diff options
Diffstat (limited to 'uefi/setup.sh')
| -rwxr-xr-x | uefi/setup.sh | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/uefi/setup.sh b/uefi/setup.sh new file mode 100755 index 0000000..910210e --- /dev/null +++ b/uefi/setup.sh @@ -0,0 +1,24 @@ +#!/bin/sh +kver=$(uname -r) +esp=$(lsblk -no pkname $(findmnt --noheadings -o source /boot/efi)) + +cp /usr/share/shim/* /boot/efi/EFI/gentoo/ +mv /boot/efi/EFI/gentoo/BOOTX64.EFI /boot/efi/EFI/gentoo/shimx64.efi +ln -sf /usr/src/linux/scripts/sign-file /usr/src/uefi/ +openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=GENTOOX/" +openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem +mokutil --import MOK.der + +grub-install --target=x86_64-efi --efi-directory=/boot/efi --modules="tpm" --no-nvram +sbsign --key MOK.priv --cert MOK.pem /boot/efi/EFI/gentoo/grubx64.efi --output grubx64.efi.signed +sbsign --key MOK.priv --cert MOK.pem /boot/vmlinuz-${kver} --output vmlinuz-${kver}.signed +mv grubx64.efi.signed /boot/efi/EFI/gentoo/grubx64.efi +mv vmlinuz-${kver}.signed /boot/vmlinuz-${kver} +cp -r /lib/modules/$kver/kernel/ kernel +./mod-sign.sh MOK.priv MOK.der ./kernel/ +cp -r ./kernel/ /lib/modules/$kver/ +rm -rf kernel + +genkernel --kernel-config=/usr/src/linux/.config --compress-initramfs-type=zstd --microcode --luks --lvm --mdadm --btrfs --zfs initramfs +efibootmgr -B -b $(efibootmgr | grep gentoo | cut -c 5-8) +efibootmgr -c -d $esp -p 1 -L "GentooX" -l "\EFI\gentoo\shimx64.efi" |