{"id":23670934,"url":"https://github.com/cipherswami/signmod","last_synced_at":"2025-09-02T01:34:42.188Z","repository":{"id":255589507,"uuid":"852466891","full_name":"cipherswami/signmod","owner":"cipherswami","description":"Script helps with signing custom kernel modules for secure boot enabled devices.","archived":false,"fork":false,"pushed_at":"2024-12-28T22:46:01.000Z","size":15,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-04T06:54:39.604Z","etag":null,"topics":["device-driver","kernel-module","module-signing"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cipherswami.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-09-04T21:22:04.000Z","updated_at":"2025-04-05T14:28:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"d4692b49-a545-4f9b-863b-fdc2b413779b","html_url":"https://github.com/cipherswami/signmod","commit_stats":null,"previous_names":["cipherswami/regmok","cipherswami/signmod"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cipherswami/signmod","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherswami%2Fsignmod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherswami%2Fsignmod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherswami%2Fsignmod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherswami%2Fsignmod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cipherswami","download_url":"https://codeload.github.com/cipherswami/signmod/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cipherswami%2Fsignmod/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273218427,"owners_count":25065913,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-01T02:00:09.058Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["device-driver","kernel-module","module-signing"],"created_at":"2024-12-29T09:45:20.591Z","updated_at":"2025-09-02T01:34:42.157Z","avatar_url":"https://github.com/cipherswami.png","language":"Shell","readme":"# Kernel Module Signer :: CIPH3R \u003c!-- omit in toc --\u003e\n\n**signmod** streamlines the process of signing custom kernel modules for secure boot enabled systems. The installation script generates a certificate/key pair, and enrolls the certificate in the MOK, and the private key is later used by signmod to sign the modules, enabling seamless module loading.\n\n## Table of contents \u003c!-- omit in toc --\u003e\n- [Installation](#installation)\n- [Usage](#usage)\n- [Uninstallation](#uninstallation)\n- [Issues](#issues)\n\n## Installation\n\n1. **Install headers**:  \n \n    Ensure Linux headers are installed for the script to function properly:  \n\n   ```bash\n   sudo apt install -y linux-headers-$(uname -r)\n   ```\n\n2. **Clone the repository**:  \n\n    ```bash\n    git clone https://github.com/cipherswami/signmod.git \u0026\u0026 cd signmod\n    ```\n\n2. **Run the installer script**: \n\n    During installation, if prompted to set a password, set one, as it will be required later during MOK enrollment:\n\n    ```bash\n    chmod +x install.sh \u0026\u0026 sudo ./install.sh\n    ```\n\n3. **Clean up and MOK enrollment**:  \n\n    Once the installation is complete you can safly remove the cloned repository: \n\n    ```bash\n    cd .. \u0026\u0026 rm -rf signmod\n    ```\n\n    Now reboot your PC. During the next boot, you will see a prompt from the MOK Manager. Follow these steps:  \n\n    - Press **any key** to enter the MOK Menu within the timeout.\n    - Select **Enroll MOK** from the menu.  \n    - Next, choose **Continue** and then **Yes**.   \n    - When prompted for a password, enter the same **password** you set during the installation.  \n    - Finally, select **Reboot** to complete the process.\n\n4. **Verification**:  \n\n    To confirm that your signmod MOK certificate has been installed correctly\n\n    ```bash\n    sudo mokutil --list-enrolled\n    ```\n\n    Look for your certificate details (subject, issuer: `CN=signmod`) in the output.\n\n## Usage\n\nOnce the certificate is enrolled in MOK, and the signmod is installed, you can use the signmod to sign your kernel modules:\n\n```bash\nsudo signmod your_module.ko\n```\n\nThis script will sign the module using the corresponding private key generated during installation.\n\n## Uninstallation\n\nTo remove `signmod` and clean up all associated files and certificates, follow the steps below:\n\n1. **Clone the repository**:\n\n    ```bash\n    git clone https://github.com/cipherswami/signmod.git \u0026\u0026 cd signmod\n    ```\n\n2. **Run the uninstaller script**:  \n\n    During uninstallation, if prompted to set a password, set one, as it will be required later during MOK unenrollment:\n\n    ```bash\n    chmod +x uninstall.sh \u0026\u0026 sudo ./uninstall.sh\n    ```\n\n3. **Clean up and MOK unenrollment**:  \n\n    Once the uninstallation is complete you can safly remove the cloned repository. \n\n    ```bash\n    cd .. \u0026\u0026 rm -rf signmod\n    ```\n\n    Now reboot your PC. During the next boot, you will see a prompt from the MOK Manager. Follow these steps: \n\n    - Press **any key** to enter the MOK Menu within the timeout. \n    - Select **Delete key** from the menu.  \n    - Next, choose **Continue** and then **Yes**.  \n    - When prompted for a password, enter the same **password** you set during the installation.  \n    - Finally, select **Reboot** to complete the process.\n\n5. **Verification**:  \n\n    After rebooting, you can confirm the removal by running:\n\n    ```bash\n    sudo mokutil --list-enrolled\n    ```\n\n    Ensure that your `signmod` MOK certificate is no longer listed.\n\n\n## Issues\n\n1. **insmod: ERROR: could not insert module hello.ko: Invalid module format**  \n   \n   **Solution:** Purge and reinstall the headers.\n\n    ```bash\n    sudo apt purge -y linux-headers-$(uname -r) \u0026\u0026 sudo apt install -y linux-headers-$(uname -r)\n    ```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcipherswami%2Fsignmod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcipherswami%2Fsignmod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcipherswami%2Fsignmod/lists"}