From 8ab4057e3f830d0814ee5756c42565f891cf8b0f Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 16 Mar 2026 18:14:42 +0100 Subject: [PATCH 1/2] get_auth_var_signing_certificate: sort files The rglob() function returns an unsorted list. Sort the files before processing them to make sure the json output is stable. Signed-off-by: Gerd Hoffmann --- scripts/get_auth_var_signing_certificate.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/get_auth_var_signing_certificate.py b/scripts/get_auth_var_signing_certificate.py index fbbecc7..0ec36a5 100644 --- a/scripts/get_auth_var_signing_certificate.py +++ b/scripts/get_auth_var_signing_certificate.py @@ -171,6 +171,7 @@ def process_directory(directory_path: str, output_json: str) -> None: bin_files = list(directory.rglob("*.bin")) logging.info(f"Found {len(bin_files)} .bin files to process") + bin_files.sort() for bin_file in bin_files: try: certificate, sha1_thumb, _ = process_auth_file(str(bin_file)) From fb2a422ecb63194bacf08cd045bed15c301e7929 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 16 Mar 2026 18:21:49 +0100 Subject: [PATCH 2/2] update kek_update_map.json Run get_auth_var_signing_certificate script, commit updated kek_update_map.json file. Changes: - All entries are now sorted by filename. - Fix some paths from windows ('\\') to posix ('/') directory separator. - Remove duplicate RedHat entry. Signed-off-by: Gerd Hoffmann --- PostSignedObjects/KEK/kek_update_map.json | 266 +++++++++++----------- 1 file changed, 129 insertions(+), 137 deletions(-) diff --git a/PostSignedObjects/KEK/kek_update_map.json b/PostSignedObjects/KEK/kek_update_map.json index 77891ae..528a991 100644 --- a/PostSignedObjects/KEK/kek_update_map.json +++ b/PostSignedObjects/KEK/kek_update_map.json @@ -1,52 +1,4 @@ { - "be4a1ac7ff36c0faf0c643274a80a5e78d0b2551": { - "KEKUpdate": "Aava Mobile Oy/KEKUpdate_Aava_Mobile_Oy_PK1.bin", - "Certificate": { - "serial_number": "82186208b7486373", - "issued_to": "CN=UEFI PK Aava test", - "issued_by": "CN=UEFI PK Aava test" - } - }, - "f2b275e88a170fea01364af397baf44b7f6af804": { - "KEKUpdate": "Aava Mobile Oy/KEKUpdate_Aava_Mobile_Oy_PK3.bin", - "Certificate": { - "serial_number": "dd68b91d4b23f3c1", - "issued_to": "CN=uefi_pk", - "issued_by": "CN=uefi_pk" - } - }, - "97b12a139d3858e70de4dc785d4c24767914af04": { - "KEKUpdate": "Acer/KEKUpdate_Acer_PK1.bin", - "Certificate": { - "serial_number": "5c43f0519fbeb3ae47d3d46e347411d4", - "issued_to": "CN=Acer Platform Key,O=Acer,L=Taipei,ST=TW,C=Taiwan", - "issued_by": "CN=Acer Root CA,O=Acer,L=Taipei,ST=TW,C=Taiwan" - } - }, - "6cd7005bdf38b270649ae6ad19ee46c7b040f8c2": { - "KEKUpdate": "Acer/KEKUpdate_Acer_PK6CD7005B.bin", - "Certificate": { - "serial_number": "fad95b59cd8a3bd5", - "issued_to": "CN=Acer India,OU=HEAD OFFICE,O=Acer India Private Limited,L=BANGALORE,ST=KARNATAKA,C=IN", - "issued_by": "CN=Acer India,OU=HEAD OFFICE,O=Acer India Private Limited,L=BANGALORE,ST=KARNATAKA,C=IN" - } - }, - "9dbdabc291fb598cb61ac0826b3273b37648b9f4": { - "KEKUpdate": "Acer/KEKUpdate_Acer_PK9DBDABC2.bin", - "Certificate": { - "serial_number": "b023c7b2fa4763cb", - "issued_to": "OU=RD,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW", - "issued_by": "OU=RD,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW" - } - }, - "2f005cebcf48ecc720406c24350113298328f044": { - "KEKUpdate": "Adlink/KEKUpdate_Adlink_PK1.bin", - "Certificate": { - "serial_number": "8fb14a09c371be7a", - "issued_to": "CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=US", - "issued_by": "CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=US" - } - }, "9a3056b5260f628645b4d9ac61aebd8060305c3e": { "KEKUpdate": "AMI/KEKUpdate_AMI_PK1.bin", "Certificate": { @@ -207,6 +159,54 @@ "issued_by": "CN=HQ NBD1 PlatformKey Certificate" } }, + "be4a1ac7ff36c0faf0c643274a80a5e78d0b2551": { + "KEKUpdate": "Aava Mobile Oy/KEKUpdate_Aava_Mobile_Oy_PK1.bin", + "Certificate": { + "serial_number": "82186208b7486373", + "issued_to": "CN=UEFI PK Aava test", + "issued_by": "CN=UEFI PK Aava test" + } + }, + "f2b275e88a170fea01364af397baf44b7f6af804": { + "KEKUpdate": "Aava Mobile Oy/KEKUpdate_Aava_Mobile_Oy_PK3.bin", + "Certificate": { + "serial_number": "dd68b91d4b23f3c1", + "issued_to": "CN=uefi_pk", + "issued_by": "CN=uefi_pk" + } + }, + "97b12a139d3858e70de4dc785d4c24767914af04": { + "KEKUpdate": "Acer/KEKUpdate_Acer_PK1.bin", + "Certificate": { + "serial_number": "5c43f0519fbeb3ae47d3d46e347411d4", + "issued_to": "CN=Acer Platform Key,O=Acer,L=Taipei,ST=TW,C=Taiwan", + "issued_by": "CN=Acer Root CA,O=Acer,L=Taipei,ST=TW,C=Taiwan" + } + }, + "6cd7005bdf38b270649ae6ad19ee46c7b040f8c2": { + "KEKUpdate": "Acer/KEKUpdate_Acer_PK6CD7005B.bin", + "Certificate": { + "serial_number": "fad95b59cd8a3bd5", + "issued_to": "CN=Acer India,OU=HEAD OFFICE,O=Acer India Private Limited,L=BANGALORE,ST=KARNATAKA,C=IN", + "issued_by": "CN=Acer India,OU=HEAD OFFICE,O=Acer India Private Limited,L=BANGALORE,ST=KARNATAKA,C=IN" + } + }, + "9dbdabc291fb598cb61ac0826b3273b37648b9f4": { + "KEKUpdate": "Acer/KEKUpdate_Acer_PK9DBDABC2.bin", + "Certificate": { + "serial_number": "b023c7b2fa4763cb", + "issued_to": "OU=RD,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW", + "issued_by": "OU=RD,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW" + } + }, + "2f005cebcf48ecc720406c24350113298328f044": { + "KEKUpdate": "Adlink/KEKUpdate_Adlink_PK1.bin", + "Certificate": { + "serial_number": "8fb14a09c371be7a", + "issued_to": "CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=US", + "issued_by": "CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=US" + } + }, "f77be268ff7cd9691721db46df7405b93fc4ee89": { "KEKUpdate": "Attis/KEKUpdate_Attis_PK1.bin", "Certificate": { @@ -551,6 +551,38 @@ "issued_by": "CN=GIGABYTE" } }, + "d52ac7db954c167a386e1aa955249a4d9bdadedd": { + "KEKUpdate": "HP/KEKUpdate_HP_PK1.bin", + "Certificate": { + "serial_number": "5fb660d4c2fb166b6576b7257a4c37ab", + "issued_to": "O=HP Inc.,C=US,OU=CODE-SIGN,CN=HP UEFI Secure Boot PK 2017", + "issued_by": "CN=HP Inc. PK 2016 CA,O=HP Inc.,C=US" + } + }, + "ef40e88b7f2cc718a087051db5d5d4c26043c5aa": { + "KEKUpdate": "HP/KEKUpdate_HP_PK5.bin", + "Certificate": { + "serial_number": "7758a5f8cb1dcfd32c6a7f8f03816b04", + "issued_to": "CN=HP UEFI Secure Boot 2013 PK Key,OU=Long Lived CodeSigning Certificate,O=Hewlett-Packard Company", + "issued_by": "CN=Hewlett-Packard Printing Device Infrastructure CA,O=Hewlett-Packard Company,C=US" + } + }, + "bba4b07810638f77e1a86200e36ec1619df14e81": { + "KEKUpdate": "HP/KEKUpdate_HP_PK3.bin", + "Certificate": { + "serial_number": "1b6aef498cfb7f90b681321ae89ec2ef", + "issued_to": "CN=Hewlett-Packard UEFI Secure Boot Platform Key,OU=Long Lived CodeSigning Certificate,O=Hewlett-Packard Company", + "issued_by": "CN=Hewlett-Packard Printing Device Infrastructure CA,O=Hewlett-Packard Company,C=US" + } + }, + "30c1554337e11377a52bf3b111bfd42ca1a5c4cd": { + "KEKUpdate": "HP/KEKUpdate_HP_PK4.bin", + "Certificate": { + "serial_number": "77378497e4baff8b4aabb90ca4003af8", + "issued_to": "O=Hewlett Packard Enterprise Company,C=US,OU=CODE-SIGN,CN=HPE UEFI Secure Boot 2016 PK Key", + "issued_by": "CN=Hewlett Packard Enterprise Private Code Signing Intermediate CA,O=Hewlett Packard Enterprise Company,C=US" + } + }, "fbf45fd17e6fa21ab21ac1fd7b760fee70f78002": { "KEKUpdate": "Honor/KEKUpdate_Honor_PK1.bin", "Certificate": { @@ -631,38 +663,6 @@ "issued_by": "CN=GalileoG platform key:" } }, - "d52ac7db954c167a386e1aa955249a4d9bdadedd": { - "KEKUpdate": "HP/KEKUpdate_HP_PK1.bin", - "Certificate": { - "serial_number": "5fb660d4c2fb166b6576b7257a4c37ab", - "issued_to": "O=HP Inc.,C=US,OU=CODE-SIGN,CN=HP UEFI Secure Boot PK 2017", - "issued_by": "CN=HP Inc. PK 2016 CA,O=HP Inc.,C=US" - } - }, - "ef40e88b7f2cc718a087051db5d5d4c26043c5aa": { - "KEKUpdate": "HP/KEKUpdate_HP_PK5.bin", - "Certificate": { - "serial_number": "7758a5f8cb1dcfd32c6a7f8f03816b04", - "issued_to": "CN=HP UEFI Secure Boot 2013 PK Key,OU=Long Lived CodeSigning Certificate,O=Hewlett-Packard Company", - "issued_by": "CN=Hewlett-Packard Printing Device Infrastructure CA,O=Hewlett-Packard Company,C=US" - } - }, - "bba4b07810638f77e1a86200e36ec1619df14e81": { - "KEKUpdate": "HP/KEKUpdate_HP_PK3.bin", - "Certificate": { - "serial_number": "1b6aef498cfb7f90b681321ae89ec2ef", - "issued_to": "CN=Hewlett-Packard UEFI Secure Boot Platform Key,OU=Long Lived CodeSigning Certificate,O=Hewlett-Packard Company", - "issued_by": "CN=Hewlett-Packard Printing Device Infrastructure CA,O=Hewlett-Packard Company,C=US" - } - }, - "30c1554337e11377a52bf3b111bfd42ca1a5c4cd": { - "KEKUpdate": "HP/KEKUpdate_HP_PK4.bin", - "Certificate": { - "serial_number": "77378497e4baff8b4aabb90ca4003af8", - "issued_to": "O=Hewlett Packard Enterprise Company,C=US,OU=CODE-SIGN,CN=HPE UEFI Secure Boot 2016 PK Key", - "issued_by": "CN=Hewlett Packard Enterprise Private Code Signing Intermediate CA,O=Hewlett Packard Enterprise Company,C=US" - } - }, "04c4adbcde6eebd0e940cf18f5546c9eb403a523": { "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK1.bin", "Certificate": { @@ -791,6 +791,30 @@ "issued_by": "CN=Kontron EPC-Boards PK,OU=EPC-Boards,O=Kontron Europe GmbH,C=DE" } }, + "940708c942905ed073ac47f3bd67397dd6560532": { + "KEKUpdate": "LG/KEKUpdate_LG_PK1.bin", + "Certificate": { + "serial_number": "67eb6476fbb5069b42ca733f9dcd6aae", + "issued_to": "CN=LG Electronics inc.", + "issued_by": "CN=LG Electronics inc." + } + }, + "f44a2967222909b8d97b731c83b762271919eee5": { + "KEKUpdate": "LG/KEKUpdate_LG_PK2.bin", + "Certificate": { + "serial_number": "4bad88265909f29eb7827157954a75a5", + "issued_to": "CN=LG Electronics Inc.,O=LG Electronics Inc.,L=경기도 평택시,ST=경기도 평택시,C=KR", + "issued_by": "CN=VeriSign Class 3 Code Signing 2010 CA,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\\, Inc.,C=US" + } + }, + "bdeab99f8bf89c3d5b4f98433503e29bc7fcb416": { + "KEKUpdate": "LG/KEKUpdate_LG_PK3.bin", + "Certificate": { + "serial_number": "6899b994460771561324368e930e04e99e053be1", + "issued_to": "CN=LGE Linux PK Certificate", + "issued_by": "CN=LGE Linux PK Certificate" + } + }, "46c73daf3047d1ece967d093edf72ac5ffc86586": { "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK1.bin", "Certificate": { @@ -3167,30 +3191,6 @@ "issued_by": "CN=LENOVO" } }, - "940708c942905ed073ac47f3bd67397dd6560532": { - "KEKUpdate": "LG/KEKUpdate_LG_PK1.bin", - "Certificate": { - "serial_number": "67eb6476fbb5069b42ca733f9dcd6aae", - "issued_to": "CN=LG Electronics inc.", - "issued_by": "CN=LG Electronics inc." - } - }, - "f44a2967222909b8d97b731c83b762271919eee5": { - "KEKUpdate": "LG/KEKUpdate_LG_PK2.bin", - "Certificate": { - "serial_number": "4bad88265909f29eb7827157954a75a5", - "issued_to": "CN=LG Electronics Inc.,O=LG Electronics Inc.,L=경기도 평택시,ST=경기도 평택시,C=KR", - "issued_by": "CN=VeriSign Class 3 Code Signing 2010 CA,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\\, Inc.,C=US" - } - }, - "bdeab99f8bf89c3d5b4f98433503e29bc7fcb416": { - "KEKUpdate": "LG/KEKUpdate_LG_PK3.bin", - "Certificate": { - "serial_number": "6899b994460771561324368e930e04e99e053be1", - "issued_to": "CN=LGE Linux PK Certificate", - "issued_by": "CN=LGE Linux PK Certificate" - } - }, "ebb51e6221c7b626ba6c39402d7450a1018d12eb": { "KEKUpdate": "MSI/KEKUpdate_MSI_PK3.bin", "Certificate": { @@ -3223,6 +3223,22 @@ "issued_by": "CN=MEDION_AG" } }, + "2ca96734e4a5c4056f527f0016c8c65e1224ad26": { + "KEKUpdate": "MSI/KEKUpdate_MSI_PK1.bin", + "Certificate": { + "serial_number": "8cb17834fb1237a04c72ab6631f4143e", + "issued_to": "CN=MSI NB - 2013 PK", + "issued_by": "CN=MSI NB - 2013 PK" + } + }, + "c82b1878468f40413fa308557b10ed78c683345a": { + "KEKUpdate": "MSI/KEKUpdate_MSI_PK2.bin", + "Certificate": { + "serial_number": "1dcdb29760a12aa0433d0430993c8d84", + "issued_to": "CN=MSI NB PK 2022", + "issued_by": "CN=MSI NB PK 2022" + } + }, "8058e8cc51749652804bbd6f39aed713d119c64b": { "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK1.bin", "Certificate": { @@ -3383,22 +3399,6 @@ "issued_by": "CN=BYD Certificate 2019" } }, - "2ca96734e4a5c4056f527f0016c8c65e1224ad26": { - "KEKUpdate": "MSI/KEKUpdate_MSI_PK1.bin", - "Certificate": { - "serial_number": "8cb17834fb1237a04c72ab6631f4143e", - "issued_to": "CN=MSI NB - 2013 PK", - "issued_by": "CN=MSI NB - 2013 PK" - } - }, - "c82b1878468f40413fa308557b10ed78c683345a": { - "KEKUpdate": "MSI/KEKUpdate_MSI_PK2.bin", - "Certificate": { - "serial_number": "1dcdb29760a12aa0433d0430993c8d84", - "issued_to": "CN=MSI NB PK 2022", - "issued_by": "CN=MSI NB PK 2022" - } - }, "710131e366592696d44cf776fc35ea7112925484": { "KEKUpdate": "NEC/KEKUpdate_NEC_PK1.bin", "Certificate": { @@ -3607,14 +3607,6 @@ "issued_by": "CN=SUPERMICRO PK CA 2018,O=Super Micro Computer Inc.,L=San Jose,ST=CA,C=USA" } }, - "029d01cb5887c2e799b15ee9a360af0ec6e72622": { - "KEKUpdate": "Techvision/KEKUpdate_Techvision_PK1.bin", - "Certificate": { - "serial_number": "12a58a7682ed84974304e14f56889975", - "issued_to": "CN=Techvision Intelligent Technology Limited", - "issued_by": "CN=Techvision Intelligent Technology Limited" - } - }, "892e6333fe1f30edeb1c93a16c9e20cc7bfacb3c": { "KEKUpdate": "TONGFANG/KEKUpdate_TONGFANG_PK1.bin", "Certificate": { @@ -3640,13 +3632,21 @@ } }, "31c22f2a60bc83a1e361ee6959b5cdd7f4940a5e": { - "KEKUpdate": "TONGFANG\\KEKUpdate_TONGFANG_PK31C22F2A.bin", + "KEKUpdate": "TONGFANG/KEKUpdate_TONGFANG_PK31C22F2A.bin", "Certificate": { "serial_number": "24663bc83929aaac28419a3edca63bed893ff3d5", "issued_to": "CN=AIStoneGlobal Platform Key 2024", "issued_by": "CN=AIStoneGlobal Platform Key 2024" } }, + "029d01cb5887c2e799b15ee9a360af0ec6e72622": { + "KEKUpdate": "Techvision/KEKUpdate_Techvision_PK1.bin", + "Certificate": { + "serial_number": "12a58a7682ed84974304e14f56889975", + "issued_to": "CN=Techvision Intelligent Technology Limited", + "issued_by": "CN=Techvision Intelligent Technology Limited" + } + }, "60d059444e045a0795b636aeffac566a2f294ebe": { "KEKUpdate": "Twinhead/KEKUpdate_Twinhead_PK1.bin", "Certificate": { @@ -3750,13 +3750,5 @@ "issued_to": "CN=ZEBRA Technologies", "issued_by": "CN=ZEBRA Technologies" } - }, - "fdfc7f3c7ef3e05776add79878216c9be0e19597": { - "KEKUpdate": "RedHat\\KEKUpdate_RedHat_PK1.bin", - "Certificate": { - "serial_number": 18371740789028339953, - "issued_to": "CN=Red Hat Secure Boot (PK/KEK key 1), emailAddress=secalert@redhat.com", - "issued_by": "CN=Red Hat Secure Boot (PK/KEK key 1), emailAddress=secalert@redhat.com" - } } } \ No newline at end of file