mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-19 19:40:37 +02:00
make name configurable for script usage
This commit is contained in:
parent
ab9e484cb7
commit
6099b02c4c
1 changed files with 27 additions and 15 deletions
|
@ -9,10 +9,10 @@ usage () {
|
|||
echo "to avoid soft bricking of devices."
|
||||
echo "Backup of your existing keys are put to BACKUP directory."
|
||||
echo ""
|
||||
echo "Usage: -g <directory>"
|
||||
echo "Usage: -name= <directory>"
|
||||
echo ""
|
||||
echo "PARAMETERS:"
|
||||
echo " -g generate keys and MOK key in <directory>"
|
||||
echo " -name= your name to embed in the keys"
|
||||
echo " -h This message."
|
||||
exit 0
|
||||
}
|
||||
|
@ -23,23 +23,21 @@ _DIR="$2"
|
|||
|
||||
while [ $# -gt 0 ]; do
|
||||
case ${1} in
|
||||
-g|--g) KEYS="1" ;;
|
||||
-name=*|--name=*) NAME="$(echo ${1} | awk -F= '{print $2;}')" ;;
|
||||
-h|--h|?) usage ;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [[ "${KEYS}" == "1" ]]; then
|
||||
if [[ -z "${NAME}" ]]; then
|
||||
echo "Error: no name specified"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -z "${_DIR}" ]]; then
|
||||
[[ ! -d $_DIR ]] && mkdir $_DIR
|
||||
cd $_DIR
|
||||
# add mkkeys.sh
|
||||
if [[ ! -f /usr/bin/mkkeys.sh ]]; then
|
||||
curl -s -L -O https://www.rodsbooks.com/efi-bootloaders/mkkeys.sh
|
||||
chmod 755 mkkeys.sh
|
||||
./mkkeys.sh
|
||||
else
|
||||
mkkeys.sh
|
||||
fi
|
||||
echo "Backup old keys in $_DIR/BACKUP ..."
|
||||
mkdir BACKUP
|
||||
efi-readvar -v PK -o BACKUP/old_PK.esl
|
||||
|
@ -48,6 +46,18 @@ if [[ "${KEYS}" == "1" ]]; then
|
|||
efi-readvar -v dbx -o BACKUP/old_dbx.esl
|
||||
cd BACKUP; mokutil --export; cd ..
|
||||
echo "Generating Keys in $_DIR"
|
||||
# add mkkeys.sh
|
||||
if [[ ! -f /usr/bin/mkkeys.sh ]]; then
|
||||
curl -s -L -O https://www.rodsbooks.com/efi-bootloaders/mkkeys.sh
|
||||
chmod 755 mkkeys.sh
|
||||
./mkkeys.sh <<EOF
|
||||
${NAME}
|
||||
EOF
|
||||
else
|
||||
mkkeys.sh <<EOF
|
||||
${NAME}
|
||||
EOF
|
||||
fi
|
||||
# download MS Certificates, else EFI might get broken!
|
||||
curl -s -L -O https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt
|
||||
curl -s -L -O https://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt
|
||||
|
@ -55,9 +65,7 @@ if [[ "${KEYS}" == "1" ]]; then
|
|||
sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output MS_UEFI_db.esl MicCorUEFCA2011_2011-06-27.crt
|
||||
cat MS_Win_db.esl MS_UEFI_db.esl > MS_db.esl
|
||||
sign-efi-sig-list -a -g 77fa9abd-0359-4d32-bd60-28f4e78f784b -k KEK.key -c KEK.crt db MS_db.esl add_MS_db.auth
|
||||
echo "Enter a Common Name to embed in the your MOK key:"
|
||||
read name
|
||||
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -out MOK.crt -nodes -days 3650 -subj "/CN=$name/"
|
||||
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -out MOK.crt -nodes -days 3650 -subj "/CN=${NAME}/"
|
||||
openssl x509 -in MOK.crt -out MOK.cer -outform DER
|
||||
DIRS="DB KEK MOK PK noPK"
|
||||
for i in $DIRS; do
|
||||
|
@ -69,4 +77,8 @@ if [[ "${KEYS}" == "1" ]]; then
|
|||
mv *.crt *.auth *.esl MS
|
||||
cd ..
|
||||
echo "Finished: Keys created in $_DIR"
|
||||
else
|
||||
echo "Error: no directory specified"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue