blob: b19c36fd4a0b55128d0e4900b7ba7b745d3d0631 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
#!/usr/bin/env bash
uki="$3"
[[ -n "$uki" ]] || exit 0
keypairs=(/etc/secureboot/keys/db/db.key /etc/secureboot/keys/db/db.crt)
for (( i=0; i<${#keypairs[@]}; i+=2 )); do
key="${keypairs[$i]}" cert="${keypairs[(( i + 1 ))]}"
if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
fi
done
|