Check whether the GRUB2 is signed and create a file (an i3status implementation idea).

Go to file

Bandie e585369041 The program's name has changed.		2019-12-15 13:02:28 +01:00
src	The program's name has changed.	2019-12-15 13:02:28 +01:00
systemd	Initial commit	2018-03-17 20:59:40 +01:00
.travis.yml	Travis CI	2018-03-29 05:01:58 +02:00
LICENSE	Initial commit	2018-03-17 20:59:40 +01:00
Makefile	Travis CI²	2018-03-29 05:03:55 +02:00
README.md	Travis CI	2018-03-29 05:01:58 +02:00
configure	Travis CI²	2018-03-29 05:03:55 +02:00

README.md

grub2-se-verifyserv

Purpose

After a kernel upgrade you may forgot to sign your kernel using the grub2-signing-extension scripts again. This is why I wanted an integration with i3status. I wrote a service in C which touches a file if GRUB2 is signed. If GRUB2 is not signed the file will be deleted.

Installation

You need gcc or something similar. There is a systemd servicefile included. To compile, install and start it you may want to do the following within this project directory:

make
sudo make install
sudo systemctl enable grub2-se-verifyserv
sudo systemctl start grub2-se-verifyserv

i3status integration

To let it integrate with i3status, add the following to your i3status config:

order += "path_exists GRUB2_signed"
[...]
[...]
path_exists GRUB2_signed {
  path = "/verified"
}

grub2-se-verifyserv --help will tell you the same btw.