create-user-key-store.sh: self-sign KEK and DB

UEFI spec never ask for the fact that KEK must be signed by PK and
DB must be signed by KEK.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index dea4fa6..e5f754a 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -148,9 +148,9 @@ create_uefi_sb_user_keys() {
 
     ca_sign "$key_dir" PK "$key_dir" PK \
         "/CN=PK Certificate/"
-    ca_sign "$key_dir" KEK "$key_dir" PK \
+    ca_sign "$key_dir" KEK "$key_dir" KEK \
         "/CN=KEK Certificate"
-    ca_sign "$key_dir" DB "$key_dir" KEK \
+    ca_sign "$key_dir" DB "$key_dir" DB \
         "/CN=DB Certificate"
 }