From 4b08419de4d6a16fb74cafd381b496375076fa3c Mon Sep 17 00:00:00 2001
From: Kyle K <kylek389@gmail.com>
Date: Sat, 25 Dec 2021 07:54:02 -0600
Subject: add support for signing kernel and shimx64.efi

---
 install.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'install.sh')

diff --git a/install.sh b/install.sh
index 1f977f7..311d195 100755
--- a/install.sh
+++ b/install.sh
@@ -216,7 +216,19 @@ fi
 yes $userpassword | passwd $username
 
 if [[ ! -z "$UEFI_MODE" ]]; then
-  grub-install --target=x86_64-efi
+  if [[ \$(mokutil --sb-state) == "SecureBoot enabled" ]]; then
+    esp=\$(lsblk -no pkname \$(findmnt --noheadings -o source /boot/efi))
+    esp_with_partum=\$(basename \$(findmnt --noheadings -o source /boot/efi))
+    esp_partnum=\$(echo \${esp_with_partum#\$esp} | tr -d 'p')
+    grub-install --target=x86_64-efi --efi-directory=/boot/efi --modules="tpm" --no-nvram
+    sbsign --key /usr/src/uefi/MOK.priv --cert /usr/src/uefi/MOK.pem /boot/efi/EFI/gentoo/grubx64.efi --output grubx64.efi.signed
+    mv grubx64.efi.signed /boot/efi/EFI/gentoo/grubx64.efi
+    cp /usr/share/shim/* /boot/efi/EFI/gentoo/
+    mv /boot/efi/EFI/gentoo/BOOTX64.EFI /boot/efi/EFI/gentoo/shimx64.efi
+    efibootmgr -c -d \$esp -p \$esp_partnum -L "GentooX" -l "\EFI\gentoo\shimx64.efi"
+  else
+    grub-install --target=x86_64-efi
+  fi
 else
   grub-install --target=i386-pc $drive
 fi
-- 
cgit v1.2.3