manuth/PortValhalla
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor secure-boot script

Browse source
This commit is contained in:
Manuel Thalmann 2023-01-23 16:53:28 +01:00
parent d3a3b6a4dd
commit 72582fd5e0
1 changed files with 32 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
scripts/Devices/SurfaceBook2/SecureBoot/install.sh
View file

@ -23,21 +23,37 @@ else
# Initialize variables # Initialize variables
src="./boot/efi/EFI/fedora"; src="./boot/efi/EFI/fedora";
esp=/boot/efi; efiDirName="/EFI";
defaultBootDir="$esp/EFI/BOOT"; bootDirName="$efiDirName/BOOT";
microsoftBootDir="$esp/EFI/Microsoft/Boot"; microsoftDirName="$efiDirName/Microsoft/Boot";
systemdDirName="$efiDirName/systemd";
systemdDirName=/EFI/systemd; shimBaseName="shimx64.efi";
systemdFullName="$esp$systemdDirName"; mokManagerBaseName="mmx64.efi";
systemdFile="$systemdFullName/systemd-bootx64.efi"; keyToolBaseName="KeyTool.efi";
bootFile="$defaultBootDir/grubx64.efi"; shellBaseName="Shell.efi";
defaultFileName="$bootDirName/BOOTx64.efi";
systemdFileName="$systemdDirName/systemd-bootx64.efi";
grubFileName="$bootDirName/grubx64.efi";
mokManagerFileName="$bootDirName/$mokManagerBaseName";
keyToolFileName="$systemdDirName/$keyToolBaseName";
shellFileName="$systemdDirName/$shellBaseName";
espPath=/boot/efi;
bootPath="$espPath$bootDirName";
defaultPath="$esp$defaultFileName";
microsoftPath="$espPath$microsoftDirName";
systemdPath="$espPath$systemdDirName/systemd-bootx64.efi";
shellPath="$espPath$shellFileName";
grubPath="$espPath$grubFileName";
# Set up files # Set up files
cp "$systemdFile" "$bootFile"; cp "$systemdPath" "$grubPath";
cp "$src/shimx64.efi" "$defaultBootDir/BOOTx64.efi"; cp "$src/$shimBaseName" "$defaultPath";
cp "$src/mmx64.efi" "$defaultBootDir"; cp "$src/$mokManagerBaseName" "$bootPath";
cp /usr/lib/efitools/x86_64-linux-gnu/KeyTool.efi /boot/efi/EFI/systemd/; cp /usr/lib/efitools/x86_64-linux-gnu/KeyTool.efi /boot/efi/EFI/systemd/;
wget https://github.com/tianocore/edk2-archive/raw/master/ShellBinPkg/UefiShell/X64/Shell.efi -O "$systemdFullName/Shell.efi"; wget https://github.com/tianocore/edk2-archive/raw/master/ShellBinPkg/UefiShell/X64/Shell.efi -O "$shellPath";
{ {
echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md"; echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md";
@ -46,10 +62,10 @@ else
# No idea where the `10000000` comes from... # No idea where the `10000000` comes from...
# Taken from https://github.com/rhboot/shim/issues/376#issuecomment-964137621 # Taken from https://github.com/rhboot/shim/issues/376#issuecomment-964137621
objcopy --set-section-alignment '.sbat=512' --add-section .sbat=sbat.csv --change-section-address .sbat+10000000 "$bootFile"; objcopy --set-section-alignment '.sbat=512' --add-section .sbat=sbat.csv --change-section-address .sbat+10000000 "$grubPath";
# Add boot entries # Add boot entries
efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "Shim" --loader /EFI/BOOT/BOOTx64.efi; efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "Shim" --loader "$defaultFileName";
# Configure systemd-boot # Configure systemd-boot
{ {
@ -58,17 +74,17 @@ else
{ {
echo "title MokManager"; echo "title MokManager";
echo "efi /EFI/BOOT/mmx64.efi"; echo "efi $mokManagerFileName";
} > /boot/efi/loader/entries/MokManager.conf; } > /boot/efi/loader/entries/MokManager.conf;
{ {
echo "title KeyTool"; echo "title KeyTool";
echo "efi /EFI/systemd/KeyTool.efi"; echo "efi $keyToolFileName";
} > /boot/efi/loader/entries/KeyTool.conf; } > /boot/efi/loader/entries/KeyTool.conf;
{ {
echo "title UEFI Shell"; echo "title UEFI Shell";
echo "efi /EFI/systemd/Shell.efi"; echo "efi $shellFileName";
} > /boot/efi/loader/entries/Shell.conf: } > /boot/efi/loader/entries/Shell.conf:
# Install surface MOK # Install surface MOK