What is EFITOOLS?
This is an UEFI tool that able to help you to load your PK, KEK, DB keys into the Firmware and enabled Secure Boot on your Computer.
It is also able to help you create the Private and Public Keys of PK, KEK and DB.
Why Compile 32bits Version instead of 64bits?
When you want to boot 32bit OS, you'll need 32bit UEFI BIOS. Since you are running 32bit UEFI BIOS, you can only execute EFI or binaries that are compile for 32bit.
Steps to compile 32bit version of EFITools:
1) Requirement:
32bit OS(32bit version) 64bit OS (64bit version) Fedora /Ubuntu / Linux based OS
In our example we will use Fedora 32bit. You can use 64bit OS to compile for 32bit version, however, my guide does not include that.
2) Download required dependancy and libraries needed:
a) Get the GNU-EFI library:: CMD ::
Method 1: sudo yum install gnu-efi
Method 2: git clone https://github.com/vathpela/gnu-efi
cd into the directory
make
sudo make install
b) Get the sbsigntool ::CMD ::
Method 1: git clone https://github.com/wmarone/sbsigntool
cd into the directory
./autogen.sh
./configure //Notice, they might be some dependency missing, need installation
make
sudo make install
c) Get some libraries needed
sudo yum install pkgconfig
sudo yum install perl-CPAN
sudo yum install perl-File-Slurp
sudo yum install help2man
3) Above are similar across 32bits version and 64bits version, however, below will be 32bit focus only.
There will be an error in the lib/security_policy.c as there are asm code in the security policy and so far I can't find a workaround for it.
vim lib/Makefile
Delete the security_policy.o from the FILES = line
Add the bolded two lines
clean:
rm -f lib.a
rm -f $(LIBFILES)
rm -f lib-efi.a
rm -f $(EFILIBFILES)
vim Makefile
Delete the PreLoader.efi from the EFIFILES = line, as this file required the security_policy.c library
4) Compile all the necessary files by doing make
make clean && make
//It should complete with no error and undefine symbols
5) Now create a USB drive image:
./mkusb * * usb_drive_image.img
6) Open the System in Fedora application and plug in a USB pendrive
Click Restore Image on the drive and select the usb_drive_image.img
Congratulation, you have successfully created your own signed application with PK, KEK, DB keys.