From 7f3143523d107826a92a500455531cfe5da03422 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Tue, 1 Aug 2017 10:40:59 +0800
Subject: create-user-key-store.sh: self-sign KEK and DB

UEFI spec never ask for the fact that KEK must be signed by PK and
DB must be signed by KEK.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
 meta-signing-key/scripts/create-user-key-store.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index dea4fa6..e5f754a 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -148,9 +148,9 @@ create_uefi_sb_user_keys() {
 
     ca_sign "$key_dir" PK "$key_dir" PK \
         "/CN=PK Certificate/"
-    ca_sign "$key_dir" KEK "$key_dir" PK \
+    ca_sign "$key_dir" KEK "$key_dir" KEK \
         "/CN=KEK Certificate"
-    ca_sign "$key_dir" DB "$key_dir" KEK \
+    ca_sign "$key_dir" DB "$key_dir" DB \
         "/CN=DB Certificate"
 }
 
-- 
cgit v1.2.3-54-g00ecf