ks.sh (1493B)
1 #!/usr/bin/env sh 2 # Kernelsign v0.1.1 3 4 set -eu 5 # To find the UUIDs, run `lsblk -f` as root 6 # UUID of the partition on the flash drive that holds the keys (i.e. /dev/sdb2) 7 KEYS_UUID="ebee3318-804f-4236-9b75-c805702f1691" 8 # UUID of the EFI partition on the flash drive (i.e. /dev/sdb1) 9 ESP_UUID="4BB0-BE60" 10 # UUID of /device/mapper/${NAME} 11 CRYPT_UUID="409dc38b-2fc6-46d0-a1a1-c93755f80bb1" 12 NAME="keys" 13 ESP="/efi" 14 MNT="/mnt" 15 16 INSTALL="$(printf '\033[32;01m')" 17 GENTOO="$(printf '\033[0m')" 18 19 _text() { 20 printf " ${INSTALL}*${GENTOO} %s\n" "${*}" 21 } 22 23 _backupKernel() { 24 _text "Backing up old kernel at ${MNT}..." 25 mv -uv "${ESP}/bzImage.efi" "${MNT}/bzImage.efi.old" 26 } 27 28 prepareKeys() { 29 _text "Opening keys partition as ${NAME}..." 30 cryptsetup -v luksOpen UUID="${KEYS_UUID}" "${NAME}" 31 _text "Mounting ${NAME}..." 32 mount -vU "${CRYPT_UUID}" "${MNT}" 33 } 34 35 prepareESP() { 36 _text "Mounting ESP..." 37 mount -vU "${ESP_UUID}" "${ESP}" 38 [ -s "${ESP}/bzImage.efi" ] && _backupKernel 39 } 40 41 signKernel() { 42 sbsign --key "${MNT}/DB.key" --cert "${MNT}/DB.crt" \ 43 --output "${ESP}/bzImage.efi" "/usr/src/linux/arch/x86_64/boot/bzImage" 44 } 45 46 cleanUp() { 47 _text "Unmounting ${ESP} and ${MNT}..." 48 umount -v ${ESP} ${MNT} 49 _text "Closing keys partition..." 50 cryptsetup -v luksClose "${NAME}" 51 } 52 53 main() { 54 if [ "$(id -u)" -ne 0 ]; then 55 echo "Please, run as root." 56 exit 57 fi 58 prepareKeys 59 prepareESP 60 signKernel 61 sync 62 cleanUp 63 } 64 65 main