API tools faq
paste
Guest User

Untitled

a guest
Oct 13th, 2020
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.22 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. SB_CERTS_DIR=Secure_Boot_Certs
  4. trap "exit" INT
  5.  
  6. if [ -d "$SB_CERTS_DIR" ]; then rm -fr "$SB_CERTS_DIR"; fi
  7. mkdir -p $SB_CERTS_DIR;cd $SB_CERTS_DIR
  8.  
  9. function while_true {
  10. while true; do
  11. echo -e "\n  #   #   #      $*       #   #   #\n"
  12. eval "$*" &> /dev/null
  13. if [ $? == 0 ]
  14. then
  15. break
  16. else
  17. echo -e "\n   #     #       #       WRONG PASSWORD OR PASSWORDS DO NOT MUTCH! ! ! Try again!    #   #   #       \n"
  18. fi
  19. done
  20. }
  21.  
  22. while_true "openssl genrsa -out PK-priv.key -aes-256-cfb -rand /var/log/messages 4096"
  23. while_true "openssl genrsa -out KEK-priv.key -aes-256-cfb -rand /var/log/messages 4096"
  24. while_true "openssl genrsa -out ISK-priv.key -aes-256-cfb -rand /var/log/messages 4096"
  25. while_true "openssl req -x509 -subj \"/CN=PK pub auth/\" -key PK-priv.key -out PK-cert.x509 -days 3650"
  26. while_true "openssl req -x509 -subj \"/CN=KEK pub auth/\" -key KEK-priv.key -out KEK-cert.x509 -days 3650"
  27. while_true "openssl req -x509 -subj \"/CN=db auth/\" -key ISK-priv.key -out ISK-cert.x509 -days 3650"
  28.  
  29. cert-to-efi-sig-list PK-cert.x509 PK-cert.esl
  30. cert-to-efi-sig-list KEK-cert.x509 KEK-cert.esl
  31. cert-to-efi-sig-list ISK-cert.x509 ISK-cert.esl
  32. #cat ISK-pub.esl MsWin0-pub.esl MsWin1-pub.esl > db.esl
  33. cp ISK-cert.esl db.esl
  34.  
  35. echo "Teper' podpisyvaem PK samim soboj(PK-priv.key pass):"
  36. while_true "sign-efi-sig-list -k PK-priv.key -c PK-cert.x509 PK PK-cert.esl PK-cert.auth"
  37.  
  38. echo "Podpisyvaem KEK.esl kljuchom PK(PK-priv.key pass):"
  39. while_true "sign-efi-sig-list -k PK-priv.key -c PK-cert.x509 KEK KEK-cert.esl KEK-cert.auth"
  40.  
  41. echo "Podpisyvaem db.esl kljuchom KEK(KEK-priv.key pass):"
  42. while_true "sign-efi-sig-list -k KEK-priv.key -c KEK-cert.x509 db db.esl db.auth"
  43.  
  44. #mount -o remount,rw /sys/firmware/efi/efivars
  45. #efi-updatevar -f db.auth db
  46. #efi-updatevar -f KEK-cert.auth KEK
  47. #efi-updatevar -f PK-cert.auth PK
  48. #echo "Ostalos' podpisat' kakoj-nibud' ispolnjaemyj fajl kljuchom ISK:"
  49. #sbsign --key $SD_CERTS_DIR/ISK-priv.key --cert $SD_CERTS_DIR/ISK-cert.x509 --output /boot/EFI/BOOT/BOOTX64.EFI /usr/src/linux/arch/x86_64/boot/bzImage
  50. #sbsign --key $SD_CERTS_DIR/ISK-priv.key --cert $SD_CERTS_DIR/ISK-cert.x509 --output /tmp/winbootef00/EFI/Microsoft/Boot/bootmgfw.efi /tmp/winbootef00/EFI/Microsoft/Boot/bootmgfw.efi      ##WINDOWS
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!