Bug 2225009

Summary: Include the newly created secureboot{304, 504, 704} certs into redhat-sb-certs
Product: Red Hat Enterprise Linux 9 Reporter: Vitaly Kuznetsov <vkuznets>
Component: redhat-releaseAssignee: Veronika Doubkova <vdoubkov>
Status: ASSIGNED --- QA Contact: Release Test Team <release-test-team>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.3CC: ailan, asabadra, bstinson, lisas, vdoubkov, zveleba
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: zveleba: needinfo? (vdoubkov)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2225529    

Description Vitaly Kuznetsov 2023-07-24 08:54:00 UTC 
New secureboot keys to sign Unified Kernel Images were created: https://issues.redhat.com/browse/SIGNSERVER-416 so we need to include them into 'redhat-sb-certs' package.

For RHEL9.3+, I suggest we create /usr/share/pki/sb-certs/secureboot-uki-virt-x86_64.cer and /etc/pki/sb-certs/secureboot-uki-virt-x86_64.cer link containing 
secureboot504.
Comment 1 Vitaly Kuznetsov 2023-07-24 08:55:20 UTC 
For CentOS Stream, we need to package centossecureboot204. I can create a separate BZ if needed.
Comment 10 Lisa S 2023-07-31 21:16:56 UTC 
We will get to this next sprint, which starts next week.