2024-06-12 15:05:03 +01:00
|
|
|
#!/bin/bash
|
2024-10-07 17:14:49 +01:00
|
|
|
if [ -f /run/sign-verify-boot-flag ]; then
|
|
|
|
echo "[-] Waiting for in-progress Signing / Verifying!";
|
2024-11-14 10:01:32 +00:00
|
|
|
while /usr/bin/lsof /run/sign-verify-boot-flag > /dev/null 2>&1; do sleep 0.1; done
|
|
|
|
while /usr/bin/kill -0 "$(cat /run/sign-verify-boot-flag)" > /dev/null 2>&1; do sleep 1; done
|
2024-10-01 15:41:14 +01:00
|
|
|
fi;
|
2024-11-14 10:01:32 +00:00
|
|
|
/usr/bin/echo -n "$$" > /run/sign-verify-boot-flag;
|
2024-06-12 15:05:03 +01:00
|
|
|
echo "[*] Preparing to sign!";
|
|
|
|
echo "[-] BMOK Un-Signing...";
|
|
|
|
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
|
|
|
|
do
|
|
|
|
echo $i;
|
|
|
|
/usr/bin/sbattach --remove $i;
|
|
|
|
done;
|
|
|
|
echo "[+] BMOK Signing...";
|
|
|
|
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
|
|
|
|
do
|
|
|
|
echo $i;
|
|
|
|
/usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
|
|
|
|
done;
|
|
|
|
echo "[-] Un-Signing...";
|
|
|
|
#-iname "efi" -prune -o
|
|
|
|
for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print)
|
|
|
|
do
|
|
|
|
rm "$i";
|
|
|
|
done;
|
|
|
|
echo "[+] Signing...";
|
|
|
|
for i in $(/usr/bin/find /boot -iname "efi" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
|
|
|
do
|
|
|
|
echo $i;
|
|
|
|
/usr/bin/gpg --batch --detach-sign $i;
|
|
|
|
done;
|
|
|
|
for i in $(/usr/bin/find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
|
|
|
|
do
|
|
|
|
echo $i;
|
|
|
|
/usr/bin/gpg --batch --detach-sign $i;
|
|
|
|
done;
|
2024-10-07 17:14:49 +01:00
|
|
|
/usr/bin/rm -f /run/sign-verify-boot-flag;
|
2024-06-12 15:05:03 +01:00
|
|
|
echo "[*] Signing Complete!";
|