summaryrefslogtreecommitdiff
path: root/sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch
diff options
context:
space:
mode:
authorV3n3RiX <venerix@rogentos.ro>2015-11-29 11:46:41 +0000
committerV3n3RiX <venerix@rogentos.ro>2015-11-29 11:46:41 +0000
commit52953ad1ef6850a93ec433cfcd38810433e11a8a (patch)
tree5c96a8a77dc18378ffd651798ad4604194d560ad /sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch
parentf99e4460b0bd3b9372f57482547e287f12ba6418 (diff)
drop our grub, use gentoo one
Diffstat (limited to 'sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch')
-rw-r--r--sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch64
1 files changed, 0 insertions, 64 deletions
diff --git a/sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch b/sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch
deleted file mode 100644
index 9648efa7..00000000
--- a/sys-boot/grub/files/grub-2.00-secureboot-user-sign-2.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-diff -Nurp grub-2.00.orig/util/grub-install.in grub-2.00/util/grub-install.in
---- grub-2.00.orig/util/grub-install.in 2012-06-26 23:31:03.000000000 +0200
-+++ grub-2.00/util/grub-install.in 2012-12-28 10:11:09.515872080 +0100
-@@ -821,12 +821,60 @@ elif [ x"${grub_modinfo_target_cpu}-${gr
- gettext "You will have to set \`SystemPartition' and \`OSLoader' manually." 1>&2
- echo 1>&2
- elif [ x"$grub_modinfo_platform" = xefi ]; then
-+
-+ # sign the efi file with the User SecureBoot key
-+ _sign_grub_efi() {
-+ local _image="${1}"
-+ local _image_dir="$(dirname "${_image}")"
-+ local _image_name="$(basename "${_image}")"
-+
-+ case "$host_os" in
-+ linux*)
-+ modprobe -q efivars 2>/dev/null || true ;;
-+ esac
-+
-+ local _private="/boot/SecureBoot/user-private.key"
-+ local _public="/boot/SecureBoot/user-public.crt"
-+ local _shim_dir="/usr/share/shim-signed-*"
-+ if test -f "${_private}" && test -f "${_public}"; then
-+ echo "SecureBoot signing ${_image}"
-+ sbsign --key "${_private}" --cert "${_public}" \
-+ --output "${_image}.signed" \
-+ "${_image}" && \
-+ mv "${_image}.signed" "${_image}" && \
-+ cp ${_shim_dir}/*.efi "${_image_dir}/"
-+
-+ # if the image is called bootx64.efi, we need to rename it into
-+ # grubx64.efi and place shim.efi there.
-+ if test "${_image_name}" = "bootx64.efi" || test "${_image_name}" = "BOOTX64.EFI"; then
-+ mv "${_image}" "${_image_dir}/grubx64.efi"
-+ mv "${_image_dir}/shim.efi" "${_image_dir}/${_image_name}"
-+ else
-+ # otherwise, if it's named grubx64.efi, we just need to move
-+ # shim.efi to bootx64.efi
-+ mv "${_image_dir}/shim.efi" "${_image_dir}/bootx64.efi"
-+ if test "${_image_name}" != "grubx64.efi" && test "${_image_name}" != "GRUBX64.EFI"; then
-+ mv "${_image_dir}/${_image_name}" "${_image_dir}/grubx64.efi"
-+ fi
-+ # and then change efi_file
-+ efi_file="bootx64.efi"
-+ fi
-+ else
-+ echo "Cannot sign ${_image} for SecureBoot" 1>&2
-+ echo "Kogaion keypair at $(basename ${_private}) not found" 1>&2
-+ fi
-+ }
-+
- cp "${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}" "${efidir}/${efi_file}"
-+ _efi_grub_file="${efidir}/${efi_file}"
- # For old macs. Suggested by Peter Jones.
- if [ x$grub_modinfo_target_cpu = xi386 ]; then
- cp "${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}" "${efidir}/boot.efi"
-+ _efi_grub_file="${efidir}/boot.efi"
- fi
-
-+ _sign_grub_efi "${_efi_grub_file}"
-+
- # Try to make this image bootable using the EFI Boot Manager, if available.
- efibootmgr="`which efibootmgr`"
- if test "$removable" = no && test -n "$efi_distributor" && \