dasharo/sbctl
0
0
Fork 0
mirror of https://github.com/Dasharo/sbctl.git synced 2026-03-06 15:04:14 -08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for OEM dbx enrollment

Browse Source
This commit is contained in:
Cornelius Hoffmann
2023-08-10 23:34:42 +02:00
parent 99e260c474
commit dae25b8abd
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cmd/sbctl/enroll-keys.go
View File

@@ -137,6 +137,13 @@ func KeySync(guid util.EFIGUID, keydir string, oems []string) error {
}
sigdb.AppendDatabase(oemSigDb)
// dbx
oemSigDbx, err := certs.GetOEMCerts(oem, "dbx")
if err != nil {
return fmt.Errorf("could not enroll db keys: %w", err)
}
sigdbx.AppendDatabase(oemSigDbx)
// KEK
oemSigKEK, err := certs.GetOEMCerts(oem, "KEK")
if err != nil {
@@ -155,6 +162,13 @@ func KeySync(guid util.EFIGUID, keydir string, oems []string) error {
}
sigdb.AppendDatabase(customSigDb)
// dbx
customSigDbx, err := certs.GetCustomCerts(keydir, "dbx")
if err != nil {
return fmt.Errorf("could not enroll custom dbx keys: %w", err)
}
sigdbx.AppendDatabase(customSigDbx)
// KEK
customSigKEK, err := certs.GetCustomCerts(keydir, "KEK")
if err != nil {
@@ -172,6 +186,8 @@ func KeySync(guid util.EFIGUID, keydir string, oems []string) error {
switch cert {
case "db":
sigdb.AppendDatabase(builtinSigDb)
case "dbx":
sigdbx.AppendDatabase(builtinSigDb)
case "KEK":
sigkek.AppendDatabase(builtinSigDb)
case "PK":