From 3e4740484edd23d6c1db42ab24c3555e8ab6b03a Mon Sep 17 00:00:00 2001 From: Gerardo Exequiel Pozzi Date: Wed, 19 Jun 2013 20:28:33 -0300 Subject: [configs/releng] Add SecureBoot support via prebootloader Tested only under QEMU using OVMF SecureBoot enabled firmware plus lockdown-ms. Both loader.efi (gummiboot) and vmlinuz.efi should be hashed before boot in secure mode. Signed-off-by: Gerardo Exequiel Pozzi --- configs/releng/build.sh | 10 ++++++++-- configs/releng/packages.x86_64 | 1 + 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 6e9e2f8..bec9a42 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -128,7 +128,10 @@ make_isolinux() { # Prepare /EFI make_efi() { mkdir -p ${work_dir}/iso/EFI/boot - cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/bootx64.efi + cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/iso/EFI/boot/bootx64.efi + cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/iso/EFI/boot/ + + cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/loader.efi mkdir -p ${work_dir}/iso/loader/entries cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/iso/loader/ @@ -159,7 +162,10 @@ make_efiboot() { cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img mkdir -p ${work_dir}/efiboot/EFI/boot - cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi + cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi + cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/efiboot/EFI/boot/ + + cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/loader.efi mkdir -p ${work_dir}/efiboot/loader/entries cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/efiboot/loader/ diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index aceb6cf..3b75077 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -1,3 +1,4 @@ grub-efi-x86_64 gummiboot +prebootloader refind-efi -- cgit v1.2.3-70-g09d2