livecd-light-root,livecd: review EFI support for x86 target after changes for secure boot support
This commit is contained in:
parent
a34e6c2466
commit
1b5546a3ee
@ -25,7 +25,7 @@ $(MAKEDIST_TARGET)-livecd-light-root: \
|
|||||||
mambatray \
|
mambatray \
|
||||||
$(MAKEDIST_TARGET)-livecd-light
|
$(MAKEDIST_TARGET)-livecd-light
|
||||||
|
|
||||||
$(MAKEDIST_TARGET)-livecd-light-root-x86_64: VirtualBox-guest
|
$(MAKEDIST_TARGET)-livecd-light-root-x86_64: VirtualBox-guest sbsigntools shim-signed
|
||||||
|
|
||||||
# Localization targets
|
# Localization targets
|
||||||
$(MAKEDIST_TARGET)-livecd-light-root-de: langpacks-de firefox-langpack-de
|
$(MAKEDIST_TARGET)-livecd-light-root-de: langpacks-de firefox-langpack-de
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
$(MAKEDIST_TARGET)-livecd: openmamba-release breeze-grub-theme memtest86+ \
|
$(MAKEDIST_TARGET)-livecd: openmamba-release breeze-grub-theme memtest86+ \
|
||||||
memtest86+-efi dracut grub-efi-x86_64 shim-signed sbsigntools
|
memtest86+-efi dracut grub-efi-x86_64 shim-signed sbsigntools
|
||||||
|
$(MAKEDIST_TARGET)-livecd-i586: grub-efi
|
||||||
# Localized targets
|
# Localized targets
|
||||||
$(MAKEDIST_TARGET)-livecd-en:
|
$(MAKEDIST_TARGET)-livecd-en:
|
||||||
$(MAKEDIST_TARGET)-livecd-it:
|
$(MAKEDIST_TARGET)-livecd-it:
|
||||||
|
@ -156,22 +156,42 @@ fi
|
|||||||
|
|
||||||
# create EFI grub 32 and 64 bit images
|
# create EFI grub 32 and 64 bit images
|
||||||
mkdir -p $MOUNTDIR/boot/efi/EFI/openmamba/
|
mkdir -p $MOUNTDIR/boot/efi/EFI/openmamba/
|
||||||
chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubx64.efi -O x86_64-efi \
|
if [ "${ARCH}" == "x86_64" ]; then
|
||||||
-p /boot/grub --sbat /usr/share/grub/sbat.csv \
|
GRUB_ADD="--sbat /usr/share/grub/sbat.csv \
|
||||||
all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \
|
all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \
|
||||||
fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \
|
fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \
|
||||||
iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \
|
iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \
|
||||||
memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \
|
memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \
|
||||||
play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \
|
play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \
|
||||||
smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo || {
|
smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo"
|
||||||
|
else
|
||||||
|
# FIXME: i586 provides grub 204 which does not support --sbat and other modules for SB
|
||||||
|
GRUB_ADD="\
|
||||||
|
part_gpt part_msdos ntfs ntfscomp hfsplus fat ext2 normal chain boot linux echo \
|
||||||
|
help gfxterm gettext png efi_gop efi_uga search search_label search_fs_uuid \
|
||||||
|
iso9660 configfile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubx64.efi -O x86_64-efi \
|
||||||
|
-p /boot/grub ${GRUB_ADD} || {
|
||||||
echo $"Error: unable to create GRUB x86_64-efi image"
|
echo $"Error: unable to create GRUB x86_64-efi image"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if [ "${ARCH}" == "i586" ]; then
|
||||||
|
# 32 bit image
|
||||||
|
chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubia32.efi -O i386-efi \
|
||||||
|
-p /boot/grub ${GRUB_ADD} || {
|
||||||
|
echo $"Error: unable to create GRUB i386-efi image"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
# Sign EFI image for secure boot
|
# Sign EFI image for secure boot
|
||||||
chroot $MOUNTDIR openssl req -newkey rsa:2048 -nodes -keyout /root/MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=openmamba Machine Owner Key/" -out /root/MOK.crt
|
chroot $MOUNTDIR openssl req -newkey rsa:2048 -nodes -keyout /root/MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=openmamba Machine Owner Key/" -out /root/MOK.crt
|
||||||
chroot $MOUNTDIR openssl x509 -outform DER -in /root/MOK.crt -out /root/MOK.cer
|
chroot $MOUNTDIR openssl x509 -outform DER -in /root/MOK.crt -out /root/MOK.cer
|
||||||
chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubx64.efi /boot/efi/EFI/openmamba/grubx64.efi
|
chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubx64.efi /boot/efi/EFI/openmamba/grubx64.efi
|
||||||
|
chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubia32.efi /boot/efi/EFI/openmamba/grubia32.efi
|
||||||
ISOID=
|
ISOID=
|
||||||
for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do
|
for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do
|
||||||
chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/vmlinuz-${KERNEL_MAJVER}${K} /boot/vmlinuz-${KERNEL_MAJVER}${K}
|
chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/vmlinuz-${KERNEL_MAJVER}${K} /boot/vmlinuz-${KERNEL_MAJVER}${K}
|
||||||
@ -183,6 +203,9 @@ done
|
|||||||
mkdir -p $MOUNTDIR2/EFI/BOOT/
|
mkdir -p $MOUNTDIR2/EFI/BOOT/
|
||||||
cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/EFI/
|
cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/EFI/
|
||||||
cp $MOUNTDIR/boot/efi/EFI/openmamba/grubx64.efi $MOUNTDIR2/EFI/BOOT/grubx64.efi
|
cp $MOUNTDIR/boot/efi/EFI/openmamba/grubx64.efi $MOUNTDIR2/EFI/BOOT/grubx64.efi
|
||||||
|
if [ "${ARCH}" == "i586" ]; then
|
||||||
|
cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi
|
||||||
|
fi
|
||||||
|
|
||||||
# Install shim-signed
|
# Install shim-signed
|
||||||
cp $MOUNTDIR/usr/share/shim-signed/shimx64.efi $MOUNTDIR2/EFI/BOOT/bootx64.efi
|
cp $MOUNTDIR/usr/share/shim-signed/shimx64.efi $MOUNTDIR2/EFI/BOOT/bootx64.efi
|
||||||
|
Loading…
Reference in New Issue
Block a user