Certificates required for Google Cloud Platform Linux gold images with Secure Boot

Certificates required for Google Cloud Platform Linux gold images with Secure Boot

• Advanced EPDR
• Advanced EDR

Installing the Advanced EPDR/EDR protection on gold images hosted on Google Cloud Platform Compute Engine for Linux systems based on KMOD* with Secure Boot enabled, requires prior installation of security certificates.

*Systems based on KMOD: Red Hat, CentOS, CentOS Stream, Suse, AlmaLinux, Rocky Linux and Oracle.

To install the certificates, follow the steps below:

1. Unzip the GCPCert.zip file inside a folder.
2. Open Google Cloud CLI and access the folder where you have unzipped the file.
3. Run the following command:
   gcloud compute images create modifiedGoldImageName –source-image=GoldImageName –signature-database-file=./MicCorKEKCA2011_2011-06-24.crt,./MicCorUEFCA2011_2011-06-27.crt,./MicWinProPCA2011_2011-10-19.crt,./ua-kmod-driver-signing-MOK.der
4. Run the following command from a VM instance of the gold image where you have installed the certificates (ModifiedGoldImage) to confirm their correct installation:
   sudo grep ‘Panda’ /proc/keys
5. When you confirm the installation of the certificate, the image is ready to install the protection. For information on how to install the protection on gold images, see article How to create an image for Linux persistent and non-persistent environments (VDI) with Advanced EPDR/EDR.

• Creating custom shielded images with Compute Engine