diff options
Diffstat (limited to 'uki-sbsign.post')
-rw-r--r-- | uki-sbsign.post | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/uki-sbsign.post b/uki-sbsign.post new file mode 100644 index 000000000000..b19c36fd4a0b --- /dev/null +++ b/uki-sbsign.post @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +uki="$3" +[[ -n "$uki" ]] || exit 0 + +keypairs=(/etc/secureboot/keys/db/db.key /etc/secureboot/keys/db/db.crt) + +for (( i=0; i<${#keypairs[@]}; i+=2 )); do + key="${keypairs[$i]}" cert="${keypairs[(( i + 1 ))]}" + if ! sbverify --cert "$cert" "$uki" &>/dev/null; then + sbsign --key "$key" --cert "$cert" --output "$uki" "$uki" + fi +done |