uefi-keys/make_keys.sh: Add some comments.

uefi-keys/make_keys.sh

 #!/bin/bash
 # Copyright (c) 2015 by Roderick W. Smith
 # Licensed under the terms of the GPL v3
-# Modified by Nexedi 2021-2022
+# Modified by Ophelie Gagnard for Nexedi 2021-2022
+
+# Files:
+# .key		private key
+# .crt		certificate in PEM format (default)
+# .der		certificate in DER format (for UEFI)
+# .esl		EFI signature list
+# .auth		authentication header (secure variable update)
 
 echo -n "Enter a Common Name to embed in the keys: "
 read NAME
@@ -9,12 +16,15 @@ read NAME
 mkdir -p keys
 cd keys
 
+# Request certificates and create corresponding private keys.
 openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME PK/" -keyout PK.key \
         -out PK.crt -days 3650 -nodes -sha256
 openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME KEK/" -keyout KEK.key \
         -out KEK.crt -days 3650 -nodes -sha256
 openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME db/" -keyout db.key \
         -out db.crt -days 3650 -nodes -sha256
+
+# Convert certificates from PEM to DER format (needed for some UEFI).
 openssl x509 -in PK.crt -out PK.cer -outform DER
 openssl x509 -in KEK.crt -out KEK.cer -outform DER
 openssl x509 -in db.crt -out db.cer -outform DER
@@ -22,12 +32,15 @@ openssl x509 -in db.crt -out db.cer -outform DER
 GUID=`python3 -c 'import uuid; print(str(uuid.uuid1()))'`
 echo $GUID > myGUID.txt
 
+# Create EFI signature lists.
 cert-to-efi-sig-list -g $GUID PK.crt PK.esl
 cert-to-efi-sig-list -g $GUID KEK.crt KEK.esl
 cert-to-efi-sig-list -g $GUID db.crt db.esl
+
 rm -f noPK.esl
 touch noPK.esl
 
+# Create authentication headers for secure variables update (needed for some UEFI).
 sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
                   -k PK.key -c PK.crt PK PK.esl PK.auth
 sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \