From bf314c0d0c9d38c3d4b8ab4fb0cdfd77cddfa59e Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Thu, 25 Oct 2018 10:37:34 -0400 Subject: meta-signing-key: When deploying keys UEFI keys, deploy DER format Generally speaking, for firmware to import PK/KEK/DB keys they need to be in the binary "DER" format and typically have the "cer" file extension. When deploying our keys, convert what we have to that format and deploy as well for ease of use. Signed-off-by: Tom Rini --- meta-signing-key/classes/user-key-store.bbclass | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-signing-key/classes/user-key-store.bbclass b/meta-signing-key/classes/user-key-store.bbclass index d300f9d..aa027db 100644 --- a/meta-signing-key/classes/user-key-store.bbclass +++ b/meta-signing-key/classes/user-key-store.bbclass @@ -336,6 +336,10 @@ deploy_uefi_sb_keys() { install -d "$deploy_dir" cp -af "${UEFI_SB_KEYS_DIR}"/* "$deploy_dir" + for KEY in DB KEK PK; do + openssl x509 -in "${UEFI_SB_KEYS_DIR}"/${KEY}.crt \ + -out "$deploy_dir"/${KEY}.cer -outform DER; + done fi } -- cgit v1.2.3-54-g00ecf