mirror of
https://github.com/chinawrj/rtl8812au
synced 2024-11-27 15:44:18 +00:00
Add signing to Makefile
This commit is contained in:
parent
2fcc00bbb3
commit
3b0cdfc23e
17
Makefile
17
Makefile
@ -167,6 +167,10 @@ CONFIG_CUSTOMER_HUAWEI_GENERAL = n
|
|||||||
|
|
||||||
CONFIG_DRVEXT_MODULE = n
|
CONFIG_DRVEXT_MODULE = n
|
||||||
|
|
||||||
|
ifeq ("","$(wildcard MOK.der)")
|
||||||
|
NO_SKIP_SIGN := y
|
||||||
|
endif
|
||||||
|
|
||||||
ifeq ($(CONFIG_RTL8812AU), )
|
ifeq ($(CONFIG_RTL8812AU), )
|
||||||
ifneq (,$(findstring /usr/lib/dkms,$(PATH)))
|
ifneq (,$(findstring /usr/lib/dkms,$(PATH)))
|
||||||
export TopDIR ?= $(shell pwd)
|
export TopDIR ?= $(shell pwd)
|
||||||
@ -2327,5 +2331,16 @@ clean:
|
|||||||
cd platform ; rm -fr *.mod.c *.mod *.o .*.cmd *.ko
|
cd platform ; rm -fr *.mod.c *.mod *.o .*.cmd *.ko
|
||||||
rm -fr Module.symvers ; rm -fr Module.markers ; rm -fr modules.order
|
rm -fr Module.symvers ; rm -fr Module.markers ; rm -fr modules.order
|
||||||
rm -fr *.mod.c *.mod *.o .*.cmd *.ko *~
|
rm -fr *.mod.c *.mod *.o .*.cmd *.ko *~
|
||||||
rm -fr .tmp_versions
|
rm -fr .tmp_versions *.der *.priv
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
sign:
|
||||||
|
ifeq ($(NO_SKIP_SIGN), y)
|
||||||
|
@openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Custom MOK/"
|
||||||
|
@mokutil --import MOK.der
|
||||||
|
else
|
||||||
|
echo "Skipping key creation"
|
||||||
|
endif
|
||||||
|
@$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der 88XXau.ko
|
||||||
|
|
||||||
|
sign-install: all sign install
|
||||||
|
@ -1,57 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ $(id -u) != 0 ]; then
|
|
||||||
echo " Script must be run as root"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [[ "$(mokutil --sb-state)" == *enabled ]]; then
|
|
||||||
SECUREBOOT="ON"
|
|
||||||
else
|
|
||||||
SECUREBOOT="OFF"
|
|
||||||
fi
|
|
||||||
|
|
||||||
RUNASUSER="sudo -u $SUDO_USER"
|
|
||||||
|
|
||||||
# Run this block as user
|
|
||||||
$RUNASUSER bash << EOF
|
|
||||||
echo " Building the module"
|
|
||||||
make -j$(nproc)
|
|
||||||
|
|
||||||
if [ ! -d ".ssl" ] && [ $SECUREBOOT == "ON" ]; then
|
|
||||||
mkdir .ssl
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
|
|
||||||
echo -e "\n Installing the module..."
|
|
||||||
make install
|
|
||||||
|
|
||||||
# Sign module if SecureBoot is enabled
|
|
||||||
if [ $SECUREBOOT == "ON" ]; then
|
|
||||||
echo -e "\n Creating X.509 key pair"
|
|
||||||
cd .ssl
|
|
||||||
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=local_rtl8812au/"
|
|
||||||
|
|
||||||
SIGN=/usr/src/linux-headers-$(uname -r)/scripts/sign-file
|
|
||||||
MODULE=$(modinfo -n 88XXau)
|
|
||||||
|
|
||||||
echo -e "\n Signing the following module"
|
|
||||||
echo " $MODULE"
|
|
||||||
|
|
||||||
$SIGN sha256 ./MOK.priv ./MOK.der $MODULE
|
|
||||||
|
|
||||||
# Add key to trusted list
|
|
||||||
echo -e "\n\t ATTENTION"
|
|
||||||
echo -e " MOK manager ask you to enter input password."
|
|
||||||
echo " This password will be needed once after first reboot."
|
|
||||||
|
|
||||||
mokutil --import ./MOK.der
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo " System requires reboot."
|
|
||||||
echo " UEFI key manager will appear during the boot."
|
|
||||||
echo " Select 'Enroll MOK' and 'Continue. Then enter input password."
|
|
||||||
else
|
|
||||||
modprobe 88XXau
|
|
||||||
fi
|
|
Loading…
Reference in New Issue
Block a user