Lines Matching full:keys
54 class Keys: class
55 """Public and private keys paths.
77 keys: An instance of Keys.
80 def __init__(self, temp_dir: os.PathLike, keys: Keys): argument
82 self.keys = keys
101 self.keys.private_key,
103 self.keys.sign_cert,
108 if is_pkcs11_key_path(self.keys.private_key):
123 ["sbverify", "--cert", self.keys.verify_cert, target],
151 self.keys.crdyshim_private_key,
155 if is_pkcs11_key_path(self.keys.private_key):
165 def inject_vbpubk(efi_file: os.PathLike, keys: Keys): argument
174 keys: An instance of Keys.
183 f"{section_name}={keys.kernel_subkey_vbpubk}",
190 def check_keys(keys: Keys): argument
191 """Checks existence of the keys used for signing.
197 keys: The keys to check.
201 ensure_file_exists(keys.verify_cert, "No verification cert")
202 ensure_file_exists(keys.sign_cert, "No signing cert")
203 ensure_file_exists(keys.kernel_subkey_vbpubk, "No kernel subkey public key")
204 # Only check the private keys if they are local paths rather than a
206 if not is_pkcs11_key_path(keys.private_key):
207 ensure_file_exists(keys.private_key, "No signing key")
208 # Do not check |keys.crdyshim_private_key| here, as it is not
212 def sign_target_dir(target_dir: os.PathLike, keys: Keys, efi_glob: str): argument
218 keys: An instance of Keys.
225 # Verify all keys are present for signing.
226 check_keys(keys)
230 signer = Signer(working_dir, keys)
238 # Only check the private keys if they are local paths rather than a
240 if not is_pkcs11_key_path(keys.crdyshim_private_key):
242 keys.crdyshim_private_key, "No crdyshim private key"
246 inject_vbpubk(efi_file, keys)
258 def sign_target_file(target_file: os.PathLike, keys: Keys): argument
263 keys: An instance of Keys.
266 # Verify all keys are present for signing.
267 check_keys(keys)
271 signer = Signer(working_dir, keys)
352 keys = Keys(
363 sign_target_dir(opts.target_dir, keys, opts.efi_glob)
365 sign_target_file(opts.target_file, keys)