Build shim into the image

grub requires that shim be available in order to call out to verify the kernel. Sign it and stick it in the image alongside grub.
2026-05-04 19:56:32 +02:00 · 2015-04-14 17:24:30 -07:00 · 2015-04-14 17:24:30 -07:00 · 4b8a64b70c
commit 4b8a64b70c
parent 707803ed43
1 changed files with 5 additions and 1 deletions
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@ -147,7 +147,11 @@ case "${FLAGS_target}" in
 		--cert /usr/share/sb_keys/DB.crt \
                    "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}"
            sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}.signed" \
-                "${ESP_DIR}/EFI/boot/bootx64.efi"
+                "${ESP_DIR}/EFI/boot/grub.efi"
+            sudo sbsign --key /usr/share/sb_keys/DB.key \
+                 --cert /usr/share/sb_keys/DB.crt \
+                 --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
+                 "/usr/lib/shim/shim.efi"
        else
            sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
                "${ESP_DIR}/EFI/boot/bootx64.efi"