37 lines
992 B
Bash
37 lines
992 B
Bash
#!/bin/bash
|
|
echo "[*] Preparing to sign!";
|
|
#touch /dev/shm/sb-passpwd.txt;
|
|
#chown root:root /dev/shm/sb-passpwd.txt;
|
|
#chmod u=rw,g=,o= /dev/shm/sb-passpwd.txt;
|
|
#echo -n "Password: ";
|
|
#read -s pwd;
|
|
#echo -n "$pwd" > /dev/shm/sb-passpwd.txt;
|
|
echo "[-] BMOK Un-Signing...";
|
|
for i in $(find /boot/grub -iname "*.efi" -type f -print)
|
|
do
|
|
echo $i;
|
|
sbattach --remove $i;
|
|
done;
|
|
echo "[+] BMOK Signing...";
|
|
for i in $(find /boot/grub -iname "*.efi" -type f -print)
|
|
do
|
|
echo $i;
|
|
sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
|
|
done;
|
|
echo "[-] Un-Signing...";
|
|
#-iname "efi" -prune -o
|
|
for i in $(find /boot -iname "*.sig" -type f -print)
|
|
do
|
|
rm "$i";
|
|
done;
|
|
echo "[+] Signing...";
|
|
for i in $(find /boot -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
|
do
|
|
echo $i;
|
|
gpg --batch --detach-sign $i;
|
|
#gpg -v --batch --detach-sign --passphrase-fd 0 $i < \
|
|
# /dev/shm/sb-passpwd.txt;
|
|
done;
|
|
#shred /dev/shm/sb-passpwd.txt;
|
|
echo "[*] Signing Complete!";
|