twoliter icon indicating copy to clipboard operation
twoliter copied to clipboard
verified publisher icon bottlerocket-os

move secure boot setup to imghelper

Open jpculp opened this issue 1 year ago • 2 comments

Description of changes:

Moves code-blocks related to secure boot to imghelper, with some minor adjustments for portability.

Testing done:

  • Built and smoke tested aws-k8s-1.28

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

jpculp avatar May 16 '24 00:05 jpculp

  • Removed assumption that the caller will change directory to ${EFI_MOUNT}/EFI/BOOT before calling UEFI helpers.
  • Removed circular references.

jpculp avatar May 17 '24 19:05 jpculp

  • Split uefi_pesign into several more targeted functions.
  • Renamed some things for consistency and clarity.

jpculp avatar May 20 '24 23:05 jpculp

Rebased.

jpculp avatar May 21 '24 18:05 jpculp

  • Moved SHIM_SIGN_KEY and CODE_SIGN_KEY declaration to imghelper.
  • Wrapped profile setup under a single sbsetup_signing_profile function.
  • Moved setup a few lines down to share the UEFI_SECURE_BOOT conditional.

jpculp avatar May 21 '24 19:05 jpculp