livecd,livedvd: completed support for ia32 EFI bootloader

platforms/livecd/Makefile

@@ -1,6 +1,5 @@
 $(MAKEDIST_TARGET)-livecd: openmamba-release breeze-grub-theme memtest86+ \
-    memtest86+-efi dracut grub-efi-x86_64 shim-signed sbsigntools
-$(MAKEDIST_TARGET)-livecd-i586: grub-efi
+    memtest86+-efi dracut grub-efi grub-efi-x86_64 shim-signed sbsigntools
 # Localized targets
 $(MAKEDIST_TARGET)-livecd-en:
 $(MAKEDIST_TARGET)-livecd-it:

platforms/livecd/post.inc.sh

@@ -178,14 +178,12 @@ chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubx64.efi -O x86_64-e
    exit 1
 }
 
-if [ "${ARCH}" == "i586" ]; then
 # 32 bit image
 chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubia32.efi -O i386-efi \
    -p /boot/grub ${GRUB_ADD} || {
    echo $"Error: unable to create GRUB i386-efi image"
    exit 1
 }
-fi
 
 # Sign EFI image for secure boot
 chroot $MOUNTDIR openssl req -newkey rsa:2048 -nodes -keyout /root/MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=openmamba Machine Owner Key/" -out /root/MOK.crt
@@ -201,11 +199,9 @@ for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do
 done
 
 mkdir -p $MOUNTDIR2/EFI/BOOT/
-cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/EFI/
+cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/ENROLLME.cer
 cp $MOUNTDIR/boot/efi/EFI/openmamba/grubx64.efi $MOUNTDIR2/EFI/BOOT/grubx64.efi
-if [ "${ARCH}" == "i586" ]; then
-   cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi
-fi
+cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi
 
 # Install shim-signed
 cp $MOUNTDIR/usr/share/shim-signed/shimx64.efi $MOUNTDIR2/EFI/BOOT/bootx64.efi
@@ -215,7 +211,6 @@ cp $MOUNTDIR/usr/share/shim-signed/mmx64.efi $MOUNTDIR2/EFI/BOOT/
 # EFI support section END
 #
 
-
 # Finally produce the medium
 MOUNTDIR=$MOUNTDIR2 produce_media $MEDIA_NAME
 

platforms/livedvd/Makefile

@@ -1,5 +1,5 @@
 $(MAKEDIST_TARGET)-livedvd: openmamba-release breeze-grub-theme memtest86+ memtest86+-efi \
-    dracut grub-efi-x86_64 shim-signed sbsigntools
+    dracut grub-efi grub-efi-x86_64 shim-signed sbsigntools
 # Localized targets
 $(MAKEDIST_TARGET)-livedvd-en:
 $(MAKEDIST_TARGET)-livedvd-it:

platforms/livedvd/post.inc.sh

@@ -174,22 +174,40 @@ fi
 
 # create EFI grub 32 and 64 bit images
 mkdir -p $MOUNTDIR/boot/efi/EFI/openmamba/
+if [ "${ARCH}" == "x86_64" ]; then
+   GRUB_ADD="--sbat /usr/share/grub/sbat.csv \
+all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \
+fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \
+iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \
+memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \
+play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \
+smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo"
+else
+   # FIXME: i586 provides grub 204 which does not support --sbat and other modules for SB
+   GRUB_ADD="\
+part_gpt part_msdos ntfs ntfscomp hfsplus fat ext2 normal chain boot linux echo \
+help gfxterm gettext png efi_gop efi_uga search search_label search_fs_uuid \
+iso9660 configfile"
+fi
+
 chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubx64.efi -O x86_64-efi \
-   -p /boot/grub --sbat /usr/share/grub/sbat.csv \
-   all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \
-   fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \
-   iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \
-   memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \
-   play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \
-   smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo || {
+   -p /boot/grub ${GRUB_ADD} || {
    echo $"Error: unable to create GRUB x86_64-efi image"
    exit 1
 }
 
+# 32 bit image
+chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubia32.efi -O i386-efi \
+   -p /boot/grub ${GRUB_ADD} || {
+   echo $"Error: unable to create GRUB i386-efi image"
+   exit 1
+}
+
 # Sign EFI image for secure boot
 chroot $MOUNTDIR openssl req -newkey rsa:2048 -nodes -keyout /root/MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=openmamba Machine Owner Key/" -out /root/MOK.crt
 chroot $MOUNTDIR openssl x509 -outform DER -in /root/MOK.crt -out /root/MOK.cer
 chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubx64.efi /boot/efi/EFI/openmamba/grubx64.efi
+chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubia32.efi /boot/efi/EFI/openmamba/grubia32.efi
 ISOID=
 for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do
    chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/vmlinuz-${KERNEL_MAJVER}${K} /boot/vmlinuz-${KERNEL_MAJVER}${K}
@@ -199,8 +217,9 @@ for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do
 done
 
 mkdir -p $MOUNTDIR2/EFI/BOOT/
-cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/EFI/
+cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/ENROLLME.cer
 cp $MOUNTDIR/boot/efi/EFI/openmamba/grubx64.efi $MOUNTDIR2/EFI/BOOT/grubx64.efi
+cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi
 
 # Install shim-signed
 cp $MOUNTDIR/usr/share/shim-signed/shimx64.efi $MOUNTDIR2/EFI/BOOT/bootx64.efi
@@ -210,7 +229,7 @@ cp $MOUNTDIR/usr/share/shim-signed/mmx64.efi $MOUNTDIR2/EFI/BOOT/
 # EFI support section END
 #
 
-# Finally produce the media
+# Finally produce the medium
 MOUNTDIR=$MOUNTDIR2 produce_media $MEDIA_NAME
 
 for i in $SUBPLATFORM; do