#!/usr/bin/env bash

uki="$3"
[[ -n "$uki" ]] || exit 0

keypairs=(/usr/share/secureboot/keys/db/db.key /usr/share/secureboot/keys/db/db.pem)

for (( i=0; i<${#keypairs[@]}; i+=2 )); do
	key="${keypairs[$i]}"
	cert="${keypairs[(( i + 1))]}"
	if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
		sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
	fi
done