Updating Scientific Linux 7 Secure Boot key

2020-08-21 Thread Patrick Riehecky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Attention all Scientific Linux users of Secure Boot:

A new SECURE BOOT key for Scientific Linux 7 will be used starting
August 26 2020.  The existing key expires on the same day.

The new key is published at

http://ftp.scientificlinux.org/linux/scientific/7x/x86_64/os/SECURE-BOOT-KEY-fnal-sl7-exp-2023-09-27

in DER format[2].

A new grub2, shim, fwupd, and kernel will be issued along with the
first errata requiring this key.

For more information on Scientific Linux 7 and Secure Boot please
review our release notes[1].

UEFI SECURE BOOT users should validate the new certificate and load it
at this time[1].

Thanks,

The Scientific Linux Team

[1]
http://ftp.scientificlinux.org/linux/scientific/7x/x86_64/release-notes/#_about_uefi_secure_boot

[2] A PEM formatted version of the certificate is provided here as
well:
- -BEGIN CERTIFICATE-
MIIF3jCCBMagAwIBAgIQAkyHL6S+kt/bvsNMzNB9rjANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25p
bmcgQ0EgKFNIQTIpMB4XDTIwMDgyMTAwMDAwMFoXDTIzMDkyNzEyMDAwMFowgd8x
EzARBgsrBgEEAYI3PAIBAxMCVVMxGjAYBgNVBA8MEUdvdmVybm1lbnQgRW50aXR5
MRowGAYDVQQFExFHb3Zlcm5tZW50IEVudGl0eTELMAkGA1UEBhMCVVMxETAPBgNV
BAgTCElsbGlub2lzMRAwDgYDVQQHEwdCYXRhdmlhMS4wLAYDVQQKEyVGZXJtaSBO
YXRpb25hbCBBY2NlbGVyYXRvciBMYWJvcmF0b3J5MS4wLAYDVQQDEyVGZXJtaSBO
YXRpb25hbCBBY2NlbGVyYXRvciBMYWJvcmF0b3J5MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAoEFaNBWGiocZ84lCRkcOJedpNwnY6wRRkC4f6D+yZcVn
rJVRdVfgMomX7RG3r+bFXZh3TDgA0snfIHDSDDoXRDKsHmJ5r/UDomK1X5tkso6h
GhNuwNVR/fzNiq8MzomJJK3JW75t6+6sz2mgTUuxL+VyTLIFzMl4gUL1b7H5/c8T
AtaY76NgzZrpiPXVL0BeR/Qm3+KkP21zbBpwdT3pBY88E3TOLVMxUJyjD78ENLPj
O4kzlPVjYCywqmIs1KXDMpcToZexm84EuLFY9r9Pn8UJa8RtKSIh8J9q8CaeN6uY
HYMb6LspvrvZuJmw2cKWazqwD/Cw8QkNim0qWbuKaQIDAQABo4ICBjCCAgIwHwYD
VR0jBBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQwHQYDVR0OBBYEFMWhIriHBCEd
zqnfBeRYMaW/OKSDMEMGA1UdEQQ8MDqgOAYIKwYBBQUHCAOgLDAqDChVUy1GRVJN
SSBOQVRJT05BTCBBQ0NFTEVSQVRPUiBMQUJPUkFUT1JZMA4GA1UdDwEB/wQEAwIH
gDATBgNVHSUEDDAKBggrBgEFBQcDAzB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMDegNaAz
hjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRVZDb2RlU2lnbmluZ1NIQTItZzEu
Y3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAMCMCowKAYIKwYBBQUHAgEWHGh0dHBz
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQMwfgYIKwYBBQUHAQEEcjBw
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSAYIKwYBBQUH
MAKGPGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEVWQ29kZVNp
Z25pbmdDQS1TSEEyLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IB
AQBw5qkUbY9rDpngiwvSqp9ArNbDFV5mEmgjbwuQsrvHn6YVOxwmCQKhcmrMeUk7
UA+KAbRSbLdU+cdANKXJb7ULckrE7HO/cQkNYp7DXutamr8/KTtmtTa1ykf7XiFx
5E02ZZStBtKRApyCgWVndkYxRFdxuS9iF6SWt3Qcxy+yPkJQbwzhnKBXCQHkLbsx
1S2aKuZe55zqOj3LOxZFrL468dVvhxkhFbHHWjGXJwpmGYfhINTK/Wilvt3zaBAW
Ppc7RmkFb+KbX31pexkHbl9OC9IPxuXQuBAraqDBll7mvmx9CPQn8yKyJkOaNKDo
hwe+cMb58gPKjxydEv8ZvFpf
- -END CERTIFICATE-







-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAl9ADUAACgkQsLQYPxkqfX3rzACfcUhrZOEeY8mgVxr9nXHjOiVu
ifwAmwQEaMVtgrqF+w/6FVVYbDR1ieoZ
=EpGc
-END PGP SIGNATURE-


SECURE-BOOT-KEY-fnal-sl7-exp-2023-09-27.der
Description: SECURE-BOOT-KEY-fnal-sl7-exp-2023-09-27.der

Updating Scientific Linux 7 Secure Boot key

2017-07-10 Thread Pat Riehecky 

Attention all users of Secure Boot:

The Scientific Linux secure boot SSL certificate will expire 2017-07-26.

Scientific Linux will transition to a new certificate. The certificate 
will be attached to this email in DER format, pasted at the end of this 
message in PEM format, and published in the 7x distribution tree[1].


If you use UEFI Secure Boot, you will need to import this new key into 
your trusted key store.


For more information on Scientific Linux 7 and Secure Boot please review 
our release notes[2].


Thank you,
SL Team

[1] http://ftp.scientificlinux.org/linux/scientific/7x/x86_64/os/
[2] 
http://ftp.scientificlinux.org/linux/scientific/7x/x86_64/release-notes/#_about_uefi_secure_boot


###

X.509 Certificate Information:
Version: 3
Serial Number (hex): 0ac03d1df4810d39523168f401cc713e
	Issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert EV Code 
Signing CA (SHA2)

Validity:
Not Before: Fri Jun 30 00:00:00 UTC 2017
Not After: Wed Aug 26 12:00:00 UTC 2020
	Subject: 
jurisdictionOfIncorporationCountryName=US,businessCategory=Government 
Entity,serialNumber=Government Entity,C=US,ST=Illinois,L=Batavia,O=Fermi 
National Accelerator Laboratory,CN=Fermi National Accelerator Laboratory

Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:be:51:b0:97:f4:d4:5f:0b:35:a4:bc:f2:59:39:c6
d3:ea:c0:f3:fe:ec:d5:74:d4:2c:4b:6e:1a:98:f9:2f
e2:6f:91:20:d7:e3:bb:bc:90:29:a4:76:4c:45:2e:d3
ef:ca:8b:6a:8c:55:78:94:57:7e:ea:b5:7b:9b:8f:88
47:83:61:07:d7:8a:53:42:c5:5c:96:8e:aa:f8:a3:e7
db:ca:b0:33:ca:9c:ff:e7:36:50:62:d7:b7:09:24:76
d7:8c:5a:ec:1d:d8:5f:6f:ee:0e:51:c5:27:8c:b2:77
52:a5:5a:a9:04:cd:de:23:c1:ad:df:cb:21:a7:49:a0
0e:ff:97:36:26:25:75:11:c2:ba:0c:e1:14:72:1b:37
d3:49:04:e9:9f:07:b3:53:5c:68:8c:c0:00:e5:81:c9
0c:7c:3e:21:06:63:74:fc:1f:c9:1b:40:bb:15:4b:0d
a5:8d:2a:5c:a8:74:7b:63:29:ee:c8:34:67:40:ff:15
73:4e:e9:b8:1d:dd:dc:36:5d:2c:28:49:17:22:78:f9
a9:71:b4:cf:1c:21:f4:e1:36:94:44:18:0a:c9:03:1a
cd:73:b3:11:fc:88:4c:fc:0a:6b:17:8b:af:ea:d9:56
81:1d:73:c8:32:43:8a:eb:bd:03:a4:73:b6:f5:11:9d
c9
Exponent (bits 24):
01:00:01
Extensions:
Authority Key Identifier (not critical):
8fe87ef06d326a000523c770976a3a90ff6bead4
Subject Key Identifier (not critical):
4955473cdb6ee19957b42a4eb4d63a857800e282
Subject Alternative Name (not critical):
otherName OID: Identified-Organization
			otherName DER: 
302a0c2855532d4645524d49204e4154494f4e414c20414343454c455241544f52204c41424f5241544f5259

otherName ASCII: 0*.(US-FERMI NATIONAL ACCELERATOR 
LABORATORY
Key Usage (critical):
Digital signature.
Key Purpose (not critical):
Code signing.
CRL Distribution points (not critical):
URI: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl
URI: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl
Certificate Policies (not critical):
ExtendedValidationCodeSigning
URI: https://www.digicert.com/CPS
EVCodeSign
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.digicert.com
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
			Access Location URI: 
http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt
			Access Location URI: 
http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt

Basic Constraints (critical):
Certificate Authority (CA): FALSE
Signature Algorithm: RSA-SHA256
Signature:
51:9f:d2:ed:78:af:9c:4d:ba:c7:ac:77:8f:8e:8a:97
71:1a:3f:9c:85:7d:cd:e9:8c:62:31:b1:3a:da:86:52
84:54:8c:e0:17:65:f9:97:ce:b7:e8:64:3a:08:e6:66
1a:41:10:4b:3d:29:a0:f2:61:69:ba:43:73:1b:1f:cf
61:1c:a9:d0:05:77:00:27:8a:23:4d:8a:12:f8:43:23
8e:35:2a:c2:a3:fe:ee:22:db:33:6c:9b:d3:da:94:53
71:f3:6f:e3:9c:3e:5e:83:b8:b4:27:e9:08:2d:7d:7d
3f:d5:4c:b1:a8:da:63:dc:ef:42:e5:a7:f1:fc:8a:6e
b6:c3:b3:f4:73:c9:24:d2:d0:1d:3b