Initial commit

2025-01-22 08:11:53 -05:00 · 2024-10-27 18:08:31 -04:00 · 2024-10-27 18:08:31 -04:00 · 42bb82fd41
commit 42bb82fd41
4 changed files with 39 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+MOK.*
--- a/README.md
+++ b/README.md
@ -0,0 +1,8 @@
+# VMware Secure Boot Sign
+This will sign vmmon.ko and vmnet.ko files on the kernel.
+
+Tested on Fedora 40. May not work on other distros.
+
+
+# How to run
+First run `gen-key.sh` then `sign.sh`
--- a/gen-key.sh
+++ b/gen-key.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root. Exiting."
+   exit 1
+fi
+
+openssl req -new -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -x509 -days 36500 -subj "/CN=VMware Module Signing Key"
+mokutil --import MOK.der
+
+echo "Reboot your computer"
--- a/sign.sh
+++ b/sign.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root. Exiting."
+   exit 1
+fi
+
+/usr/src/kernels/$(uname -r)/scripts/sign-file \
+      sha256 \
+      MOK.priv \
+      MOK.der \
+      /lib/modules/$(uname -r)/misc/vmmon.ko
+echo "Signed vmmon"
+/usr/src/kernels/$(uname -r)/scripts/sign-file \
+      sha256 \
+      MOK.priv \
+      MOK.der \
+      /lib/modules/$(uname -r)/misc/vmnet.ko
+echo "Signed vmnet"
+
+modprobe vmmon