From 64bf8c58e529521507b9b6d8459ddf172148e332 Mon Sep 17 00:00:00 2001
From: Alexandre CATTEAU <alexandre.catteau@gmail.com>
Date: Sat, 3 Aug 2024 16:39:01 +0200
Subject: [PATCH] Add parameter to allow disable UKI signing

---
 build-uki.sh            | 4 +++-
 variables.conf.template | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/build-uki.sh b/build-uki.sh
index 7ee2398..18131b6 100755
--- a/build-uki.sh
+++ b/build-uki.sh
@@ -19,7 +19,9 @@ $sudo objcopy \
   /usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki
 
 # Sign UKI
-$sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki
+if [[ -v secureboot_enabled ]] && [[ $secureboot_enabled = "yes" ]]; then
+  $sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki
+fi
 
 # if needed, copy UKI to EFI default boot path
 if [[ -v set_efi_default_image ]] && [[ $set_efi_default_image = "yes" ]]; then
diff --git a/variables.conf.template b/variables.conf.template
index 1d828ec..5fb8d12 100644
--- a/variables.conf.template
+++ b/variables.conf.template
@@ -4,4 +4,5 @@
 
 path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11-12
 path_to_uki=/efi/EFI/debian/debian-linux.efi
+secureboot_enabled="yes" # change to "no" if you did not setup Secure Boot
 set_efi_default_image="no" # change to "yes" if you need to boot from EFI\BOOT\BOOTX64.EFI