QuanTrieuPCYT/securebootsign.sh

## securebootsign.sh
#!/usr/bin/env bash

# DPKG Post-Install Script to sign vmlinuz kernel images and EFI executable binaries for Secure Booting with custom certificates
# Required for full OpenCore Secure Boot (for example: you want to use Secure Boot in Windows 11 for Valorant, just like me!)
#
# Requirement:
# - You have followed this guide: https://github.com/perez987/OpenCore-and-UEFI-Secure-Boot
# - Custom ISK.key and ISK.pem in a folder of choice, I will just name it /path/to/securebootkeys as in this script
# - You are running Debian Linux, with `sbsigntool` installed (`sudo apt install sbsigntool --no-install-recommends -y`)
# - Have a brain

# The function responsibles for signing EFI executables and kernel images
sign() {
   /usr/bin/sudo /usr/bin/sbsign --key /path/to/securebootkeys/ISK.key --cert /path/to/securebootkeys/ISK.pem --output "$1" "$2"
}

# The function responsibles for error handling (always exit with error code 0 as we will hook this into DPKG)
exitcodezero() {
   echo ""
   echo "--------------------------------"
   echo "An error has occured"
   echo "--------------------------------"
   exit 0
}

echo "--------------------------------"
echo "Secure Boot signing for OC EFI"
echo "Made by QuanTrieuPCYT with <3"
echo "--------------------------------"
echo "Feel free to ignore any warnings"
echo "They are most likely redundant"
echo "--------------------------------"
echo ""

# Trap errors and run the exitcodezero() method
trap 'exitcodezero' ERR

# Iterate through the /boot/ and /boot/efi/EFI/debian/ directories to look for vmlinuz-* and *.efi executable binaries
# If you customized your boot partition or want to sign binaries from other locations too, add their paths here to have them signed also
for i in /boot/vmlinuz-* /boot/efi/EFI/debian/*.efi ; do
    echo "$i"
    sign "$i" "$i"
done

echo ""
echo "--------------------------------"
echo "Successfully executed. Exiting"
echo "--------------------------------"
	#!/usr/bin/env bash

	# DPKG Post-Install Script to sign vmlinuz kernel images and EFI executable binaries for Secure Booting with custom certificates
	# Required for full OpenCore Secure Boot (for example: you want to use Secure Boot in Windows 11 for Valorant, just like me!)
	#
	# Requirement:
	# - You have followed this guide: https://github.com/perez987/OpenCore-and-UEFI-Secure-Boot
	# - Custom ISK.key and ISK.pem in a folder of choice, I will just name it /path/to/securebootkeys as in this script
	# - You are running Debian Linux, with `sbsigntool` installed (`sudo apt install sbsigntool --no-install-recommends -y`)
	# - Have a brain

	# The function responsibles for signing EFI executables and kernel images
	sign() {
	/usr/bin/sudo /usr/bin/sbsign --key /path/to/securebootkeys/ISK.key --cert /path/to/securebootkeys/ISK.pem --output "$1" "$2"
	}

	# The function responsibles for error handling (always exit with error code 0 as we will hook this into DPKG)
	exitcodezero() {
	echo ""
	echo "--------------------------------"
	echo "An error has occured"
	echo "--------------------------------"
	exit 0
	}

	echo "--------------------------------"
	echo "Secure Boot signing for OC EFI"
	echo "Made by QuanTrieuPCYT with <3"
	echo "--------------------------------"
	echo "Feel free to ignore any warnings"
	echo "They are most likely redundant"
	echo "--------------------------------"
	echo ""

	# Trap errors and run the exitcodezero() method
	trap 'exitcodezero' ERR

	# Iterate through the /boot/ and /boot/efi/EFI/debian/ directories to look for vmlinuz-* and *.efi executable binaries
	# If you customized your boot partition or want to sign binaries from other locations too, add their paths here to have them signed also
	for i in /boot/vmlinuz-* /boot/efi/EFI/debian/*.efi ; do
	echo "$i"
	sign "$i" "$i"
	done

	echo ""
	echo "--------------------------------"
	echo "Successfully executed. Exiting"
	echo "--------------------------------"