lilian-benoit/sign-vbox-modules

## sign-vbox-modules
#!/bin/sh
#------------------------------------------------------------------------
# Script permettant de signer les modules virtualbox sur Debian
#
# (script inspiré par
# https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4)
#
# description: Script permettant de signer les modules
# version    : 1.1.0
# processname: sign-vbox-modules
#------------------------------------------------------------------------
# history    :
#    1.0.0  | 29/02/2020 (LB) - Création du programme initial
#    1.1.0  | 21/08/2021 (LB) - Passage au noyau 5.10

readonly name="$(basename $0)"
readonly dirname="$(dirname $0)"

readonly hash_algo='sha256'
readonly key="${dirname}/MOK.priv"
readonly x509="${dirname}/MOK.der"

readonly esc='\\e'
readonly reset="${esc}[0m"

green() { local string="${1}"; echo "${esc}[32m${string}${reset}"; }
blue() { local string="${1}"; echo "${esc}[34m${string}${reset}"; }
log() { local string="${1}"; echo "[$(blue $name)] ${string}"; }

# The exact location of `sign-file` might vary depending on your platform.
#alias sign-file="/usr/lib/linux-kbuild-4.19/scripts/sign-file"
alias sign-file="/usr/lib/linux-kbuild-5.10/scripts/sign-file"

[ -z "${KBUILD_SIGN_PIN}" ] && read -p "Passphrase for ${key}: " KBUILD_SIGN_PIN
export KBUILD_SIGN_PIN

for module in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  log "Signing $(green ${module})..."
  sign-file "${hash_algo}" "${key}" "${x509}" "${module}"
done
	#!/bin/sh
	#------------------------------------------------------------------------
	# Script permettant de signer les modules virtualbox sur Debian
	#
	# (script inspiré par
	# https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4)
	#
	# description: Script permettant de signer les modules
	# version : 1.1.0
	# processname: sign-vbox-modules
	#------------------------------------------------------------------------
	# history :
	# 1.0.0 \| 29/02/2020 (LB) - Création du programme initial
	# 1.1.0 \| 21/08/2021 (LB) - Passage au noyau 5.10

	readonly name="$(basename $0)"
	readonly dirname="$(dirname $0)"

	readonly hash_algo='sha256'
	readonly key="${dirname}/MOK.priv"
	readonly x509="${dirname}/MOK.der"

	readonly esc='\\e'
	readonly reset="${esc}[0m"

	green() { local string="${1}"; echo "${esc}[32m${string}${reset}"; }
	blue() { local string="${1}"; echo "${esc}[34m${string}${reset}"; }
	log() { local string="${1}"; echo "[$(blue $name)] ${string}"; }

	# The exact location of `sign-file` might vary depending on your platform.
	#alias sign-file="/usr/lib/linux-kbuild-4.19/scripts/sign-file"
	alias sign-file="/usr/lib/linux-kbuild-5.10/scripts/sign-file"

	[ -z "${KBUILD_SIGN_PIN}" ] && read -p "Passphrase for ${key}: " KBUILD_SIGN_PIN
	export KBUILD_SIGN_PIN

	for module in $(dirname $(modinfo -n vboxdrv))/*.ko; do
	log "Signing $(green ${module})..."
	sign-file "${hash_algo}" "${key}" "${x509}" "${module}"
	done