Adding CIQ attributes to kernel mod signing cert

We should be attributing CIQ as the signer of the kernel modules being built and
signed during the kernel build and packaging process.

This patch adds a 'x509.genkey.rocky' file which will be used when creating the
ephemeral cert that is used for signing the kernel modules at build time.

Signed-off-by: Michael L. Young <myoung@ciq.com>

AUTODEL-1213

Author: Michael L. Young

SOURCES/x509.genkey.rocky

@@ -0,0 +1,17 @@
+[ req ]
+default_bits = 4096
+distinguished_name = req_distinguished_name
+prompt = no
+string_mask = utf8only
+x509_extensions = myexts
+
+[ req_distinguished_name ]
+O = CIQ
+CN = CIQ kernel modules signing key
+emailAddress = secureboot@ciq.com
+
+[ myexts ]
+basicConstraints=critical,CA:FALSE
+keyUsage=digitalSignature
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid

SPECS/kernel.spec

@@ -835,6 +835,7 @@ Source8006: ciq_sb_kernel_driver_aarch64.der
 Source8007: ciq_sb_kernel_kpatch_aarch64.der
 Source8008: ciq_sb_uki.crt
 Source8009: ciq_sb_uki_aarch64.crt
+Source8010: x509.genkey.rocky
 
 %if %{signkernel}
 # Name of the packaged file containing signing key
@@ -2145,9 +2146,9 @@ InitBuildVars() {
     %{make} %{?_smp_mflags} mrproper
     cp configs/$Config .config
 
-    # %if %{signkernel}%{signmodules}
-    # cp configs/x509.genkey certs/.
-    # %endif
+    %if %{signkernel}%{signmodules}
+    cp configs/x509.genkey certs/.
+    %endif
 
 %if %{with_debuginfo} == 0
     sed -i 's/^\(CONFIG_DEBUG_INFO.*\)=y/# \1 is not set/' .config