#!/usr/bin/env bash

signfile(){
if ! sbverify --cert "/boot/key/MOK.crt" "$FILE" &>/dev/null; then
sbsign --key "/boot/key/MOK.key" --cert "/boot/key/MOK.crt" --output "$FILE" "$FILE"
}

find /boot -type d | while read -r dir; do
    signfile "$dir"
done