un forgor some files

author: Freya Murphy <freya@freyacat.org> 2024-05-15 09:53:10 -0400
committer: Freya Murphy <freya@freyacat.org> 2024-05-15 09:53:10 -0400
commit: 82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4 (patch)
tree: ce1a263aef76fab98d0f2575a459742a74714b73 /.root/etc/initcpio/post
parent: i forgor to commit stuff (diff)
download: dotfiles-arch-82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4.tar.gz
dotfiles-arch-82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4.tar.bz2
dotfiles-arch-82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/.root/etc/initcpio/post/uki-sbsign b/.root/etc/initcpio/post/uki-sbsign
new file mode 100755
index 0000000..eb34cd4
--- /dev/null
+++ b/.root/etc/initcpio/post/uki-sbsign
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+uki="$3"
+[[ -n "$uki" ]] || exit 0
+
+keypairs=(/usr/share/secureboot/keys/db/db.key /usr/share/secureboot/keys/db/db.pem)
+
+for (( i=0; i<${#keypairs[@]}; i+=2 )); do
+	key="${keypairs[$i]}"
+	cert="${keypairs[(( i + 1))]}"
+	if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
+		sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
+	fi
+done
+
author	Freya Murphy <freya@freyacat.org>	2024-05-15 09:53:10 -0400
committer	Freya Murphy <freya@freyacat.org>	2024-05-15 09:53:10 -0400
commit	82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4 (patch)
tree	ce1a263aef76fab98d0f2575a459742a74714b73 /.root/etc/initcpio/post
parent	i forgor to commit stuff (diff)
download	dotfiles-arch-82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4.tar.gz dotfiles-arch-82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4.tar.bz2 dotfiles-arch-82fdd486fdadac50cf73aa18d8e0d7bdbf32a5a4.zip