From aa772ea04800612c7c8f283fea7e9f70f62d2fb2 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Wed, 1 Mar 2017 18:09:53 -0800
Subject: [PATCH] Revert "offline_signing: sign UEFI binaries for Secure Boot"

This reverts commit 40b60875d0ce22060ac3f468102a79d1356ec4cd.
---
 offline_signing/sign.sh | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/offline_signing/sign.sh b/offline_signing/sign.sh
index 97be403b09..baf6c8cfbb 100755
--- a/offline_signing/sign.sh
+++ b/offline_signing/sign.sh
@@ -5,27 +5,14 @@ DATA_DIR="$(readlink -f "$1")"
 KEYS_DIR="$(readlink -f "$(dirname "$0")")"
 
 gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
+gpg2 --verify "${DATA_DIR}/coreos_production_image.vmlinuz.sig"
 gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig"
 bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2"
 unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}"
 
 export PATH="${DATA_DIR}:${PATH}"
+
 cd "${DATA_DIR}"
-
-# Sign UEFI binaries for Secure Boot.
-for bin in vmlinuz grub shim
-do
-        [ -e "coreos_production_image.$bin" ] || continue
-        gpg2 --verify "coreos_production_image.$bin.sig"
-        mv "coreos_production_image.$bin" "$bin.unsigned"
-        pesign --in="$bin.unsigned" \
-               --out="coreos_production_image.$bin" \
-               --certdir="${KEYS_DIR}" \
-               --certificate='CoreOS Secure Boot Certificate' \
-               --sign
-done
-
-# Sign the delta, with the Secure Boot signed kernel.
 ./core_sign_update \
     --image "${DATA_DIR}/coreos_production_update.bin" \
     --kernel "${DATA_DIR}/coreos_production_image.vmlinuz" \