diff options
| author | John Ogness <john.ogness@linutronix.de> | 2018-04-20 17:04:38 +0200 |
|---|---|---|
| committer | John Ogness <john.ogness@linutronix.de> | 2018-04-20 17:04:38 +0200 |
| commit | b4a7273e62d0e9e8acc7f4a56239e34a4b8eda2c (patch) | |
| tree | 49fcd2d3aa338d21c5a4435deb76a6808a1be100 /lx-trainer-vm/make_lxtrainer_secureboot.sh | |
| parent | 27605a4b4aa3ec0a50391d6367b2ea0a9de17b91 (diff) | |
secureboot: add make_lxtrainer_secureboot.sh script
Eventually the lx-trainer image will come with secure boot
automatically. But for now, we have to manually adjust the image.
Here is a script to do that.
Also update the README.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Diffstat (limited to 'lx-trainer-vm/make_lxtrainer_secureboot.sh')
| -rwxr-xr-x | lx-trainer-vm/make_lxtrainer_secureboot.sh | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/lx-trainer-vm/make_lxtrainer_secureboot.sh b/lx-trainer-vm/make_lxtrainer_secureboot.sh new file mode 100755 index 0000000..1b77bc9 --- /dev/null +++ b/lx-trainer-vm/make_lxtrainer_secureboot.sh @@ -0,0 +1,60 @@ +#!/bin/sh +set -e + +MAIN="http://de.archive.ubuntu.com/ubuntu/pool/main" + +if [ ! -f "lx-trainer.img" ]; then + echo "error: lx-trainer.img missing" + exit 1 +fi + +if [ `id -u` -ne 0 ]; then + echo "sorry, must run as root" + exit 1 +fi + +# prepare temp space +TMPD="/tmp/tmp-lxtrainer-uefi" +rm -rf $TMPD +mkdir -p $TMPD + +# download signed uefi packages from ubuntu +wget --continue $MAIN/g/grub2/grub-common_2.02~beta3-4ubuntu7_amd64.deb -O $TMPD/1.deb +wget --continue $MAIN/g/grub2-signed/grub-efi-amd64-signed_1.85+2.02~beta3-4ubuntu7_amd64.deb -O $TMPD/2.deb +wget --continue $MAIN/s/shim-signed/shim-signed_1.32+0.9+1474479173.6c180c6-1ubuntu1_amd64.deb -O $TMPD/3.deb + +# unpack packages +dpkg -x $TMPD/1.deb $TMPD/1 +dpkg -x $TMPD/2.deb $TMPD/2 +dpkg -x $TMPD/3.deb $TMPD/3 + +# setup loop device for image +DEV=`sudo losetup --show -P -f lx-trainer.img` + +# extract grub.cfg from image +sudo mount ${DEV}p3 /mnt +cp /mnt/boot/grub/grub.cfg $TMPD/ +sudo umount /mnt + +# setup uefi partition +sudo mount ${DEV}p2 /mnt +if [ -d "/mnt/EFI/BOOT" ]; then + sudo mkdir -p /mnt/EFI/ubuntu + sudo mkdir -p /mnt/EFI/ubuntu/fonts + if [ -f "/mnt/EFI/BOOT/BOOTX64.EFI" ]; then + sudo mv /mnt/EFI/BOOT/BOOTX64.EFI /mnt/EFI/BOOT/BOOTX64.EFI.debian + fi + sudo cp $TMPD/1/usr/share/grub/unicode.pf2 /mnt/EFI/ubuntu/fonts/ + sudo cp $TMPD/2/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed /mnt/EFI/BOOT/grubx64.efi + sudo cp $TMPD/3/usr/lib/shim/shimx64.efi.signed /mnt/EFI/BOOT/BOOTX64.EFI + sudo cp $TMPD/grub.cfg /mnt/EFI/ubuntu/ +else + echo "error: no UEFI found on lx-trainer.img" +fi +sudo umount /mnt + +# cleanup loop device +sudo losetup -d $DEV + +# cleanup temp space +rm -rf $TMPD |