45 lines
1.4 KiB
Go

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package cmd
import (
"fmt"
"path/filepath"
"github.com/edgelesssys/constellation/v2/internal/osimage/secureboot"
"github.com/spf13/afero"
)
func loadSecureBootKeys(basePath string) (secureboot.Database, secureboot.UEFIVarStore, error) {
platformKeyCert := filepath.Join(basePath, "PK.cer")
keyExchangeKeyCerts := []string{
filepath.Join(basePath, "KEK.cer"),
filepath.Join(basePath, "MicCorKEKCA2011_2011-06-24.crt"),
}
signatureDBCerts := []string{
filepath.Join(basePath, "db.cer"),
filepath.Join(basePath, "MicWinProPCA2011_2011-10-19.crt"),
filepath.Join(basePath, "MicCorUEFCA2011_2011-06-27.crt"),
}
sbDatabase, err := secureboot.DatabaseFromFiles(afero.NewOsFs(), platformKeyCert, keyExchangeKeyCerts, signatureDBCerts)
if err != nil {
return secureboot.Database{},
secureboot.UEFIVarStore{},
fmt.Errorf("preparing secure boot database: %w", err)
}
platformKeyESL := filepath.Join(basePath, "PK.esl")
keyExchangeKeyESL := filepath.Join(basePath, "KEK.esl")
signatureDBESL := filepath.Join(basePath, "db.esl")
uefiVarStore, err := secureboot.VarStoreFromFiles(afero.NewOsFs(), platformKeyESL, keyExchangeKeyESL, signatureDBESL, "")
if err != nil {
return secureboot.Database{},
secureboot.UEFIVarStore{},
fmt.Errorf("preparing secure boot variable store: %w", err)
}
return sbDatabase, uefiVarStore, nil
}