Add parameter to allow disable UKI signing

This commit is contained in:
Alexandre CATTEAU 2024-08-03 16:39:01 +02:00
parent 027c69c383
commit 64bf8c58e5
2 changed files with 4 additions and 1 deletions

View File

@ -19,7 +19,9 @@ $sudo objcopy \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki /usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki
# Sign UKI # Sign UKI
if [[ -v secureboot_enabled ]] && [[ $secureboot_enabled = "yes" ]]; then
$sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki $sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki
fi
# if needed, copy UKI to EFI default boot path # if needed, copy UKI to EFI default boot path
if [[ -v set_efi_default_image ]] && [[ $set_efi_default_image = "yes" ]]; then if [[ -v set_efi_default_image ]] && [[ $set_efi_default_image = "yes" ]]; then

View File

@ -4,4 +4,5 @@
path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11-12 path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11-12
path_to_uki=/efi/EFI/debian/debian-linux.efi path_to_uki=/efi/EFI/debian/debian-linux.efi
secureboot_enabled="yes" # change to "no" if you did not setup Secure Boot
set_efi_default_image="no" # change to "yes" if you need to boot from EFI\BOOT\BOOTX64.EFI set_efi_default_image="no" # change to "yes" if you need to boot from EFI\BOOT\BOOTX64.EFI