Update

dracut-ukify

@@ -1,4 +1,4 @@
-#!/bin/bash -e
+#!/bin/bash
 
 function usage {
   echo "$(basename "$0") [OPTIONS]"
@@ -39,6 +39,68 @@ else
 
 fi
 
+ukify_conf="/etc/kernel/uki.conf"
+keys_count=0
+
+function check_uki_conf_and_keys_and_gen_keys {
+  if [ ! -f "${ukify_conf}" ]; then
+    echo "Create ${ukify_conf}"
+    cat >"${ukify_conf}" <<EOF
+[UKI]
+SecureBootPrivateKey=/etc/kernel/secure-boot.key.pem
+SecureBootCertificate=/etc/kernel/secure-boot.cert.pem
+SignKernel=yes
+PCRBanks=sha384,sha512
+SBAT="sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
+      uki.author.myimage,1,UKI for System,uki.author.myimage,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html"
+
+[PCRSignature:initrd]
+PCRPrivateKey=/etc/kernel/pcr-initrd.key.pem
+PCRPublicKey=/etc/kernel/pcr-initrd.pub.pem
+Phases=enter-initrd
+
+[PCRSignature:system]
+PCRPrivateKey=/etc/kernel/pcr-system.key.pem
+PCRPublicKey=/etc/kernel/pcr-system.pub.pem
+Phases=enter-initrd:leave-initrd
+       enter-initrd:leave-initrd:sysinit
+       enter-initrd:leave-initrd:sysinit:ready
+EOF
+  fi
+
+  echo "Check Secure Boot keys"
+  declare -a keys=("/etc/kernel/secure-boot.key.pem" "/etc/kernel/secure-boot.cert.pem" "/etc/kernel/pcr-initrd.key.pem" "/etc/kernel/pcr-initrd.pub.pem" "/etc/kernel/pcr-system.key.pem" "/etc/kernel/pcr-system.pub.pem")
+
+  for i in ${keys[@]}
+  do
+    if [ -f "${i}" ]
+    then
+      echo "${i} exist"
+      keys_count=$(expr $keys_count + 1)
+    fi
+  done
+
+  if [[ $keys_count < 6 ]]
+  then
+    for i in ${keys[@]}
+    do
+      if [ -f "${i}" ]
+      then
+        echo "${i} remove"
+        rm "${i}"
+        keys_count=$(expr $keys_count - 1)
+      fi
+    done
+  fi
+  echo "Keys = $keys_count"
+
+  if [ -f "${ukify_conf}" ] && [[ $keys_count == 0 ]]
+  then
+    echo "Generate keys"
+    /usr/lib/systemd/ukify genkey --config "${ukify_conf}"
+  fi
+}
+
 declare -A kernels
 update_all=0
 
@@ -102,7 +164,7 @@ while getopts ":hag:xyz" arg; do
           kernels["${kernel_name}"]="${BASH_REMATCH[1]}"
         else
           update_all=1
-          break 
+          break
         fi
       done
       ;;
@@ -131,57 +193,11 @@ if (( update_all )); then
 fi
 
 
-ukify_conf="/etc/kernel/uki.conf"
-
-if [ ! -f "${ukify_conf}" ]; then
-    cat >"${ukify_conf}" <<EOF
-[UKI]
-SecureBootPrivateKey=/etc/kernel/secure-boot.key.pem
-SecureBootCertificate=/etc/kernel/secure-boot.cert.pem
-SignKernel=yes
-PCRBanks=sha384,sha512
-SBAT=sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-uki.author.myimage,1,UKI for System,uki.author.myimage,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html
-
-[PCRSignature:initrd]
-PCRPrivateKey=/etc/kernel/pcr-initrd.key.pem
-PCRPublicKey=/etc/kernel/pcr-initrd.pub.pem
-Phases=enter-initrd
-
-[PCRSignature:system]
-PCRPrivateKey=/etc/kernel/pcr-system.key.pem
-PCRPublicKey=/etc/kernel/pcr-system.pub.pem
-Phases=enter-initrd:leave-initrd
-       enter-initrd:leave-initrd:sysinit
-       enter-initrd:leave-initrd:sysinit:ready
-EOF
-fi
-
-declare -a keys=("/etc/kernel/secure-boot.key.pem" "/etc/kernel/secure-boot.cert.pem" "/etc/kernel/pcr-initrd.key.pem" "/etc/kernel/pcr-initrd.pub.pem" "/etc/kernel/pcr-system.key.pem" "/etc/kernel/pcr-system.pub.pem")
-keys_count=0
-for i in ${keys[@]}
-do
-  if [ -f "${i}" ]; then
-    keys_count=$(expr $keys_count + 1)
-  fi
-done
-
-if [[ $keys_count < 6 ]]; then
-  for i in ${keys[@]}
-  do
-    if [ -f "${i}" ]; then
-      rm "${i}"
-      keys_count=$(expr $keys_count - 1)
-    fi
-  done
-fi
-
-if [ -f "${ukify_conf}" ] && [ $keys_count == 0 ]; then
-  /usr/lib/systemd/ukify genkey --config "${ukify_conf}"
-fi
 
 function gen_image() {
   check_root
+  check_uki_conf_and_keys_and_gen_keys
+
   kernel_name="$1"
   kernel_version="$2"