From 72582fd5e0438295e84a6ea0d2d25ee7236d11f4 Mon Sep 17 00:00:00 2001
From: Manuel Thalmann <m@nuth.ch>
Date: Mon, 23 Jan 2023 16:53:28 +0100
Subject: [PATCH] Refactor secure-boot script
---
.../SurfaceBook2/SecureBoot/install.sh | 48 ++++++++++++-------
1 file changed, 32 insertions(+), 16 deletions(-)
diff --git a/scripts/Devices/SurfaceBook2/SecureBoot/install.sh b/scripts/Devices/SurfaceBook2/SecureBoot/install.sh
index e2f63f5b..1fdf3ac8 100755
--- a/scripts/Devices/SurfaceBook2/SecureBoot/install.sh
+++ b/scripts/Devices/SurfaceBook2/SecureBoot/install.sh
@@ -23,21 +23,37 @@ else
# Initialize variables
src="./boot/efi/EFI/fedora";
- esp=/boot/efi;
- defaultBootDir="$esp/EFI/BOOT";
- microsoftBootDir="$esp/EFI/Microsoft/Boot";
+ efiDirName="/EFI";
+ bootDirName="$efiDirName/BOOT";
+ microsoftDirName="$efiDirName/Microsoft/Boot";
+ systemdDirName="$efiDirName/systemd";
- systemdDirName=/EFI/systemd;
- systemdFullName="$esp$systemdDirName";
- systemdFile="$systemdFullName/systemd-bootx64.efi";
- bootFile="$defaultBootDir/grubx64.efi";
+ shimBaseName="shimx64.efi";
+ mokManagerBaseName="mmx64.efi";
+ keyToolBaseName="KeyTool.efi";
+ shellBaseName="Shell.efi";
+
+ defaultFileName="$bootDirName/BOOTx64.efi";
+ systemdFileName="$systemdDirName/systemd-bootx64.efi";
+ grubFileName="$bootDirName/grubx64.efi";
+ mokManagerFileName="$bootDirName/$mokManagerBaseName";
+ keyToolFileName="$systemdDirName/$keyToolBaseName";
+ shellFileName="$systemdDirName/$shellBaseName";
+
+ espPath=/boot/efi;
+ bootPath="$espPath$bootDirName";
+ defaultPath="$esp$defaultFileName";
+ microsoftPath="$espPath$microsoftDirName";
+ systemdPath="$espPath$systemdDirName/systemd-bootx64.efi";
+ shellPath="$espPath$shellFileName";
+ grubPath="$espPath$grubFileName";
# Set up files
- cp "$systemdFile" "$bootFile";
- cp "$src/shimx64.efi" "$defaultBootDir/BOOTx64.efi";
- cp "$src/mmx64.efi" "$defaultBootDir";
+ cp "$systemdPath" "$grubPath";
+ cp "$src/$shimBaseName" "$defaultPath";
+ cp "$src/$mokManagerBaseName" "$bootPath";
cp /usr/lib/efitools/x86_64-linux-gnu/KeyTool.efi /boot/efi/EFI/systemd/;
- wget https://github.com/tianocore/edk2-archive/raw/master/ShellBinPkg/UefiShell/X64/Shell.efi -O "$systemdFullName/Shell.efi";
+ wget https://github.com/tianocore/edk2-archive/raw/master/ShellBinPkg/UefiShell/X64/Shell.efi -O "$shellPath";
{
echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md";
@@ -46,10 +62,10 @@ else
# No idea where the `10000000` comes from...
# Taken from https://github.com/rhboot/shim/issues/376#issuecomment-964137621
- objcopy --set-section-alignment '.sbat=512' --add-section .sbat=sbat.csv --change-section-address .sbat+10000000 "$bootFile";
+ objcopy --set-section-alignment '.sbat=512' --add-section .sbat=sbat.csv --change-section-address .sbat+10000000 "$grubPath";
# Add boot entries
- efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "Shim" --loader /EFI/BOOT/BOOTx64.efi;
+ efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "Shim" --loader "$defaultFileName";
# Configure systemd-boot
{
@@ -58,17 +74,17 @@ else
{
echo "title MokManager";
- echo "efi /EFI/BOOT/mmx64.efi";
+ echo "efi $mokManagerFileName";
} > /boot/efi/loader/entries/MokManager.conf;
{
echo "title KeyTool";
- echo "efi /EFI/systemd/KeyTool.efi";
+ echo "efi $keyToolFileName";
} > /boot/efi/loader/entries/KeyTool.conf;
{
echo "title UEFI Shell";
- echo "efi /EFI/systemd/Shell.efi";
+ echo "efi $shellFileName";
} > /boot/efi/loader/entries/Shell.conf:
# Install surface MOK