DOT-Files/Gentoo/gentooamd/etc/secureboot-setup/02-create-keyfiles.sh

#!/bin/bash

# This command genereates ekyfiles with OpenSSL
#for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout ${key_type}.key -out ${key_type}.crt -days 9999 -sha256; done
for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout ${key_type}.key -out ${key_type}.crt -days 9999 -nodes -sha256; done

# This command will generate a Platform Key "PK"
# mkfifo key_pipe & sleep 1; openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's Platform Key" -keyout key_pipe -out PK.crt -days 9999 -noenc -sha256 & gpg --output PK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe && rm key_pipe

#This creates the keyfiles encrypting with GPG
#mkfifo key_pipe & sleep 1 && for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout key_pipe -out ${key_type}.crt -days 9999 -noenc -sha256 & gpg --output ${key_type}.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe ; done ; rm key_pipe

#mkfifo key_pipe &
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's PK" -keyout key_pipe -out PK.crt -days 9999 -noenc -sha256 
#gpg --output PK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's KEK" -keyout key_pipe -out KEK.crt -days 9999 -noenc -sha256 
#gpg --output KEK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's db" -keyout key_pipe -out db.crt -days 9999 -noenc -sha256 
#gpg --output db.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's dbx" -keyout key_pipe -out dbx.crt -days 9999 -noenc -sha256 
#gpg --output dbx.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#rm key_pipe
Re-initialze to remove the 1GB binary lmstudio 2025-03-14 21:59:59 -06:00			`#!/bin/bash`

			`# This command genereates ekyfiles with OpenSSL`
			`#for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout ${key_type}.key -out ${key_type}.crt -days 9999 -sha256; done`
			`for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout ${key_type}.key -out ${key_type}.crt -days 9999 -nodes -sha256; done`

			`# This command will generate a Platform Key "PK"`
			`# mkfifo key_pipe & sleep 1; openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's Platform Key" -keyout key_pipe -out PK.crt -days 9999 -noenc -sha256 & gpg --output PK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe && rm key_pipe`

			`#This creates the keyfiles encrypting with GPG`
			`#mkfifo key_pipe & sleep 1 && for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout key_pipe -out ${key_type}.crt -days 9999 -noenc -sha256 & gpg --output ${key_type}.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe ; done ; rm key_pipe`

			`#mkfifo key_pipe &`
			`#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's PK" -keyout key_pipe -out PK.crt -days 9999 -noenc -sha256`
			`#gpg --output PK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe`
			`#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's KEK" -keyout key_pipe -out KEK.crt -days 9999 -noenc -sha256`
			`#gpg --output KEK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe`
			`#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's db" -keyout key_pipe -out db.crt -days 9999 -noenc -sha256`
			`#gpg --output db.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe`
			`#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's dbx" -keyout key_pipe -out dbx.crt -days 9999 -noenc -sha256`
			`#gpg --output dbx.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe`
			`#rm key_pipe`