From 4b8a64b70c036d81b74ae5950f94660177fab912 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 14 Apr 2015 17:24:30 -0700
Subject: [PATCH] Build shim into the image

grub requires that shim be available in order to call out to verify the
kernel. Sign it and stick it in the image alongside grub.
---
 build_library/grub_install.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh
index b3448508d1..0eb4fc1f59 100755
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@@ -147,7 +147,11 @@ case "${FLAGS_target}" in
 		--cert /usr/share/sb_keys/DB.crt \
                     "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}"
             sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}.signed" \
-                "${ESP_DIR}/EFI/boot/bootx64.efi"
+                "${ESP_DIR}/EFI/boot/grub.efi"
+            sudo sbsign --key /usr/share/sb_keys/DB.key \
+                 --cert /usr/share/sb_keys/DB.crt \
+                 --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
+                 "/usr/lib/shim/shim.efi"
         else
             sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
                 "${ESP_DIR}/EFI/boot/bootx64.efi"