Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
initramfs-with-mca
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
initramfs-with-mca
Commits
ddb53f56
Commit
ddb53f56
authored
Jun 14, 2022
by
Ophélie Gagnard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
uefi-keys/make_keys.sh: Add some comments.
parent
7b1e10ca
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
14 additions
and
1 deletion
+14
-1
uefi-keys/make_keys.sh
uefi-keys/make_keys.sh
+14
-1
No files found.
uefi-keys/make_keys.sh
View file @
ddb53f56
#!/bin/bash
#!/bin/bash
# Copyright (c) 2015 by Roderick W. Smith
# Copyright (c) 2015 by Roderick W. Smith
# Licensed under the terms of the GPL v3
# Licensed under the terms of the GPL v3
# Modified by Nexedi 2021-2022
# Modified by Ophelie Gagnard for Nexedi 2021-2022
# Files:
# .key private key
# .crt certificate in PEM format (default)
# .der certificate in DER format (for UEFI)
# .esl EFI signature list
# .auth authentication header (secure variable update)
echo
-n
"Enter a Common Name to embed in the keys: "
echo
-n
"Enter a Common Name to embed in the keys: "
read
NAME
read
NAME
...
@@ -9,12 +16,15 @@ read NAME
...
@@ -9,12 +16,15 @@ read NAME
mkdir
-p
keys
mkdir
-p
keys
cd
keys
cd
keys
# Request certificates and create corresponding private keys.
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
PK/"
-keyout
PK.key
\
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
PK/"
-keyout
PK.key
\
-out
PK.crt
-days
3650
-nodes
-sha256
-out
PK.crt
-days
3650
-nodes
-sha256
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
KEK/"
-keyout
KEK.key
\
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
KEK/"
-keyout
KEK.key
\
-out
KEK.crt
-days
3650
-nodes
-sha256
-out
KEK.crt
-days
3650
-nodes
-sha256
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
db/"
-keyout
db.key
\
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
db/"
-keyout
db.key
\
-out
db.crt
-days
3650
-nodes
-sha256
-out
db.crt
-days
3650
-nodes
-sha256
# Convert certificates from PEM to DER format (needed for some UEFI).
openssl x509
-in
PK.crt
-out
PK.cer
-outform
DER
openssl x509
-in
PK.crt
-out
PK.cer
-outform
DER
openssl x509
-in
KEK.crt
-out
KEK.cer
-outform
DER
openssl x509
-in
KEK.crt
-out
KEK.cer
-outform
DER
openssl x509
-in
db.crt
-out
db.cer
-outform
DER
openssl x509
-in
db.crt
-out
db.cer
-outform
DER
...
@@ -22,12 +32,15 @@ openssl x509 -in db.crt -out db.cer -outform DER
...
@@ -22,12 +32,15 @@ openssl x509 -in db.crt -out db.cer -outform DER
GUID
=
`
python3
-c
'import uuid; print(str(uuid.uuid1()))'
`
GUID
=
`
python3
-c
'import uuid; print(str(uuid.uuid1()))'
`
echo
$GUID
>
myGUID.txt
echo
$GUID
>
myGUID.txt
# Create EFI signature lists.
cert-to-efi-sig-list
-g
$GUID
PK.crt PK.esl
cert-to-efi-sig-list
-g
$GUID
PK.crt PK.esl
cert-to-efi-sig-list
-g
$GUID
KEK.crt KEK.esl
cert-to-efi-sig-list
-g
$GUID
KEK.crt KEK.esl
cert-to-efi-sig-list
-g
$GUID
db.crt db.esl
cert-to-efi-sig-list
-g
$GUID
db.crt db.esl
rm
-f
noPK.esl
rm
-f
noPK.esl
touch
noPK.esl
touch
noPK.esl
# Create authentication headers for secure variables update (needed for some UEFI).
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
-k
PK.key
-c
PK.crt PK PK.esl PK.auth
-k
PK.key
-c
PK.crt PK PK.esl PK.auth
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment