a again

author: Freya Murphy <freya@freyacat.org> 2024-04-09 18:22:44 -0400
committer: Freya Murphy <freya@freyacat.org> 2024-04-09 18:22:44 -0400
commit: cc6a9cc422621d0c7bd53600c6ddc217bb404061 (patch)
tree: 73ee1fe26a3eb41277e3f597e400072df11e19da /.root/etc/initcpio/post/uki-sbsign
parent: undo a (diff)
download: dotfiles-arch-cc6a9cc422621d0c7bd53600c6ddc217bb404061.tar.gz
dotfiles-arch-cc6a9cc422621d0c7bd53600c6ddc217bb404061.tar.bz2
dotfiles-arch-cc6a9cc422621d0c7bd53600c6ddc217bb404061.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/.root/etc/initcpio/post/uki-sbsign b/.root/etc/initcpio/post/uki-sbsign
new file mode 100755
index 0000000..eb34cd4
--- /dev/null
+++ b/.root/etc/initcpio/post/uki-sbsign
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+uki="$3"
+[[ -n "$uki" ]] || exit 0
+
+keypairs=(/usr/share/secureboot/keys/db/db.key /usr/share/secureboot/keys/db/db.pem)
+
+for (( i=0; i<${#keypairs[@]}; i+=2 )); do
+	key="${keypairs[$i]}"
+	cert="${keypairs[(( i + 1))]}"
+	if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
+		sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
+	fi
+done
+
author	Freya Murphy <freya@freyacat.org>	2024-04-09 18:22:44 -0400
committer	Freya Murphy <freya@freyacat.org>	2024-04-09 18:22:44 -0400
commit	cc6a9cc422621d0c7bd53600c6ddc217bb404061 (patch)
tree	73ee1fe26a3eb41277e3f597e400072df11e19da /.root/etc/initcpio/post/uki-sbsign
parent	undo a (diff)
download	dotfiles-arch-cc6a9cc422621d0c7bd53600c6ddc217bb404061.tar.gz dotfiles-arch-cc6a9cc422621d0c7bd53600c6ddc217bb404061.tar.bz2 dotfiles-arch-cc6a9cc422621d0c7bd53600c6ddc217bb404061.zip