[CentOS] Secure boot

Thu Sep 17 20:12:34 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 09/17/2015 12:46 PM, Akemi Yagi wrote:
>
> I also suspect this is a grub2 issue. Perhaps, you may want to file a
> bug report [against grub2] at http://bugs.centos.org so that this can
> be followed properly.

Yeah, I just figured out how to query the signature of the new and 
previous grub image.  The new one is signed with "Red Hat Test Certificate"



[root at vagrant ~]# pesign --show-signature --in 
/var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi
---------------------------------------------
certificate address is 0x7fb81b3cb808
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Inc.
No signer email address.
Signing time: Thu Mar 26, 2015
There were certs or crls included.
---------------------------------------------
[root at vagrant ~]# pesign --show-signature --in 
/var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi
---------------------------------------------
certificate address is 0x7fde869bd808
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Test Certificate
No signer email address.
Signing time: Tue Sep 15, 2015
There were certs or crls included.
---------------------------------------------