adminconf/debian-uki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for Xen

Browse Source
This commit is contained in:
Alexandre CATTEAU 2024-12-31 12:05:54 +01:00
parent f8e40e26a9
commit a0da1102e7
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
build-uki.sh
View File

@ -15,6 +15,11 @@ if [ -x /usr/bin/ukify ]; then
echo "Building UKI using systemd-ukify..." echo "Building UKI using systemd-ukify..."
$sudo ukify build --linux $path_to_vmlinuz_link/vmlinuz --initrd $path_to_vmlinuz_link/initrd.img \ $sudo ukify build --linux $path_to_vmlinuz_link/vmlinuz --initrd $path_to_vmlinuz_link/initrd.img \
--cmdline @/etc/kernel/cmdline --output $path_to_uki --cmdline @/etc/kernel/cmdline --output $path_to_uki
if [[ -v xen_hypervisor ]] && [[ $xen_hypervisor = "yes" ]]; then
echo "Building UKI for Xen..."
$sudo ukify build --linux $path_to_vmlinuz_link/vmlinuz --initrd $path_to_vmlinuz_link/initrd.img \
--cmdline @/etc/kernel/cmdline_xen --output $path_to_xen_uki
fi
else else
echo "Building UKI using objcopy..." echo "Building UKI using objcopy..."
$sudo objcopy \ $sudo objcopy \
@ -23,11 +28,23 @@ else
--add-section .linux="$path_to_vmlinuz_link/vmlinuz" --change-section-vma .linux=0x40000 \ --add-section .linux="$path_to_vmlinuz_link/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="$path_to_vmlinuz_link/initrd.img" --change-section-vma .initrd=0x3000000 \ --add-section .initrd="$path_to_vmlinuz_link/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki /usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki
if [[ -v xen_hypervisor ]] && [[ $xen_hypervisor = "yes" ]]; then
echo "Building UKI for Xen..."
$sudo objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline="/etc/kernel/cmdline_xen" --change-section-vma .cmdline=0x30000 \
--add-section .linux="$path_to_vmlinuz_link/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="$path_to_vmlinuz_link/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_xen_uki
fi
fi fi
# Sign UKI # Sign UKI
if [[ -v secureboot_enabled ]] && [[ $secureboot_enabled = "yes" ]]; then if [[ -v secureboot_enabled ]] && [[ $secureboot_enabled = "yes" ]]; then
$sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki $sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki
if [[ -v xen_hypervisor ]] && [[ $xen_hypervisor = "yes" ]]; then
$sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_xen_uki $path_to_xen_uki
fi
fi fi
# if needed, copy UKI to EFI default boot path # if needed, copy UKI to EFI default boot path

2
variables.conf.template
View File

@ -6,3 +6,5 @@ path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11-12
path_to_uki=/efi/EFI/debian/debian-linux.efi path_to_uki=/efi/EFI/debian/debian-linux.efi
secureboot_enabled="yes" # change to "no" if you did not setup Secure Boot secureboot_enabled="yes" # change to "no" if you did not setup Secure Boot
set_efi_default_image="no" # change to "yes" if you need to boot from EFI\BOOT\BOOTX64.EFI set_efi_default_image="no" # change to "yes" if you need to boot from EFI\BOOT\BOOTX64.EFI
xen_hypervisor="no" # change to "yes" if you run Xen on this system
path_to_xen_uki=/efi/EFI/debian/debian-linux-xen.efi