FoxBuru/hook-moksign-vmlinuz

## hook-moksign-vmlinuz
#!/bin/sh -e

# Detect root GUID partition
GUID=$(cat /proc/cmdline | grep -oP "root=UUID=\K(.*)(?= ro)")
REFIND_KEYS=/etc/refind.d/keys
EFIBASE=/boot/efi/EFI

die() { echo "$*" 1>&2 ; exit 1; }

# Check correct vmlinuz.efi path
[ -d ${EFIBASE}/Pop_OS-${GUID} ] || die "Cannot detect Pop! OS install on EFI"
[ -f ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi ] || die "Cannot detect vmlinuz.efi on expected path"

# Check if binary is actually signed with our MOK key, to skip this step if needed
/usr/bin/sbverify --cert ${REFIND_KEYS}/refind_local.crt ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi >/dev/null 2>&1 && die "vmlinuz.efi already signed. Exiting..."

/usr/bin/sbsign --key ${REFIND_KEYS}/refind_local.key --cert ${REFIND_KEYS}/refind_local.crt --output ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi >/dev/null 2>&1 && echo "vmlinuz was found and signed correctly"
	#!/bin/sh -e

	# Detect root GUID partition
	GUID=$(cat /proc/cmdline \| grep -oP "root=UUID=\K(.*)(?= ro)")
	REFIND_KEYS=/etc/refind.d/keys
	EFIBASE=/boot/efi/EFI

	die() { echo "$*" 1>&2 ; exit 1; }

	# Check correct vmlinuz.efi path
	[ -d ${EFIBASE}/Pop_OS-${GUID} ] \|\| die "Cannot detect Pop! OS install on EFI"
	[ -f ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi ] \|\| die "Cannot detect vmlinuz.efi on expected path"

	# Check if binary is actually signed with our MOK key, to skip this step if needed
	/usr/bin/sbverify --cert ${REFIND_KEYS}/refind_local.crt ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi >/dev/null 2>&1 && die "vmlinuz.efi already signed. Exiting..."

	/usr/bin/sbsign --key ${REFIND_KEYS}/refind_local.key --cert ${REFIND_KEYS}/refind_local.crt --output ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi ${EFIBASE}/Pop_OS-${GUID}/vmlinuz.efi >/dev/null 2>&1 && echo "vmlinuz was found and signed correctly"