From 2917c08fb8577744a871c3911ca74dd519f55608 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 21 Dec 2024 12:01:30 +0100 Subject: [PATCH] livecd,livedvd: completed support for ia32 EFI bootloader --- platforms/livecd/Makefile | 3 +-- platforms/livecd/post.inc.sh | 9 ++------- platforms/livedvd/Makefile | 2 +- platforms/livedvd/post.inc.sh | 37 ++++++++++++++++++++++++++--------- 4 files changed, 32 insertions(+), 19 deletions(-) diff --git a/platforms/livecd/Makefile b/platforms/livecd/Makefile index bf9a7a8..d535cc3 100644 --- a/platforms/livecd/Makefile +++ b/platforms/livecd/Makefile @@ -1,6 +1,5 @@ $(MAKEDIST_TARGET)-livecd: openmamba-release breeze-grub-theme memtest86+ \ - memtest86+-efi dracut grub-efi-x86_64 shim-signed sbsigntools -$(MAKEDIST_TARGET)-livecd-i586: grub-efi + memtest86+-efi dracut grub-efi grub-efi-x86_64 shim-signed sbsigntools # Localized targets $(MAKEDIST_TARGET)-livecd-en: $(MAKEDIST_TARGET)-livecd-it: diff --git a/platforms/livecd/post.inc.sh b/platforms/livecd/post.inc.sh index 82c8b6b..4e53b1b 100644 --- a/platforms/livecd/post.inc.sh +++ b/platforms/livecd/post.inc.sh @@ -178,14 +178,12 @@ chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubx64.efi -O x86_64-e exit 1 } -if [ "${ARCH}" == "i586" ]; then # 32 bit image chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubia32.efi -O i386-efi \ -p /boot/grub ${GRUB_ADD} || { echo $"Error: unable to create GRUB i386-efi image" exit 1 } -fi # Sign EFI image for secure boot chroot $MOUNTDIR openssl req -newkey rsa:2048 -nodes -keyout /root/MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=openmamba Machine Owner Key/" -out /root/MOK.crt @@ -201,11 +199,9 @@ for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do done mkdir -p $MOUNTDIR2/EFI/BOOT/ -cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/EFI/ +cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/ENROLLME.cer cp $MOUNTDIR/boot/efi/EFI/openmamba/grubx64.efi $MOUNTDIR2/EFI/BOOT/grubx64.efi -if [ "${ARCH}" == "i586" ]; then - cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi -fi +cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi # Install shim-signed cp $MOUNTDIR/usr/share/shim-signed/shimx64.efi $MOUNTDIR2/EFI/BOOT/bootx64.efi @@ -215,7 +211,6 @@ cp $MOUNTDIR/usr/share/shim-signed/mmx64.efi $MOUNTDIR2/EFI/BOOT/ # EFI support section END # - # Finally produce the medium MOUNTDIR=$MOUNTDIR2 produce_media $MEDIA_NAME diff --git a/platforms/livedvd/Makefile b/platforms/livedvd/Makefile index f0f9010..781c8d6 100644 --- a/platforms/livedvd/Makefile +++ b/platforms/livedvd/Makefile @@ -1,5 +1,5 @@ $(MAKEDIST_TARGET)-livedvd: openmamba-release breeze-grub-theme memtest86+ memtest86+-efi \ - dracut grub-efi-x86_64 shim-signed sbsigntools + dracut grub-efi grub-efi-x86_64 shim-signed sbsigntools # Localized targets $(MAKEDIST_TARGET)-livedvd-en: $(MAKEDIST_TARGET)-livedvd-it: diff --git a/platforms/livedvd/post.inc.sh b/platforms/livedvd/post.inc.sh index 231d76b..51fc627 100644 --- a/platforms/livedvd/post.inc.sh +++ b/platforms/livedvd/post.inc.sh @@ -174,22 +174,40 @@ fi # create EFI grub 32 and 64 bit images mkdir -p $MOUNTDIR/boot/efi/EFI/openmamba/ +if [ "${ARCH}" == "x86_64" ]; then + GRUB_ADD="--sbat /usr/share/grub/sbat.csv \ +all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \ +fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \ +iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \ +memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \ +play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \ +smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo" +else + # FIXME: i586 provides grub 204 which does not support --sbat and other modules for SB + GRUB_ADD="\ +part_gpt part_msdos ntfs ntfscomp hfsplus fat ext2 normal chain boot linux echo \ +help gfxterm gettext png efi_gop efi_uga search search_label search_fs_uuid \ +iso9660 configfile" +fi + chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubx64.efi -O x86_64-efi \ - -p /boot/grub --sbat /usr/share/grub/sbat.csv \ - all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \ - fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \ - iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \ - memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \ - play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \ - smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo || { + -p /boot/grub ${GRUB_ADD} || { echo $"Error: unable to create GRUB x86_64-efi image" exit 1 } +# 32 bit image +chroot $MOUNTDIR grub-mkimage -o /boot/efi/EFI/openmamba/grubia32.efi -O i386-efi \ + -p /boot/grub ${GRUB_ADD} || { + echo $"Error: unable to create GRUB i386-efi image" + exit 1 +} + # Sign EFI image for secure boot chroot $MOUNTDIR openssl req -newkey rsa:2048 -nodes -keyout /root/MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=openmamba Machine Owner Key/" -out /root/MOK.crt chroot $MOUNTDIR openssl x509 -outform DER -in /root/MOK.crt -out /root/MOK.cer chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubx64.efi /boot/efi/EFI/openmamba/grubx64.efi +chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/efi/EFI/openmamba/grubia32.efi /boot/efi/EFI/openmamba/grubia32.efi ISOID= for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do chroot $MOUNTDIR sbsign --key /root/MOK.key --cert /root/MOK.crt --output /boot/vmlinuz-${KERNEL_MAJVER}${K} /boot/vmlinuz-${KERNEL_MAJVER}${K} @@ -199,8 +217,9 @@ for K in $KERNEL_EXTRAVER $KERNEL_MORE_EXTRAVER; do done mkdir -p $MOUNTDIR2/EFI/BOOT/ -cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/EFI/ +cp $MOUNTDIR/root/MOK.cer $MOUNTDIR2/ENROLLME.cer cp $MOUNTDIR/boot/efi/EFI/openmamba/grubx64.efi $MOUNTDIR2/EFI/BOOT/grubx64.efi +cp $MOUNTDIR/boot/efi/EFI/openmamba/grubia32.efi $MOUNTDIR2/EFI/BOOT/bootia32.efi # Install shim-signed cp $MOUNTDIR/usr/share/shim-signed/shimx64.efi $MOUNTDIR2/EFI/BOOT/bootx64.efi @@ -210,7 +229,7 @@ cp $MOUNTDIR/usr/share/shim-signed/mmx64.efi $MOUNTDIR2/EFI/BOOT/ # EFI support section END # -# Finally produce the media +# Finally produce the medium MOUNTDIR=$MOUNTDIR2 produce_media $MEDIA_NAME for i in $SUBPLATFORM; do