diff --git a/boot-verify-sign b/boot-verify-sign deleted file mode 100755 index 466a54c..0000000 --- a/boot-verify-sign +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -/bin/bash /usr/local/sbin/verify-boot; -if [ $? -ne 0 ]; then - echo "Bad" > /opt/boot-verify-state; - /bin/bash /usr/local/sbin/sign-boot; - echo "Good" > /opt/boot-verify-state; -else - echo "Good" > /opt/boot-verify-state; -fi; diff --git a/grub-update b/grub-update deleted file mode 100644 index 66ce91c..0000000 --- a/grub-update +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -echo "[+] Updating Grub..."; -/usr/sbin/update-grub; -/usr/share/ubuntu-system-adjustments/systemd/start; -/usr/local/sbin/sign-boot; -echo "[*] Grub Update Complete!"; diff --git a/install-grub b/install-grub deleted file mode 100644 index ef0e4b2..0000000 --- a/install-grub +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -echo "[+] Installing Grub..."; -grub-install -v --target=x86_64-efi /dev/sda --efi-directory=/boot/efi --boot-directory=/boot --uefi-secure-boot --pubkey=/root/pubkey --sbat=/root/sbat --disable-shim-lock --modules="acpi afsplitter all_video bitmap bitmap_scale boot btrfs bufio cat chain configfile cpuid crypto cryptodisk datetime disk diskfilter echo efi_gop efinet efi_uga ext2 extcmd fat font fshelp gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool gettext gfxmenu gfxterm gfxterm_background gzio halt help hfsplus iso9660 jpeg keystatus linux linuxefi loadenv loopback ls luks lvm lzopio mdraid09 mdraid1x mmap mpi net normal ntfs password_pbkdf2 pbkdf2 pgp png probe procfs raid5rec raid6rec regexp relocator search search_fs_file search_fs_uuid search_label sleep smbios squash4 terminal trig video video_bochs video_cirrus video_colors xfs xzio zfs zfscrypt zfsinfo zstd part_gpt tpm"; -#echo "[+] Patching load.cfg"; -#echo >> /boot/grub/x86_64-efi/load.cfg; -#echo 'trust --skip-sig (hd0,gpt6)/pubkey' >> /boot/grub/x86_64-efi/load.cfg; -#echo 'set check_signatures=enforce' >> /boot/grub/x86_64-efi/load.cfg; -#echo 'set superusers="root"' >> /boot/grub/x86_64-efi/load.cfg; -#echo 'password_pbkdf2 root grub.pbkdf2.sha512.10000.87A1064D2A4493C4235F8BB04C02309873D6ECC872696400690D4C6194A9EE8A0BE005590ACAE2E3C1F416A8E9DBB665EC1F6AE35B4274CE3CD8F4694D17D0DA.18DDB69D7AB16CDC661D9F8D47CFA37A9C6A9FF8E2851C56E0E131A99BC713C348C152D338171809BE7AE2CBDA7DACE06AAD83F6B7ED118430F0C3DD9935B5AF' >> /boot/grub/x86_64-efi/load.cfg; -#sudo cp /boot/grub/x86_64-efi/load.cfg /boot/efi/EFI/ubuntu/grub.cfg; -grub-update; -echo "[*] Grub Install Complete!"; diff --git a/linux-version b/linux-version deleted file mode 100755 index b154f73..0000000 --- a/linux-version +++ /dev/null @@ -1,121 +0,0 @@ -#!/usr/bin/perl - -# Copyright 2011 Ben Hutchings -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - -use strict; -use warnings; - -use DebianLinux qw(version_cmp image_list); - -sub usage { - my $fh = shift; - print $fh (<< "EOT"); -Usage: $0 compare VERSION1 OP VERSION2 - $0 sort [--reverse] [VERSION1 VERSION2 ...] - $0 list [--paths] - -The version arguments should be kernel version strings as shown by -'uname -r' and used in filenames. - -The valid comparison operators are: lt le eq ge gt -EOT -} - -sub usage_error { - usage(*STDERR{IO}); - exit 2; -} - -sub compare_versions { - my %op_map = qw(lt < le <= eq == ge >= gt >); - - # Check arguments - if (@_ != 3) { - usage_error(); - } - my ($left, $op, $right) = @_; - if (!exists($op_map{$op})) { - usage_error(); - } - - my $sign = version_cmp($left, $right); - exit !eval("$sign ${op_map{$op}} 0"); -} - -sub sort_versions { - # Check for --reverse option - my $sign = 1; - if (@_ >= 1 and $_[0] eq '--reverse') { - $sign = -1; - shift; - } - - # Collect versions from argv or stdin (with optional suffix after a space) - my @versions; - if (@_) { - @versions = map({[$_, "\n"]} @_); - } else { - while () { - /^([^ \n]*)(.*\n?)$/ or die; - push @versions, [$1, $2]; - } - } - - for (sort({version_cmp($a->[0], $b->[0]) * $sign} @versions)) { - print @$_; - } - exit 0; -} - -sub list_versions { - my $show_paths; - - if (@_ == 1 and $_[0] eq '--paths') { - $show_paths = 1; - } elsif (@_ != 0) { - usage_error(); - } - my $sig = '.sig'; - for (image_list()) { - my ($version, $path) = @$_; - unless ($path =~ /\Q$sig\E$/) { - if ($show_paths) { - print "$version $path\n"; - } else { - print "$version\n"; - } - } - } - exit 0; -} - -if (@ARGV == 0) { - usage_error(); -} - -my $command = shift; -if ($command eq 'help' or grep({$_ eq '--help'} $command, @ARGV)) { - usage(*STDOUT{IO}); - exit 0; -} elsif ($command eq 'compare') { - compare_versions(@ARGV); -} elsif ($command eq 'sort') { - sort_versions(@ARGV); -} elsif ($command eq 'list') { - list_versions(@ARGV); -} -usage_error(); diff --git a/sign-boot b/sign-boot deleted file mode 100644 index 6e6f75c..0000000 --- a/sign-boot +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -echo "[*] Preparing to sign!"; -#touch /dev/shm/sb-passpwd.txt; -#chown root:root /dev/shm/sb-passpwd.txt; -#chmod u=rw,g=,o= /dev/shm/sb-passpwd.txt; -#echo -n "Password: "; -#read -s pwd; -#echo -n "$pwd" > /dev/shm/sb-passpwd.txt; -echo "[-] BMOK Un-Signing..."; -for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print) -do - echo $i; - /usr/bin/sbattach --remove $i; -done; -echo "[+] BMOK Signing..."; -for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print) -do - echo $i; - /usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i; -done; -echo "[-] Un-Signing..."; -#-iname "efi" -prune -o -for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print) -do - rm "$i"; -done; -echo "[+] Signing..."; -for i in $(/usr/bin/find /boot -iname "efi" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print) -do - echo $i; - /usr/bin/gpg --batch --detach-sign $i; - #gpg -v --batch --detach-sign --passphrase-fd 0 $i < \ - # /dev/shm/sb-passpwd.txt; -done; -for i in $(/usr/bin/find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print) -do - echo $i; - /usr/bin/gpg --batch --detach-sign $i; -done; -#shred /dev/shm/sb-passpwd.txt; -echo "[*] Signing Complete!"; diff --git a/update-mydebs b/update-mydebs deleted file mode 100644 index cc0ca12..0000000 --- a/update-mydebs +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash -cd /usr/local/mydebs -dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz diff --git a/verify-boot b/verify-boot deleted file mode 100644 index d8ce70d..0000000 --- a/verify-boot +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -echo "[*] Preparing to verify!"; -echo "[-] Missing Signatures:"; -ec=0; -for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print) -do - if [ ! -f "$i.sig" ]; then - echo "Missing: $i"; - ec=1; - fi -done; -for i in $(find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print) -do - if [ ! -f "$i.sig" ]; then - echo "Missing: $i"; - ec=1; - fi -done; -bad='Good'; -echo "[*] Signed:"; -for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print) -do - if [ -f "$i.sig" ]; then - if gpg --verify-files "$i.sig" > /dev/null 2>&1 - then - echo "Good: $i"; - else - echo "Bad: $i"; - bad='Bad'; - ec=2; - fi - fi -done; -for i in $(find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print) -do - if [ -f "$i.sig" ]; then - if gpg --verify-files "$i.sig" > /dev/null 2>&1 - then - echo "Good: $i"; - else - echo "Bad: $i"; - bad='Bad'; - ec=2; - fi - fi -done; -echo "[-] Signature State: $bad"; -if [ $ec -ne 0 ]; then - touch /boot/boot-tainted; -elif [ -f /boot/boot-tainted ]; then - rm -f /boot/boot-tainted; -fi -echo "[*] Finished Verification!"; -exit $ec;