Update
This commit is contained in:
Valeria Fadeeva
parent
878cc320dc
commit
4c51ab89f3
55
dracut-ukify
55
dracut-ukify
|
|
@ -130,6 +130,53 @@ if (( update_all )); then
|
|||
done
|
||||
fi
|
||||
|
||||
|
||||
ukify_conf="/etc/kernel/uki.conf"
|
||||
|
||||
if [ ! -f "${ukify_conf}" ]; then
|
||||
cat >"${ukify_conf}" <<EOF
|
||||
[UKI]
|
||||
SecureBootPrivateKey=/etc/kernel/secure-boot.key.pem
|
||||
SecureBootCertificate=/etc/kernel/secure-boot.cert.pem
|
||||
SignKernel=yes
|
||||
PCRBanks=sha384,sha512
|
||||
SBAT="sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
|
||||
uki.author.myimage,1,UKI for System,uki.author.myimage,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html"
|
||||
|
||||
[PCRSignature:initrd]
|
||||
PCRPrivateKey=/etc/kernel/pcr-initrd.key.pem
|
||||
PCRPublicKey=/etc/kernel/pcr-initrd.pub.pem
|
||||
Phases=enter-initrd
|
||||
|
||||
[PCRSignature:system]
|
||||
PCRPrivateKey=/etc/kernel/pcr-system.key.pem
|
||||
PCRPublicKey=/etc/kernel/pcr-system.pub.pem
|
||||
Phases=enter-initrd:leave-initrd
|
||||
enter-initrd:leave-initrd:sysinit
|
||||
enter-initrd:leave-initrd:sysinit:ready
|
||||
EOF
|
||||
fi
|
||||
|
||||
declare -a keys=("/etc/kernel/secure-boot.key.pem" "/etc/kernel/secure-boot.cert.pem" "/etc/kernel/pcr-initrd.key.pem" "/etc/kernel/pcr-initrd.pub.pem" "/etc/kernel/pcr-system.key.pem" "/etc/kernel/pcr-system.pub.pem")
|
||||
keys_count=0
|
||||
for i in ${keys[@]}
|
||||
do
|
||||
if [ -f "${i}" ]; then
|
||||
keys_count=$(expr $keys_count + 1)
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $keys_count < 6 ]]; then
|
||||
for i in ${keys[@]}
|
||||
do
|
||||
if [ -f "${i}" ]; then
|
||||
rm "${i}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
/usr/lib/systemd/ukify genkey --config "${ukify_conf}"
|
||||
|
||||
function gen_image() {
|
||||
check_root
|
||||
kernel_name="$1"
|
||||
|
|
@ -169,10 +216,10 @@ function gen_image() {
|
|||
ukify_args+=(--output "$efi_image")
|
||||
|
||||
echo "==> Ukify image $kernel_name $efi_image"
|
||||
if [ -f "/etc/kernel/uki.conf" ]; then
|
||||
if [ -f "${ukify_conf}" ]; then
|
||||
# ukify_args+=(--sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
|
||||
# uki.author.myimage,1,UKI for System,uki.author.myimage,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html')
|
||||
/usr/lib/systemd/ukify -c /etc/kernel/uki.conf build "${ukify_args[@]}"
|
||||
/usr/lib/systemd/ukify --config "${ukify_conf}" build "${ukify_args[@]}"
|
||||
else
|
||||
/usr/lib/systemd/ukify build "${ukify_args[@]}"
|
||||
fi
|
||||
|
|
@ -195,10 +242,10 @@ function gen_image() {
|
|||
ukify_args+=(--output "$efi_image_fallback")
|
||||
|
||||
echo "==> Ukify image $kernel_name $efi_image_fallback"
|
||||
if [ -f "/etc/kernel/uki.conf" ]; then
|
||||
if [ -f "${ukify_conf}" ]; then
|
||||
# ukify_args+=(--sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
|
||||
# uki.author.myimage,1,UKI for System,uki.author.myimage,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html')
|
||||
/usr/lib/systemd/ukify -c /etc/kernel/uki.conf build "${ukify_args[@]}"
|
||||
/usr/lib/systemd/ukify --config "${ukify_conf}" build "${ukify_args[@]}"
|
||||
else
|
||||
/usr/lib/systemd/ukify build "${ukify_args[@]}"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue