Last active
June 10, 2022 15:37
-
-
Save AfroThundr3007730/5268a0869622d0ccba85c21aecbe4e7f to your computer and use it in GitHub Desktop.
Wrapper for vmware-modconfig to sign the modules for secure boot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Hook to sign VMware kernel modules after kernel install | |
# Place at: /etc/kernel/install.d/98-vmware-modconfig.install | |
COMMAND="${1:-add}" | |
KERNEL_VER="${2:-$(uname -r)}" | |
SIGN_CMD="/lib/modules/$KERNEL_VER/build/scripts/sign-file" | |
SBSIGN_KEY='/etc/efikeys/db.key' | |
SBSIGN_CRT='/etc/efikeys/db.crt' | |
case $COMMAND in | |
add) | |
echo "$(basename $0): Building VMware kernel modules for kernel $KERNEL_VER ..." | |
bash -c "/usr/bin/vmware-modconfig --console --install-all -k $KERNEL_VER" &>/dev/null | |
signer=$(openssl x509 -noout -in $SBSIGN_CRT -subject | awk -F'= ' '{print $NF}') | |
for module in vmmon vmnet; do | |
module=$(find /lib/modules/$KERNEL_VER -type f -name "$module.ko") | |
[[ -f $module && $(modinfo $module -F signer) == $signer ]] || { | |
echo "$(basename $0): Signing module $module ..." | |
$SIGN_CMD sha256 $SBSIGN_KEY $SBSIGN_CRT $module | |
} | |
done | |
[[ $KERNEL_VER == $(uname -r) ]] && { | |
depmod -A && modprobe -a vmmon vmnet && systemctl restart vmware.service | |
} | |
;; | |
remove) | |
echo "$(basename $0): Removing VMware kernel modules for kernel $KERNEL_VER ..." | |
find /lib/modules/$KERNEL_VER -type f \( -name 'vmmon.ko' -o -name 'vmnet.ko' \) -delete | |
[[ $KERNEL_VER == $(uname -r) ]] && { | |
systemctl stop vmware.service && modprobe -r vmmon vmnet &>/dev/nuill && depmod -a | |
} | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment