QuanTrieuPCYT · April 19, 2024 13:53 · hUwUtao · Apr 19, 2024 · QuanTrieuPCYT · Apr 19, 2024
diff --git a/securebootsign.sh b/securebootsign.sh
 #!/usr/bin/env bash

 # DPKG Post-Install Script to sign vmlinuz kernel images and EFI executable binaries for Secure Booting with custom certificates
 # Required for full OpenCore Secure Boot (for example: you want to use Secure Boot in Windows 11 for Valorant, just like me!)
 #
 # Requirement:
 # - You have followed this guide: https://github.com/perez987/OpenCore-and-UEFI-Secure-Boot
 # - Custom ISK.key and ISK.pem in a folder of choice, I will just name it /path/to/securebootkeys as in this script
 # - You are running Debian Linux, with `sbsigntool` installed (`sudo apt install sbsigntool --no-install-recommends -y`)
 # - Have a brain

 # The function responsibles for signing EFI executables and kernel images
 sign() {
   /usr/bin/sudo /usr/bin/sbsign --key /path/to/securebootkeys/ISK.key --cert /path/to/securebootkeys/ISK.pem --output "$1" "$2"
 }

 # The function responsibles for error handling (always exit with error code 0 as we will hook this into DPKG)
 exitcodezero() {
   echo ""
   echo "--------------------------------"
   echo "An error has occured"
   echo "--------------------------------"
   exit 0
 }

 echo "--------------------------------"
 echo "Secure Boot signing for OC EFI"
 echo "Made by QuanTrieuPCYT with <3"
 echo "--------------------------------"
 echo "Feel free to ignore any warnings"
 echo "They are most likely redundant"
 echo "--------------------------------"
 echo ""

 # Trap errors and run the exitcodezero() method
 trap 'exitcodezero' ERR

 # Iterate through the /boot/ and /boot/efi/EFI/debian/ directories to look for vmlinuz-* and *.efi executable binaries
 # If you customized your boot partition or want to sign binaries from other locations too, add their paths here to have them signed also
 for i in /boot/vmlinuz-* /boot/efi/EFI/debian/*.efi ; do
    echo "$i"
    sign "$i" "$i"
 done

 echo ""
 echo "--------------------------------"
 echo "Successfully executed. Exiting"
 echo "--------------------------------"
	#!/usr/bin/env bash

	# DPKG Post-Install Script to sign vmlinuz kernel images and EFI executable binaries for Secure Booting with custom certificates
	# Required for full OpenCore Secure Boot (for example: you want to use Secure Boot in Windows 11 for Valorant, just like me!)
	#
	# Requirement:
	# - You have followed this guide: https://github.com/perez987/OpenCore-and-UEFI-Secure-Boot
	# - Custom ISK.key and ISK.pem in a folder of choice, I will just name it /path/to/securebootkeys as in this script
	# - You are running Debian Linux, with `sbsigntool` installed (`sudo apt install sbsigntool --no-install-recommends -y`)
	# - Have a brain

	# The function responsibles for signing EFI executables and kernel images
	sign() {
	/usr/bin/sudo /usr/bin/sbsign --key /path/to/securebootkeys/ISK.key --cert /path/to/securebootkeys/ISK.pem --output "$1" "$2"
	}

	# The function responsibles for error handling (always exit with error code 0 as we will hook this into DPKG)
	exitcodezero() {
	echo ""
	echo "--------------------------------"
	echo "An error has occured"
	echo "--------------------------------"
	exit 0
	}

	echo "--------------------------------"
	echo "Secure Boot signing for OC EFI"
	echo "Made by QuanTrieuPCYT with <3"
	echo "--------------------------------"
	echo "Feel free to ignore any warnings"
	echo "They are most likely redundant"
	echo "--------------------------------"
	echo ""

	# Trap errors and run the exitcodezero() method
	trap 'exitcodezero' ERR

	# Iterate through the /boot/ and /boot/efi/EFI/debian/ directories to look for vmlinuz-* and *.efi executable binaries
	# If you customized your boot partition or want to sign binaries from other locations too, add their paths here to have them signed also
	for i in /boot/vmlinuz-* /boot/efi/EFI/debian/*.efi ; do
	echo "$i"
	sign "$i" "$i"
	done

	echo ""
	echo "--------------------------------"
	echo "Successfully executed. Exiting"
	echo "--------------------------------"