Skip to content

list-enrolled-keys: Return subject instead of issuer of enrolled certificates#469

Merged
Foxboron merged 1 commit intoFoxboron:masterfrom
systemofapwne:master
Nov 1, 2025
Merged

list-enrolled-keys: Return subject instead of issuer of enrolled certificates#469
Foxboron merged 1 commit intoFoxboron:masterfrom
systemofapwne:master

Conversation

@systemofapwne
Copy link
Copy Markdown
Contributor

@systemofapwne systemofapwne commented Oct 27, 2025

Right now sbctl list-enrolled-keys prints the issuer/CA of the installed certificates

PK:
  HP Inc. PK 2016 CA
KEK:
  HP Inc. KEK 2016 CA
  Microsoft Corporation Third Party Marketplace Root
DB:
  Microsoft Root Certificate Authority 2010
  HP Inc. DB Key 2016 CA
  Microsoft Corporation Third Party Marketplace Root

This makes it hard to identify the exact certificate, that has been installed. E.g. above, the MS KEK entry shows the same name as the DB entry, as they have been signed by the same CA. Yet the two certificates are different in nature.

sbctl should rather return the subject of the certificates instead

PK:
  HP UEFI Secure Boot PK 2017
KEK:
  HP UEFI Secure Boot KEK 2017
  Microsoft Corporation KEK CA 2011
DB:
  Microsoft Windows Production PCA 2011
  HP UEFI Secure Boot DB 2017
  Microsoft Corporation UEFI CA 2011

@Foxboron
Copy link
Copy Markdown
Owner

Foxboron commented Nov 1, 2025

Thanks!

@Foxboron Foxboron merged commit d55c375 into Foxboron:master Nov 1, 2025
1 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Foxboron Foxboron Foxboron approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@systemofapwne @Foxboron