Skip to content

Instantly share code, notes, and snippets.

@13xforever
Last active Mar 31, 2020
Embed
What would you like to do?
NVIDIA kernel module signing script for Fedora
#!/usr/bin/pwsh
# You will need to install and configure some stuff beforehand
# See https://docs.fedoraproject.org/en-US/fedora/f31/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/#sect-signing-kernel-modules-for-secure-boot
# dnf install openssl kernel-devel perl mokutil keyutils akmod-nvidia
# dnf update -y
$kver = Get-ChildItem "/usr/src/kernels/" -Attributes Directory | Sort-Object -Bottom 1 {
#5.4.19-200.fc31.x86_64
$verParts = $_.Name.Split('-')
$verBuild = $verParts[1].Split('.')[0]
$ver = [Version]"$($verParts[0]).$verBuild"
#Write-Host $ver
$ver
}
$kver = $kver.Name
Write-Host "Latest kernel version: $kver"
$kmodVer = Get-ChildItem "/lib/modules/" -Attributes Directory | Sort-Object -Bottom 1 {
#5.4.19-200.fc31.x86_64
$verParts = $_.Name.Split('-')
$verBuild = $verParts[1].Split('.')[0]
$ver = [Version]"$($verParts[0]).$verBuild"
#Write-Host $ver
$ver
}
$kmodVer = $kmodVer.Name
Write-Host "Latest kernel modules: $kmodVer"
if ($kver -ne $kmodVer) {
throw "Kernal and kernel modules versions do not match"
}
$nvModules = @(Get-ChildItem "/lib/modules/$kmodVer/extra/nvidia/" -Filter *.ko)
foreach ($m in $nvModules) {
Write-Host "Signing $($m.Name)..."
Invoke-Expression "/usr/src/kernels/$kver/scripts/sign-file sha256 ~/signing/private_key.priv ~/signing/public_key.der $($m.FullName)"
}
Write-Host "Done"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment