mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-01-12 01:00:15 +00:00
Code Issues Projects Releases Wiki Activity

properly handle the GRUB_VERIFY file

Browse Source
This commit is contained in:
jbouchard
2021-04-30 11:27:34 -04:00
committed by Jia Zhang
parent e05617c768
commit 961d7f3e43
1 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
View File

@@ -170,12 +170,14 @@ python do_sign() {
addtask sign after do_install before do_deploy do_package
fakeroot do_chownboot() {
chown root:root -R "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}"
[ x"${UEFI_SB}" = x"1" ] && {
chown root:root -R "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/password.inc${SB_FILE_EXT}"
}
if [ "${GRUB_SIGN_VERIFY}" = "1"]; then
chown root:root -R "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}"
[ x"${UEFI_SB}" = x"1" ] && {
chown root:root -R "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc${SB_FILE_EXT}"
chown root:root -R "${D}${EFI_BOOT_PATH}/password.inc${SB_FILE_EXT}"
}
fi
}
addtask chownboot after do_deploy before do_package
@@ -188,14 +190,21 @@ do_deploy_append_class-target() {
install -m 0600 "${D}${EFI_BOOT_PATH}/grubenv" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/grub.cfg" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/boot-menu.inc" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
if [ "${GRUB_SIGN_VERIFY}" = "1" ]; then
install -m 0600 "${D}${EFI_BOOT_PATH}/grub.cfg${SB_FILE_EXT}" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/boot-menu.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
fi
[ x"${UEFI_SB}" = x"1" ] && {
install -m 0600 "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/password.inc" "${DEPLOYDIR}"
}
if [ "${UEFI_SB}" = "1" ] && [ "${GRUB_SIGN_VERIFY}" = "1" ]; then
install -m 0600 "${D}${EFI_BOOT_PATH}/efi-secure-boot.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
install -m 0600 "${D}${EFI_BOOT_PATH}/password.inc${SB_FILE_EXT}" "${DEPLOYDIR}"
}
fi
install -d "${DEPLOYDIR}/efi-unsigned"
install -m 0644 "${B}/${GRUB_IMAGE}" "${DEPLOYDIR}/efi-unsigned"