[configs/releng] Add SecureBoot support via prebootloader

Tested only under QEMU using OVMF SecureBoot enabled firmware plus lockdown-ms.

Both loader.efi (gummiboot) and vmlinuz.efi should be hashed before boot in secure mode.

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
This commit is contained in:
Gerardo Exequiel Pozzi 2013-06-19 20:28:33 -03:00
parent 0696e88801
commit 3e4740484e
2 changed files with 9 additions and 2 deletions

View File

@ -128,7 +128,10 @@ make_isolinux() {
# Prepare /EFI # Prepare /EFI
make_efi() { make_efi() {
mkdir -p ${work_dir}/iso/EFI/boot mkdir -p ${work_dir}/iso/EFI/boot
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/bootx64.efi cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/iso/EFI/boot/bootx64.efi
cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/iso/EFI/boot/
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/loader.efi
mkdir -p ${work_dir}/iso/loader/entries mkdir -p ${work_dir}/iso/loader/entries
cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/iso/loader/ cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/iso/loader/
@ -159,7 +162,10 @@ make_efiboot() {
cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img
mkdir -p ${work_dir}/efiboot/EFI/boot mkdir -p ${work_dir}/efiboot/EFI/boot
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi
cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/efiboot/EFI/boot/
cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/loader.efi
mkdir -p ${work_dir}/efiboot/loader/entries mkdir -p ${work_dir}/efiboot/loader/entries
cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/efiboot/loader/ cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/efiboot/loader/

View File

@ -1,3 +1,4 @@
grub-efi-x86_64 grub-efi-x86_64
gummiboot gummiboot
prebootloader
refind-efi refind-efi