mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-04 20:30:59 -05:00
45 lines
1.4 KiB
Go
45 lines
1.4 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"path/filepath"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/osimage/secureboot"
|
|
"github.com/spf13/afero"
|
|
)
|
|
|
|
func loadSecureBootKeys(basePath string) (secureboot.Database, secureboot.UEFIVarStore, error) {
|
|
platformKeyCert := filepath.Join(basePath, "PK.cer")
|
|
keyExchangeKeyCerts := []string{
|
|
filepath.Join(basePath, "KEK.cer"),
|
|
filepath.Join(basePath, "MicCorKEKCA2011_2011-06-24.crt"),
|
|
}
|
|
signatureDBCerts := []string{
|
|
filepath.Join(basePath, "db.cer"),
|
|
filepath.Join(basePath, "MicWinProPCA2011_2011-10-19.crt"),
|
|
filepath.Join(basePath, "MicCorUEFCA2011_2011-06-27.crt"),
|
|
}
|
|
sbDatabase, err := secureboot.DatabaseFromFiles(afero.NewOsFs(), platformKeyCert, keyExchangeKeyCerts, signatureDBCerts)
|
|
if err != nil {
|
|
return secureboot.Database{},
|
|
secureboot.UEFIVarStore{},
|
|
fmt.Errorf("preparing secure boot database: %w", err)
|
|
}
|
|
platformKeyESL := filepath.Join(basePath, "PK.esl")
|
|
keyExchangeKeyESL := filepath.Join(basePath, "KEK.esl")
|
|
signatureDBESL := filepath.Join(basePath, "db.esl")
|
|
uefiVarStore, err := secureboot.VarStoreFromFiles(afero.NewOsFs(), platformKeyESL, keyExchangeKeyESL, signatureDBESL, "")
|
|
if err != nil {
|
|
return secureboot.Database{},
|
|
secureboot.UEFIVarStore{},
|
|
fmt.Errorf("preparing secure boot variable store: %w", err)
|
|
}
|
|
return sbDatabase, uefiVarStore, nil
|
|
}
|