diff options
| author | Kyle K <kylek389@gmail.com> | 2021-12-25 07:54:02 -0600 |
|---|---|---|
| committer | Kyle K <kylek389@gmail.com> | 2021-12-25 07:54:02 -0600 |
| commit | 4b08419de4d6a16fb74cafd381b496375076fa3c (patch) | |
| tree | edc61bd150f0c78de125bee14746f0959c844904 /install.sh | |
| parent | 96dabba866508a3c87dd45b0857ddafc4a2b4c30 (diff) | |
| download | gentoox-4b08419de4d6a16fb74cafd381b496375076fa3c.tar.gz gentoox-4b08419de4d6a16fb74cafd381b496375076fa3c.tar.bz2 gentoox-4b08419de4d6a16fb74cafd381b496375076fa3c.zip | |
add support for signing kernel and shimx64.efi
Diffstat (limited to 'install.sh')
| -rwxr-xr-x | install.sh | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -216,7 +216,19 @@ fi yes $userpassword | passwd $username if [[ ! -z "$UEFI_MODE" ]]; then - grub-install --target=x86_64-efi + if [[ \$(mokutil --sb-state) == "SecureBoot enabled" ]]; then + esp=\$(lsblk -no pkname \$(findmnt --noheadings -o source /boot/efi)) + esp_with_partum=\$(basename \$(findmnt --noheadings -o source /boot/efi)) + esp_partnum=\$(echo \${esp_with_partum#\$esp} | tr -d 'p') + grub-install --target=x86_64-efi --efi-directory=/boot/efi --modules="tpm" --no-nvram + sbsign --key /usr/src/uefi/MOK.priv --cert /usr/src/uefi/MOK.pem /boot/efi/EFI/gentoo/grubx64.efi --output grubx64.efi.signed + mv grubx64.efi.signed /boot/efi/EFI/gentoo/grubx64.efi + cp /usr/share/shim/* /boot/efi/EFI/gentoo/ + mv /boot/efi/EFI/gentoo/BOOTX64.EFI /boot/efi/EFI/gentoo/shimx64.efi + efibootmgr -c -d \$esp -p \$esp_partnum -L "GentooX" -l "\EFI\gentoo\shimx64.efi" + else + grub-install --target=x86_64-efi + fi else grub-install --target=i386-pc $drive fi |