Skip to content
This repository has been archived by the owner on Feb 7, 2023. It is now read-only.

Commit

Permalink
properly handle the GRUB_VERIFY file
Browse files Browse the repository at this point in the history
  • Loading branch information
@hommeabeil @jiazhang0
hommeabeil authored and jiazhang0 committed May 3, 2021
1 parent e05617c commit 961d7f3
Showing 1 changed file with 18 additions and 9 deletions.
27 changes: 18 additions & 9 deletions meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,12 +170,14 @@ python do_sign() {
addtask sign after do_install before do_deploy do_package

fakeroot do_chownboot() {
chown root:root -R "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}"
[ x"${UEFI_SB}" = x"1" ] && {
chown root:root -R "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/password.inc${SB_FILE_EXT}"
}
if [ "${GRUB_SIGN_VERIFY}" = "1"]; then
chown root:root -R "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}"
[ x"${UEFI_SB}" = x"1" ] && {
chown root:root -R "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/password.inc${SB_FILE_EXT}"
}
fi
}
addtask chownboot after do_deploy before do_package

Expand All @@ -188,14 +190,21 @@ do_deploy_append_class-target() {
install -m 0600 "${D}${EFI_BOOT_PATH}/grubenv" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/grub.cfg" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/boot-menu.inc" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
if [ "${GRUB_SIGN_VERIFY}" = "1" ]; then

install -m 0600 "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
fi
[ x"${UEFI_SB}" = x"1" ] && {
install -m 0600 "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/password.inc" "${DEPLOYDIR}"
}

if [ "${UEFI_SB}" = "1" ] && [ "${GRUB_SIGN_VERIFY}" = "1" ]; then
install -m 0600 "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/password.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
}
fi


install -d "${DEPLOYDIR}/efi-unsigned"
install -m 0644 "${B}/${GRUB_IMAGE}" "${DEPLOYDIR}/efi-unsigned"
Expand Down

0 comments on commit 961d7f3

Please sign in to comment.