Bug 1806871

Summary: [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot
Product: Red Hat Enterprise Linux 8 Reporter: Qiao Zhao <qzhao>
Component: kernel-rtAssignee: Juri Lelli <jlelli>
kernel-rt sub component: Other QA Contact: Qiao Zhao <qzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: bhu, cyin, hkrzesin, jwboyer, qzhao, williams
Version: 8.2   
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 15:27:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1722609    

Description Qiao Zhao 2020-02-25 08:46:51 UTC 
Description of problem:
The same issue with 1684127. Check CI job, since kernel-rt-4.18.0-182.rt13.40.el8, kernel-rt use the Test Certficate:
Use the pesign command to verify the RH certificate.
---------------------------------------------
certificate address is 0x7ff4f61f5978
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Test Certificate
No signer email address.
Signing time: Sat Feb 22, 2020
There were certs or crls included.
---------------------------------------------
No Red Hat Secure Boot key, may is Red Hat Test Certificate:

The latest kernel kernel-rt-4.18.0-183.rt13.41.el8 also use the test certificate.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. pesign -v -S -i /boot/vmlinuz-$(uname -r)
2.
3.

Actual results:


Expected results:


Additional info:
Comment 9 errata-xmlrpc 2020-04-28 15:27:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1567