Remove kernel key ca-20211013 entirely

Remove the old CBL-Mariner Secureboot .pem in favor of only having the new azurelinux-ca-20230216.pem. This new key should appear as "Microsoft Corporation: Mariner Trusted Base RSA Code Signing CA" in the keyring.
2024-11-19 19:55:29 +00:00 · 2024-11-19 19:55:29 +00:00 · 1c1727cfc2
--- a/SPECS/kernel/azurelinux-ca-20211013-20230216.pem
+++ b/SPECS/kernel/azurelinux-ca-20211013-20230216.pem
@ -1,32 +1,3 @@
-----BEGIN CERTIFICATE-----
-MIIFBjCCA+6gAwIBAgITMwAABO5/lN6NQyelHwABAAAE7jANBgkqhkiG9w0BAQsF
-ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
-UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD
-ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTEwMTQxNzI4MDVaFw0y
-MjEwMTMxNzI4MDVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
-bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
-aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln
-bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF45hTHPQAA7yc
-6g3iVuqcQKF51ylCynjUySYqqQha2sQzE7tbJ2egVkW4cfY1UbJsm65i2/VGI1OL
-Zia4sRwXRN7toRK5aElYfpsghMgGEaCSPs6915BVqO4WX0jxXswqRZ2CPH+evNCC
-hQnOqtjvFCqp7aeQ44b/DpZmaMicL/DwbI4925HWGSYa+/Mp1Fs3yGhP5X75+c9v
-w4gJ5KoxcOFRmQEt0c7lOclOi5Np5jys7lrrdmPPbjoALERBatiXj8w72LUZu4+I
-970/6jqNEkHeGxqVSPRRNIEZubjvRIfg8uULr8k/Kj8TbznCWoGuaT/9yoVbHhqU
-KQMJxxFrAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E
-FgQUtC1rnigJt7kJfP+emwGUuG6Av5UwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT
-FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2ODU5NzAf
-BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN
-hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl
-MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG
-CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz
-L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB
-Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCybuv6kmhT2y97FOLRljLCLvQlBL/E
-dxKPDYNFhHCKIUd550yUoUW8XIxSYa+Dmx/1+NYS4Nxql7ecuR4g9+4i0DOmNjYO
-NY8epPspIpjUd9OAiKNKJSs2303i2TQojXQcZVeTO89bK3pX+spoACGuEVEuWSdL
-q+oPDYZwNTKyobj9wHYO6WXJfcdLPlYZghDjR/WNO5bzvzpi2nn/c4OYvMihLNq0
-5uNO0IB/zquyAaCKbi15v/PqYos1BsT+Yft4zf8ry17yFVBIqJMa2An6Gex7SNWj
-jj1S7uBga3oZcTHvR8xv3fmbwfQMIrZRmZrq8xkySxQV7xea0sE7X/pJ
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIGtjCCBJ6gAwIBAgITMwAAAAJjlHB6Ftnx2gAAAAAAAjANBgkqhkiG9w0BAQ0F
 ADBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
--- a/SPECS/kernel/kernel.signatures.json
+++ b/SPECS/kernel/kernel.signatures.json
@ -1,6 +1,6 @@
 {
  "Signatures": {
-    "azurelinux-ca-20211013-20230216.pem": "228046d92ccb7d268cf4f195425c0f990afa00a968cc940fb1df4629fb7a6765",
+    "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b",
    "config": "00c9071da520dd42e8465fd8d9f36945a4f6127798c16a45f5200cfd7256ed1e",
    "config_aarch64": "e0d92980c9388de35b7dde65a385865ef3207f4c50b0e9988f90394e8d627c77",
    "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
--- a/SPECS/kernel/kernel.spec
+++ b/SPECS/kernel/kernel.spec
@ -40,7 +40,7 @@ Source0:        https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/ro
 Source1:        config
 Source2:        config_aarch64
 Source3:        sha512hmac-openssl.sh
-Source4:        azurelinux-ca-20211013-20230216.pem
+Source4:        azurelinux-ca-20230216.pem
 Source5:        cpupower
 Source6:        cpupower.service
 Patch0:         0001-add-mstflint-kernel-%{mstflintver}.patch
@ -409,6 +409,7 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %changelog
 * Tue Nov 05 2024 Chris Co <chrco@microsoft.com> - 6.6.57.1-3
 - Enable kexec signature verification
+- Introduce new azurelinux-ca-20230216.pem

 * Wed Oct 30 2024 Thien Trung Vuong <tvuong@microsoft.com> - 6.6.57.1-2
 - UKI: remove noxsaves parameter from cmdline