cd:4b:ac:02:50:bf:8c:5e:
78:15:0a:eb:79:73:21:da:bb:e0:2f:36:ae:7f:d4:98:f4:0d:
ad:f3:c7:72:0d:e9:6f:94
-----BEGIN CERTIFICATE-----
MIIFhDCCA2ygAwIBAgIJAMUquBibzLsWMA0GCSqGSIb3DQEBCwUAMEAxGjAYBgNV
BAMMEU52aWRpYSBHUFUgT09UIENBMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEBy
ZWRoYXQuY29tMB4XDTIzMTEyODE3NTczM1oXDTM4MDExODE3NTczM1owSTEjMCEG
A1UEAwwaTnZpZGlhIEdQVSBPT1Qgc2lnbmluZyAwMDExIjAgBgkqhkiG9w0BCQEW
E3NlY2FsZXJ0QHJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCq5w9VEMgZRqLe7ApUiPNyckcrDfkTKOjbyHYXUSar2jHpL/TsoQjfcmrg
hh4nAE+iAOcUwZIqC7VvOPF5iwvzfbvkMS80Ep71j/vk9ga0kh+0ESG/5Lwfk9aI
1LX1oaQcoR8VQO//ti6/uakQpf4MS6AdfJjqLBKLPPKwX/YiicjK0ew9y5znfNmv
AtVpd27kmKndkr1iHqYvA2nlO1OTjYhUwNvXY62CO1t0kGtOkSvkn1sj/IsopWgB
iLHhkKJL5v/g5BauovZkV0vHqWioxEX7VDzP7/1OscYITtquUfhfKrQSBrEDYBrn
RSL5zVmhkTYt3W/sQjWYLpLZMZtNwwBL6otw1tw02rNmKvNeAE6DFCEkcXrt6gnH
VyxYOTIeJB/vUnu8jRhHurMWpFZl453+rkRZk6HExuxkA3HtNVSeLdyzrSvMdB/b
Zo9zGUddGb/jXEi9XTsQs5yi7TCvoC6szGq/1huDwpiGu5Im885XQdJodFfzOvRx
5FKPJptgZc3Dhz2v3QaZMHAIujmRRxjqxmiqrfTnbya/Uf++GjxSRZygA3r16MxV
iawWGmzCGHU6UWg9ipyzjs7tAKmsR6EeBBS3/dN1ypdSkG7QlpS/RCx1Y3t4PEDM
E7xS3XEU7+7YRWw3hb2oAd/O5rH7nE1y50f9y6RuzadOywG5EQIDAQABo3gwdjAM
BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEF
BQcDAzAdBgNVHQ4EFgQUVeHO+IGT5gQZ8LDsN5xJ93VFrPAwHwYDVR0jBBgwFoAU
Xtb7ET+r/edj8BNz6eLRUfuzhRIwDQYJKoZIhvcNAQELBQADggIBAEVAyDCpGhqU
ghxlSZkegjQtvYvu+ZOjXYmxV2js0sc86ixqFG1EOX5jteU4Dn6pJS1eabAYisCA
9w6ZTCb5dFSVrQhGWsXuDCR6B3XMJkH/wGlG0ggIfysvDDdQen5ZCX0AJv7oGzuS
YvRiWsKxMI0SEgfOT6l4CfimbiYktOinrKy4umLxeblxNAtF9cAy8/rWfAVNlLPD
GWFvDq/TkCmqKXC/kL2LU9Z/W6z5QZs5uFUeC2XNLpYcG/llHjB7qwTYRPFBXRM8
4cTP/L4MddyoR+PWP8/BFdTk49uqnXB7ExBNRt5jVyg6cPk+5tOmUt2P/h+X5QNj
0X7EmvcR6mwG7lhO5aj71f9GsPYTp6rye98ygHMnD0pVDOa586cNYS4ga9mx0gea
04mvmYmHkKuwH4l0Gb16JGbvq1U01fWadGICgSJnca7Cv522CHyIg99CNZVedYK8
QIPKEZYB4RrxxvA2+lc/T86Haj2SUqm/E82SqY+yAjIdlLO6r1jnDdSiA2mstK/Z
s65XASRgerwnfTeJ5th7J7HqD5c+vHvoba1efG+b7WXwhisonFCmQ+YsTAMxcGQl
TmAlsydOGlmOes3CKMngpOAxEjmPwPH2zeWOacTKDtc3UHs9zVHNS6wCUL+MXngV
Cut5cyHau+AvNq5/1Jj0Da3zx3IN6W+U
-----END CERTIFICATE-----

102
SOURCES/rheldup3.pem
Unescape View File

@ -0,0 +1,102 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
df:05:cc:0a:a1:21:9e:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Red Hat Enterprise Linux Driver Update Program (key 3), emailAddress = secalert@redhat.com
Validity
Not Before: Mar 31 08:40:36 2014 GMT
Not After : Mar 25 08:40:36 2037 GMT
Subject: CN = Red Hat Enterprise Linux Driver Update Program (key 3), emailAddress = secalert@redhat.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:a6:6a:c6:0a:73:d6:e0:67:ab:09:21:b7:8e:61:
bb:e2:80:96:55:fd:be:35:5c:7a:9f:c8:9e:2a:1f:
41:b1:54:25:8b:c1:6b:7a:75:83:8d:df:6b:c8:20:
4d:94:31:f0:c6:ed:d6:66:6e:e5:cc:6e:20:5f:17:
3f:e0:d4:5a:41:cf:de:ff:31:70:44:a5:fe:79:8d:
14:d9:04:2e:66:08:ac:cb:14:6e:75:53:38:f5:85:
44:99:43:f6:b1:03:bc:7c:d6:bd:9d:1b:e2:3c:8d:
a4:f0:1c:97:ff:0e:37:61:cc:a1:c7:51:2a:44:69:
9f:88:f9:1a:62:d5:dd:f7:bf:04:66:90:57:6e:83:
d8:07:cc:fe:eb:61:99:fb:3b:3e:97:c7:5b:8f:e5:
8c:eb:01:ab:a1:99:95:5c:1c:cf:8d:2b:6e:74:82:
80:6c:14:be:bd:81:d8:9a:ba:57:aa:49:26:fd:c8:
3d:06:8e:35:77:bf:56:f8:53:10:69:1b:da:93:41:
05:cd:51:65:ca:3b:40:82:f5:4f:dd:df:1d:be:db:
96:ed:c0:e5:d7:03:f1:39:53:3c:fc:4a:c6:af:3b:
36:ab:3d:9f:c9:19:c4:67:f5:41:b0:bd:93:98:38:
bc:4f:fe:c6:64:05:ec:a5:cb:9a:fb:c3:72:90:da:
b7:9d:91:68:8b:00:b6:b0:83:62:8c:5b:e0:bd:1c:
b0:a5:3b:49:be:77:37:be:54:37:0a:a5:2b:7a:05:
ef:61:97:68:a3:5d:e1:90:5e:d6:d6:22:bf:50:d1:
2b:22:be:7d:f2:30:bd:5a:0d:6e:91:6a:8e:89:56:
97:30:7d:14:93:a4:05:69:e5:0d:8f:be:39:6d:17:
02:66:7f:a6:05:db:5f:f6:b2:39:43:04:1e:44:fc:
ae:f2:de:12:02:d7:e4:e0:eb:08:a6:1f:b9:cd:d4:
8b:75:40:b3:bb:4f:92:15:78:a1:2e:4b:c4:8f:2f:
7d:ad:34:be:6b:2a:29:18:d5:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
BF:57:F3:E8:73:62:BC:72:29:D9:F4:65:32:17:73:DF:D1:F7:7A:80
X509v3 Authority Key Identifier:
BF:57:F3:E8:73:62:BC:72:29:D9:F4:65:32:17:73:DF:D1:F7:7A:80
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
62:a8:a3:1c:39:5a:69:fa:a6:c6:ff:ab:6c:f6:9e:9a:f5:6b:
84:72:c8:18:6f:15:2d:07:9f:ac:b4:a0:49:fb:20:02:32:b8:
25:80:98:fb:d7:57:7f:9c:78:a9:19:dd:f5:b8:bd:c7:59:03:
a0:06:85:a9:18:7a:35:df:9f:53:f0:22:61:bf:0a:bb:1c:f3:
a6:9e:db:8e:2c:1c:25:b2:86:a3:0d:97:ce:0d:f4:d0:28:39:
76:00:38:07:f2:02:f5:e0:a8:01:20:30:a8:18:7c:1f:0e:91:
41:a6:cc:0a:a7:2e:78:c2:32:de:ae:f6:2d:9d:b1:43:17:31:
f1:ff:74:b1:f5:ef:bd:a2:53:bf:17:20:1a:da:bd:5e:7b:db:
79:43:c7:7b:79:a7:31:ca:3e:54:28:e4:44:2b:ac:41:b9:c0:
03:44:ce:e9:56:13:0b:87:f9:82:e6:1e:82:75:23:c2:2c:cf:
8d:8e:ad:47:40:16:b4:86:82:92:4d:77:8c:02:27:7a:cf:93:
ed:21:4a:fa:d8:fb:e9:30:d4:b9:c8:e2:05:a7:2e:5d:4b:80:
db:ec:aa:4f:e2:4e:5d:94:13:ad:73:65:26:7e:4d:0e:44:49:
03:8f:42:e5:4e:e8:43:4b:1f:76:fc:18:d1:c1:c1:ac:85:de:
ec:97:13:e1:de:e6:fa:75:c6:f0:fd:c2:15:7e:23:72:f2:28:
fa:b6:6f:a3:96:e5:d4:b5:b2:a5:6b:e3:b6:cf:47:46:6b:a6:
93:7c:7d:28:5d:ba:ce:da:19:e9:4c:a8:a4:9a:1e:77:fc:5a:
b5:43:ad:9f:f7:bb:be:5f:85:9e:c9:0e:4c:a1:01:54:01:a1:
6e:ae:67:13:84:ee:ad:e9:20:77:66:be:6d:06:73:80:18:dc:
c8:d5:16:c4:7f:8a:b5:63:b8:37:fa:be:95:8b:5d:46:2d:a9:
69:71:bc:d4:44:38:68:e4:11:8d:8e:8d:99:a2:9a:4b:07:ae:
11:cf:05:d8:b7:ff
-----BEGIN CERTIFICATE-----
MIIEqjCCAxKgAwIBAgIJAN8FzAqhIZ4+MA0GCSqGSIb3DQEBCwUAMGUxPzA9BgNV
BAMTNlJlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCBEcml2ZXIgVXBkYXRlIFByb2dy
YW0gKGtleSAzKTEiMCAGCSqGSIb3DQEJARYTc2VjYWxlcnRAcmVkaGF0LmNvbTAe
Fw0xNDAzMzEwODQwMzZaFw0zNzAzMjUwODQwMzZaMGUxPzA9BgNVBAMTNlJlZCBI
YXQgRW50ZXJwcmlzZSBMaW51eCBEcml2ZXIgVXBkYXRlIFByb2dyYW0gKGtleSAz
KTEiMCAGCSqGSIb3DQEJARYTc2VjYWxlcnRAcmVkaGF0LmNvbTCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBAKZqxgpz1uBnqwkht45hu+KAllX9vjVcep/I
niofQbFUJYvBa3p1g43fa8ggTZQx8Mbt1mZu5cxuIF8XP+DUWkHP3v8xcESl/nmN
FNkELmYIrMsUbnVTOPWFRJlD9rEDvHzWvZ0b4jyNpPAcl/8ON2HMocdRKkRpn4j5
GmLV3fe/BGaQV26D2AfM/uthmfs7PpfHW4/ljOsBq6GZlVwcz40rbnSCgGwUvr2B
2Jq6V6pJJv3IPQaONXe/VvhTEGkb2pNBBc1RZco7QIL1T93fHb7blu3A5dcD8TlT
PPxKxq87Nqs9n8kZxGf1QbC9k5g4vE/+xmQF7KXLmvvDcpDat52RaIsAtrCDYoxb
4L0csKU7Sb53N75UNwqlK3oF72GXaKNd4ZBe1tYiv1DRKyK+ffIwvVoNbpFqjolW
lzB9FJOkBWnlDY++OW0XAmZ/pgXbX/ayOUMEHkT8rvLeEgLX5ODrCKYfuc3Ui3VA
s7tPkhV4oS5LxI8vfa00vmsqKRjV6QIDAQABo10wWzAMBgNVHRMBAf8EAjAAMAsG
A1UdDwQEAwIHgDAdBgNVHQ4EFgQUv1fz6HNivHIp2fRlMhdz39H3eoAwHwYDVR0j
BBgwFoAUv1fz6HNivHIp2fRlMhdz39H3eoAwDQYJKoZIhvcNAQELBQADggGBAGKo
oxw5Wmn6psb/q2z2npr1a4RyyBhvFS0Hn6y0oEn7IAIyuCWAmPvXV3+ceKkZ3fW4
vcdZA6AGhakYejXfn1PwImG/Crsc86ae244sHCWyhqMNl84N9NAoOXYAOAfyAvXg
qAEgMKgYfB8OkUGmzAqnLnjCMt6u9i2dsUMXMfH/dLH1772iU78XIBravV5723lD
x3t5pzHKPlQo5EQrrEG5wANEzulWEwuH+YLmHoJ1I8Isz42OrUdAFrSGgpJNd4wC
J3rPk+0hSvrY++kw1LnI4gWnLl1LgNvsqk/iTl2UE61zZSZ+TQ5ESQOPQuVO6ENL
H3b8GNHBwayF3uyXE+He5vp1xvD9whV+I3LyKPq2b6OW5dS1sqVr47bPR0ZrppN8
fShdus7aGelMqKSaHnf8WrVDrZ/3u75fhZ7JDkyhAVQBoW6uZxOE7q3pIHdmvm0G
c4AY3MjVFsR/irVjuDf6vpWLXUYtqWlxvNREOGjkEY2OjZmimksHrhHPBdi3/w==
-----END CERTIFICATE-----

70
SOURCES/rhelima.pem
Unescape View File

@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d6:78:a4:e3:e7:d3:c5:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = RH-IMA-CA, CN = Red Hat IMA CA, emailAddress = secalert@redhat.com
Validity
Not Before: Jul 1 16:14:04 2023 GMT
Not After : Jan 18 16:14:04 2038 GMT
Subject: CN = Red Hat IMA release key (for verification)
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:4f:0e:ef:bf:e2:23:89:91:27:4e:7c:32:a1:d0:
c0:26:92:de:37:8d:b0:5d:ea:7f:d6:27:18:9b:b4:
62:be:06:85:3d:f9:cc:47:7e:c7:bd:91:54:53:62:
b4:c0:8a:43:48:c2:59:07:2b:88:d7:3d:4b:30:8d:
6c:32:fb:a5:da:dc:8a:85:e9:61:44:18:fc:d9:8b:
f5:5e:38:c8:85:77:ca:73:68:ce:48:df:af:3d:06:
43:2f:4b:6c:0c:cd:88
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Subject Key Identifier:
22:FA:01:DC:0E:A0:26:9F:69:A8:67:E5:CF:E4:9C:FB:D3:32:04:49
X509v3 Authority Key Identifier:
FB:31:82:5D:D0:E0:73:68:5B:26:4E:30:38:96:36:73:F7:53:95:9A
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1a:1e:c1:2d:65:ad:f0:24:ec:9e:a7:fd:d4:ea:e1:54:dc:31:
1c:62:8c:29:0b:7a:56:6e:f7:b4:87:92:3e:ff:d5:40:4b:24:
a1:68:6e:ee:9c:35:65:a1:3f:8e:f3:8b:9b:18:b1:03:ed:fb:
50:2e:a3:23:d1:93:1d:d6:82:0a:10:6f:34:be:d6:3a:bd:76:
8c:44:0e:ad:a7:2a:c4:8e:8d:c4:e4:8d:51:d8:26:b7:38:89:
d1:23:a0:23:88:76:fa:f1:27:91:57:3e:b2:0f:cf:73:53:db:
20:40:5d:82:b9:e9:bc:a2:94:09:57:fb:85:0d:56:4b:dc:19:
65:12:2f:6d:6a:3b:be:35:1f:d4:52:ea:e4:72:36:f9:fe:cb:
d4:1b:0f:e3:0e:88:7c:68:58:28:c3:06:5f:bd:d2:f9:2e:1a:
30:f0:63:65:2d:55:e1:a4:fd:97:cf:ff:c0:52:22:1c:24:a3:
6e:de:7a:c9:9d:75:d2:d0:82:b0:7f:6f:db:21:01:69:f0:54:
76:04:19:68:2c:22:72:dd:3b:0d:04:d5:ad:5a:80:30:68:90:
6e:c2:27:f4:28:af:1b:78:f6:0a:70:74:5c:3a:61:42:f5:63:
7c:83:12:5a:1b:43:bc:d4:1b:28:b5:ef:98:c5:14:04:42:80:
dd:54:30:a4
-----BEGIN CERTIFICATE-----
MIIC0zCCAbugAwIBAgIJANZ4pOPn08WpMA0GCSqGSIb3DQEBCwUAMFExEjAQBgNV
BAoMCVJILUlNQS1DQTEXMBUGA1UEAwwOUmVkIEhhdCBJTUEgQ0ExIjAgBgkqhkiG
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMjMwNzAxMTYxNDA0WhcNMzgw
MTE4MTYxNDA0WjA1MTMwMQYDVQQDDCpSZWQgSGF0IElNQSByZWxlYXNlIGtleSAo
Zm9yIHZlcmlmaWNhdGlvbikwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARPDu+/4iOJ
kSdOfDKh0MAmkt43jbBd6n/WJxibtGK+BoU9+cxHfse9kVRTYrTAikNIwlkHK4jX
PUswjWwy+6Xa3IqF6WFEGPzZi/VeOMiFd8pzaM5I3689BkMvS2wMzYijeDB2MAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUF
BwMDMB0GA1UdDgQWBBQi+gHcDqAmn2moZ+XP5Jz70zIESTAfBgNVHSMEGDAWgBT7
MYJd0OBzaFsmTjA4ljZz91OVmjANBgkqhkiG9w0BAQsFAAOCAQEAGh7BLWWt8CTs
nqf91OrhVNwxHGKMKQt6Vm73tIeSPv/VQEskoWhu7pw1ZaE/jvOLmxixA+37UC6j
I9GTHdaCChBvNL7WOr12jEQOracqxI6NxOSNUdgmtziJ0SOgI4h2+vEnkVc+sg/P
c1PbIEBdgrnpvKKUCVf7hQ1WS9wZZRIvbWo7vjUf1FLq5HI2+f7L1BsP4w6IfGhY
KMMGX73S+S4aMPBjZS1V4aT9l8//wFIiHCSjbt56yZ110tCCsH9v2yEBafBUdgQZ
aCwict07DQTVrVqAMGiQbsIn9CivG3j2CnB0XDphQvVjfIMSWhtDvNQbKLXvmMUU
BEKA3VQwpA==
-----END CERTIFICATE-----

70
SOURCES/rhelima_centos.pem
Unescape View File

@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d6:78:a4:e3:e7:d3:c5:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = RH-IMA-CA, CN = Red Hat IMA CA, emailAddress = secalert@redhat.com
Validity
Not Before: Jul 1 16:14:51 2023 GMT
Not After : Jan 18 16:14:51 2038 GMT
Subject: CN = CentOS IMA release key (for verification)
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:d4:d0:31:08:09:0d:97:d0:5c:c8:49:ff:90:f4:
3a:16:85:a3:73:a1:d9:c4:28:4c:f7:aa:a8:22:c2:
cf:0e:8b:d7:9a:ed:e6:f0:89:f8:85:95:72:c3:38:
27:2a:29:97:6a:6b:2b:01:04:a3:32:ba:f4:75:f9:
e4:c8:48:2f:f5:36:69:44:27:f9:35:b3:0c:c3:22:
24:67:51:06:d3:73:f1:56:94:20:a8:8c:82:34:c0:
10:ef:ce:f9:b4:7a:42
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Subject Key Identifier:
54:E5:A3:4F:16:2B:32:B7:77:FF:E3:4F:1E:8B:66:12:7C:43:5B:B5
X509v3 Authority Key Identifier:
FB:31:82:5D:D0:E0:73:68:5B:26:4E:30:38:96:36:73:F7:53:95:9A
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
c6:1d:92:0e:92:40:d6:ae:a5:5d:4e:5d:2a:e1:0f:92:42:20:
89:e1:a9:82:87:35:42:c9:7f:77:dd:19:e3:cf:ef:be:8b:39:
4f:99:2e:cd:cc:a3:18:23:7f:81:4b:7d:63:5d:71:b4:4b:9c:
ea:dc:2f:1d:16:da:4c:ed:98:bf:df:88:11:d0:8b:af:01:55:
71:05:fe:d7:ac:78:4e:46:de:48:9f:04:74:42:c2:c8:1a:fc:
c5:46:6a:99:3e:9a:b0:e4:04:07:48:e2:4c:65:e5:01:a8:ad:
3c:8d:c0:ca:c5:73:23:36:88:27:54:8b:90:f8:ea:55:fc:eb:
b8:69:a5:8b:a0:1d:8b:f1:93:dd:71:9e:e9:88:f0:2d:0e:7d:
86:a4:8d:0b:fd:00:c9:c0:73:aa:b1:65:b1:60:6e:a4:09:1b:
3e:30:d9:62:2a:15:d6:50:2a:6a:fd:24:e7:8c:93:78:4a:28:
d5:b1:d9:ba:1b:8d:ef:48:0d:f4:8c:79:90:0f:95:8d:79:39:
8d:41:a5:fc:6f:e4:ef:5c:ee:3b:f4:c3:2c:c3:a0:b7:61:ac:
7e:e9:eb:a0:3a:ba:05:2c:bd:aa:a9:1f:c5:b9:ee:72:f6:c4:
54:1f:71:3b:e1:70:1a:30:f4:04:18:50:60:c4:5a:da:93:cd:
b6:f6:67:c8
-----BEGIN CERTIFICATE-----
MIIC0jCCAbqgAwIBAgIJANZ4pOPn08WrMA0GCSqGSIb3DQEBCwUAMFExEjAQBgNV
BAoMCVJILUlNQS1DQTEXMBUGA1UEAwwOUmVkIEhhdCBJTUEgQ0ExIjAgBgkqhkiG
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMjMwNzAxMTYxNDUxWhcNMzgw
MTE4MTYxNDUxWjA0MTIwMAYDVQQDDClDZW50T1MgSU1BIHJlbGVhc2Uga2V5IChm
b3IgdmVyaWZpY2F0aW9uKTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNTQMQgJDZfQ
XMhJ/5D0OhaFo3Oh2cQoTPeqqCLCzw6L15rt5vCJ+IWVcsM4Jyopl2prKwEEozK6
9HX55MhIL/U2aUQn+TWzDMMiJGdRBtNz8VaUIKiMgjTAEO/O+bR6QqN4MHYwDAYD
VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUH
AwMwHQYDVR0OBBYEFFTlo08WKzK3d//jTx6LZhJ8Q1u1MB8GA1UdIwQYMBaAFPsx
gl3Q4HNoWyZOMDiWNnP3U5WaMA0GCSqGSIb3DQEBCwUAA4IBAQDGHZIOkkDWrqVd
Tl0q4Q+SQiCJ4amChzVCyX933Rnjz+++izlPmS7NzKMYI3+BS31jXXG0S5zq3C8d
FtpM7Zi/34gR0IuvAVVxBf7XrHhORt5InwR0QsLIGvzFRmqZPpqw5AQHSOJMZeUB
qK08jcDKxXMjNognVIuQ+OpV/Ou4aaWLoB2L8ZPdcZ7piPAtDn2GpI0L/QDJwHOq
sWWxYG6kCRs+MNliKhXWUCpq/STnjJN4SijVsdm6G43vSA30jHmQD5WNeTmNQaX8
b+TvXO479MMsw6C3Yax+6eugOroFLL2qqR/Fue5y9sRUH3E74XAaMPQEGFBgxFra
k8229mfI
-----END CERTIFICATE-----

81
SOURCES/rhelimaca1.pem
Unescape View File

@ -0,0 +1,81 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
aa:05:bd:59:88:e4:fe:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = RH-IMA-CA, CN = Red Hat IMA CA, emailAddress = secalert@redhat.com
Validity
Not Before: Jul 1 15:22:50 2023 GMT
Not After : Jan 18 15:22:50 2038 GMT
Subject: O = RH-IMA-CA, CN = Red Hat IMA CA, emailAddress = secalert@redhat.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ca:74:5e:05:ee:bd:00:33:4a:49:92:6d:b9:2e:
4b:1a:b5:3d:05:49:68:50:70:9e:39:28:a0:58:87:
55:b7:b0:54:8e:21:cc:1a:b3:0f:1c:bc:11:76:1c:
9a:0f:de:56:97:79:41:83:2d:5d:c6:b8:32:36:dd:
20:f4:0f:b1:28:9a:e7:fd:ff:27:cd:f6:57:30:0d:
b1:dd:4c:2f:71:be:49:d1:57:06:5a:6d:4b:59:ca:
87:fb:25:0d:ac:f1:41:c7:8e:10:e8:18:8b:40:ae:
c3:fe:1f:9a:0d:da:ee:4f:6d:da:f2:c0:27:f8:cb:
ae:6e:84:bb:49:b8:9a:e2:c2:9d:de:81:e9:e2:d6:
03:6f:ee:eb:17:b3:2d:da:50:51:1e:da:f6:12:54:
f7:89:c3:bc:5a:90:fb:1d:ba:21:a4:25:07:87:3e:
d4:12:c1:d6:f8:3f:c1:80:65:c0:15:81:6a:51:92:
36:af:63:39:7a:83:4e:48:3e:19:5d:a5:a3:48:e1:
7c:5c:ff:e3:ed:bb:59:7b:c3:93:5d:d5:1f:c2:97:
df:6d:c5:ff:73:c3:66:64:4b:0f:6c:72:43:e2:65:
60:03:38:b8:c0:51:b6:ae:5a:f8:8e:f9:c2:8f:55:
9c:d0:d2:db:94:ac:75:c8:0f:85:49:b1:96:82:01:
4b:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
FB:31:82:5D:D0:E0:73:68:5B:26:4E:30:38:96:36:73:F7:53:95:9A
X509v3 Authority Key Identifier:
FB:31:82:5D:D0:E0:73:68:5B:26:4E:30:38:96:36:73:F7:53:95:9A
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
52:71:86:bc:05:f4:08:dc:0b:8b:b2:b6:95:a9:04:a3:f8:19:
e9:0a:a9:6d:4b:b7:1e:f5:7d:ff:d8:1a:0b:4f:1e:cb:07:94:
09:b0:93:16:3d:20:61:03:5b:15:b9:60:f0:c1:5f:28:70:59:
b5:59:de:c1:1e:76:92:1c:bb:43:d9:53:ae:2b:ad:7c:09:20:
7a:ac:29:b8:1e:17:48:b6:54:d4:11:60:72:2b:44:3e:2e:f2:
48:35:73:05:81:51:5e:b5:0c:a5:cc:35:15:de:29:1b:f0:75:
4e:af:b8:46:51:96:98:6a:ac:75:08:d8:90:5d:d0:1a:eb:a3:
95:58:d2:8b:03:bf:f2:37:fc:85:20:49:7c:f6:16:67:31:eb:
40:11:65:94:1a:cf:9e:6e:6d:f0:83:17:84:63:05:e5:08:97:
31:dc:e2:75:46:52:8b:a9:57:95:0f:41:df:37:1e:fa:18:35:
19:57:23:0a:c1:fa:79:da:62:85:85:7c:68:c1:bb:6f:78:96:
02:8c:0e:be:53:fb:97:15:d3:bb:d7:fe:90:99:6f:0e:c1:5d:
3a:ec:ac:07:b5:69:e9:86:04:25:29:36:9f:48:e0:3d:a1:aa:
8c:71:66:85:30:f3:2e:e6:cb:91:8e:76:24:ab:4e:3e:2d:de:
5a:d1:43:c6
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIJAKoFvVmI5P66MA0GCSqGSIb3DQEBCwUAMFExEjAQBgNV
BAoMCVJILUlNQS1DQTEXMBUGA1UEAwwOUmVkIEhhdCBJTUEgQ0ExIjAgBgkqhkiG
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMjMwNzAxMTUyMjUwWhcNMzgw
MTE4MTUyMjUwWjBRMRIwEAYDVQQKDAlSSC1JTUEtQ0ExFzAVBgNVBAMMDlJlZCBI
YXQgSU1BIENBMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynReBe69ADNKSZJtuS5LGrU9
BUloUHCeOSigWIdVt7BUjiHMGrMPHLwRdhyaD95Wl3lBgy1dxrgyNt0g9A+xKJrn
/f8nzfZXMA2x3Uwvcb5J0VcGWm1LWcqH+yUNrPFBx44Q6BiLQK7D/h+aDdruT23a
8sAn+MuuboS7Sbia4sKd3oHp4tYDb+7rF7Mt2lBRHtr2ElT3icO8WpD7HbohpCUH
hz7UEsHW+D/BgGXAFYFqUZI2r2M5eoNOSD4ZXaWjSOF8XP/j7btZe8OTXdUfwpff
bcX/c8NmZEsPbHJD4mVgAzi4wFG2rlr4jvnCj1Wc0NLblKx1yA+FSbGWggFLZwID
AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7MYJd0OBzaFsmTjA4
ljZz91OVmjAfBgNVHSMEGDAWgBT7MYJd0OBzaFsmTjA4ljZz91OVmjAOBgNVHQ8B
Af8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAFJxhrwF9AjcC4uytpWpBKP4GekK
qW1Ltx71ff/YGgtPHssHlAmwkxY9IGEDWxW5YPDBXyhwWbVZ3sEedpIcu0PZU64r
rXwJIHqsKbgeF0i2VNQRYHIrRD4u8kg1cwWBUV61DKXMNRXeKRvwdU6vuEZRlphq
rHUI2JBd0Brro5VY0osDv/I3/IUgSXz2Fmcx60ARZZQaz55ubfCDF4RjBeUIlzHc
4nVGUoupV5UPQd83HvoYNRlXIwrB+nnaYoWFfGjBu294lgKMDr5T+5cV07vX/pCZ
bw7BXTrsrAe1aemGBCUpNp9I4D2hqoxxZoUw8y7my5GOdiSrTj4t3lrRQ8Y=
-----END CERTIFICATE-----

102
SOURCES/rhelkpatch1.pem
Unescape View File

@ -0,0 +1,102 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:5d:16:42:f6:60:09:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Red Hat Enterprise Linux kpatch signing key, emailAddress = secalert@redhat.com
Validity
Not Before: Mar 31 08:34:47 2014 GMT
Not After : Mar 25 08:34:47 2037 GMT
Subject: CN = Red Hat Enterprise Linux kpatch signing key, emailAddress = secalert@redhat.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:a6:ad:de:2d:77:ee:76:a9:29:30:fc:f2:b7:11:
ac:41:94:72:68:52:6b:08:54:68:8a:c7:0a:a5:b2:
10:b6:b4:83:6f:3c:ff:4f:fe:9b:1e:a6:e4:a7:78:
78:7a:d1:06:30:b2:2c:f5:b3:68:1a:1d:28:b9:24:
4f:75:aa:e2:76:00:8b:dd:06:e3:24:52:a5:14:e2:
42:17:17:4f:01:5a:6a:97:bf:60:08:ad:e0:17:60:
20:bc:59:11:e2:87:3d:6c:c7:b8:8a:f1:44:87:09:
13:71:fd:76:7d:ef:e5:2b:ca:78:61:4d:16:8e:68:
e0:0a:85:d2:e3:de:37:e1:d1:e6:d8:a0:f7:30:d3:
62:fa:c4:20:81:97:9a:d7:c2:4e:a2:49:80:00:d0:
6d:ac:c6:3e:99:5a:48:70:cf:5b:52:e5:8c:88:51:
02:89:0f:0a:3f:b8:12:85:1a:cb:2f:72:32:97:ce:
fa:fe:04:47:f6:1d:81:4a:01:65:8f:17:20:20:6d:
c5:16:91:be:cb:92:cc:ad:1f:a6:d6:2c:8e:d9:48:
58:7d:8d:fe:08:a7:54:f4:c3:a5:e6:ae:25:da:e7:
7b:b1:20:06:3b:6c:b7:91:e5:93:41:95:95:bf:9a:
cc:5c:20:4f:0b:96:55:90:fe:40:5c:99:59:fe:0e:
1b:fa:b7:78:b5:dd:b7:ff:d0:49:97:e8:bf:5a:34:
d2:02:05:90:36:c5:c9:2e:8d:27:1d:5c:7b:97:fc:
ca:22:b4:01:00:36:7c:6d:0f:a6:35:0e:34:3f:07:
59:8a:39:09:77:47:09:6f:0a:45:e4:e2:e6:0c:99:
f3:01:c8:3d:d8:f9:2e:f5:fa:2c:61:a1:6a:58:43:
06:72:84:b0:a4:bb:5a:8c:2c:27:b6:2d:e2:b8:13:
f0:15:69:f7:23:05:4f:23:5c:df:95:7a:06:a4:98:
bb:39:34:c7:eb:01:61:a8:c4:7c:cc:0d:fb:56:8d:
1a:da:e1:94:c5:a7:e9:28:1a:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
4D:38:FD:86:4E:BE:18:C5:F0:B7:2E:38:52:E2:01:4C:3A:67:6F:C8
X509v3 Authority Key Identifier:
4D:38:FD:86:4E:BE:18:C5:F0:B7:2E:38:52:E2:01:4C:3A:67:6F:C8
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
17:d2:03:8c:49:cd:13:e9:2b:99:91:c9:0f:46:1d:91:5c:a9:
ef:17:46:3f:ee:d1:05:10:72:90:09:55:1b:94:a6:c8:34:8d:
89:fb:96:cf:b5:7b:08:38:ba:77:6b:e5:69:d7:1e:71:ea:ad:
34:e5:b3:1f:1d:cb:d7:c7:6d:f6:45:a8:c0:74:79:2d:ca:e5:
06:af:3e:b7:40:af:66:98:81:e0:45:d5:04:f3:a6:2b:ff:55:
b1:4e:6d:29:da:ea:a5:ab:27:82:9c:d7:78:6e:56:4d:82:b0:
6d:de:bf:60:e9:5a:a7:c4:8d:8b:c3:6a:f0:c5:8c:f3:ce:2f:
6e:3f:d9:7f:8d:ce:9e:8e:6f:9c:95:79:dc:95:9f:b2:10:97:
57:ae:3b:6b:e0:72:18:32:cb:b2:08:8b:34:cb:f0:51:db:ea:
07:96:32:a0:0b:79:d4:f7:63:99:c9:77:58:71:6e:77:03:e9:
7d:52:90:d2:26:a2:6d:0a:11:32:29:84:b0:2c:52:d9:fe:6b:
d9:6a:9c:aa:49:4c:87:6a:8b:5b:84:51:f7:9f:23:2a:b9:f8:
9c:eb:ff:9d:ff:8d:23:09:00:df:77:f8:e3:17:8d:06:35:bc:
7e:8f:bf:a6:23:b5:51:2b:c7:5f:2d:77:13:43:47:8f:62:40:
a7:9c:9f:ab:34:3a:87:96:83:de:00:a7:60:4b:09:60:49:ab:
39:f1:d5:a2:3f:ce:77:5e:19:d5:19:81:8b:0c:71:01:5d:e7:
2f:99:d4:16:b4:05:3d:56:c1:90:cb:de:4b:0d:c7:d5:0b:9e:
4b:95:74:35:cb:6b:1e:0e:1f:15:39:74:f8:6c:25:e5:de:d6:
f4:e6:6f:98:a5:df:83:44:97:ee:2e:f6:f8:fc:ba:43:69:9c:
03:2d:96:ff:c6:5a:32:1c:b1:99:fe:aa:ec:e6:04:5e:21:c5:
ef:10:e4:bd:95:d7:0b:42:5d:90:d0:56:1e:32:f3:44:16:be:
ad:9a:f8:c9:0c:b6
-----BEGIN CERTIFICATE-----
MIIElDCCAvygAwIBAgIJAJFdFkL2YAnkMA0GCSqGSIb3DQEBCwUAMFoxNDAyBgNV
BAMTK1JlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCBrcGF0Y2ggc2lnbmluZyBrZXkx
IjAgBgkqhkiG9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQwMzMxMDgz
NDQ3WhcNMzcwMzI1MDgzNDQ3WjBaMTQwMgYDVQQDEytSZWQgSGF0IEVudGVycHJp
c2UgTGludXgga3BhdGNoIHNpZ25pbmcga2V5MSIwIAYJKoZIhvcNAQkBFhNzZWNh
bGVydEByZWRoYXQuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
pq3eLXfudqkpMPzytxGsQZRyaFJrCFRoiscKpbIQtrSDbzz/T/6bHqbkp3h4etEG
MLIs9bNoGh0ouSRPdaridgCL3QbjJFKlFOJCFxdPAVpql79gCK3gF2AgvFkR4oc9
bMe4ivFEhwkTcf12fe/lK8p4YU0WjmjgCoXS49434dHm2KD3MNNi+sQggZea18JO
okmAANBtrMY+mVpIcM9bUuWMiFECiQ8KP7gShRrLL3Iyl876/gRH9h2BSgFljxcg
IG3FFpG+y5LMrR+m1iyO2UhYfY3+CKdU9MOl5q4l2ud7sSAGO2y3keWTQZWVv5rM
XCBPC5ZVkP5AXJlZ/g4b+rd4td23/9BJl+i/WjTSAgWQNsXJLo0nHVx7l/zKIrQB
ADZ8bQ+mNQ40PwdZijkJd0cJbwpF5OLmDJnzAcg92Pku9fosYaFqWEMGcoSwpLta
jCwnti3iuBPwFWn3IwVPI1zflXoGpJi7OTTH6wFhqMR8zA37Vo0a2uGUxafpKBo1
AgMBAAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRN
OP2GTr4YxfC3LjhS4gFMOmdvyDAfBgNVHSMEGDAWgBRNOP2GTr4YxfC3LjhS4gFM
OmdvyDANBgkqhkiG9w0BAQsFAAOCAYEAF9IDjEnNE+krmZHJD0YdkVyp7xdGP+7R
BRBykAlVG5SmyDSNifuWz7V7CDi6d2vladceceqtNOWzHx3L18dt9kWowHR5Lcrl
Bq8+t0CvZpiB4EXVBPOmK/9VsU5tKdrqpasngpzXeG5WTYKwbd6/YOlap8SNi8Nq
8MWM884vbj/Zf43Ono5vnJV53JWfshCXV647a+ByGDLLsgiLNMvwUdvqB5YyoAt5
1Pdjmcl3WHFudwPpfVKQ0iaibQoRMimEsCxS2f5r2WqcqklMh2qLW4RR958jKrn4
nOv/nf+NIwkA33f44xeNBjW8fo+/piO1USvHXy13E0NHj2JAp5yfqzQ6h5aD3gCn
YEsJYEmrOfHVoj/Od14Z1RmBiwxxAV3nL5nUFrQFPVbBkMveSw3H1QueS5V0Nctr
Hg4fFTl0+Gwl5d7W9OZvmKXfg0SX7i72+Py6Q2mcAy2W/8ZaMhyxmf6q7OYEXiHF
7xDkvZXXC0JdkNBWHjLzRBa+rZr4yQy2
-----END CERTIFICATE-----

86
SOURCES/spheresecureboot001.pem
Unescape View File

@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:60:56:42:47:85:4c:fe:ba:bd:cb:99:d3:6b:c4:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Secure Boot CA
Validity
Not Before: Mar 22 16:42:54 2023 GMT
Not After : Mar 22 16:42:54 2053 GMT
Subject: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Secure Boot Signing
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d4:66:e0:18:8a:79:c1:61:3b:f7:48:c6:41:86:
21:82:a4:00:59:e7:61:10:75:c5:fd:34:14:e1:44:
86:bc:12:87:6d:9e:5c:f6:54:65:8f:31:c4:a3:62:
65:15:40:70:f5:f2:cf:09:52:ca:c7:94:51:62:d0:
fb:fc:1e:3d:21:7e:a8:10:40:9d:c1:8c:f9:0b:89:
41:0c:5a:7e:2c:bd:cc:15:aa:6c:28:4b:94:03:a0:
3f:16:5b:e5:b3:c7:05:3a:a7:f4:08:3f:18:d5:2d:
a5:13:57:97:e7:0a:00:7e:59:43:73:c5:9c:e4:4d:
dc:c6:ad:8b:37:6b:b9:78:62:4c:11:49:4e:ad:30:
9c:3d:89:59:0e:a4:41:12:d8:fb:31:22:3c:57:75:
ee:a5:45:55:d6:dc:4b:96:1c:f5:a9:95:9d:09:76:
48:3b:15:5a:02:e6:23:2b:62:d7:51:f5:67:3a:32:
d4:b8:21:b5:3c:34:82:5c:2b:70:52:32:cd:17:39:
78:fd:a0:d8:99:d0:62:68:4b:b9:b3:8d:fd:f4:2e:
34:5f:d8:48:c9:66:f5:91:cf:ee:34:87:68:a8:ca:
ae:da:35:45:5c:4c:a9:40:f0:e1:a2:bd:33:88:8c:
53:8a:cd:63:95:05:5d:48:1d:ce:ce:cb:cb:bb:7e:
cb:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
49:59:67:B5:13:6C:C8:DF:7E:64:B9:22:E3:A9:35:50:6B:95:84:D5
X509v3 Extended Key Usage:
Code Signing
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E9:5A:22:76:4E:CE:34:C9:69:BD:42:5C:7C:6A:9F:5A:BE:AC:97:50
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
4b:5a:c8:7a:83:75:c0:02:e0:08:15:dd:e0:f6:0f:33:3c:8f:
84:d7:04:39:13:05:99:3d:5b:da:c3:45:d2:1d:2c:7a:1f:fd:
8c:ae:75:71:23:0a:11:43:a1:1c:90:83:70:a3:02:93:c9:27:
6b:dd:eb:2b:56:c5:7c:fb:8c:71:b3:e9:83:c8:a3:99:9d:9c:
d2:c1:2b:15:f3:c5:6e:22:30:e6:63:4f:50:1b:d0:f8:3b:e8:
c1:3f:9c:d0:a7:59:f5:5c:68:ce:2e:ae:79:94:8f:14:47:1c:
92:0c:72:3a:7f:fa:85:39:a1:9a:19:32:ab:7a:0a:4f:fe:ae:
bc:af:0c:5a:f0:0d:f2:ea:49:f6:53:4d:e1:aa:d7:2e:1e:aa:
e6:c8:5e:3c:91:b0:59:6d:e8:60:f7:af:34:47:c6:50:5b:90:
92:46:15:02:c4:d3:ed:3f:d2:c3:05:6e:78:cd:9b:84:b1:43:
84:d2:4a:9d:8e:db:d4:a9:90:5c:b8:8e:78:a0:5f:00:dd:b3:
f5:98:29:72:58:ab:99:5e:c8:ba:7f:21:72:ba:a3:c4:31:aa:
e7:b3:cd:02:aa:ae:54:77:4f:9c:73:68:60:a6:af:c4:b3:7a:
6e:64:94:9e:01:1b:c0:f9:b8:f1:5c:fd:de:cb:00:d7:ed:4d:
46:a9:4c:1f
-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQCGBWQkeFTP66vcuZ02vEqDANBgkqhkiG9w0BAQsFADCB
tzEqMCgGA1UECxMhTVNWU3BoZXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSQw
IgYJKoZIhvcNAQkBFhVzZWN1cml0eUBtc3ZzcGhlcmUucnUxDzANBgNVBAcTBk1v
c2NvdzEPMA0GA1UECBMGTW9zY293MQswCQYDVQQGEwJSVTERMA8GA1UEChMITkNT
RCBMTEMxITAfBgNVBAMTGE1TVlNwaGVyZSBTZWN1cmUgQm9vdCBDQTAgFw0yMzAz
MjIxNjQyNTRaGA8yMDUzMDMyMjE2NDI1NFowgbwxKjAoBgNVBAsTIU1TVlNwaGVy
ZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJARYVc2VjdXJp
dHlAbXN2c3BoZXJlLnJ1MQ8wDQYDVQQHEwZNb3Njb3cxDzANBgNVBAgTBk1vc2Nv
dzELMAkGA1UEBhMCUlUxETAPBgNVBAoTCE5DU0QgTExDMSYwJAYDVQQDEx1NU1ZT
cGhlcmUgU2VjdXJlIEJvb3QgU2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANRm4BiKecFhO/dIxkGGIYKkAFnnYRB1xf00FOFEhrwSh22eXPZU
ZY8xxKNiZRVAcPXyzwlSyseUUWLQ+/wePSF+qBBAncGM+QuJQQxafiy9zBWqbChL
lAOgPxZb5bPHBTqn9Ag/GNUtpRNXl+cKAH5ZQ3PFnORN3MatizdruXhiTBFJTq0w
nD2JWQ6kQRLY+zEiPFd17qVFVdbcS5Yc9amVnQl2SDsVWgLmIyti11H1Zzoy1Lgh
tTw0glwrcFIyzRc5eP2g2JnQYmhLubON/fQuNF/YSMlm9ZHP7jSHaKjKrto1RVxM
qUDw4aK9M4iMU4rNY5UFXUgdzs7Ly7t+y10CAwEAAaNlMGMwHwYDVR0jBBgwFoAU
SVlntRNsyN9+ZLki46k1UGuVhNUwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQU6Voidk7ONMlpvUJcfGqfWr6sl1AwDQYJKoZIhvcN
AQELBQADggEBAEtayHqDdcAC4AgV3eD2DzM8j4TXBDkTBZk9W9rDRdIdLHof/Yyu
dXEjChFDoRyQg3CjApPJJ2vd6ytWxXz7jHGz6YPIo5mdnNLBKxXzxW4iMOZjT1Ab
0Pg76ME/nNCnWfVcaM4urnmUjxRHHJIMcjp/+oU5oZoZMqt6Ck/+rryvDFrwDfLq
SfZTTeGq1y4equbIXjyRsFlt6GD3rzRHxlBbkJJGFQLE0+0/0sMFbnjNm4SxQ4TS
Sp2O29SpkFy4jnigXwDds/WYKXJYq5leyLp/IXK6o8QxquezzQKqrlR3T5xzaGCm
r8Szem5klJ4BG8D5uPFc/d7LANftTUapTB8=
-----END CERTIFICATE-----

86
SOURCES/spheresecurebootca.pem
Unescape View File

@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
86:2f:3e:4c:b2:26:42:00:b8:3a:f1:25:79:9e:4e:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Secure Boot CA
Validity
Not Before: Mar 22 16:42:54 2023 GMT
Not After : Mar 22 16:42:54 2053 GMT
Subject: OU = MSVSphere Certification Authority, emailAddress = security@msvsphere.ru, L = Moscow, ST = Moscow, C = RU, O = NCSD LLC, CN = MSVSphere Secure Boot CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:19:da:af:e7:7c:fa:a6:b7:3e:9d:83:8c:70:
30:53:96:9c:94:94:2f:92:0d:b7:d0:ae:ee:6a:2e:
06:0b:2f:0a:43:a9:a2:ba:63:1d:f7:7d:7b:8e:b2:
cd:f4:4b:1f:e7:8a:41:b2:4c:82:cb:b0:40:aa:fa:
03:71:63:5a:b7:5b:d0:01:37:4f:88:4d:6e:a4:dd:
af:e0:87:ce:95:86:6e:5f:a9:cf:90:23:7c:1e:b4:
73:28:13:40:4d:95:07:ef:46:cf:c5:41:e6:5d:a7:
e1:56:6f:30:8d:73:a6:4b:f7:57:09:01:af:98:c4:
ee:d8:62:b0:aa:d9:be:6b:d3:58:17:9d:01:14:e8:
7c:59:f1:64:de:4b:b9:e1:71:0c:ef:13:0e:9e:d9:
f8:f9:60:62:96:0e:4c:fa:5f:0b:5c:e2:f4:9d:7f:
49:24:3c:f4:c8:0d:14:2b:cb:1f:b1:92:dc:88:a8:
e2:c7:86:21:c9:50:a9:9b:12:3f:dc:17:06:42:56:
c0:6f:98:26:06:e1:19:3d:de:cf:a2:c8:b1:f7:80:
86:3e:f7:33:d1:ca:f8:98:fd:3f:e0:03:10:25:b8:
7f:5e:7c:cb:16:ed:e7:29:6d:9b:55:75:6d:aa:8f:
95:19:ca:86:49:41:e1:ba:22:c1:86:a2:28:72:f8:
9a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
49:59:67:B5:13:6C:C8:DF:7E:64:B9:22:E3:A9:35:50:6B:95:84:D5
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
49:59:67:B5:13:6C:C8:DF:7E:64:B9:22:E3:A9:35:50:6B:95:84:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7b:50:33:73:3e:5f:6c:b9:1c:27:4f:68:cb:57:38:7a:f7:57:
c3:6c:cb:c1:5e:7a:3b:a6:d0:b1:b1:c9:7d:19:f1:40:3f:09:
24:fb:f2:08:a7:bb:94:40:4d:5d:cd:70:26:1f:d9:9f:9d:b7:
6e:7d:8c:bc:aa:7f:8a:be:42:c0:8c:db:82:6b:ad:08:38:2b:
b1:a1:c4:8c:f4:08:b9:eb:7d:e8:a1:df:03:47:e5:1e:4b:95:
4f:4f:a4:05:42:bd:9c:6f:f0:bd:ed:4f:bf:f7:d4:ad:a5:ef:
6e:1c:ad:9e:66:dd:4d:eb:3e:b4:d0:e0:39:2b:9d:72:8c:c0:
a8:8e:82:cd:23:f4:47:63:51:78:4a:cd:e8:54:47:09:a1:cd:
ef:b7:bf:c5:30:e6:24:0e:c3:f5:65:4b:59:ff:74:86:13:06:
a9:2a:2a:38:bd:05:4a:f7:12:eb:da:ed:e1:a1:7b:24:b2:53:
22:c9:49:a5:57:e0:2c:89:fe:62:95:b2:8c:4a:07:8d:c8:b1:
d2:22:8f:09:bd:a9:4e:01:88:cd:54:93:7c:22:98:51:a2:c4:
d5:f9:60:8d:2f:b8:b3:0d:01:47:c0:b0:34:01:12:c0:c3:46:
6b:4a:fc:6a:71:97:73:64:80:f9:82:ee:bd:6e:00:8d:cf:55:
f7:7d:d2:e6
-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgIRAIYvPkyyJkIAuDrxJXmeTkEwDQYJKoZIhvcNAQELBQAw
gbcxKjAoBgNVBAsTIU1TVlNwaGVyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEk
MCIGCSqGSIb3DQEJARYVc2VjdXJpdHlAbXN2c3BoZXJlLnJ1MQ8wDQYDVQQHEwZN
b3Njb3cxDzANBgNVBAgTBk1vc2NvdzELMAkGA1UEBhMCUlUxETAPBgNVBAoTCE5D
U0QgTExDMSEwHwYDVQQDExhNU1ZTcGhlcmUgU2VjdXJlIEJvb3QgQ0EwIBcNMjMw
MzIyMTY0MjU0WhgPMjA1MzAzMjIxNjQyNTRaMIG3MSowKAYDVQQLEyFNU1ZTcGhl
cmUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFXNlY3Vy
aXR5QG1zdnNwaGVyZS5ydTEPMA0GA1UEBxMGTW9zY293MQ8wDQYDVQQIEwZNb3Nj
b3cxCzAJBgNVBAYTAlJVMREwDwYDVQQKEwhOQ1NEIExMQzEhMB8GA1UEAxMYTVNW
U3BoZXJlIFNlY3VyZSBCb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzBnar+d8+qa3Pp2DjHAwU5aclJQvkg230K7uai4GCy8KQ6miumMd9317
jrLN9Esf54pBskyCy7BAqvoDcWNat1vQATdPiE1upN2v4IfOlYZuX6nPkCN8HrRz
KBNATZUH70bPxUHmXafhVm8wjXOmS/dXCQGvmMTu2GKwqtm+a9NYF50BFOh8WfFk
3ku54XEM7xMOntn4+WBilg5M+l8LXOL0nX9JJDz0yA0UK8sfsZLciKjix4YhyVCp
mxI/3BcGQlbAb5gmBuEZPd7Posix94CGPvcz0cr4mP0/4AMQJbh/XnzLFu3nKW2b
VXVtqo+VGcqGSUHhuiLBhqIocviaeQIDAQABo2MwYTAfBgNVHSMEGDAWgBRJWWe1
E2zI335kuSLjqTVQa5WE1TAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQUSVlntRNsyN9+ZLki46k1UGuVhNUwDQYJKoZIhvcNAQELBQAD
ggEBAHtQM3M+X2y5HCdPaMtXOHr3V8Nsy8Feejum0LGxyX0Z8UA/CST78ginu5RA
TV3NcCYf2Z+dt259jLyqf4q+QsCM24JrrQg4K7GhxIz0CLnrfeih3wNH5R5LlU9P
pAVCvZxv8L3tT7/31K2l724crZ5m3U3rPrTQ4DkrnXKMwKiOgs0j9EdjUXhKzehU
Rwmhze+3v8Uw5iQOw/VlS1n/dIYTBqkqKji9BUr3Euva7eGheySyUyLJSaVX4CyJ
/mKVsoxKB43IsdIijwm9qU4BiM1Uk3wimFGixNX5YI0vuLMNAUfAsDQBEsDDRmtK
/Gpxl3NkgPmC7r1uAI3PVfd90uY=
-----END CERTIFICATE-----

62
SPECS/edk2.spec
Unescape View File

@ -6,7 +6,7 @@ ExclusiveArch: x86_64 aarch64
%define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7
%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1
%define OPENSSL_HASH 8e5beb77088bfec064d60506b1e76ddb0ac417fe
%define DBXDATE 20230509
@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2
Version: %{GITDATE}
Release: 6%{?dist}.3
Release: 5%{?dist}.inferit.1
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -51,6 +51,21 @@ Source80: edk2-build.py
Source82: edk2-build.rhel-9
Source90: DBXUpdate-%{DBXDATE}.x64.bin
Source100: msvsphereca1.pem
Source101: msvsphereima.pem
Source102: nvidiagpuoot001.pem
Source103: rhelimaca1.pem
Source104: rhelima.pem
Source105: spheresecureboot001.pem
Source106: msvspheredup1.pem
Source107: msvspherepatch1.pem
Source108: rheldup3.pem
Source109: rhelima_centos.pem
Source110: rhelkpatch1.pem
Source111: spheresecurebootca.pem
Source112: certs_add.sh
Patch1: 0003-Remove-paths-leading-to-submodules.patch
Patch2: 0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch3: 0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
@ -99,16 +114,6 @@ Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
# For RHEL-45847 - [RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic
Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
# For RHEL-56974 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9]
Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
# For RHEL-60831 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-9.5]
Patch45: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
# For RHEL-65735 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.5.z]
Patch46: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-65735 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.5.z]
Patch47: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-63094 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-9.5]
Patch48: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
@ -217,6 +222,7 @@ cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
cp -a -- %{SOURCE80} %{SOURCE82} .
cp -a -- %{SOURCE90} .
cp -a -- %{SOURCE100} %{SOURCE101} %{SOURCE102} %{SOURCE103} %{SOURCE104} %{SOURCE105} %{SOURCE106} %{SOURCE107} %{SOURCE108} %{SOURCE109} %{SOURCE110} %{SOURCE111} %{SOURCE112} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
# Done by %setup, but we do not use it for the auxiliary tarballs
@ -284,6 +290,7 @@ virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot \
--set-fallback-no-reboot
./certs_add.sh RHEL-9/ovmf/OVMF_VARS.secboot.fd
%endif
%if %{build_aarch64}
@ -443,29 +450,11 @@ install -m 0644 \
%changelog
* Fri Nov 22 2024 Jon Maloy <jmaloy@redhat.com> - 20240524-6.el9_5.3
- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-63094]
- Resolves: RHEL-63094
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-9.5])
* Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6.el9_5.2
- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65735]
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65735]
- Resolves: RHEL-65735
([Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.5.z])
* Wed Oct 16 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6.el9_5.1
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60831]
- Resolves: RHEL-60831
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-9.5])
* Fri Sep 13 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6
- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56974]
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55336]
- Resolves: RHEL-56974
(qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9])
- Resolves: RHEL-55336
(CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5])
* Sun Nov 10 2024 Dmitriy Samoylik <samoylikdv@msvsphere-os.ru> - 20240524-5.inferit.1
- Added msvsphere certificates for secure boot
* Tue Nov 05 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 20240524-5.inferit
- Rebuilt. No changes
* Mon Sep 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-5
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-45847]
@ -669,6 +658,9 @@ install -m 0644 \
- Resolves: RHEL-377
(edk2: ship secure build variable store with latest dbx updates)
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 20230301gitf80f052277c8-2
- Rebuilt for MSVSphere 9.2 beta
* Wed Apr 05 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-2
- edk2-build-script-update.patch [bz#2183230]
- edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230]

Write Preview
Loading…
Cancel
Save