Secure Boot Keys for SpinetiX products
--------------------------------------

This directory holds the SpinetiX Secure Boot Keys for initialization
of UEFI Secure Systems which are in setup mode.

It contains the Platform Key (PK), the Key Exchange Key (KEK), the
authorized signature database (db) and the forbidden signature
database (dbx).

In each of these the *.siglist file is the key formatted as a
EFI_SIGNATURE_LIST.

The *.siglist.signed files are formatted as a EFI_SIGNATURE_LIST and
signed ready for calling EFI SetVariable(), the first 4 bytes contain
the attributes to use in the call to SetVariable().

All these files have the EFI_VARIABLE_APPEND_WRITE attribute unset
(i.e. so that it overwrites the variable). The signature timestamps
are on 2019-09-27, so they cannot overwrite variables written or
appended later.

The dbx is just a dummy DB with the all zero SHA256, so that the
variable is created and can be appended to in the future.

The owner GUID in the EFI_SIGNATURE_LIST of all the variables is
012af9b0-238f-462b-962b-269052b49c4a.
