Metadata-Version: 2.1
Name: ovmfkeyenroll
Version: 1.2.0
Summary: OVMF PK, KEK and DB Keys Enrolling
Project-URL: Homepage, https://github.com/intel/tdx-tools/tree/main/utils/ovmfkeyenroll
Project-URL: Bug Tracker, https://github.com/intel/tdx-tools/issues
Author-email: "Xu, Min" <min.m.xu@intel.com>, "Feng, Jialei" <jialei.feng@intel.com>
License-File: LICENSE
Classifier: Development Status :: 3 - Alpha
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Software Development :: Testing
Classifier: Topic :: System :: Boot
Requires-Python: >=3.6.8
Description-Content-Type: text/markdown

A tool to enroll secure boot keys in OVMF_VARS.fd

## Build & Install

```
python3 -m pip install --upgrade build
python3 -m build
python3 -m pip install dist/ovmfkeyenroll-*.whl
```

## Usage

You can copy OVMF_VAR.fd to current path.

This is to enroll PK, KEK and DB keys and generate OVMF_VAR.sb.fd:

```
ovmfkeyenroll -fd $PWD/OVMF_VARS.fd \
-pk <pk-key-guid> <absolute-path-to-PK.cer> \
-kek <kek-guid> <absolute-path-to-KEK.cer> \
-db <db-key-guid> <absolute-path-to-DB.cer>
```

The keys have been successfully enrolled:

```
VariableFV: TimeBasedAuthenticated - Supported
Var Store: add PK - Success
Write Variable(PK) - Success

Enroll PK variable -- Success

VariableFV: TimeBasedAuthenticated - Supported
Var Store: add KEK - Success
Write Variable(KEK) - Success

Enroll KEK variable -- Success

VariableFV: TimeBasedAuthenticated - Supported
Var Store: add db - Success
Write Variable(db) - Success

Enroll db variable -- Success

VariableFV: TimeBasedAuthenticated - Supported
Var Store: add SecureBootEnable - Success
Write Variable(SecureBootEnable) - Success

Enroll SecureBootEnable variable -- Success
```
