diff options
| author | John Ogness <john.ogness@linutronix.de> | 2018-05-07 11:23:05 +0200 |
|---|---|---|
| committer | John Ogness <john.ogness@linutronix.de> | 2018-05-07 11:23:05 +0200 |
| commit | 27ffe6e29d41d7f8b39a0490709a4d912fc2f7ff (patch) | |
| tree | 7709789f8bd5ce404101f697a31fafff33fd359d /lx-trainer-vm | |
| parent | 33ee15be492c327b40d5da4fcf3adf0e19c75ada (diff) | |
secureboot: allow device or image specification
Rather than assuming the image file lx-trainer.img in the current
working directory, require an argument that specifies this. Also,
allow this argument to be a block device to perform the secure
boot preparation on devices already prepared with the image.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Diffstat (limited to 'lx-trainer-vm')
| -rw-r--r-- | lx-trainer-vm/README | 20 | ||||
| -rwxr-xr-x | lx-trainer-vm/make_lxtrainer_secureboot.sh | 62 |
2 files changed, 54 insertions, 28 deletions
diff --git a/lx-trainer-vm/README b/lx-trainer-vm/README index 80dd422..54ac9ff 100644 --- a/lx-trainer-vm/README +++ b/lx-trainer-vm/README @@ -1,6 +1,6 @@ lx-trainer ========== -v2018-04-20 +v2018-05-07 John Ogness <john.ogness@linutronix.de> @@ -38,8 +38,8 @@ The script can be run like this: Layer tarballs are unpacked using --numeric-owner to avoid any accidental incorrect username/uid and group/gid mappings. For the trainer image, the -"devel" user has uid/gid 1000/1000. So for files intended for devel's home -it is recommend to create the layer tarball using: +"devel" user has a uid/gid of 1000/1000. So for files intended for devel's +home it is recommend to create the layer tarball using: tar cvf mylayer.tar --owner=1000 --group=1000 --numeric-owner mydir @@ -48,9 +48,15 @@ make_lxtrainer_secureboot.sh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The "make_lxtrainer_secureboot.sh" script will convert the generated -image to use secure boot. This should be run on the generated image -*before* it is copied to the devices. The script assumes lx-trainer.img -is located in the current working directory and it will modify this -file in place. +image to use secure boot. To save you time, this should be run on the +generated image *before* it is copied to the devices. + + sudo ./make_lxtrainer_secureboot.sh lx-trainer.img + +However, you can also run it for a device that has already been +prepared with the image. +(Only an example! Verify destination devices *before* running!) + + sudo ./make_lxtrainer_secureboot.sh /dev/sde At some point this script will not be needed. But until then... diff --git a/lx-trainer-vm/make_lxtrainer_secureboot.sh b/lx-trainer-vm/make_lxtrainer_secureboot.sh index 1b77bc9..685f928 100755 --- a/lx-trainer-vm/make_lxtrainer_secureboot.sh +++ b/lx-trainer-vm/make_lxtrainer_secureboot.sh @@ -3,8 +3,8 @@ set -e MAIN="http://de.archive.ubuntu.com/ubuntu/pool/main" -if [ ! -f "lx-trainer.img" ]; then - echo "error: lx-trainer.img missing" +if [ $# -ne 1 ]; then + echo "error: $0 <image|device>" exit 1 fi @@ -13,10 +13,19 @@ if [ `id -u` -ne 0 ]; then exit 1 fi +if [ -f "$1" ]; then + IMG="$1" +elif [ -b "$1" ]; then + IMG="" +else + echo "error: $1 invalid" + exit 1 +fi + # prepare temp space TMPD="/tmp/tmp-lxtrainer-uefi" rm -rf $TMPD -mkdir -p $TMPD +mkdir -p $TMPD/mnt # download signed uefi packages from ubuntu wget --continue $MAIN/g/grub2/grub-common_2.02~beta3-4ubuntu7_amd64.deb -O $TMPD/1.deb @@ -28,33 +37,44 @@ dpkg -x $TMPD/1.deb $TMPD/1 dpkg -x $TMPD/2.deb $TMPD/2 dpkg -x $TMPD/3.deb $TMPD/3 -# setup loop device for image -DEV=`sudo losetup --show -P -f lx-trainer.img` +if [ -n "$IMG" ]; then + # setup loop device for image + DEV=`sudo losetup --show -P -f lx-trainer.img` + DEVP="${DEV}p" +else + # block device + DEV="$1" + DEVP="$DEV" +fi # extract grub.cfg from image -sudo mount ${DEV}p3 /mnt -cp /mnt/boot/grub/grub.cfg $TMPD/ -sudo umount /mnt +sudo mount ${DEVP}3 $TMPD/mnt +cp $TMPD/mnt/boot/grub/grub.cfg $TMPD/ +sudo umount $TMPD/mnt # setup uefi partition -sudo mount ${DEV}p2 /mnt -if [ -d "/mnt/EFI/BOOT" ]; then - sudo mkdir -p /mnt/EFI/ubuntu - sudo mkdir -p /mnt/EFI/ubuntu/fonts - if [ -f "/mnt/EFI/BOOT/BOOTX64.EFI" ]; then - sudo mv /mnt/EFI/BOOT/BOOTX64.EFI /mnt/EFI/BOOT/BOOTX64.EFI.debian +sudo mount ${DEVP}2 $TMPD/mnt +if [ -d "$TMPD/mnt/EFI/BOOT" ]; then + sudo mkdir -p $TMPD/mnt/EFI/ubuntu + sudo mkdir -p $TMPD/mnt/EFI/ubuntu/fonts + if [ -f "$TMPD/mnt/EFI/BOOT/BOOTX64.EFI" -a ! -f "$TMPD/mnt/EFI/BOOT/BOOTX64.EFI.debian" ]; then + sudo mv $TMPD/mnt/EFI/BOOT/BOOTX64.EFI $TMPD/mnt/EFI/BOOT/BOOTX64.EFI.debian fi - sudo cp $TMPD/1/usr/share/grub/unicode.pf2 /mnt/EFI/ubuntu/fonts/ - sudo cp $TMPD/2/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed /mnt/EFI/BOOT/grubx64.efi - sudo cp $TMPD/3/usr/lib/shim/shimx64.efi.signed /mnt/EFI/BOOT/BOOTX64.EFI - sudo cp $TMPD/grub.cfg /mnt/EFI/ubuntu/ + sudo cp $TMPD/1/usr/share/grub/unicode.pf2 $TMPD/mnt/EFI/ubuntu/fonts/ + sudo cp $TMPD/2/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed $TMPD/mnt/EFI/BOOT/grubx64.efi + sudo cp $TMPD/3/usr/lib/shim/shimx64.efi.signed $TMPD/mnt/EFI/BOOT/BOOTX64.EFI + sudo cp $TMPD/grub.cfg $TMPD/mnt/EFI/ubuntu/ else echo "error: no UEFI found on lx-trainer.img" fi -sudo umount /mnt +sudo umount $TMPD/mnt -# cleanup loop device -sudo losetup -d $DEV +if [ -n "$IMG" ]; then + # cleanup loop device + sudo losetup -d $DEV +fi # cleanup temp space rm -rf $TMPD + +echo "done. no errors." |