Initial commit.

CharcoalHalo · Sep 15, 2018 · a3c20fd · a3c20fd
commit a3c20fd
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+*.der
+*.priv
+*.ko
+
diff --git a/README.md b/README.md
@@ -0,0 +1,36 @@
+# OpenRazer Kernel Module Signer
+
+It's a simple script that signs [OpenRazer](https://openrazer.github.io/) drivers 
+on Fedora, so they'll be usable with UEFI Secure Boot.
+
+## Setup
+
+Follow these steps before signing:
+
+ 1. Modify `openssl.cnf` to match your name, etc.
+ 2. Run
+    ```shell
+    openssl req -config ./openssl.cnf \
+      -new -x509 -newkey rsa:2048 \
+      -nodes -days 36500 -outform DER \
+      -keyout "MOK.priv" \
+      -out "MOK.der"
+    ```
+ 3. `sudo mokutil --import MOK.der`
+ 4. Reboot and import the key in EFI.
+
+## Signing
+
+First install the drivers however you like. Usually by `dnf install
+openrazer-meta`. Then just run `sudo sh ./razer-sign.sh`. You have to do this
+with every new kernel, sadly.
+
+## Security
+
+As you're importing a custom key into EFI, obviously you shouldn't just leave
+it laying around on the internet. Back it up somewhere safe just in case.
+
+## License
+
+Public domain. Go wild.
+
diff --git a/openssl.cnf b/openssl.cnf
@@ -0,0 +1,23 @@
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME                    = .
+RANDFILE                = $ENV::HOME/.rnd 
+[ req ]
+distinguished_name      = req_distinguished_name
+x509_extensions         = v3
+string_mask             = utf8only
+prompt                  = no
+
+[ req_distinguished_name ]
+countryName             = MK
+stateOrProvinceName     = Skopje
+0.organizationName      = stojan
+commonName              = Secure Boot Signing
+emailAddress            = sdimitrovski@gmail.com
+
+[ v3 ]
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer
+basicConstraints        = critical,CA:FALSE
+extendedKeyUsage        = codeSigning,1.3.6.1.4.1.311.10.3.6,1.3.6.1.4.1.2312.16.1.2
+nsComment               = "OpenSSL Generated Certificate"
diff --git a/razer-sign.sh b/razer-sign.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -x 
+
+DIR="$(dirname $(readlink -f $0))"
+
+cd "/usr/lib/modules/$(uname -r)/extra"
+
+xz -d razercore.ko.xz
+xz -d razerkbd.ko.xz
+xz -d razerfirefly.ko.xz
+xz -d razerkraken.ko.xz
+xz -d razermouse.ko.xz
+xz -d razermug.ko.xz
+
+KSCRIPTS="/usr/src/kernels/$(uname -r)/scripts"
+
+$KSCRIPTS/sign-file sha512 "$DIR/MOK.priv" "$DIR/MOK.der" razercore.ko
+$KSCRIPTS/sign-file sha512 "$DIR/MOK.priv" "$DIR/MOK.der" razerkbd.ko
+$KSCRIPTS/sign-file sha512 "$DIR/MOK.priv" "$DIR/MOK.der" razerfirefly.ko
+$KSCRIPTS/sign-file sha512 "$DIR/MOK.priv" "$DIR/MOK.der" razerkraken.ko
+$KSCRIPTS/sign-file sha512 "$DIR/MOK.priv" "$DIR/MOK.der" razermouse.ko
+$KSCRIPTS/sign-file sha512 "$DIR/MOK.priv" "$DIR/MOK.der" razermug.ko
+
+xz -c razercore.ko > razerkore.ko.xz
+xz -c razerkbd.ko > razerkbd.ko.xz
+xz -c razerfirefly.ko > razerfirefly.ko.xz
+xz -c razerkraken.ko > razerkraken.ko.xz
+xz -c razermouse.ko > razermouse.ko.xz
+xz -c razermug.ko > razermug.ko.xz