Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
metadata-collect-agent
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Xiaowu Zhang
metadata-collect-agent
Commits
e0e329a1
Commit
e0e329a1
authored
May 04, 2021
by
Xiaowu Zhang
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
script to generate key
parent
e6fbd10a
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
44 additions
and
0 deletions
+44
-0
mkkeys.sh
mkkeys.sh
+44
-0
No files found.
mkkeys.sh
0 → 100755
View file @
e0e329a1
#!/bin/bash
# Copyright (c) 2015 by Roderick W. Smith
# Licensed under the terms of the GPL v3
echo
-n
"Enter a Common Name to embed in the keys: "
read
NAME
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
PK/"
-keyout
PK.key
\
-out
PK.crt
-days
3650
-nodes
-sha256
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
KEK/"
-keyout
KEK.key
\
-out
KEK.crt
-days
3650
-nodes
-sha256
openssl req
-new
-x509
-newkey
rsa:2048
-subj
"/CN=
$NAME
DB/"
-keyout
DB.key
\
-out
DB.crt
-days
3650
-nodes
-sha256
openssl x509
-in
PK.crt
-out
PK.cer
-outform
DER
openssl x509
-in
KEK.crt
-out
KEK.cer
-outform
DER
openssl x509
-in
DB.crt
-out
DB.cer
-outform
DER
GUID
=
`
python3
-c
'import uuid; print(str(uuid.uuid1()))'
`
echo
$GUID
>
myGUID.txt
cert-to-efi-sig-list
-g
$GUID
PK.crt PK.esl
cert-to-efi-sig-list
-g
$GUID
KEK.crt KEK.esl
cert-to-efi-sig-list
-g
$GUID
DB.crt DB.esl
rm
-f
noPK.esl
touch
noPK.esl
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
-k
PK.key
-c
PK.crt PK PK.esl PK.auth
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
-k
PK.key
-c
PK.crt PK noPK.esl noPK.auth
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
-k
PK.key
-c
PK.crt KEK KEK.esl KEK.auth
sign-efi-sig-list
-t
"
$(
date
--date
=
'1 second'
+
'%Y-%m-%d %H:%M:%S'
)
"
\
-k
KEK.key
-c
KEK.crt db DB.esl DB.auth
chmod
0600
*
.key
echo
""
echo
""
echo
"For use with KeyTool, copy the *.auth and *.esl files to a FAT USB"
echo
"flash drive or to your EFI System Partition (ESP)."
echo
"For use with most UEFIs' built-in key managers, copy the *.cer files;"
echo
"but some UEFIs require the *.auth files."
echo
""
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment