Support secure boot.

mvallim · Sep 2, 2024 · 9bfda7f · 9bfda7f
1 parent d809995
commit 9bfda7f
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -591,30 +591,22 @@ After everything has been installed and preconfigured in the **chrooted** enviro
    cd $HOME/live-ubuntu-from-scratch/image
    ```
 
-2. Create a grub UEFI image
-
-   ```shell
-   grub-mkstandalone \
-      --format=x86_64-efi \
-      --output=isolinux/bootx64.efi \
-      --locales="" \
-      --fonts="" \
-      "boot/grub/grub.cfg=isolinux/grub.cfg"
-   ```
-
-3. Create a FAT16 UEFI boot disk image containing the EFI bootloader
+2. Create a FAT16 UEFI boot disk image containing the EFI bootloader
 
    ```shell
    (
       cd isolinux && \
       dd if=/dev/zero of=efiboot.img bs=1M count=10 && \
       sudo mkfs.vfat efiboot.img && \
-      LC_CTYPE=C mmd -i efiboot.img efi efi/boot && \
-      LC_CTYPE=C mcopy -i efiboot.img ./bootx64.efi ::efi/boot/
+      mkdir efi && \
+      sudo mount efiboot.img efi && \
+      sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram && \
+      sudo umount efi && \
+      rm -rf efi
    )
    ```
 
-4. Create a grub BIOS image
+3. Create a grub BIOS image
 
    ```shell
    grub-mkstandalone \
@@ -627,19 +619,19 @@ After everything has been installed and preconfigured in the **chrooted** enviro
       "boot/grub/grub.cfg=isolinux/grub.cfg"
    ```
 
-5. Combine a bootable Grub cdboot.img
+4. Combine a bootable Grub cdboot.img
 
    ```shell
    cat /usr/lib/grub/i386-pc/cdboot.img isolinux/core.img > isolinux/bios.img
    ```
 
-6. Generate md5sum.txt
+5. Generate md5sum.txt
 
    ```shell
    sudo /bin/bash -c "(find . -type f -print0 | xargs -0 md5sum | grep -v -e 'md5sum.txt' -e 'bios.img' -e 'efiboot.img' > md5sum.txt)"
    ```
 
-7. Create iso from the image directory using the command-line
+6. Create iso from the image directory using the command-line
 
    ```shell
    sudo xorriso \
@@ -663,6 +655,7 @@ After everything has been installed and preconfigured in the **chrooted** enviro
       -m "isolinux/bios.img" \
       -graft-points \
          "/EFI/efiboot.img=isolinux/efiboot.img" \
+         "/boot/grub/grub.cfg=isolinux/grub.cfg" \
          "/boot/grub/bios.img=isolinux/bios.img" \
          "."
    ```

diff --git a/scripts/build.sh b/scripts/build.sh
@@ -99,7 +99,7 @@ function check_config() {
 function setup_host() {
     echo "=====> running setup_host ..."
     sudo apt update
-    sudo apt install -y binutils debootstrap squashfs-tools xorriso grub-pc-bin grub-efi-amd64-bin mtools dosfstools unzip
+    sudo apt install -y binutils debootstrap squashfs-tools xorriso grub-pc-bin grub-efi-amd64-bin mtools dosfstools unzip grub2-common
     sudo mkdir -p chroot
 }
 
@@ -223,19 +223,15 @@ EOF
 
     # create iso image
     pushd $SCRIPT_DIR/image
-    grub-mkstandalone \
-        --format=x86_64-efi \
-        --output=isolinux/bootx64.efi \
-        --locales="" \
-        --fonts="" \
-        "boot/grub/grub.cfg=isolinux/grub.cfg"
-
     (
         cd isolinux && \
         dd if=/dev/zero of=efiboot.img bs=1M count=10 && \
         sudo mkfs.vfat efiboot.img && \
-        LC_CTYPE=C mmd -i efiboot.img efi efi/boot && \
-        LC_CTYPE=C mcopy -i efiboot.img ./bootx64.efi ::efi/boot/
+        mkdir efi && \
+        sudo mount efiboot.img efi && \
+        sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram && \
+        sudo umount efi && \
+        rm -rf efi
     )
 
     grub-mkstandalone \
@@ -272,6 +268,7 @@ EOF
         -m "isolinux/bios.img" \
         -graft-points \
            "/EFI/efiboot.img=isolinux/efiboot.img" \
+           "/boot/grub/grub.cfg=isolinux/grub.cfg" \
            "/boot/grub/bios.img=isolinux/bios.img" \
            "."