[configs/releng] Add SecureBoot support via prebootloader
Tested only under QEMU using OVMF SecureBoot enabled firmware plus lockdown-ms. Both loader.efi (gummiboot) and vmlinuz.efi should be hashed before boot in secure mode. Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
This commit is contained in:
parent
0696e88801
commit
3e4740484e
@ -128,7 +128,10 @@ make_isolinux() {
|
|||||||
# Prepare /EFI
|
# Prepare /EFI
|
||||||
make_efi() {
|
make_efi() {
|
||||||
mkdir -p ${work_dir}/iso/EFI/boot
|
mkdir -p ${work_dir}/iso/EFI/boot
|
||||||
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/bootx64.efi
|
cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/iso/EFI/boot/bootx64.efi
|
||||||
|
cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/iso/EFI/boot/
|
||||||
|
|
||||||
|
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/loader.efi
|
||||||
|
|
||||||
mkdir -p ${work_dir}/iso/loader/entries
|
mkdir -p ${work_dir}/iso/loader/entries
|
||||||
cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/iso/loader/
|
cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/iso/loader/
|
||||||
@ -159,7 +162,10 @@ make_efiboot() {
|
|||||||
cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img
|
cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img
|
||||||
|
|
||||||
mkdir -p ${work_dir}/efiboot/EFI/boot
|
mkdir -p ${work_dir}/efiboot/EFI/boot
|
||||||
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi
|
cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi
|
||||||
|
cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/efiboot/EFI/boot/
|
||||||
|
|
||||||
|
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/loader.efi
|
||||||
|
|
||||||
mkdir -p ${work_dir}/efiboot/loader/entries
|
mkdir -p ${work_dir}/efiboot/loader/entries
|
||||||
cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/efiboot/loader/
|
cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/efiboot/loader/
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
grub-efi-x86_64
|
grub-efi-x86_64
|
||||||
gummiboot
|
gummiboot
|
||||||
|
prebootloader
|
||||||
refind-efi
|
refind-efi
|
||||||
|
Loading…
Reference in New Issue
Block a user