aboutsummaryrefslogtreecommitdiffstats
path: root/roms/u-boot/test/py/tests/test_efi_secboot/openssl.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'roms/u-boot/test/py/tests/test_efi_secboot/openssl.cnf')
-rw-r--r--roms/u-boot/test/py/tests/test_efi_secboot/openssl.cnf48
1 files changed, 48 insertions, 0 deletions
diff --git a/roms/u-boot/test/py/tests/test_efi_secboot/openssl.cnf b/roms/u-boot/test/py/tests/test_efi_secboot/openssl.cnf
new file mode 100644
index 000000000..f684f1df7
--- /dev/null
+++ b/roms/u-boot/test/py/tests/test_efi_secboot/openssl.cnf
@@ -0,0 +1,48 @@
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+new_certs_dir = .
+database = ./index.txt
+serial = ./serial
+default_md = sha256
+policy = policy_min
+
+[ req ]
+distinguished_name = def_distinguished_name
+
+[def_distinguished_name]
+
+# Extensions
+# -addext " ... = ..."
+#
+[ v3_ca ]
+ # Extensions for a typical Root CA.
+ basicConstraints = critical,CA:TRUE
+ keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+
+[ v3_int_ca ]
+ # Extensions for a typical intermediate CA.
+ basicConstraints = critical, CA:TRUE
+ keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer
+
+[ usr_cert ]
+ # Extensions for user end certificates.
+ basicConstraints = CA:FALSE
+ keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+ extendedKeyUsage = clientAuth, emailProtection
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid,issuer
+
+[ policy_min ]
+ countryName = optional
+ stateOrProvinceName = optional
+ localityName = optional
+ organizationName = optional
+ organizationalUnitName = optional
+ commonName = supplied
+ emailAddress = optional