Check whether the GRUB2 is signed and create a file (an i3status implementation idea).
Go to file
Bandie e585369041
The program's name has changed.
2019-12-15 13:02:28 +01:00
src The program's name has changed. 2019-12-15 13:02:28 +01:00
systemd Initial commit 2018-03-17 20:59:40 +01:00
.travis.yml Travis CI 2018-03-29 05:01:58 +02:00
LICENSE Initial commit 2018-03-17 20:59:40 +01:00
Makefile Travis CI² 2018-03-29 05:03:55 +02:00
README.md Travis CI 2018-03-29 05:01:58 +02:00
configure Travis CI² 2018-03-29 05:03:55 +02:00

README.md

grub2-se-verifyserv Build Status

Purpose

After a kernel upgrade you may forgot to sign your kernel using the grub2-signing-extension scripts again. This is why I wanted an integration with i3status. I wrote a service in C which touches a file if GRUB2 is signed. If GRUB2 is not signed the file will be deleted.

Installation

You need gcc or something similar. There is a systemd servicefile included. To compile, install and start it you may want to do the following within this project directory:

make
sudo make install
sudo systemctl enable grub2-se-verifyserv
sudo systemctl start grub2-se-verifyserv

i3status integration

To let it integrate with i3status, add the following to your i3status config:

order += "path_exists GRUB2_signed"
[...]
[...]
path_exists GRUB2_signed {
  path = "/verified"
}

grub2-se-verifyserv --help will tell you the same btw.