#!/bin/bash
echo "[*] Preparing to verify!";
echo "[-] Missing Signatures:";
ec=0;
for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
do
  if [ ! -f "$i.sig" ]; then
    echo "Missing: $i";
    ec=1;
  fi
done;
for i in $(find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
do
  if [ ! -f "$i.sig" ]; then
    echo "Missing: $i";
    ec=1;
  fi
done;
bad='Good';
echo "[*] Signed:";
for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
do
  if [ -f "$i.sig" ]; then
    if gpg --verify-files "$i.sig" > /dev/null 2>&1
    then
      echo "Good: $i";
    else
      echo "Bad: $i";
      bad='Bad';
      ec=2;
    fi
  fi
done;
for i in $(find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
do
  if [ -f "$i.sig" ]; then
    if gpg --verify-files "$i.sig" > /dev/null 2>&1
    then
      echo "Good: $i";
    else
      echo "Bad: $i";
      bad='Bad';
      ec=2;
    fi
  fi
done;
echo "[-] Signature State: $bad";
if [ $ec -ne 0 ]; then
  touch /boot/boot-tainted;
elif [ -f /boot/boot-tainted ]; then
  rm -f /boot/boot-tainted;
fi
echo "[*] Finished Verification!";
exit $ec;