Package Details: sbsign-refind-initcpio-post-hook 1.2-1

Git Clone URL: https://aur.archlinux.org/sbsign-refind-initcpio-post-hook.git (read-only, click to copy)
Package Base: sbsign-refind-initcpio-post-hook
Description: a mkinitcpio post hook to sign kernels for refind and secureboot.
Upstream URL: https://aur.archlinux.org/packages/sbsign-refind-initcpio-post-hook
Licenses: GPL
Submitter: rgarber11
Maintainer: rgarber11
Last Packager: rgarber11
Votes: 0
Popularity: 0.000000
First Submitted: 2023-03-23 06:44 (UTC)
Last Updated: 2025-02-27 15:26 (UTC)

Pinned Comments

rgarber11 commented on 2023-03-23 06:46 (UTC)

A simple hook that signs kernels after mkinitcpio runs for rEFInd secure boot. Please comment if any changes are necessary to improve this package.

Latest Comments

meadow commented on 2025-02-27 15:34 (UTC)

Thanks for fixing this so quickly! :)

rgarber11 commented on 2025-02-27 15:25 (UTC)

@meadow Great tip! I'll change the hook to only conditionally sign images.

meadow commented on 2025-02-27 15:03 (UTC)

I changed the hook such that it doesn't sign kernel images that already have signatures. sbverify --list showed that my kernels were signed multiple times with the same signature.

Hint: Redundant signatures can be removed using sbattach --signum $num --remove

#!/bin/sh

sigs=$(sbverify --list $1 2>&1)

if [ "$sigs" = "No signature table present" ] ; then
    /usr/bin/sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output "$1" "$1"
fi


rgarber11 commented on 2023-03-23 06:46 (UTC)

A simple hook that signs kernels after mkinitcpio runs for rEFInd secure boot. Please comment if any changes are necessary to improve this package.