Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 May 2015 15:12:13 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r282976 - stable/10/share/examples/uefisign
Message-ID:  <201505151512.t4FFCDsV096964@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: trasz
Date: Fri May 15 15:12:12 2015
New Revision: 282976
URL: https://svnweb.freebsd.org/changeset/base/282976

Log:
  MFC r279321:
  
  Make the uefikeys script output slightly more obvious.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/10/share/examples/uefisign/uefikeys
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/share/examples/uefisign/uefikeys
==============================================================================
--- stable/10/share/examples/uefisign/uefikeys	Fri May 15 15:10:34 2015	(r282975)
+++ stable/10/share/examples/uefisign/uefikeys	Fri May 15 15:12:12 2015	(r282976)
@@ -18,7 +18,6 @@ fi
 certfile="${1}.pem"
 efifile="${1}.cer"
 keyfile="${1}.key"
-p12file="${1}.p12"
 # XXX: Set this to ten years; we don't want system to suddenly stop booting
 #      due to certificate expiration.  Better way would be to use Authenticode
 #      Timestamp.  That said, the rumor is UEFI implementations ignore it anyway.
@@ -28,13 +27,11 @@ subj="/CN=${1}"
 [ ! -e "${certfile}" ] || die "${certfile} already exists"
 [ ! -e "${efifile}" ] || die "${efifile} already exists"
 [ ! -e "${keyfile}" ] || die "${keyfile} already exists"
-[ ! -e "${p12file}" ] || die "${p12file} already exists"
 
 umask 077 || die "umask 077 failed"
 
 openssl genrsa -out "${keyfile}" 2048 2> /dev/null || die "openssl genrsa failed"
 openssl req -new -x509 -sha256 -days "${days}" -subj "${subj}" -key "${keyfile}" -out "${certfile}" || die "openssl req failed"
 openssl x509 -inform PEM -outform DER -in "${certfile}" -out "${efifile}" || die "openssl x509 failed"
-openssl pkcs12 -export -out "${p12file}" -inkey "${keyfile}" -in "${certfile}" -password 'pass:' || die "openssl pkcs12 failed"
 
-echo "certificate: ${certfile}; private key: ${keyfile}; UEFI public key: ${efifile}; private key with empty password for pesign: ${p12file}"
+echo "certificate: ${certfile}; private key: ${keyfile}; certificate to enroll in UEFI: ${efifile}"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505151512.t4FFCDsV096964>