From 85ef2a6d870d01f7c9c320dbba75a1123d9d4a3e Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Tue, 29 Aug 2023 09:16:15 -0500
Subject: [PATCH] SetupBootkit: sign kernel with production key

I accidentally had it signing with limited key.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
---
 pkg/trust/artifacts.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/trust/artifacts.go b/pkg/trust/artifacts.go
index 4ba822a..adca299 100644
--- a/pkg/trust/artifacts.go
+++ b/pkg/trust/artifacts.go
@@ -240,8 +240,8 @@ func SetupBootkit(keysetName, bootkitVersion string) error {
 		return errors.Wrapf(err, "Failed replacing manifest certificate")
 	}
 	cmd := []string{"sbsign",
-		"--key", filepath.Join(keysetPath, "uki-limited", "privkey.pem"),
-		"--cert", filepath.Join(keysetPath, "uki-limited", "cert.pem"),
+		"--key", filepath.Join(keysetPath, "uki-production", "privkey.pem"),
+		"--cert", filepath.Join(keysetPath, "uki-production", "cert.pem"),
 		"--output", filepath.Join(destDir, "kernel.efi"),
 		newKernel}
 	err = RunCommand(cmd...)