dotfiles-arch/.root/etc/initcpio/post/uki-sbsign

15 lines
366 B
Bash
Executable file

#!/usr/bin/env bash
uki="$3"
[[ -n "$uki" ]] || exit 0
keypairs=(/usr/share/secureboot/keys/db/db.key /usr/share/secureboot/keys/db/db.pem)
for (( i=0; i<${#keypairs[@]}; i+=2 )); do
key="${keypairs[$i]}"
cert="${keypairs[(( i + 1))]}"
if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
fi
done