DOT-Files/Gentoo/gentooamd/etc/secureboot-setup/03-EFIsignatureList.sh

#!/bin/bash

# This command will create a new EFI signature list ".esl" for each file
for key_type in PK KEK db dbx; do cert-to-efi-sig-list -g $(< uuid.txt) ${key_type}.crt ${key_type}.esl; done

#Sign the sig list - Creates a .auth file
sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth
sign-efi-sig-list -a -k PK.key -c PK.crt KEK KEK.esl KEK.auth
sign-efi-sig-list -a -k PK.key -c KEK.crt db db.esl db.auth

# Create a .auth for the KEK as well
Re-initialze to remove the 1GB binary lmstudio 2025-03-14 21:59:59 -06:00			`#!/bin/bash`

			`# This command will create a new EFI signature list ".esl" for each file`
			`for key_type in PK KEK db dbx; do cert-to-efi-sig-list -g $(< uuid.txt) ${key_type}.crt ${key_type}.esl; done`

			`#Sign the sig list - Creates a .auth file`
			`sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth`
			`sign-efi-sig-list -a -k PK.key -c PK.crt KEK KEK.esl KEK.auth`
			`sign-efi-sig-list -a -k PK.key -c KEK.crt db db.esl db.auth`

			`# Create a .auth for the KEK as well`