#!/bin/bash
# attach ascii armored signature to a PE binary
set -e

infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
	echo "USAGE: $0 file.efi"
	exit 1
fi

outfile="${infile%.efi}-unsigned.efi"

nssdir=`mktemp -d`
cleanup()
{
	rm -r "$nssdir"
}
trap cleanup EXIT
echo > "$nssdir/pw"
certutil -f "$nssdir/pw" -d "$nssdir" -N

pesign -n "$nssdir" -r -i "$infile" -o "$outfile"