Skip to content

Commit

Permalink
add an error if efitools is too old
Browse files Browse the repository at this point in the history
  • Loading branch information
yaperez-anssi committed Jan 6, 2020
1 parent 1c31308 commit 7d402d9
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions tools/ca/gen.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,19 @@ set -e

NAME="chipsec-sec secureboot test"

# efitools prior 1.9.2 has a bug preventing PK insertion in somes BIOSes
# See https://forums.lenovo.com/t5/ThinkPad-11e-Windows-13-E-and/Cannot-install-custom-secure-boot-PK-platform-key/td-p/4318378
# This bug manifests in sign-efi-sig-list so check that if possible
if [ -x /usr/bin/dpkg ];
then
efitools_vers=$(sign-efi-sig-list --version | awk '{ print $2 }')
if $(dpkg --compare-versions "$efitools_vers" lt "1.9.2");
then
echo "efitools version ($efitools_vers) is too old, please upgrade to efitools >= 1.9.2 to avoid potential bugs when inserting PK" >&2
exit 1
fi
fi

rm *.cer
rm *.crt
rm *.key
Expand Down

0 comments on commit 7d402d9

Please sign in to comment.