Refactor secure boot script
This commit is contained in:
parent
24d2a42ba2
commit
e9aaad4f70
1 changed files with 30 additions and 20 deletions
|
|
@ -5,11 +5,22 @@ then
|
||||||
sudo bash "$BASH_SOURCE"
|
sudo bash "$BASH_SOURCE"
|
||||||
else
|
else
|
||||||
# Create context directory
|
# Create context directory
|
||||||
workingDirectory=$(pwd)
|
workingDirectory="$(pwd)"
|
||||||
contextRoot=$(mktemp -d)
|
contextRoot="$(mktemp -d)"
|
||||||
cd $contextRoot
|
packageName="shim.rpm"
|
||||||
|
cd "$contextRoot"
|
||||||
|
|
||||||
|
# Install Prerequisites
|
||||||
|
apt install -y wget rpm2cpio
|
||||||
|
|
||||||
|
# Download and Extract Package
|
||||||
|
wget https://kojipkgs.fedoraproject.org//vol/fedora_koji_archive02/packages/shim-signed/15/2/x86_64/shim-x64-15-2.x86_64.rpm -O "$packageName"
|
||||||
|
rpm2archive "$packageName"
|
||||||
|
tar -xvzf "$packageName.tgz"
|
||||||
|
rm -f "$packageName" "$packageName.tgz"
|
||||||
|
|
||||||
# Initialize variables
|
# Initialize variables
|
||||||
|
src="./boot/efi/EFI/fedora"
|
||||||
esp=/boot/efi
|
esp=/boot/efi
|
||||||
defaultBootDir=$esp/EFI/BOOT
|
defaultBootDir=$esp/EFI/BOOT
|
||||||
microsoftBootDir=$esp/EFI/Microsoft/Boot
|
microsoftBootDir=$esp/EFI/Microsoft/Boot
|
||||||
|
|
@ -18,27 +29,26 @@ else
|
||||||
systemdFullName=$esp$systemdDirName
|
systemdFullName=$esp$systemdDirName
|
||||||
systemdFile=$systemdFullName/systemd-bootx64.efi
|
systemdFile=$systemdFullName/systemd-bootx64.efi
|
||||||
|
|
||||||
loaderBaseName=loader.efi
|
# Set up files
|
||||||
systemdLoaderFile=$systemdFullName/$loaderBaseName
|
mv $defaultBootDir/BOOTx64.efi $defaultBootDir/grubx64.efi
|
||||||
|
cp "$src/shimx64.efi" $defaultBootDir/BOOTx64.efi
|
||||||
|
cp "$src/mmx64.efi" $defaultBootDir
|
||||||
|
|
||||||
# Install PreLoader
|
# Add boot entries
|
||||||
wget https://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
|
efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "Shim" --loader /EFI/BOOT/BOOTx64.efi
|
||||||
wget https://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi
|
|
||||||
|
|
||||||
cp {HashTool,PreLoader}.efi $systemdFullName
|
# Configure systemd-boot
|
||||||
cp $systemdFile $systemdLoaderFile
|
{
|
||||||
efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "PreLoader" --loader $systemdDirName/PreLoader.efi
|
echo "timeout 4"
|
||||||
|
} >> /boot/efi/loader/loader.conf
|
||||||
|
|
||||||
# Add fallbacks
|
{
|
||||||
cp ./HashTool.efi $defaultBootDir
|
echo "title MokManager"
|
||||||
cp $systemdFile $defaultBootDir/$loaderBaseName
|
echo "efi /EFI/BOOT/mmx64.efi"
|
||||||
cp ./PreLoader.efi $defaultBootDir/BOOTx64.EFI
|
} > /boot/efi/loader/entries/MokManager.efi
|
||||||
|
|
||||||
# Add Microsoft fallbacks
|
# Install surface MOK
|
||||||
mkdir -p $microsoftBootDir
|
apt install -y linux-surface-secureboot-mok
|
||||||
cp ./PreLoader.efi $microsoftBootDir/bootmgfw.efi
|
|
||||||
cp ./HashTool.efi $microsoftBootDir
|
|
||||||
cp $systemdFile $microsoftBootDir/$loaderBaseName
|
|
||||||
|
|
||||||
# Remove context directory
|
# Remove context directory
|
||||||
cd $workingDirectory
|
cd $workingDirectory
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue