Last active
March 31, 2022 16:11
-
-
Save shollingsworth/f4c21a6be17bf57ce680c72355639672 to your computer and use it in GitHub Desktop.
find unsigned modules for current kernel and sign them see https://askubuntu.com/a/988829
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
IFS=$'\n\t' | |
key="/root/custom_mok.priv" | |
der="/root/custom_mok.der" | |
if [[ $(whoami) != "root" ]]; then | |
echo "This script must be run as root" | |
exit 1 | |
fi | |
check_key() { | |
test -f "${key}" || { | |
echo "Creating ${key}... / ${der}" | |
openssl req \ | |
-new -x509 \ | |
-newkey rsa:2048 \ | |
-keyout ${key} -outform DER -out ${der} \ | |
-nodes -days 36500 -subj "/CN=CustomMok/" | |
echo "Importing key, use the same password, as when you created in the BIOS" | |
mokutil --import "${der}" | |
} | |
} | |
sign_unsigned() { | |
# Find unsigned modules | |
FILES=( | |
$( | |
find /lib/modules/$(uname -r) \ | |
-name '*.ko' \ | |
-exec grep -FL '~Module signature appended~' {} \+ | |
) | |
) | |
for file in "${FILES[@]}"; do | |
echo "Signing ${file}" | |
/usr/src/linux-headers-`uname -r`/scripts/sign-file \ | |
sha256 "${key}" "${der}" "${file}" | |
done | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment