and <filename>PK.esl</filename>. Note that these files need to be authenticated UEFI variables. See
below for an example of how to generate them from regular X.509 keys.</para>
- <programlisting>uuid=$(systemd-id128 new --)
+ <programlisting>uuid=$(systemd-id128 new --uuid)
for key in PK KEK db; do
- openssl req -new -x509 -subj "/CN=${key}/ -keyout "${key}.key" -out "${key}.crt"
+ openssl req -new -x509 -subj "/CN=${key}/" -keyout "${key}.key" -out "${key}.crt"
openssl x509 -outform DER -in "${key}.crt" -out "${key}.cer"
cert-to-efi-sig-list -g "${uuid}" "${key}.crt" "${key}.tmp"
done
/* if auto enrollment is activated, we try to load keys for the given entry. */
if (entry->type == LOADER_SECURE_BOOT_KEYS && config.secure_boot_enroll != ENROLL_OFF) {
err = secure_boot_enroll_at(root_dir, entry->path);
- if (err == EFI_SUCCESS)
- return EFI_SUCCESS;
+ if (err != EFI_SUCCESS)
+ return err;
continue;
}
clear_screen(COLOR_NORMAL);
- Print(L"Enrolling secure boot keys from directory: \\loader\\keys\\%s\n"
+ Print(L"Enrolling secure boot keys from directory: %s\n"
L"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n",
path);
projects / thirdparty / systemd.git / commitdiff
