create-user-key-store.sh: self-sign KEK and DB

UEFI spec never ask for the fact that KEK must be signed by PK and DB must be signed by KEK. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2026-05-06 17:58:24 +00:00 · 2017-08-01 10:40:59 +08:00
parent 45748a09ef
commit 7f3143523d
1 changed files with 2 additions and 2 deletions
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -148,9 +148,9 @@ create_uefi_sb_user_keys() {

    ca_sign "$key_dir" PK "$key_dir" PK \
        "/CN=PK Certificate/"
-    ca_sign "$key_dir" KEK "$key_dir" PK \
+    ca_sign "$key_dir" KEK "$key_dir" KEK \
        "/CN=KEK Certificate"
-    ca_sign "$key_dir" DB "$key_dir" KEK \
+    ca_sign "$key_dir" DB "$key_dir" DB \
        "/CN=DB Certificate"
 }