From: https://github.com/Foxboron/sbctl/pull/188 From: John Helmert III Date: Sat, 10 Feb 2024 11:46:01 -0800 Subject: [PATCH] 91-sbctl.install: don't sign without signing keys It's expected that signing doesn't work without having previously generated keys, so don't try to sign when keys don't exist. Closes: https://github.com/Foxboron/sbctl/issues/187 Signed-off-by: John Helmert III --- a/contrib/kernel-install/91-sbctl.install +++ b/contrib/kernel-install/91-sbctl.install @@ -28,6 +28,14 @@ fi case "$COMMAND" in add) printf 'sbctl: Signing kernel %s\n' "$IMAGE_FILE" + + # exit without error if keys don't exist + # https://github.com/Foxboron/sbctl/issues/187 + if ! test -d /usr/share/secureboot/keys; then + echo "Secureboot key directory doesn't exist, not signing!" + exit 0 + fi + sbctl sign -s "$IMAGE_FILE" 1>/dev/null ;; remove)