From d3049d19a9b8410fd663b69e4797258472d224e6 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <brammp@noreply.bprieshof.nl>
Date: Tue, 13 Sep 2022 22:45:32 +0200
Subject: [PATCH] Add 'Migrate-SecureBootKey.md'

---
 Migrate-SecureBootKey.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 Migrate-SecureBootKey.md

diff --git a/Migrate-SecureBootKey.md b/Migrate-SecureBootKey.md
new file mode 100644
index 0000000..d8e23ad
--- /dev/null
+++ b/Migrate-SecureBootKey.md
@@ -0,0 +1,36 @@
+# Migrate Secureboot KEY
+## Export Ubuntu
+Copy following files
+Private Key: /var/lib/shim-signed/mok/MOK.priv
+Public Key: /var/lib/shim-signed/mok/MOK.der
+
+## Export Fedora
+Copy following files
+Symlink to Private Key: /etc/pki/akmods/private/private_key.priv
+Symlink to Public Key: /etc/pki/akmods/certs/private_key.priv
+
+## Import Ubuntu
+Using source.priv and source.der files in current directory to import
+```
+cp source.priv  /var/lib/shim-signed/mok/MOK.priv
+cp source.der  /var/lib/shim-signed/mok/MOK.der
+```
+
+## Import Fedora
+Using source.priv and source.der files in current directory to import
+```
+dnf install akmods kmodtool
+KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')"
+
+cp source.der /etc/pki/akmods/certs/${KEYNAME}.der
+cp source.priv /etc/pki/akmods/private/${KEYNAME}.priv
+
+chgrp akmods /etc/pki/akmods/certs/${KEYNAME}.*
+chgrp akmods /etc/pki/akmods/private/${KEYNAME}.*
+
+chmod g+r /etc/pki/akmods/certs/${KEYNAME}.*
+chmod g+r /etc/pki/akmods/private/${KEYNAME}.*
+
+ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der
+ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv
+```
\ No newline at end of file