grub2-signing-extension/sbin/grub-unsign

33 lines
807 B
Plaintext
Raw Permalink Normal View History

2015-03-16 19:38:36 +00:00
#!/bin/bash
# grub2-unsign
# Unsigns every file in /boot. Depends on grub2-verify
# Author: Bandie
2015-03-16 19:38:36 +00:00
# Licence: GNU-GPLv3
2015-03-17 06:23:23 +00:00
# Check if something is wrong
2020-01-08 16:54:57 +00:00
grub-verify
2018-03-22 12:34:56 +00:00
stat=$?
2019-02-17 09:13:22 +00:00
case "$stat" in
1)
printf '%s\n' "grub2-verify has detected a one or more bad signatures." "Please check for malicious software before you're unsigning everything!" >&2
exit 1
2019-02-17 09:13:22 +00:00
;;
2)
2018-03-22 12:34:56 +00:00
printf 'Everything is unsigned already.\n'
exit 0
2019-02-17 09:13:22 +00:00
;;
3)
2018-03-22 12:34:56 +00:00
printf 'Ignoring missing signatures...\n'
2019-02-17 09:13:22 +00:00
;&
0|3)
2018-04-08 12:46:43 +00:00
# Then remove the signatures.
2021-07-22 21:15:09 +00:00
find /boot -iname "efi" -prune -o -name '*.sig' -exec shred --remove=unlink {} +
2018-04-08 12:46:43 +00:00
echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!"
exit 0
2019-02-17 09:13:22 +00:00
;;
*)
2018-03-22 12:34:56 +00:00
printf 'Something unknown happened!\n'
exit 99
2019-02-17 09:13:22 +00:00
esac