bash-stuff/sign-boot

#!/bin/bash
echo "[*] Preparing to sign!";
#touch /dev/shm/sb-passpwd.txt;
#chown root:root /dev/shm/sb-passpwd.txt;
#chmod u=rw,g=,o= /dev/shm/sb-passpwd.txt;
#echo -n "Password: ";
#read -s pwd;
#echo -n "$pwd" > /dev/shm/sb-passpwd.txt;
echo "[-] BMOK Un-Signing...";
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
do
  echo $i;
  /usr/bin/sbattach --remove $i;
done;
echo "[+] BMOK Signing...";
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
do
  echo $i;
  /usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
done;
echo "[-] Un-Signing...";
#-iname "efi" -prune -o
for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print)
do
  rm "$i";
done;
echo "[+] Signing...";
for i in $(/usr/bin/find /boot -iname "efi" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
do
  echo $i;
  /usr/bin/gpg --batch --detach-sign $i;
  #gpg -v --batch --detach-sign --passphrase-fd 0 $i < \
  #  /dev/shm/sb-passpwd.txt;
done;
for i in $(/usr/bin/find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
do
  echo $i;
  /usr/bin/gpg --batch --detach-sign $i;
done;
#shred /dev/shm/sb-passpwd.txt;
echo "[*] Signing Complete!";
Re-init. 2024-05-30 01:42:30 +01:00			`#!/bin/bash`
			`echo "[*] Preparing to sign!";`
			`#touch /dev/shm/sb-passpwd.txt;`
			`#chown root:root /dev/shm/sb-passpwd.txt;`
			`#chmod u=rw,g=,o= /dev/shm/sb-passpwd.txt;`
			`#echo -n "Password: ";`
			`#read -s pwd;`
			`#echo -n "$pwd" > /dev/shm/sb-passpwd.txt;`
			`echo "[-] BMOK Un-Signing...";`
Script fixing... 2024-05-31 23:28:25 +01:00			`for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)`
Re-init. 2024-05-30 01:42:30 +01:00			`do`
			`echo $i;`
Script fixing... 2024-05-31 23:28:25 +01:00			`/usr/bin/sbattach --remove $i;`
Re-init. 2024-05-30 01:42:30 +01:00			`done;`
			`echo "[+] BMOK Signing...";`
Script fixing... 2024-05-31 23:28:25 +01:00			`for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)`
Re-init. 2024-05-30 01:42:30 +01:00			`do`
			`echo $i;`
Script fixing... 2024-05-31 23:28:25 +01:00			`/usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;`
Re-init. 2024-05-30 01:42:30 +01:00			`done;`
			`echo "[-] Un-Signing...";`
			`#-iname "efi" -prune -o`
Script fixing... 2024-05-31 23:28:25 +01:00			`for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print)`
Re-init. 2024-05-30 01:42:30 +01:00			`do`
			`rm "$i";`
			`done;`
			`echo "[+] Signing...";`
Fix up signing of boot files. 2024-06-04 14:44:43 +01:00			`for i in $(/usr/bin/find /boot -iname "efi" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)`
Re-init. 2024-05-30 01:42:30 +01:00			`do`
			`echo $i;`
Script fixing... 2024-05-31 23:28:25 +01:00			`/usr/bin/gpg --batch --detach-sign $i;`
Re-init. 2024-05-30 01:42:30 +01:00			`#gpg -v --batch --detach-sign --passphrase-fd 0 $i < \`
			`# /dev/shm/sb-passpwd.txt;`
			`done;`
Fix up signing of boot files. 2024-06-04 14:44:43 +01:00			`for i in $(/usr/bin/find /boot/efi -iname ".cfg" -type f -o -iname ".efi" -type f -print)`
			`do`
			`echo $i;`
			`/usr/bin/gpg --batch --detach-sign $i;`
			`done;`
Re-init. 2024-05-30 01:42:30 +01:00			`#shred /dev/shm/sb-passpwd.txt;`
			`echo "[*] Signing Complete!";`