#!/bin/bash # grub2-unsign # Unsigns every file in /boot. Depends on grub2-verify # Author: Bandie # Licence: GNU-GPLv3 # Check if something is wrong grub-verify stat=$? case "$stat" in 1) printf '%s\n' "grub2-verify has detected a one or more bad signatures." "Please check for malicious software before you're unsigning everything!" >&2 exit 1 ;; 2) printf 'Everything is unsigned already.\n' exit 0 ;; 3) printf 'Ignoring missing signatures...\n' ;& 0|3) # Then remove the signatures. find /boot -iname "efi" -prune -o -name '*.sig' -exec shred --remove=unlink {} + echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!" exit 0 ;; *) printf 'Something unknown happened!\n' exit 99 esac