From ca3d374a6421b38c78c08dabc59641f5faa2e250 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Fri, 15 Nov 2013 13:52:44 -0800
Subject: [PATCH] Add SB lockdown to EFI grub menu (#1030495)

Resolves: rhbz#1030495
---
 share/config_files/x86/grub2-efi.cfg      | 3 +++
 share/efi.tmpl                            | 1 +
 share/live/config_files/x86/grub2-efi.cfg | 3 +++
 share/live/efi.tmpl                       | 2 ++
 4 files changed, 9 insertions(+)

diff --git a/share/config_files/x86/grub2-efi.cfg b/share/config_files/x86/grub2-efi.cfg
index 3301bc1b..74888fc1 100644
--- a/share/config_files/x86/grub2-efi.cfg
+++ b/share/config_files/x86/grub2-efi.cfg
@@ -37,4 +37,7 @@ submenu 'Troubleshooting -->' {
 		linuxefi @KERNELPATH@ @ROOT@ rescue quiet
 		initrdefi @INITRDPATH@
 	}
+	menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
+		chainloader /EFI/BOOT/lockdown.efi
+	}
 }
diff --git a/share/efi.tmpl b/share/efi.tmpl
index dee095f2..4e29ec9a 100644
--- a/share/efi.tmpl
+++ b/share/efi.tmpl
@@ -9,6 +9,7 @@ mkdir ${EFIBOOTDIR}
 mkdir ${EFIBOOTDIR}/fonts/
 install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
 install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
+install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
 install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
 install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
 
diff --git a/share/live/config_files/x86/grub2-efi.cfg b/share/live/config_files/x86/grub2-efi.cfg
index f99f459c..aa003bd6 100644
--- a/share/live/config_files/x86/grub2-efi.cfg
+++ b/share/live/config_files/x86/grub2-efi.cfg
@@ -37,4 +37,7 @@ submenu 'Troubleshooting -->' {
 		linuxefi @KERNELPATH@ @ROOT@ rd.live.image rescue quiet
 		initrdefi @INITRDPATH@
 	}
+	menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
+		chainloader /EFI/BOOT/lockdown.efi
+	}
 }
diff --git a/share/live/efi.tmpl b/share/live/efi.tmpl
index cc1c2ec1..bd4e02ff 100644
--- a/share/live/efi.tmpl
+++ b/share/live/efi.tmpl
@@ -8,6 +8,8 @@ APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
 mkdir ${EFIBOOTDIR}
 mkdir ${EFIBOOTDIR}/fonts/
 install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
+install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
+install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
 install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
 install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/