From becb29373d4eb8c86ac0aacc7739087c336d8784 Mon Sep 17 00:00:00 2001
From: minhtrannhat <minhtrannhat@tutanota.com>
Date: Fri, 15 Apr 2022 22:51:51 -0400
Subject: [PATCH] Pacman hooks for signing kernel and grub

---
 pacman-hooks/Desktop/98-secureboot-grub.hook  | 13 +++++++++++++
 pacman-hooks/Desktop/99-secureboot-linux.hook | 13 +++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 pacman-hooks/Desktop/98-secureboot-grub.hook
 create mode 100644 pacman-hooks/Desktop/99-secureboot-linux.hook

diff --git a/pacman-hooks/Desktop/98-secureboot-grub.hook b/pacman-hooks/Desktop/98-secureboot-grub.hook
new file mode 100644
index 0000000..5482d49
--- /dev/null
+++ b/pacman-hooks/Desktop/98-secureboot-grub.hook
@@ -0,0 +1,13 @@
+[Trigger]
+Operation = Install
+Operation = Upgrade
+Type = Package
+Target = grub
+
+[Action]
+Description = Signing GRUB for SecureBoot
+When = PostTransaction
+Exec = /usr/bin/find /efi/ -name 'grubx64' -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key /db.key --cert /db.crt --output {} {}; fi' \ ;
+Depends = sbsigntools
+Depends = findutils
+Depends = grep
diff --git a/pacman-hooks/Desktop/99-secureboot-linux.hook b/pacman-hooks/Desktop/99-secureboot-linux.hook
new file mode 100644
index 0000000..0e0f8a9
--- /dev/null
+++ b/pacman-hooks/Desktop/99-secureboot-linux.hook
@@ -0,0 +1,13 @@
+[Trigger]
+Operation = Install
+Operation = Upgrade
+Type = Package
+Target = linux
+
+[Action]
+Description = Signing Kernel for SecureBoot
+When = PostTransaction
+Exec = /usr/bin/find /boot/ -maxdepth 1 -name 'vmlinuz-*' -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key /db.key --cert /db.crt --output {} {}; fi' \ ;
+Depends = sbsigntools
+Depends = findutils
+Depends = grep