blob: 4114fa18a9d090c784b16017787fd5056f3761f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#!/usr/bin/env bash
export KVER="$(uname -r)"
function hayulp {
printf "USAGE: %b [ -k KVER ]\\n" "$(basename "$0")"
(
printf -- "-h:;This help\\n"
printf -- "-k:;Sign drivers supplied for KVER\\n"
printf " ;KVER equals the version name supplied by the folders in /lib/modules\\n"
)|column -ts\;
}
while getopts :hk: SHOPT;do
case "${SHOPT}" in
h) hayulp;exit 0;;
k) export KVER="${OPTARG}";;
*) printf "Unknown parameter: -%b\\n\\n" "$OPTARG" >&2;hayulp;exit 1;;
esac
done
SIGNER="$(grep ^CN x509.cnf|awk -F= '{print $NF}'|sed 's/^\ \+//;s/\ \+$//')"
[ "${PIPESTATUS[0]}" -ne 0 ]&&exit 1
if [ ! -r private_key.priv ] || [ ! -r public_key.der ];then
printf "No signing key and/or certificate found!\\n" >&2
exit 1
fi
#printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$(uname -r)"/extra/nvidia/nvidia{,-uvm}.ko)"
printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)"
read -rp "Is this OK? [y/N] " PROEMT
case "$PROEMT" in
"y"|"Y"|"j"|"J") ;;
*) exit 1 ;;
esac
# shellcheck disable=SC2207
SGDMODS=( $(ls -aA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz) )
for i in "${SGDMODS[@]}";do
MODSIG=0 MODGOODSIG=0
sudo xz -vd "$i"||exit 4
MMOD="$(printf "%b" "$i"|sed 's/\.xz$//')"
if sudo modinfo "$MMOD"|grep '^sig_id:'|grep 'PKCS#7$' >/dev/null; then MODSIG=1; fi
if sudo modinfo "$MMOD"|grep '^signer:'|grep "$SIGNER\$" > /dev/null; then MODGOODSIG=1; fi
if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then
printf "Signing %b..." "$i"
sudo /usr/src/kernels/"$KVER"/scripts/sign-file sha256 private_key.priv public_key.der "$MMOD"
case "$?" in
0) printf " OK.\n";;
*) printf "FAILED!\n";exit 3;;
esac
else
printf "%b is already properly signed.\n" "$(basename "$i")"
fi
sudo xz -v "$MMOD"||exit 5
done
|