ava1ar/windows-sign.sh

## windows-sign.sh
#!/bin/bash -e

if [[ $EUID -ne 0 ]]; then
    exec sudo /bin/bash "$0" "$@"
fi

CERTDIR=/boot/secureboot
BOOT_FILES_DIR=/boot/efi/EFI/Microsoft/Boot

echo "Validating files checksum..."
md5sum --quiet --check ${BOOT_FILES_DIR}/efi.md5

CODE=$?
if [[ $CODE -eq 0 ]]; then
    echo "Checksum check PASSED!"
    exit 0
else
    echo "Checksum check FAILED, re-signing efi files!"
fi

for file in ${BOOT_FILES_DIR}/*.efi
do
    echo "Found ${file}!"
    mv ${file} ${file}.bak
    /usr/bin/sbsign --key ${CERTDIR}/DB.key --cert ${CERTDIR}/DB.crt --output ${file} ${file}.bak
done
md5sum ${BOOT_FILES_DIR}/*.efi > ${BOOT_FILES_DIR}/efi.md5
echo "efi files were signed!"
exit 0
	#!/bin/bash -e

	if [[ $EUID -ne 0 ]]; then
	exec sudo /bin/bash "$0" "$@"
	fi

	CERTDIR=/boot/secureboot
	BOOT_FILES_DIR=/boot/efi/EFI/Microsoft/Boot

	echo "Validating files checksum..."
	md5sum --quiet --check ${BOOT_FILES_DIR}/efi.md5

	CODE=$?
	if [[ $CODE -eq 0 ]]; then
	echo "Checksum check PASSED!"
	exit 0
	else
	echo "Checksum check FAILED, re-signing efi files!"
	fi

	for file in ${BOOT_FILES_DIR}/*.efi
	do
	echo "Found ${file}!"
	mv ${file} ${file}.bak
	/usr/bin/sbsign --key ${CERTDIR}/DB.key --cert ${CERTDIR}/DB.crt --output ${file} ${file}.bak
	done
	md5sum ${BOOT_FILES_DIR}/*.efi > ${BOOT_FILES_DIR}/efi.md5
	echo "efi files were signed!"
	exit 0