secure boot
This commit is contained in:
parent
331f39e157
commit
6b80fe6bfc
5 changed files with 105 additions and 13 deletions
73
build.sh
73
build.sh
|
|
@ -42,11 +42,15 @@ MEMDISK_ARCHIVE="${MEMDISK_ROOT}.tar"
|
|||
UEFI_ROOT="${ROOT}/efi"
|
||||
UEFI_DIRECTORY="${UEFI_ROOT}/boot"
|
||||
UEFI_FILE="${UEFI_DIRECTORY}/bootx64.efi"
|
||||
UEFI_GRUB="${UEFI_DIRECTORY}/grubx64.efi"
|
||||
SIGNED_GRUB='/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed'
|
||||
SIGNED_SHIM='/usr/lib/shim/shimx64.efi.signed'
|
||||
BIOS_DIRECTORY="${ROOT}/bios"
|
||||
BIOS_FILE="${BIOS_DIRECTORY}/core.img"
|
||||
BIOS_SETUP="${BIOS_DIRECTORY}/setup.sh"
|
||||
COMPRESSION='xz'
|
||||
GRUB_ROOT="${ROOT}/grub"
|
||||
GRUB_ROOT="${ROOT}/boot/grub"
|
||||
GRUB_CFG="${GRUB_ROOT}/grub.cfg"
|
||||
GRUB_ENV="${ROOT}/grub.env"
|
||||
GRUB_PUB="${GRUB_ROOT}/grub.pub"
|
||||
|
||||
|
|
@ -112,6 +116,13 @@ grub-mkimage \
|
|||
--pubkey "${MEMDISK_PUB}" \
|
||||
"${MODULES[@]}"
|
||||
# gpg --detach-sign "${UEFI_FILE}"
|
||||
if [ -f "${SIGNED_SHIM}" ] ; then
|
||||
mv "${UEFI_FILE}" "${UEFI_GRUB}"
|
||||
cp "${SIGNED_SHIM}" "${UEFI_FILE}"
|
||||
fi
|
||||
if [ -f "${SIGNED_GRUB}" ] ; then
|
||||
cp "${SIGNED_GRUB}" "${UEFI_GRUB}"
|
||||
fi
|
||||
|
||||
# bios ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅
|
||||
|
||||
|
|
@ -144,6 +155,66 @@ DIRECTORY="$(dirname "${FILE}")"
|
|||
rm --force --recursive "${GRUB_ROOT}"
|
||||
mkdir --parents "${GRUB_ROOT}"
|
||||
|
||||
# grub / cfg ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅
|
||||
|
||||
echo -n "\
|
||||
echo '
|
||||
grub.cfg ↓
|
||||
'
|
||||
ls
|
||||
echo -n \"\\
|
||||
cmdpath: \${cmdpath}
|
||||
root: \${root}
|
||||
\"
|
||||
for f in '/.disk/info' '/.disk/mini-info' ; do
|
||||
if [ -f \"\${f}\" ] ; then
|
||||
echo \" (\${root})\${f}\"
|
||||
fi
|
||||
done
|
||||
unset f
|
||||
echo \"\\
|
||||
prefix: \${prefix}
|
||||
\"
|
||||
|
||||
function set_init {
|
||||
data_uuid='${DATA}'
|
||||
search --no-floppy --set data \\
|
||||
--fs-uuid \"\${data_uuid}\"
|
||||
#
|
||||
search --no-floppy --set esp \\
|
||||
--fs-uuid '${ESP}'
|
||||
if [ \"\${esp}\" ] ; then
|
||||
env=\"(\${esp})/grub.env\"
|
||||
live=\"(\${esp})/${PROJECT}/live\"
|
||||
#
|
||||
for file in \${live}/source/*.sh ; do
|
||||
source \"\${file}\"
|
||||
done
|
||||
unset file
|
||||
fi
|
||||
}
|
||||
|
||||
function normal_init {
|
||||
check_signatures='no'
|
||||
#
|
||||
set_init
|
||||
if [ \"\${esp}\" ] ; then
|
||||
prefix=\"(\${esp})/boot/grub\"
|
||||
root=\"\${esp}\"
|
||||
fi
|
||||
}
|
||||
|
||||
normal_init
|
||||
|
||||
echo 'main.sh ↓'
|
||||
source \"\${live}/main.sh\"
|
||||
echo 'main.sh ↑'
|
||||
|
||||
echo -n '
|
||||
grub.cfg ↑ '
|
||||
sleep --interruptible --verbose 60
|
||||
" > "${GRUB_CFG}"
|
||||
|
||||
# grub / env ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅
|
||||
|
||||
echo -n "\
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue