Package Details: sbkeys 1.0.0-1

Git Clone URL: (read-only, click to copy)
Package Base: sbkeys
Description: Simple script to generate Secure Boot keys
Upstream URL:
Licenses: GPL3
Submitter: electrickite
Maintainer: electrickite
Last Packager: electrickite
Votes: 1
Popularity: 0.30
First Submitted: 2017-03-13 02:03
Last Updated: 2020-05-16 14:06

Latest Comments

archdom commented on 2020-05-16 16:17

Hi guy, in according to arch wiki could you want adding the microsoft's certificates to make more complete package. It would be very useful for many people! Here is an example:

echo -e "\n\nAdding Microsoft's certificates to the Signature Database.......\n\n"

wget --user-agent="Mozilla"

wget --user-agent="Mozilla"

sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output MS_Win_db.esl MicWinProPCA2011_2011-10-19.crt

sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output MS_UEFI_db.esl MicCorUEFCA2011_2011-06-27.crt

cat MS_Win_db.esl MS_UEFI_db.esl > MS_db.esl

sign-efi-sig-list -a -g 77fa9abd-0359-4d32-bd60-28f4e78f784b -k KEK.key -c KEK.crt DB MS_db.esl add_MS_db.auth

echo -e "\n\nMicrosoft's certificates added!\n\n"

echo "For adding the microsoft's certificates to Signature Database, run 'append' of add_MS_db.auth file"

you modify as you prefer Thanks!

electrickite commented on 2020-05-16 14:08

@archdom Thanks for the suggestion! Added generation of KEK.auth and DB.auth in v1.0.0

archdom commented on 2020-05-16 08:20

There are some uefi firmware accept only ".auth" keys. Could you add auth key generation for kek and db?

sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ -k PK.key -c PK.crt KEK KEK.esl KEK.auth

sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ -k KEK.key -c KEK.crt DB DB.esl DB.auth

Thank you