From 348a26201aa2febb0f01aebc350980a21b35223a Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Wed, 3 Jan 2024 20:54:14 +0530
Subject: [PATCH] coreos-sb-keys: Add the shim keys

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 ...0.1.ebuild => coreos-sb-keys-0.0.2.ebuild} |   7 ++++-
 .../coreos-base/coreos-sb-keys/files/shim.der | Bin 0 -> 771 bytes
 .../coreos-base/coreos-sb-keys/files/shim.key |  28 ++++++++++++++++++
 .../coreos-base/coreos-sb-keys/files/shim.pem |  19 ++++++++++++
 4 files changed, 53 insertions(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/{coreos-sb-keys-0.0.1.ebuild => coreos-sb-keys-0.0.2.ebuild} (72%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.der
 create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.key
 create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.pem

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild
similarity index 72%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild
index 9ff15fdf5d..14af7b694a 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-DESCRIPTION="CoreOS Secure Boot keys"
+DESCRIPTION="Flatcar Secure Boot keys"
 HOMEPAGE=""
 SRC_URI=""
 LICENSE="BSD"
@@ -21,4 +21,9 @@ src_install() {
 	newins "${FILESDIR}/KEK.crt" KEK.crt
 	newins "${FILESDIR}/DB.key" DB.key
 	newins "${FILESDIR}/DB.crt" DB.crt
+
+	# shim keys
+	newins "${FILESDIR}/shim.key" shim.key
+  	newins "${FILESDIR}/shim.der" shim.der
+  	newins "${FILESDIR}/shim.pem" shim.pem
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.der b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.der
new file mode 100644
index 0000000000000000000000000000000000000000..2194987d0f968ada08aa84664acd7b8a8b4c6714
GIT binary patch
literal 771
zcmXqLV)}2;#Q1yxGZP~dlSppH>M7+_6-r4rX8Yfr%O;RIInvmGmyJ`a&7<u*FC!y2
zD}w>QA+G^98*?ZNGY?B~MrN*ooH(zMv7w=nv5~QXp{YTXIIjtiYiI%GVrpn&R6;hC
zk(GhDiIJZH=ngKXCPqevmo^#VGDbGqR~~Yk2AllpN?Yo%kCiLMf7-d9@A?<yG)d3>
z|F_y8R7R)c^_rLEi(f<p8|^9G9xy%G;N04TB_H1W+$eYX0qbI=D_3@%PmQ{HR3yAr
z>cEDK<r5ySVVZGfnx>F|)V+PHZ-;n>ToUd*Wv8}RZR)~*4J(6Zt81$!zWSIN#WQge
z$LtyM8?v`N7f2|Lwk#?WNt$A4mi$R)t;cM}(AX&pF3ySF;3TVKb}fT3^oZoVbN_b-
zZ<Wl**jf{o|0<vRsItD)9e;6+GGp1ZF+r2sxc)myH!zy>m>m;i)X;o(MQ+Oj$EouT
zOrM{Qx-_{=m|1*s(&uBZm%Yp}WZqvk#gmDdk%4h>utA`KEHIp9`B=nQL>j{7Wsa+K
z#-8rXUi_^`hVRIfvr7!*LDI@B5(Z)o*cI@D6bLgi{%2t|U<Oji!48Z|V6ZbX%<8ZE
z^TabJ_=}2-?7`b}qPT6hyXRVe)B2*ks`l!%zYgb@Km6Ri$0Kp=Ufs^M;jhISWu)CE
zM{05${;z6cmU4B+o$9H2>WiGJ>J};=3!PUcSM+1zt6aBz%=_}^zFF7Id-9L&DgB49
zo4Jk_Hwd)|vMVbIC~ID~o4d*K>X8*07P&bxz8m6O)*W5+`l-hWu~J5Bz87qlQZFqM
z&a%Iw@V+bVl!7DYhCK6J^SG+Vrsbc#t=f{AO0U@IoWCI0xy8{!D&oe3d*|i$-Z|s)
z#-+uid{RhN>-PN22+RML^S$2v{IIUfm)BF(NWAGt^eXQeYED}eq;Di#cxFCzMqo8d
JW2*7NG5~RCG3o#S

literal 0
HcmV?d00001

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.key b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.key
new file mode 100644
index 0000000000..52f9fe1e7a
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDpPGgXHDI8K9Th
+CzVTNPyKZqVAvgUKZE+Wzvnuj6Bsghud//17MFUcLIjrrOl3o+hYUzK8dbdQl2Mw
+zq1gpPDs+bEe0+AFoyLU1LrPZVrZxRRXhRrAsGinkOOsApjMlikSEBrevqvbVElU
+0hONyj4mvSaVof6AqVObJyslYerxZVoMkbIIm5gfsGu05xBgdVs5cnYUYpQxNmPy
+LK1ImwFVXZSg0ZxdsEIdLDbWaAFVxBmezv+7U7UZaGi1fFZv6m8LxSMvGtxPFyh2
+Mx3NXFKShgr/QhuAATcMNsYWASgp5tQetOBBlZ8wNefLWtKTdhMDF5Ni88brpuls
+MQO/dpRJAgMBAAECggEAIbJpBYG83kWk5XillSZwIBzRXke12bkBaLPxlx5oGpU3
+oT21ZSFoAoCKraYXOwJS1MP8bg8B06Jzob8SfIaICmzOwrnwwU++/gnYDZPCqvjW
+xghEg7dY/3Cm/BiJ8/Dz8RijkS/yC2ejip4pVhB0p0snsnGrn/IW0rE3ghiiBYsM
+971GSgbGp6o25rhA8/yx5+OOFvGoDX2nIymfFASSPmxiAbXcb4DmdMlrRZ6P4z51
+8WJ8gXiTYvALFVWMNtv8GJZCQFi2fHcat/mWiVzg28J4Mzz9n79E0MrZ+4pxXLFT
+lbtI6OvcjRgvsyxPwkExCsBTKnOeAdgKXKwiczBdMwKBgQD4u5NSEpx98GxiWVZX
+DtT7WuCN257S0KztWzAYpTI5SZIRv4jylZPo+JnSrCvNt4hVs0Jz/aQQXhRIzVSj
+4VrkhlxXGnJpZz1DkICIoFQLi9maazgj1aB9Y6lZeGxAlzCnDHP7pR7dxUj4FF2p
+G6udyGhb3qfsevbSdykZ7DsHMwKBgQDwDOvheT71dNlcNuKrHi89sT5SoD4A2yTv
+pyzBCvh2a+UFxveFa6l+/VgxR8AkX9z37hQxi++QFrBHnTD/NZcLijLnPI1V0pIQ
+uNym6dx1PfuCtulZ24i2Fn5zrNUiNnTLBR31Fa1RJcyJv50IoTMK6F+0Bz4Qxan1
+0Um+xgDGkwKBgAb32ky2UMQGdELdFdoihDz2cswGlxB44B9WKqbGGf4Y3Yq5vvBs
+2FPygvyv7ho5RgyAlSACvxHmUNMpTXG54n38daHLD+F8Du9RoQgy1aftJw94aX43
+geOBY0Eqan30vlwvsSAfpBm6aSzqBSWzrL8i2imYt0OcvkVvKSucvpqZAoGAWoXk
+5dAdJ976oMWp0LG/StpuECaRey0ozp8SR3HlpHKnmPghG1UwQ80x1tOh55Wm9G/5
+eX21x3Zm33qtoXAKF7Xz4DN7cOPJZTjxLJiAJE5NbEuhz9rzwQbWhLSmYxJ6FJ1H
+YMbd5v4EFeYGR9zSLMjYXkFk7Fo9748O6jwsyrUCgYEApBlTWbna9BoxiVElEmvT
+u/NgdKZIEBbeX/NWJz8BJWiBVRg5WaAeuriga/1tMhiX8dgo7z7uGm3moEsXGlVD
+IhZiJeAgMmamr1yqII1q9RTBcA7iPqKmAgto+7zwcVxRmXCMRM/daJ04uqGine+K
+dM/o7gBtadQHJ1KPftM8SqQ=
+-----END PRIVATE KEY-----
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.pem b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.pem
new file mode 100644
index 0000000000..de044d7959
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUbWirlHd6eCJi2JtP3Z0GEGWTWTMwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEc2hpbTAeFw0yMzExMjMyMzAxNTBaFw00MzExMTgyMzAx
+NTBaMA8xDTALBgNVBAMMBHNoaW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDpPGgXHDI8K9ThCzVTNPyKZqVAvgUKZE+Wzvnuj6Bsghud//17MFUcLIjr
+rOl3o+hYUzK8dbdQl2Mwzq1gpPDs+bEe0+AFoyLU1LrPZVrZxRRXhRrAsGinkOOs
+ApjMlikSEBrevqvbVElU0hONyj4mvSaVof6AqVObJyslYerxZVoMkbIIm5gfsGu0
+5xBgdVs5cnYUYpQxNmPyLK1ImwFVXZSg0ZxdsEIdLDbWaAFVxBmezv+7U7UZaGi1
+fFZv6m8LxSMvGtxPFyh2Mx3NXFKShgr/QhuAATcMNsYWASgp5tQetOBBlZ8wNefL
+WtKTdhMDF5Ni88brpulsMQO/dpRJAgMBAAGjUzBRMB0GA1UdDgQWBBSAVx8cxySJ
+XcuJa6P2jBwOxJTNpDAfBgNVHSMEGDAWgBSAVx8cxySJXcuJa6P2jBwOxJTNpDAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCaj3785ElsU/QkPB3B
+25xaCz23R2079ir0I6p91Zb9QM+n4fOLvEhhrb0tia1X6xaBHBtGk1kpCMP/JTQ2
+ZNW43HuVLieiQnp+oSPGVZ52HnL4keptRr4Dvm+d7K6DDcn8Lcov4euDCsVzgBKE
+EQcjIhAjKdc+nbI51cSoaDhtbBxNsF+ErsWi6+VIyBZ1ATsO6AbSZdKiE2o/3CDv
+il7KIEEJsG43bTdeeuM1d/NLOoZjAnXUPizP0BGJtEE4GljYkN7PHr3czETsRIQ0
+d5JUeoW3b2lYOf85n0ru+fCudk0NSSUyF4LEW6pLmCZCtCAb2GDQ5jeVmFF7BIFl
+M8F2
+-----END CERTIFICATE-----