37 lines
1.2 KiB
Markdown
37 lines
1.2 KiB
Markdown
# Migrate Secureboot key
|
|
## Export Ubuntu
|
|
Copy following files
|
|
* Private Key: /var/lib/shim-signed/mok/MOK.priv
|
|
* Public Key: /var/lib/shim-signed/mok/MOK.der
|
|
|
|
## Export Fedora
|
|
Copy following files
|
|
* Symlink to Private Key: /etc/pki/akmods/private/private_key.priv
|
|
* Symlink to Public Key: /etc/pki/akmods/certs/private_key.priv
|
|
|
|
## Import Ubuntu
|
|
Using source.priv and source.der files in current directory to import
|
|
```
|
|
cp source.priv /var/lib/shim-signed/mok/MOK.priv
|
|
cp source.der /var/lib/shim-signed/mok/MOK.der
|
|
```
|
|
|
|
## Import Fedora
|
|
Using source.priv and source.der files in current directory to import
|
|
```
|
|
dnf install akmods kmodtool
|
|
|
|
KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')"
|
|
|
|
cp source.der /etc/pki/akmods/certs/${KEYNAME}.der
|
|
cp source.priv /etc/pki/akmods/private/${KEYNAME}.priv
|
|
|
|
chgrp akmods /etc/pki/akmods/certs/${KEYNAME}.*
|
|
chgrp akmods /etc/pki/akmods/private/${KEYNAME}.*
|
|
|
|
chmod g+r /etc/pki/akmods/certs/${KEYNAME}.*
|
|
chmod g+r /etc/pki/akmods/private/${KEYNAME}.*
|
|
|
|
ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der
|
|
ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv
|
|
``` |