Translate

Archives

Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)
Image of Android Wireless Application Development
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of Beginning Google Maps API 3

Makefile to Create UEFI SecureBoot Keys

If you are unfamilar with signing executables for UEFI SecureBoot see How to Sign UEFI Drivers & Applications from the TianoCore EDK2 website.

Here is a simple Makefile which can be used to create the necessary keys:

#
# Make all keys for UEFI SecureBoot
#

TOPDIR := $(shell pwd)/

.SUFFIXES: .crt

all: PK.crt PK.key KEK.crt KEK.key DB.crt DB.key

PK.crt KEK.crt DB.crt:
        openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes

.KEEP: PK.crt PK.key KEK.crt KEK.key DB.crt DB.key

%.cer: %.crt
        openssl x509 -in $< -out $@ -outform DER

%-subkey.csr:
        openssl req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes

%-subkey.crt: %-subkey.csr KEK.crt
        openssl x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365

clean:
        rm -f PK.* KEK.* DB.*


Naturally, you may have to modify it to suit your own particular setup but the above should give you a good starting point.

Comments are closed.