4 files changed, 39 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9c97c08
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+MOK.*
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..63574ff
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+# VMware Secure Boot Sign
+This will sign vmmon.ko and vmnet.ko files on the kernel.
+
+Tested on Fedora 40. May not work on other distros.
+
+
+# How to run
+First run `gen-key.sh` then `sign.sh`
diff --git a/gen-key.sh b/gen-key.sh
new file mode 100755
index 0000000..865c7fb
--- /dev/null
+++ b/gen-key.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root. Exiting."
+   exit 1
+fi
+
+openssl req -new -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -x509 -days 36500 -subj "/CN=VMware Module Signing Key"
+mokutil --import MOK.der
+
+echo "Reboot your computer"
diff --git a/sign.sh b/sign.sh
new file mode 100755
index 0000000..58d7618
--- /dev/null
+++ b/sign.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root. Exiting."
+   exit 1
+fi
+
+/usr/src/kernels/$(uname -r)/scripts/sign-file \
+      sha256 \
+      MOK.priv \
+      MOK.der \
+      /lib/modules/$(uname -r)/misc/vmmon.ko
+echo "Signed vmmon"
+/usr/src/kernels/$(uname -r)/scripts/sign-file \
+      sha256 \
+      MOK.priv \
+      MOK.der \
+      /lib/modules/$(uname -r)/misc/vmnet.ko
+echo "Signed vmnet"
+
+modprobe vmmon