chrono/sign-cachy-kernels
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2 commits 1 branch 0 tags 31 KiB
  • Shell 100%
Find a file
Exact
Ellie Gummere d3aab512a1 Add README
2026-03-19 21:51:37 -04:00
README.md Add README 2026-03-19 21:51:37 -04:00
sign-latest-kernel.sh Upload files to "/" 2026-03-19 21:44:50 -04:00

README.md

sign-cachy-kernels

Signs all installed non-rescue kernels with a local Secure Boot key.

I needed this because I keep Secure Boot enabled to play Valorant on Windows, while still wanting to boot CachyOS kernels on the same machine. CachyOS kernels are not signed, so this script signs them with my local key so they can boot after I enroll that cert.

Requirements:

  • openssl
  • sbsigntools
  • root

Usage:

sudo ./sign-latest-kernel.sh

Notes:

  • Generates or reuses a keypair in /root/.kernel-signing-keys
  • Copies the public DER cert to /boot/efi/EFI/fedora/kernel.der
  • Skips kernels already signed with the local cert
  • Does not keep .unsigned backups unless --keep-backup is used