re-sign kernel modules to fix issue with secure boot and virtualbox
http://askubuntu.com/a/768310
Forked from @Majal to work on Fedora.
Last active
February 27, 2017 18:01
-
-
Save obihann/d32d6613fb2a62f4f70fdda678664fd5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Sign and load VirtualBox modules | |
| # Run as root | |
| [ "`whoami`" = root ] || exec sudo "$0" "$@" | |
| # Set working directory | |
| dir=/home/$(whoami) | |
| cd $dir | |
| # (Optional) Setting env KBUILD_SIGN_PIN for encrypted keys | |
| #printf "Please enter key passphrase (leave blank if not needed): "; read -s | |
| #export KBUILD_SIGN_PIN="$REPLY" | |
| # (Optional) Decrypt private key. To initially encrypt, run `gpg -c MOK.priv` then shred MOK.priv | |
| #gpg -d --batch --passphrase-file /owned/by/root/.pass MOK.priv.gpg > MOK.priv | |
| echo | |
| # Sign and load modules | |
| for module in vboxdrv vboxnetflt vboxnetadp vboxpci; do | |
| [ "`hexdump -e '"%_p"' $(modinfo -n $module) | tail | grep signature`" ] && echo -e "\e[93mModule $module is already signed. Skipping.\e[0m" || /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n $module) | |
| printf "$module: " | |
| echo `hexdump -e '"%_p"' $(modinfo -n $module) | tail | grep signature` | |
| modprobe $module && echo -e "\e[92m$module successfully loaded\e[0m" || echo -e "\e[91mFailed to load $module\e[0m" | |
| done | |
| # (Optional) Shred private key | |
| echo | |
| #shred -vfuz MOK.priv |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment