-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
41417f4
commit 7fe7ae7
Showing
1 changed file
with
141 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
#!/bin/bash | ||
#Copyrigth (c) 2021 by profzei | ||
#Licensed under the terms of the GPL v3 | ||
|
||
sudo apt update && sudo apt upgrade | ||
|
||
if ! command -v unzip &> /dev/null | ||
then | ||
echo "Installing unzip..." | ||
sudo apt install unzip | ||
fi | ||
|
||
if ! command -v sbsign &> /dev/null | ||
then | ||
echo "Installing sbsigntool..." | ||
sudo apt-get install sbsigntool | ||
fi | ||
|
||
if ! command -v cert-to-efi-sig-list &> /dev/null | ||
then | ||
echo "Installing efitools..." | ||
sudo apt-get install efitools | ||
fi | ||
|
||
VERSION=$1 | ||
|
||
echo "==============================" | ||
echo "Creating efikeys folder" | ||
mkdir efikeys | ||
cd efikeys | ||
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes -subj "/CN=KEYS PK/" -keyout PK.key -out PK.pem | ||
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes -subj "/CN=KEYS KEK/" -keyout KEK.key -out KEK.pem | ||
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes -subj "/CN=KEYS ISK/" -keyout ISK.key -out ISK.pem | ||
chmod 0600 *.key | ||
|
||
echo "=============================" | ||
echo "Downloading Microsoft certificates..." | ||
wget --user-agent="Mozilla" https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt | ||
wget --user-agent="Mozilla" https://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt | ||
|
||
echo "=============================" | ||
echo "Signing certificates..." | ||
openssl x509 -in MicWinProPCA2011_2011-10-19.crt -inform DER -out MicWinProPCA2011_2011-10-19.pem -outform PEM | ||
openssl x509 -in MicCorUEFCA2011_2011-06-27.crt -inform DER -out MicCorUEFCA2011_2011-06-27.pem -outform PEM | ||
|
||
echo "=============================" | ||
echo "Converting PEM to ESL..." | ||
cert-to-efi-sig-list -g $(uuidgen) PK.pem PK.esl | ||
cert-to-efi-sig-list -g $(uuidgen) KEK.pem KEK.esl | ||
cert-to-efi-sig-list -g $(uuidgen) ISK.pem ISK.esl | ||
cert-to-efi-sig-list -g $(uuidgen) MicWinProPCA2011_2011-10-19.pem MicWinProPCA2011_2011-10-19.esl | ||
cert-to-efi-sig-list -g $(uuidgen) MicCorUEFCA2011_2011-06-27.pem MicCorUEFCA2011_2011-06-27.esl | ||
|
||
|
||
echo "=============================" | ||
echo "Creating database of allowed signs..." | ||
cat ISK.esl MicWinProPCA2011_2011-10-19.esl MicCorUEFCA2011_2011-06-27.esl > db.esl | ||
|
||
|
||
echo "=============================" | ||
echo "Signing ESL files..." | ||
sign-efi-sig-list -k PK.key -c PK.pem PK PK.esl PK.auth | ||
sign-efi-sig-list -k PK.key -c PK.pem KEK KEK.esl KEK.auth | ||
sign-efi-sig-list -k KEK.key -c KEK.pem db db.esl db.auth | ||
|
||
cd .. | ||
mkdir oc | ||
cp efikeys/ISK.key oc | ||
cp efikeys/ISK.pem oc | ||
cp efikeys/PK.auth oc | ||
cp efikeys/KEK.auth oc | ||
cp efikeys/db.auth oc | ||
cd oc | ||
|
||
echo "=============================" | ||
LINK="https://github.com/acidanthera/OpenCorePkg/releases/download/${VERSION}/OpenCore-${VERSION}-RELEASE.zip" | ||
echo "Downlading Opencore ${VERSION}" | ||
wget -nv $LINK | ||
echo "=============================" | ||
echo "Creating required directories" | ||
mkdir Signed | ||
mkdir Signed/Drivers | ||
mkdir Signed/Tools | ||
mkdir Signed/Download | ||
mkdir Signed/BOOT | ||
echo "=============================" | ||
echo "Downloading HfsPlus.efi" | ||
wget -nv https://github.com/acidanthera/OcBinaryData/raw/master/Drivers/HfsPlus.efi -O ./Signed/Download/HfsPlus.efi | ||
echo "=============================" | ||
echo "Do you use OpenLinuxBoot? (Y/N)" | ||
read LUKA | ||
LUKA1="Y" | ||
LUKA2="y" | ||
if [ "$LUKA" = "$LUKA1" ] || [ "$LUKA" = "$LUKA2" ]; then | ||
wget -nv https://github.com/acidanthera/OcBinaryData/raw/master/Drivers/ext4_x64.efi -O ./Signed/Download/ext4_x64.efi | ||
fi | ||
|
||
echo "=============================" | ||
echo "Unzipping OpenCore ${VERSION}" | ||
unzip "OpenCore-${VERSION}-RELEASE.zip" "X64/*" -d "./Signed/Download" | ||
rm "OpenCore-${VERSION}-RELEASE.zip" | ||
echo "============================" | ||
echo "Signing drivers, tools, BOOTx64.efi and OpenCore.efi" | ||
echo "" | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/BOOT/BOOTx64.efi ./Signed/Download/X64/EFI/BOOT/BOOTx64.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/OpenCore.efi ./Signed/Download/X64/EFI/OC/OpenCore.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Drivers/OpenRuntime.efi ./Signed/Download/X64/EFI/OC/Drivers/OpenRuntime.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Drivers/OpenCanopy.efi ./Signed/Download/X64/EFI/OC/Drivers/OpenCanopy.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Drivers/CrScreenshotDxe.efi ./Signed/Download/X64/EFI/OC/Drivers/CrScreenshotDxe.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Tools/OpenShell.efi ./Signed/Download/X64/EFI/OC/Tools/OpenShell.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Drivers/HfsPlus.efi ./Signed/Download/HfsPlus.efi | ||
|
||
|
||
if [ "$LUKA" = "$LUKA1" ] || [ "$LUKA" = "$LUKA2" ]; then | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Drivers/OpenLinuxBoot.efi ./Signed/Download/X64/EFI/OC/Drivers/OpenLinuxBoot.efi | ||
sbsign --key ISK.key --cert ISK.pem --output ./Signed/Drivers/ext4_x64.efi ./Signed/Download/ext4_x64.efi | ||
echo "Linux drivers signed" | ||
else | ||
rm ./Signed/Download/X64/EFI/OC/Drivers/OpenLinuxBoot.efi | ||
fi | ||
|
||
echo "============================" | ||
echo "Cleaning..." | ||
rm -rf ./Signed/Download | ||
rm ISK.key | ||
rm ISK.pem | ||
cd .. | ||
rm -rf ./efikeys | ||
echo "Cleaned" | ||
|
||
echo "============================" | ||
echo "Copying files to Windows" | ||
a=$(powershell.exe '$env:UserName') | ||
a=${a%?} | ||
cp -R oc "/mnt/c/Users/$a/Downloads" | ||
echo "Everything is done, enjoy!" | ||
rm -rf oc | ||
|
||
echo "============================" | ||
echo "====CREATED BY LUKAKEITON===" | ||
echo "============================" |