#!/bin/bash

# This command will create a new EFI signature list ".esl" for each file
for key_type in PK KEK db dbx; do cert-to-efi-sig-list -g $(< uuid.txt) ${key_type}.crt ${key_type}.esl; done

#Sign the sig list - Creates a .auth file
sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth
sign-efi-sig-list -a -k PK.key -c PK.crt KEK KEK.esl KEK.auth
sign-efi-sig-list -a -k PK.key -c KEK.crt db db.esl db.auth

# Create a .auth for the KEK as well