Bug 1806871 - [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot
Summary: [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: kernel-rt
Version: 8.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Juri Lelli
QA Contact: Qiao Zhao
Depends On:
Blocks: 1722609
TreeView+ depends on / blocked
Reported: 2020-02-25 08:46 UTC by Qiao Zhao
Modified: 2020-04-28 15:28 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-04-28 15:27:53 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1567 0 None None None 2020-04-28 15:28:31 UTC

Description Qiao Zhao 2020-02-25 08:46:51 UTC
Description of problem:
The same issue with 1684127. Check CI job, since kernel-rt-4.18.0-182.rt13.40.el8, kernel-rt use the Test Certficate:
Use the pesign command to verify the RH certificate.
certificate address is 0x7ff4f61f5978
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Test Certificate
No signer email address.
Signing time: Sat Feb 22, 2020
There were certs or crls included.
No Red Hat Secure Boot key, may is Red Hat Test Certificate:

The latest kernel kernel-rt-4.18.0-183.rt13.41.el8 also use the test certificate.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. pesign -v -S -i /boot/vmlinuz-$(uname -r)

Actual results:

Expected results:

Additional info:

Comment 9 errata-xmlrpc 2020-04-28 15:27:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.