Certificates built into the firmware

When no custom certificate is assigned to an LPAR during secure boot, IBM Z uses the Linux® distributor certificates that are integrated in IBM Z firmware.

Deprecated function:

The use of firmware-integrated certificates is deprecated, and will be removed in the future. In particular, in the future a firmware-integrated certificate might be revoked by the distributor, and therefore no longer be valid for verifications.

For information on how to obtain a valid key from a distributor, see Obtaining Linux distributor secure boot certificates.