Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-87247

RFE: Automate Mechanism to replace expired/invalid custom certificates in UEFI and Secure boot

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-9.0.0
    • shim
    • None
    • rhel-bootloader
    • ssg_core_services
    • 13
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      ===> The customer is forced to use UEFI by security constrains. They need to store custom certificates in EFI i.e. for Oracle (see ACFS / AFD Secure Boot Configuration Doc ID 2416501.1 or Trendmicro AV or Symantec AV - as those kernel modules won´t get loaded (mokutil and shim). They are deploying really high number of servers daily and are replacing certificates currently via shim on console. 

       

      What is the impact of this issue to you?
      ===> The requirement is for an automated  mechanism to replace the certificates in case of expiring or invalidation. As they deploy large number of servers daily, replacing the certificates manually takes a lot of their time. 

              bootloader-eng-team bootloader -eng-team
              rhn-support-abjoshi Abhijeet Joshi
              bootloader -eng-team bootloader -eng-team
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: