summaryrefslogtreecommitdiff
path: root/lx-trainer-vm/make_lxtrainer_secureboot.sh
blob: 7eb2bee8dd0e0ca3c84435a430e9ce2672b5d0d7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

#!/bin/sh
set -e

MAIN="http://de.archive.ubuntu.com/ubuntu/pool/main"

if [ $# -ne 1 ]; then
	echo "error: $0 <image|device>"
	exit 1
fi

if [ `id -u` -ne 0 ]; then
	echo "sorry, must run as root"
	exit 1
fi

if [ -f "$1" ]; then
	IMG="$1"
elif [ -b "$1" ]; then
	IMG=""
else
	echo "error: $1 invalid"
	exit 1
fi

# prepare temp space
TMPD="/tmp/tmp-lxtrainer-uefi"
rm -rf $TMPD
mkdir -p $TMPD/mnt

# download signed uefi packages from ubuntu
wget --continue $MAIN/g/grub2/grub-common_2.02~beta3-4ubuntu7_amd64.deb -O $TMPD/1.deb
wget --continue $MAIN/g/grub2-signed/grub-efi-amd64-signed_1.85+2.02~beta3-4ubuntu7_amd64.deb -O $TMPD/2.deb
wget --continue $MAIN/s/shim-signed/shim-signed_1.32+0.9+1474479173.6c180c6-1ubuntu1_amd64.deb -O $TMPD/3.deb

# unpack packages
dpkg -x $TMPD/1.deb $TMPD/1
dpkg -x $TMPD/2.deb $TMPD/2
dpkg -x $TMPD/3.deb $TMPD/3

if [ -n "$IMG" ]; then
	# setup loop device for image
	DEV=`sudo losetup --show -P -f $IMG`
	DEVP="${DEV}p"
else
	# block device
	DEV="$1"
	DEVP="$DEV"
fi

# extract grub.cfg from image
sudo mount ${DEVP}3 $TMPD/mnt
cp $TMPD/mnt/boot/grub/grub.cfg $TMPD/
sudo umount $TMPD/mnt

# setup uefi partition
sudo mount ${DEVP}2 $TMPD/mnt
if [ -d "$TMPD/mnt/EFI/BOOT" ]; then
	sudo mkdir -p $TMPD/mnt/EFI/ubuntu
	sudo mkdir -p $TMPD/mnt/EFI/ubuntu/fonts
	if [ -f "$TMPD/mnt/EFI/BOOT/BOOTX64.EFI" -a ! -f "$TMPD/mnt/EFI/BOOT/BOOTX64.EFI.debian" ]; then
		sudo mv $TMPD/mnt/EFI/BOOT/BOOTX64.EFI $TMPD/mnt/EFI/BOOT/BOOTX64.EFI.debian
	fi
	sudo cp $TMPD/1/usr/share/grub/unicode.pf2 $TMPD/mnt/EFI/ubuntu/fonts/
	sudo cp $TMPD/2/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed $TMPD/mnt/EFI/BOOT/grubx64.efi
	sudo cp $TMPD/3/usr/lib/shim/shimx64.efi.signed $TMPD/mnt/EFI/BOOT/BOOTX64.EFI
	sudo cp $TMPD/grub.cfg $TMPD/mnt/EFI/ubuntu/
else
	echo "error: no UEFI found on $1"
fi
sudo umount $TMPD/mnt

if [ -n "$IMG" ]; then
	# cleanup loop device
	sudo losetup -d $DEV
fi

# cleanup temp space
rm -rf $TMPD

echo "done. no errors."
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-09 22:09:17 +0000