diff options
| author |   Eric Hameleers <alien@slackware.com> | 2021-11-08 09:18:14 +0100 |
|---|---|---|
| committer | Eric Hameleers <alien@slackware.com> | 2021-11-08 09:18:14 +0100 |
| commit | f5a3e197512428a14925376345215fcc79f73c8b (patch) | |
| tree | 6318419b1d61e33f40757c7d6a68e88eb97ca4e9 /EFI | |
| parent | 5321fa4452c34f5b5d2547682ac9ea890378268c (diff) | |
| download | liveslak-f5a3e197512428a14925376345215fcc79f73c8b.tar.gz liveslak-f5a3e197512428a14925376345215fcc79f73c8b.tar.xz | |
liveslak: add Secure Boot support to all 64bit ISOs
Read the updates in the README for more background and guidance.
User notice:
As a one-time action the very first time you boot a Secure Boot enabled
liveslak ISO, you will have to enroll the liveslak certificate
(/EFI/BOOT/liveslak.der) with which the Slackware boot-up binaries
(grub and kernel) were signed into your computer's MOK (Machine Owner Key
database).
This enrollment request will show on-screen during initial boot,
just follow the prompts to 'enroll from disk'. Afterwards the computer
will reboot and from then on, your liveslak will boot without any
user intervention on your Secure Boot computer.
Note:
liveslak uses Fedora's initial boot loader (the 'shim') which
has been signed by Microsoft. In future we may get our own
signed shim for liveslak and/or Slackware, but don't hold your breath.
Diffstat (limited to 'EFI')
| -rw-r--r-- | EFI/BOOT/make-grub.sh | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/EFI/BOOT/make-grub.sh b/EFI/BOOT/make-grub.sh index 6575ea7..a4f1f50 100644 --- a/EFI/BOOT/make-grub.sh +++ b/EFI/BOOT/make-grub.sh @@ -44,12 +44,13 @@ echo "Building ${EFIDIR}/boot${EFISUFF}.efi and /boot/syslinux/efiboot.img." # works with mutiple grub releases (grub-2.02 added the 'disk' module): GMODDIR="$(dirname $(LANG=C grub-mkimage -O ${EFIFORM}-efi -p ${EFIDIR} alienbob 2>&1 | cut -d\` -f2 |cut -d\' -f1) )" GMODLIST="" -for GMOD in part_gpt part_msdos fat ext2 iso9660 ntfs chain linux boot configfile normal regexp extcmd minicmd reboot halt search search_fs_file search_fs_uuid search_label gfxterm gfxmenu gfxterm_background efi_gop efi_uga all_video loadbios gzio echo true probe loadenv bitmap_scale font cat help ls png jpeg tga test at_keyboard usb_keyboard disk memdisk nativedisk file loopback tar tftp net efinet efifwsetup ; do +# 'shim_lock' is built into grub, not a module anymore: +for GMOD in part_gpt part_msdos fat ext2 f2fs iso9660 ntfs chain linux boot configfile normal regexp extcmd minicmd reboot halt search search_fs_file search_fs_uuid search_label gfxterm gfxmenu gfxterm_menu gfxterm_background efi_gop efi_uga all_video loadbios gzio echo true probe loadenv bitmap_scale font cat help ls png jpeg tga test at_keyboard usb_keyboard disk memdisk nativedisk file loopback tar tftp net efinet efifwsetup zstd ; do [ -f ${GMODDIR}/${GMOD}.mod ] && GMODLIST="${GMODLIST} ${GMOD}" || echo ">> ${GMOD} not found" done # Build bootx64.efi/bootia32.efi, which will be installed here in ${EFIDIR}. -grub-mkimage --format=${EFIFORM}-efi --output=boot${EFISUFF}.efi --config=grub-embedded.cfg --compression=xz --prefix=${EFIDIR} ${GMODLIST} +grub-mkimage --format=${EFIFORM}-efi --output=boot${EFISUFF}.efi --config=grub-embedded.cfg --sbat=grub_sbat.csv --compression=xz --prefix=${EFIDIR} ${GMODLIST} # Then, create a FAT formatted image that contains bootx64.efi in the # ${EFIDIR} directory. This is used to bootstrap GRUB from the ISO image. |