From 42bb82fd415e44151a7869a18a1819875473abcb Mon Sep 17 00:00:00 2001
From: Andrew Lee <alee14498@protonmail.com>
Date: Sun, 27 Oct 2024 18:08:31 -0400
Subject: Initial commit

---
 .gitignore |  1 +
 README.md  |  8 ++++++++
 gen-key.sh | 10 ++++++++++
 sign.sh    | 20 ++++++++++++++++++++
 4 files changed, 39 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100755 gen-key.sh
 create mode 100755 sign.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9c97c08
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+MOK.*
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..63574ff
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+# VMware Secure Boot Sign
+This will sign vmmon.ko and vmnet.ko files on the kernel.
+
+Tested on Fedora 40. May not work on other distros.
+
+
+# How to run
+First run `gen-key.sh` then `sign.sh`
diff --git a/gen-key.sh b/gen-key.sh
new file mode 100755
index 0000000..865c7fb
--- /dev/null
+++ b/gen-key.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root. Exiting."
+   exit 1
+fi
+
+openssl req -new -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -x509 -days 36500 -subj "/CN=VMware Module Signing Key"
+mokutil --import MOK.der
+
+echo "Reboot your computer"
diff --git a/sign.sh b/sign.sh
new file mode 100755
index 0000000..58d7618
--- /dev/null
+++ b/sign.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root. Exiting."
+   exit 1
+fi
+
+/usr/src/kernels/$(uname -r)/scripts/sign-file \
+      sha256 \
+      MOK.priv \
+      MOK.der \
+      /lib/modules/$(uname -r)/misc/vmmon.ko
+echo "Signed vmmon"
+/usr/src/kernels/$(uname -r)/scripts/sign-file \
+      sha256 \
+      MOK.priv \
+      MOK.der \
+      /lib/modules/$(uname -r)/misc/vmnet.ko
+echo "Signed vmnet"
+
+modprobe vmmon
-- 
cgit v1.2.3