2015-03-16 19:38:36 +00:00
|
|
|
#!/bin/bash
|
|
|
|
# grub2-unsign
|
|
|
|
# Unsigns every file in /boot. Depends on grub2-verify
|
2018-01-12 20:46:55 +00:00
|
|
|
# Author: Bandie
|
2015-03-16 19:38:36 +00:00
|
|
|
# Licence: GNU-GPLv3
|
|
|
|
|
2015-03-17 06:23:23 +00:00
|
|
|
# Check if something is wrong
|
2020-01-08 16:54:57 +00:00
|
|
|
grub-verify
|
2018-03-22 12:34:56 +00:00
|
|
|
stat=$?
|
2019-02-17 09:13:22 +00:00
|
|
|
case "$stat" in
|
|
|
|
1)
|
2018-01-12 20:46:55 +00:00
|
|
|
printf '%s\n' "grub2-verify has detected a one or more bad signatures." "Please check for malicious software before you're unsigning everything!" >&2
|
|
|
|
exit 1
|
2019-02-17 09:13:22 +00:00
|
|
|
;;
|
|
|
|
2)
|
2018-03-22 12:34:56 +00:00
|
|
|
printf 'Everything is unsigned already.\n'
|
|
|
|
exit 0
|
2019-02-17 09:13:22 +00:00
|
|
|
;;
|
|
|
|
3)
|
2018-03-22 12:34:56 +00:00
|
|
|
printf 'Ignoring missing signatures...\n'
|
2019-02-17 09:13:22 +00:00
|
|
|
;&
|
|
|
|
0|3)
|
2018-04-08 12:46:43 +00:00
|
|
|
# Then remove the signatures.
|
2021-07-22 21:15:09 +00:00
|
|
|
find /boot -iname "efi" -prune -o -name '*.sig' -exec shred --remove=unlink {} +
|
2018-04-08 12:46:43 +00:00
|
|
|
|
|
|
|
echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!"
|
|
|
|
exit 0
|
2019-02-17 09:13:22 +00:00
|
|
|
;;
|
|
|
|
*)
|
2018-03-22 12:34:56 +00:00
|
|
|
printf 'Something unknown happened!\n'
|
|
|
|
exit 99
|
2019-02-17 09:13:22 +00:00
|
|
|
esac
|