update to 1.2.0

- add edk2 hook - add uki efi image hook
author: Brli 2024-04-14 12:27:55 +0800
committer: Brli 2024-04-14 12:27:55 +0800
commit: c6f80711500a148e30f733195bb85f4691e499b3 (patch)
tree: f1430d58e6dc8ee1f5edc8f7c7db0b89101e7d07 /uki-sbsign.post
parent: e75a80512ad301c066275e5bb3d297ef98dd621d (diff)
download: aur-c6f80711500a148e30f733195bb85f4691e499b3.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/uki-sbsign.post b/uki-sbsign.post
new file mode 100644
index 000000000000..b19c36fd4a0b
--- /dev/null
+++ b/uki-sbsign.post
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+uki="$3"
+[[ -n "$uki" ]] || exit 0
+
+keypairs=(/etc/secureboot/keys/db/db.key /etc/secureboot/keys/db/db.crt)
+
+for (( i=0; i<${#keypairs[@]}; i+=2 )); do
+    key="${keypairs[$i]}" cert="${keypairs[(( i + 1 ))]}"
+    if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
+        sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
+    fi
+done
author	Brli	2024-04-14 12:27:55 +0800
committer	Brli	2024-04-14 12:27:55 +0800
commit	c6f80711500a148e30f733195bb85f4691e499b3 (patch)
tree	f1430d58e6dc8ee1f5edc8f7c7db0b89101e7d07 /uki-sbsign.post
parent	e75a80512ad301c066275e5bb3d297ef98dd621d (diff)
download	aur-c6f80711500a148e30f733195bb85f4691e499b3.tar.gz