Skip to content

Commit

Permalink
chipsec: add grub boot entries for Shell and Keytool
Browse files Browse the repository at this point in the history
  • Loading branch information
yaperez-anssi committed Aug 27, 2020
1 parent b3efc52 commit 456b9a7
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions tools/create-chipsec.sh
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ sign_shim_boot () {
}

sign_kernel () {
set -x
local KERNEL="${mount_point}/boot/vmlinuz*"

sbsign --key "$keypath"/DB.key --cert "$keypath"/DB.crt --output ${KERNEL} ${KERNEL}
Expand All @@ -68,6 +69,8 @@ sign_kernel () {
"${mount_point}"/usr/lib/linux-kbuild-4.19/scripts/sign-file \
sha256 "$keypath"/DB.key "$keypath"/DB.crt \
"${mount_point}"/usr/local/lib/python*/dist-packages/chipsec-*/chipsec/helper/linux/chipsec.ko

set +x
}


Expand Down Expand Up @@ -205,6 +208,8 @@ install_shell () {

mkdir -p ${EFI%/*}
sbsign --key "$keypath"/DB.key --cert "$keypath"/DB.crt --output "${EFI}" "$SRCDIR/bin/Shell.efi"

# Configure EFI boot entry
echo "Shell.efi,shell,,Start the UEFI shell" |iconv -t UCS-2 > ${CFG}
}

Expand All @@ -217,6 +222,8 @@ install_keytool () {
sbsign --key "$keypath"/DB.key --cert "$keypath"/DB.crt --output "${KEFI}" /usr/lib/efitools/x86_64-linux-gnu/KeyTool.efi

cp /usr/lib/efitools/x86_64-linux-gnu/HashTool.efi "${HEFI}"

# Configure EFI boot entry
echo "KeyTool.efi,keytool,,Start Secureboot keys management tool" |iconv -t UCS-2 > ${CFG}
}

Expand Down Expand Up @@ -325,6 +332,10 @@ main () {

echo -e "\n\nChipsec key built on $(date -R)" >> "${mount_point}"/etc/motd

# Configure Grub boot entries
echo "menuentry 'EFI Shell' { chainloader /EFI/Boot/Shell.efi }" >> ${mount_point}/boot/grub/custom.cfg
echo "menuentry 'Keytool' { chainloader /EFI/keytool/KeyTool.efi }" >> ${mount_point}/boot/grub/custom.cfg

umount_debian

rmdir ${mount_point}
Expand Down

0 comments on commit 456b9a7

Please sign in to comment.