Last active
September 25, 2019 20:09
-
-
Save faloi/e27473b70e4d9c04963c19e435a4502c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create the signing key. Run this only the first time: | |
| sudo update-secureboot-policy --new-key | |
| sudo update-secureboot-policy --enroll-key | |
| cd /var/lib/shim-signed/mok | |
| sudo openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem | |
| # Backup the unsigned kernel and replace it with a signed version. Run this each time you want to sign a kernel: | |
| BACKUP_FOLDER=~/workspace/kernels | |
| VERSION=5.3.1-050301-generic | |
| KERNEL=vmlinuz-${VERSION} | |
| cd /boot | |
| sudo cp $KERNEL $BACKUP_FOLDER | |
| sudo rm $KERNEL | |
| sudo sbsign --key /var/lib/shim-signed/mok/MOK.priv --cert /var/lib/shim-signed/mok/MOK.pem $BACKUP_FOLDER/$KERNEL --output $KERNEL | |
| sudo dpkg-reconfigure grub-pc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment