openSUSE shim certificate for uefi secure boot

Is openSUSE shim bootloader signed with openSUSE private key? If so, where can I find the corresponding openSUSE certificate for secure boot verification purpose?

Solution

A public key can be retrieved from the shim source package:

Download http://download.opensuse.org/source/distribution/13.1/repo/oss/suse/src/shim-0.2-3.1.src.rpm
Extract using e.g.: rpm2cpio shim-0.2-3.1.src.rpm | cpio -dium
Unpack tar-ball that is inside: tar-xJf shim-12.3-update.tar.xz
The certificate can now be found in the usr/lib64/efi subdir: openssl x509 -inform der -in usr/lib64/efi/shim-opensuse.der -text

Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=openSUSE Secure Boot CA, C=DE, L=Nuremberg, O=openSUSE Project/[email protected]

You can verify 2nd stage bootloaders and kernels using sbverify from the sbsigntool package (that's what its called on Ubuntu)

C# - Securely storing a password locally
how to secure keys for API calls from android device to amazon services
How can i use a reverse shell over global Internet?
Should I add application.properties to .gitignore if the Git repository is private and both the server and DB are on an internal network?
Understanding the port numbers of a network connection strings in systemd output of an ubuntu device
Disable firefox same origin policy
SecurityError: Blocked a frame with origin from accessing a cross-origin frame
Securely decoding a Base64 character array in Java
Is There a Security Risk Using ADB Over TCP/IP for Wireless App Development in Expo?
Is it a good idea to distribute docker image containing my selfsigned certificate?
Is it possible to externalize nested components
How can I make a file trully immutable (non-deletable and read-only)?
Buzz words in architecture document
Docker and securing passwords
Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)
Is it possible to browse a spreadsheet when an importrange has been authorized?
Wordpress ==> SSL ==> MySQL is this configuration possible?
How to Create Secure(TLS/SSL) Websocket Server
Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
openapi generator unauthorized 401 via $ref url in yaml
Deploying a Mercurial Repository to Production - Security Concerns and Tips
How to find tables using row access policies in Snowflake
Issue with CORS origin linked to API key
How to track hacking attempts on a website
Encrypting AES key with RSA public key
Why Does OAuth v2 Have Both Access and Refresh Tokens?
How to make copilot not leak secret credentials (neovim)?
Clear GPG Cache/Password after Encryption in Linux Terminal
Keycloak: Role based client log-in access restriction for users
SSL - Access non secure API from secure page