Thanks for fixing this so quickly! :)
Search Criteria
Package Details: sbsign-refind-initcpio-post-hook 1.2-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/sbsign-refind-initcpio-post-hook.git (read-only, click to copy) |
|---|---|
| Package Base: | sbsign-refind-initcpio-post-hook |
| Description: | a mkinitcpio post hook to sign kernels for refind and secureboot. |
| Upstream URL: | https://aur.archlinux.org/packages/sbsign-refind-initcpio-post-hook |
| Licenses: | GPL |
| Submitter: | rgarber11 |
| Maintainer: | rgarber11 |
| Last Packager: | rgarber11 |
| Votes: | 0 |
| Popularity: | 0.000000 |
| First Submitted: | 2023-03-23 06:44 (UTC) |
| Last Updated: | 2025-02-27 15:26 (UTC) |
Dependencies (3)
- mkinitcpio (mkinitcpio-gitAUR)
- refind (refind-gitAUR, refi2ndAUR, refind-efi-binAUR)
- sbsigntools (sbsigntools-gitAUR)
Required by (0)
Sources (1)
Latest Comments
meadow commented on 2025-02-27 15:34 (UTC)
rgarber11 commented on 2025-02-27 15:25 (UTC)
@meadow Great tip! I'll change the hook to only conditionally sign images.
meadow commented on 2025-02-27 15:03 (UTC)
I changed the hook such that it doesn't sign kernel images that already have signatures. sbverify --list showed that my kernels were signed multiple times with the same signature.
Hint: Redundant signatures can be removed using sbattach --signum $num --remove
#!/bin/sh
sigs=$(sbverify --list $1 2>&1)
if [ "$sigs" = "No signature table present" ] ; then
/usr/bin/sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output "$1" "$1"
fi
rgarber11 commented on 2023-03-23 06:46 (UTC)
A simple hook that signs kernels after mkinitcpio runs for rEFInd secure boot. Please comment if any changes are necessary to improve this package.
Pinned Comments
rgarber11 commented on 2023-03-23 06:46 (UTC)
A simple hook that signs kernels after mkinitcpio runs for rEFInd secure boot. Please comment if any changes are necessary to improve this package.