CP-309775: Add new Microsoft certificates

The existing Microsoft KEK and db certificates expire in 2026 so add the
new 2023 certificates. Newly provisioned VMs will get both old and new
certificates so that they will boot regardless of which key they were
signed with.

The certificates are from
https://github.com/microsoft/secureboot_objects and converted to PEM
format using openssl.

This time round there is a certificate specifically for option ROMs but
I have not included it here since it should not be necessary for
XenServer VMs.

Signed-off-by: Ross Lagerwall <[email protected]>

Author: rosslagerwall

Makefile

@@ -123,10 +123,13 @@ db.auth: create-auth PK.pem PK.key db.list
 	./create-auth -k PK.key -c PK.pem db db.auth $$(cat db.list)
 
 db.list:
-	echo certs/MicWinProPCA2011_2011-10-19.pem certs/MicCorUEFCA2011_2011-06-27.pem > $@
+	echo certs/MicWinProPCA2011_2011-10-19.pem \
+	     certs/MicCorUEFCA2011_2011-06-27.pem  \
+	     certs/windows-uefi-ca-2023.pem       \
+	     certs/ms-uefi-ca-2023.pem > $@
 
 KEK.list:
-	echo certs/MicCorKEKCA2011_2011-06-24.pem > $@
+	echo certs/MicCorKEKCA2011_2011-06-24.pem certs/ms-kek-ca-2023.pem > $@
 
 clean:
 	$(foreach dir,$(SUBDIRS),make -C $(dir) clean)

certs/ms-kek-ca-2023.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsjCCA5qgAwIBAgITMwAAABMUFrhhbYKCSwAAAAAAEzANBgkqhkiG9w0BAQsF
+ADBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
+MSswKQYDVQQDEyJNaWNyb3NvZnQgUlNBIERldmljZXMgUm9vdCBDQSAyMDIxMB4X
+DTIzMDMwMjIwMjEzNVoXDTM4MDMwMjIwMzEzNVowXDELMAkGA1UEBhMCVVMxHjAc
+BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UEAxMkTWljcm9zb2Z0
+IENvcnBvcmF0aW9uIEtFSyAySyBDQSAyMDIzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA416Ii3MswwrE6fXOgS3xD/EmNTfRSVNxsVuTUq/hFd/eizm9
+r0xldVPl2goymC8zJrYrvpSZn+zawo4FNJITD2O/dKJyqCl+nzIhKQhZxHfEKpJM
+h7YDN+ua4sPJtEghw2GU6hdRsecU4iRjLtXyxqXyol4facZRDacp+1IKm+OI6Gj/
+u/qSaa/EFv9d5V/g3+xmVQthwqw7IG7ftA3rK8jQwjROgpY57vExhQQ979Z2+8PK
+wdWMLwsQKJtImrAQFKTZlOVoW81u53rsvKBJuKlT2E0vsnvI2ryy5/yrcBB3lUVJ
+/a3SPxfLZpryfTbdCiziwIchLZPbCJbS6FxU4QIDAQABo4IBbTCCAWkwDgYDVR0P
+AQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBTgq3K8lj7/uGab
+fRBaQz5cQlSHXzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAPBgNVHRMBAf8E
+BTADAQH/MB8GA1UdIwQYMBaAFIREhgYAmD8sqrPFifOsLsnmnQkDMGUGA1UdHwRe
+MFwwWqBYoFaGVGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01p
+Y3Jvc29mdCUyMFJTQSUyMERldmljZXMlMjBSb290JTIwQ0ElMjAyMDIxLmNybDBy
+BggrBgEFBQcBAQRmMGQwYgYIKwYBBQUHMAKGVmh0dHA6Ly93d3cubWljcm9zb2Z0
+LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwUlNBJTIwRGV2aWNlcyUyMFJv
+b3QlMjBDQSUyMDIwMjEuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCFAgYS+meuTzmp
+uDTcXSp4GXs47pyCjxviPD0yCl6/WAbnb/iNGKgbhPWbyq2LCEQOJo0s2F9uIyUH
++ltMJi52MUMubujIMcFK0vICt6bxdeSW7QbiypV4RKgzdtQrTde83Ic7q00prZaJ
+t9XCj6tGw12z/e2lnvV2tyuF/5ihn2scmz737g4Xo/02L+HNKJgcQJkmygONpjXq
+0gqnixauIQEAHicPtw6yQjFWLub4juoMNPBO33AwaQTRz9OcZEZvzCHNy+8FMrsI
+ptifRThdTtKckonpc+R6CDUeT6bCums+tx9UNEn6tHrL2qAfWYErKvaIJrD6bPLr
+wdiuQeFv/L8T6G4U5+fHA4tAmRA4Bm1wvQHI3o1WHTgPTyOoJUDeuygtQ6+kvCCD
+tQb5BSGfO7l5DXBrU8B1whsQE7Pkbwmoz9G3DnFct8mP5RzwE1XZk7muXT/KC7BZ
+akVKw+HjJ3gNFoH8WC2xQboYDc/w76sIHk/4/Mb9S90d7zAlUDmj3/4/ufrrlpfQ
+zfkEJvsNSBkI2OGTwVDHbm3Y0GuOlXJkUMntVYluwUuiBtQytaltZQF68VJXGAUw
+XLgoZhG3evBxToZhYHptVsdbCT6i79QOnpLTH5n2nbEdeHhr/+gqBK94Zz7wKgun
+4F0B6YeZNTCQ7ddFa5zM5qLk5hen3Q==
+-----END CERTIFICATE-----

certs/ms-uefi-ca-2023.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgITMwAAABY2vzaJnxV1zAAAAAAAFjANBgkqhkiG9w0BAQsF
+ADBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
+MSswKQYDVQQDEyJNaWNyb3NvZnQgUlNBIERldmljZXMgUm9vdCBDQSAyMDIxMB4X
+DTIzMDYxMzE5MjE0N1oXDTM4MDYxMzE5MzE0N1owTjELMAkGA1UEBhMCVVMxHjAc
+BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEfMB0GA1UEAxMWTWljcm9zb2Z0
+IFVFRkkgQ0EgMjAyMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0i
+Kq7vGjGFE3hRp5v9/HjRY7gam2P1EgbbS0E1am+r9WoEzJfPu9QICRphOg3ms6BG
+/wmt3oAk3BKA8l/ZFu3iQp3NL01hAmGKHEsdGGI5hpdxrT5/XXETS+kqAMG+1bcA
+n15lsiwa/3Tt6oPSOYkzNXN9oKL6QORmUFiq/IfoXCCDNOyr4gvFXz7/SCsRkSbv
+GG5XxZ8Yc5nv4Wp0K7svf1COHdo9drYE5cwuEMeDG4Oj5KUTE3FuM3ijqDzsSCZe
+x8ZeDYeaqsxVNIGtnZD15pZjpugHIBfIkx7SrqTcrn1Zv4heYgyuW/IpQFYdJkDe
+haatVtHPVUd2X5w52wMCAwEAAaOCAW0wggFpMA4GA1UdDwEB/wQEAwIBhjAQBgkr
+BgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQUgaprMkTJNbzg1mKK85gnQh4ySX0wGQYJ
+KwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
+GDAWgBSERIYGAJg/LKqzxYnzrC7J5p0JAzBlBgNVHR8EXjBcMFqgWKBWhlRodHRw
+Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBSU0El
+MjBEZXZpY2VzJTIwUm9vdCUyMENBJTIwMjAyMS5jcmwwcgYIKwYBBQUHAQEEZjBk
+MGIGCCsGAQUFBzAChlZodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Nl
+cnRzL01pY3Jvc29mdCUyMFJTQSUyMERldmljZXMlMjBSb290JTIwQ0ElMjAyMDIx
+LmNydDANBgkqhkiG9w0BAQsFAAOCAgEAB2ATKlOHEg8a81oUlRfl2NeVVJuLDt2R
+pe3HXUdQk0W3lYhfFxlBY3a1grCoxZ2ZFTaJSb4Swmb7gwywgc7lpKvCoJrr9Qc8
+/iH4mtwZIQyeJCzRXKIWCkvr7EicsVt02wFkwuOAaqsazXcbajmat7pwRP9nlMWB
+BvDLgQSTJyGZvYeIFJwicQ4LL1y+uJBUfMAevCubo1YXS5fn438TNPqwNGub9rIt
+99h72CDTXKeVTE8q+eceaK/8bI/Ihj2fyNHvTRrI0fb9LXzj6EHB6ifB+44lhlqJ
+phC+zuOPpXvEGqDodZD9IbDBo8UWI148zi/+jJi/CFz2ucWyPLbMyOx/0nd0y+3z
+lsmLjRwqiQ+jj73OKoVGmiOij0LAmdbqhR9hGb4WNbd1oJWAZQaH1As1yMSqDs6i
+CmNgyksrXCcEgq8+WIN6WthnPxBT9QwW9yZLioC5xR+g3tjTYUQURaf1q5qIF/23
+lFQCi+S3U6E+jZ5QgqgA4HiUG76zxDAfsg7b8EaQweZX/nzBcLIcS2TZEAMbNPtm
+z4JunkCoETfyZYshCa88k2I987yD3T9VkBXSMa8R5/jKoILhuc+zV5PHVTesf0G/
+H5Y88yaU+djSVSSKirZB8OAWwCOSjHEKTGoNGVX3OpySIZah1fgKjJ2/yevKiEL8
+S7Tv/ycwIWE=
+-----END CERTIFICATE-----

certs/windows-uefi-ca-2023.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFqjCCA5KgAwIBAgITMwAAABqIi5gAViKEwQAAAAAAGjANBgkqhkiG9w0BAQsF
+ADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
+B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UE
+AxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcN
+MjMwNjEzMTg1ODI5WhcNMzUwNjEzMTkwODI5WjBMMQswCQYDVQQGEwJVUzEeMBwG
+A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR0wGwYDVQQDExRXaW5kb3dzIFVF
+RkkgQ0EgMjAyMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyyNdFU
+ebSPzIEqbrMS1pOXMHw4XL95khkKDy0K/r/gqNgyP9Krb2+BwU0XaUXPhYAno3yz
+Mcylp035Q9BaL9cYG9JYlgU5o5W3vN15waDPj+JTHismYqgcrjYeT6HfuRO6DCW7
+JGVnAaodQRC3NsFrLrVsENNOltCfKqHx7aEVC4KVxf9jihO1kjQeMV5hEa5dzPEQ
+5kx5yXKyNIqCVi2rD3zAT5OOWXVBhqwJEAnyUWVQtfUhsyY5jarEkbPcrGQjBs01
+Xw1CSZxPDc6Ag4JZ/t9LROFAyD1jts+0Qg05XNJCEAwIwnTrHNxuvAqsmLvM+h48
+p4MWxdsC2tmW32sCAwEAAaOCAUYwggFCMA4GA1UdDwEB/wQEAwIBhjAQBgkrBgEE
+AYI3FQEEAwIBADAdBgNVHQ4EFgQUrvxfu74FXY+NqlhUc0mUF6taUnIwGQYJKwYB
+BAGCNxQCBAweCgBTAHUAYgBDAEEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW
+gBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8v
+Y3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRf
+MjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRw
+Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEw
+LTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAn8m2/27hnDtV9v6LOd1hBG/Q
+rWPNF3ZKqEOJjfjG8oxekOHkaKUV7LjTYAxAVx/7XjVyYd6XMWx5oPUWrksc7QEM
+7/dXD0IwGGn4oaMul5K4vhv+K4ZeQkIRj45wTZCn/QFj8mS/m+J7CIHPSfI3F9/x
++XLTwx3DkEVN5oAGvf3lamnOs35OMVuEc6jocj8nNcl8IM4Am0/gTLQ2acv3NBER
+dBJ6qIwugWymUK0Z+qhGRW+xZ3PDa+NA6CppjyQQ4SlujRaI7o5/ZpMCb1ueBIzM
+gRytl1TxGC5+UpC8Ud4qDq5m6rxkbqCRZOQvEqi852u6xxubeRpkZvFDtNHDRiE4
+gXlM+vAxDdN5/3oSpR3Z3ayiD3GC95P/XKFhrmXyFIHteVqah+pge8uzT3U0yrqh
+76L2ooBFoYsngc3Vdzg+yk7dKOpYusWgKd6GjIj8lSdR3avT0FsNd8dsj1XX1KIO
+W+Q0RhQWHeMc1m2ZrUzscXMvq86ytCneVTBTOToyi/DqnIgSOwVoGb/Ph1IQ+9YT
+YPNBZPQIV4HLnRGljvTlJ/WjOuzkPUq3zvmIDZ+9ym3SSrxYdo4yBJRu3fTPbUdt
+wtdq3Idx6qS/72eXnLjHgDYqKlnJwAynRKBztYzPOFqu+LuGlfBErWZ6M+1x5EWH
+g+WnzqJA0HLSSAD6+Ro=
+-----END CERTIFICATE-----