Make lorax's installation of lockdown.efi conditional on its existence.
lockdown.efi only exists in the beta, but it'll probably also exist in the 7.1 beta. So don't toss this stuff out completely, but don't use it if shim doesn't provide lockdown.efi either. Resolves: rhbz#1071380 Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
parent
84528efad6
commit
d2de389cba
43
share/config_files/x86/grub2-efi-lockdown.cfg
Normal file
43
share/config_files/x86/grub2-efi-lockdown.cfg
Normal file
@ -0,0 +1,43 @@
|
||||
set default="1"
|
||||
|
||||
function load_video {
|
||||
insmod efi_gop
|
||||
insmod efi_uga
|
||||
insmod video_bochs
|
||||
insmod video_cirrus
|
||||
insmod all_video
|
||||
}
|
||||
|
||||
load_video
|
||||
set gfxpayload=keep
|
||||
insmod gzio
|
||||
insmod part_gpt
|
||||
insmod ext2
|
||||
|
||||
set timeout=60
|
||||
### END /etc/grub.d/00_header ###
|
||||
|
||||
search --no-floppy --set=root -l '@ISOLABEL@'
|
||||
|
||||
### BEGIN /etc/grub.d/10_linux ###
|
||||
menuentry 'Install @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rd.live.check quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
submenu 'Troubleshooting -->' {
|
||||
menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ xdriver=vesa nomodeset quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry 'Rescue a @PRODUCT@ system' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rescue quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
|
||||
chainloader /EFI/BOOT/lockdown.efi
|
||||
}
|
||||
}
|
@ -37,7 +37,4 @@ submenu 'Troubleshooting -->' {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rescue quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
|
||||
chainloader /EFI/BOOT/lockdown.efi
|
||||
}
|
||||
}
|
||||
|
@ -13,10 +13,12 @@ install boot/efi/EFI/*/grubaa64.efi ${EFIBOOTDIR}/grubaa64.efi
|
||||
%else:
|
||||
install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
|
||||
install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
|
||||
install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
|
||||
install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
|
||||
%endif
|
||||
install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
|
||||
%if exists("usr/share/shim/lockdown.efi"):
|
||||
install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
|
||||
%endif
|
||||
|
||||
## actually make the EFI images
|
||||
${make_efiboot("images/efiboot.img")}
|
||||
@ -37,7 +39,11 @@ ${make_efiboot("images/efiboot.img")}
|
||||
copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
|
||||
copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
|
||||
%endif
|
||||
%if exists("usr/share/shim/lockdown.efi"):
|
||||
install ${configdir}/grub2-efi-lockdown.cfg ${eficonf}
|
||||
%else:
|
||||
install ${configdir}/grub2-efi.cfg ${eficonf}
|
||||
%endif
|
||||
replace @PRODUCT@ '${product.name}' ${eficonf}
|
||||
replace @VERSION@ ${product.version} ${eficonf}
|
||||
replace @KERNELNAME@ vmlinuz ${eficonf}
|
||||
|
43
share/live/config_files/x86/grub2-efi-lockdown.cfg
Normal file
43
share/live/config_files/x86/grub2-efi-lockdown.cfg
Normal file
@ -0,0 +1,43 @@
|
||||
set default="1"
|
||||
|
||||
function load_video {
|
||||
insmod efi_gop
|
||||
insmod efi_uga
|
||||
insmod video_bochs
|
||||
insmod video_cirrus
|
||||
insmod all_video
|
||||
}
|
||||
|
||||
load_video
|
||||
set gfxpayload=keep
|
||||
insmod gzio
|
||||
insmod part_gpt
|
||||
insmod ext2
|
||||
|
||||
set timeout=60
|
||||
### END /etc/grub.d/00_header ###
|
||||
|
||||
search --no-floppy --set=root -l '@ISOLABEL@'
|
||||
|
||||
### BEGIN /etc/grub.d/10_linux ###
|
||||
menuentry 'Start @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rd.live.image quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry 'Test this media & start @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rd.live.image rd.live.check quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
submenu 'Troubleshooting -->' {
|
||||
menuentry 'Start @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rd.live.image xdriver=vesa nomodeset quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry 'Rescue a @PRODUCT@ system' --class fedora --class gnu-linux --class gnu --class os {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rd.live.image rescue quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
|
||||
chainloader /EFI/BOOT/lockdown.efi
|
||||
}
|
||||
}
|
@ -37,7 +37,4 @@ submenu 'Troubleshooting -->' {
|
||||
linuxefi @KERNELPATH@ @ROOT@ rd.live.image rescue quiet
|
||||
initrdefi @INITRDPATH@
|
||||
}
|
||||
menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
|
||||
chainloader /EFI/BOOT/lockdown.efi
|
||||
}
|
||||
}
|
||||
|
@ -9,9 +9,11 @@ mkdir ${EFIBOOTDIR}
|
||||
mkdir ${EFIBOOTDIR}/fonts/
|
||||
install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
|
||||
install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
|
||||
install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
|
||||
install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
|
||||
install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
|
||||
%if exists("usr/share/shim/lockdown.efi"):
|
||||
install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
|
||||
%endif
|
||||
|
||||
## actually make the EFI images
|
||||
${make_efiboot("images/efiboot.img")}
|
||||
@ -32,7 +34,11 @@ ${make_efiboot("images/efiboot.img")}
|
||||
copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
|
||||
copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
|
||||
%endif
|
||||
%if exists("usr/share/shim/lockdown.efi"):
|
||||
install ${configdir}/grub2-efi-lockdown.cfg ${eficonf}
|
||||
%else:
|
||||
install ${configdir}/grub2-efi.cfg ${eficonf}
|
||||
%endif
|
||||
replace @PRODUCT@ '${product.name}' ${eficonf}
|
||||
replace @VERSION@ ${product.version} ${eficonf}
|
||||
replace @KERNELNAME@ vmlinuz ${eficonf}
|
||||
|
Loading…
Reference in New Issue
Block a user