mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-22 06:01:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #396 from mjg59/master

Browse Source 
Add support for Secure Boot images and sign unofficial builds with test ...
This commit is contained in:
mjg59 2015-04-15 14:50:54 -07:00
commit a3d8d43cb2
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
build_library/grub_install.sh
View File

@ -141,8 +141,17 @@ case "${FLAGS_target}" in
x86_64-efi)
info "Installing default x86_64 UEFI bootloader."
sudo mkdir -p "${ESP_DIR}/EFI/boot"
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${ESP_DIR}/EFI/boot/bootx64.efi"
# Use the test keys for signing unofficial builds
if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
sudo sbsign --key /usr/share/sb_keys/DB.key \
--cert /usr/share/sb_keys/DB.crt \
"${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}"
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}.signed" \
"${ESP_DIR}/EFI/boot/bootx64.efi"
else
sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
"${ESP_DIR}/EFI/boot/bootx64.efi"
fi
;;
x86_64-xen)
info "Installing default x86_64 Xen bootloader."

17
build_library/vm_image_util.sh
View File

@ -12,6 +12,7 @@ VALID_IMG_TYPES=(
openstack
qemu
qemu_uefi
qemu_uefi_secure
qemu_xen
rackspace
rackspace_onmetal
@ -115,6 +116,10 @@ IMG_qemu_uefi_DISK_FORMAT=qcow2
IMG_qemu_uefi_DISK_LAYOUT=vm
IMG_qemu_uefi_CONF_FORMAT=qemu_uefi
IMG_qemu_uefi_secure_DISK_FORMAT=qcow2
IMG_qemu_uefi_secure_DISK_LAYOUT=vm
IMG_qemu_uefi_secure_CONF_FORMAT=qemu_uefi_secure
IMG_qemu_xen_DISK_FORMAT=qcow2
IMG_qemu_xen_DISK_LAYOUT=vm
IMG_qemu_xen_CONF_FORMAT=qemu_xen
@ -590,6 +595,18 @@ _write_qemu_uefi_conf() {
VM_GENERATED_FILES+=( "$(_dst_dir)/${ovmf_ro}" "$(_dst_dir)/${ovmf_rw}" )
}
_write_qemu_uefi_secure_conf() {
local ovmf_rw="$(_dst_name "_ovmf_vars.fd")"
_write_qemu_uefi_conf
cert-to-efi-sig-list "/usr/share/sb_keys/PK.crt" "${VM_TMP_DIR}/PK.esl"
cert-to-efi-sig-list "/usr/share/sb_keys/KEK.crt" "${VM_TMP_DIR}/KEK.esl"
cert-to-efi-sig-list "/usr/share/sb_keys/DB.crt" "${VM_TMP_DIR}/DB.esl"
flash-var "$(_dst_dir)/${ovmf_rw}" "PK" "${VM_TMP_DIR}/PK.esl"
flash-var "$(_dst_dir)/${ovmf_rw}" "KEK" "${VM_TMP_DIR}/KEK.esl"
flash-var "$(_dst_dir)/${ovmf_rw}" "db" "${VM_TMP_DIR}/DB.esl"
}
_write_qemu_xen_conf() {
local script="$(_dst_dir)/$(_dst_name ".sh")"
local dst_name=$(basename "$VM_DST_IMG")