1#!/bin/bash 2# Copyright (C) 2019 Intel Corporation. 3# SPDX-License-Identifier: BSD-3-Clause 4 5help() { 6 echo "===================================================================================================" 7 echo "Usage:" 8 echo "$SIGN_SCRIPT param1 param2 param3" 9 echo " param1: path to clear linux image" 10 echo " param2: path to the key" 11 echo " param3: path to the cert" 12 echo "" 13 echo "Pre-requisites:" 14 echo " 1. install sbsigntool: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/" 15 echo " 2. download clear linux release for VM and extract the image: https://cdn.download.clearlinux.org/releases/" 16 echo " 3. run this script with sudo" 17 echo "===================================================================================================" 18} 19 20sign_binaries_under_dir() { 21 local DIR=$1 22 for file in $DIR/* 23 do 24 if test -f $file 25 then 26 echo $file 27 (sbsign --key $SIGN_KEY --cert $SIGN_CRT --output $file $file) && (echo "sign $file succeed") 28 else 29 sign_binaries_under_dir $file 30 fi 31 done 32} 33 34 35SIGN_SCRIPT=$0 36CLEAR_UOS_IMAGE=$1 37SIGN_KEY=$2 38SIGN_CRT=$3 39BOOT_PART="p1" 40MNT_POINT=/mnt 41 42if [[ ! -f $1 || ! -f $2 || ! -f $3 ]] 43then 44 help 45 exit 46fi 47 48if [ "$(id -u)" != "0" ] 49then 50 echo "This script requires root privilege. Please run it with sudo or switch to root user." 51 exit 52fi 53 54CLEAR_UOS_IMAGE_SIGNED=$CLEAR_UOS_IMAGE.signed 55 56cp $CLEAR_UOS_IMAGE $CLEAR_UOS_IMAGE_SIGNED 57 58LOOP_DEV=`losetup -f -P --show $CLEAR_UOS_IMAGE_SIGNED` 59 60if [ ! -d $MNT_POINT ] 61then 62 mkdir $MNT_POINT 63fi 64 65(mount $LOOP_DEV$BOOT_PART $MNT_POINT) && (sign_binaries_under_dir $MNT_POINT/EFI) 66 67umount /mnt 68sync 69losetup -d $LOOP_DEV 70