Last active
April 3, 2022 06:50
-
-
Save amigus/d98afa4298ae892e32307c107ef5959e to your computer and use it in GitHub Desktop.
A script that signs the NVIDIA Linux driver before installing it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # The NVIDIA Linux driver will not load under Secure Boot unless it is signed. | |
| # This script signs the driver using a sign-signed certificate. | |
| # The certificate must be loaded into the UEFI via `mokutil`. | |
| # See https://docs.oracle.com/en/learn/sboot-module/index.html#enrolling-the-certificate-into-the-uefi-secure-boot-key-database | |
| cert="${INSTALL_NVIDIA_DRIVER_CERT_DIR:-${INSTALL_NVIDIA_DRIVER_DIR}}cert.der" | |
| key="${INSTALL_NVIDIA_DRIVER_CERT_DIR:-${INSTALL_NVIDIA_DRIVER_DIR}}cert.key" | |
| if test ! -r "${cert}"; then | |
| echo "cannot read signing certificate file '${cert}'" && exit 2 | |
| fi | |
| if test ! -r "${key}"; then | |
| echo "cannot read signing certificate key '${key}'" && exit 2 | |
| fi | |
| script_template='/usr/src/linux-%s-%s-obj/x86_64/%s/scripts/sign-file' | |
| script=$(uname -r | awk -F '-' "{ printf(\"${script_template}\", \$1, \$2, \$3) }") | |
| if test ! -x "${script}"; then | |
| echo "cannot execute signing script '${script}'; exiting" && exit 2 | |
| fi | |
| driver=${1:-$(ls -rt ${INSTALL_NVIDIA_DRIVER_DIR}NVIDIA-Linux-x86_64-*.run | tail -1)} | |
| if test ! -x "${driver}"; then | |
| echo "cannot execute driver file '${driver}'; exiting" | |
| exit 2 | |
| fi | |
| sudo $BASH $driver --module-signing-secret-key=$key --module-signing-public-key=$cert --module-signing-script=$script |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment