Check whether the GRUB2 is signed and create a file (an i3status implementation idea).
Go to file
2018-03-18 14:37:29 +01:00
src Smarter exec error handling 2018-03-18 14:37:29 +01:00
systemd Initial commit 2018-03-17 20:59:40 +01:00
LICENSE Initial commit 2018-03-17 20:59:40 +01:00
Makefile Fixing header 2018-03-18 11:35:03 +01:00
README.md Initial commit 2018-03-17 20:59:40 +01:00

grub2-se-verifyserv

Purpose

After a kernel upgrade you may forgot to sign your kernel using the grub2-signing-extension scripts again. This is why I wanted an integration with i3status. I wrote a service in C which touches a file if GRUB2 is signed. If GRUB2 is not signed the file will be deleted.

Installation

You need gcc or something similar. There is a systemd servicefile included. To compile, install and start it you may want to do the following within this project directory:

make
sudo make install
sudo systemctl enable grub2-se-verifyserv
sudo systemctl start grub2-se-verifyserv

i3status integration

To let it integrate with i3status, add the following to your i3status config:

order += "path_exists GRUB2_signed"
[...]
[...]
path_exists GRUB2_signed {
  path = "/verified"
}

grub2-se-verifyserv --help will tell you the same btw.