write a efi-shell-script to set Moknew to MokList

tbk2 commented 6 years ago

Hi,

I want to provisioning a pool of pc for secure boot with a minimum set of interaction.

The idea is to

boot a linux over uefi-pxe
import a .der key with mokutil
reboot in to the efishell
perform the necessary steps to write the data from Moknew to MokList via the startup.nsh.

I tried to understand the steps from MokManager.c and tried to do it with the efishell command setvar but I wasn't successful.

Maybe someone could help me with the necessary efishell commands to write the date from Moknew to MokList?

lcp commented 6 years ago

The format of MokList follows the Signature Database defined in UEFI spec 2.7 errata A 31.4.1, and what MokManager does is to append MokNew to MokList. Hope this helps.

tbk2 commented 6 years ago

Yes ... then you!

lcp / mokutil

write a efi-shell-script to set Moknew to MokList #12