Compare commits
3 Commits
546989ac38
...
main
| Author | SHA256 | Date | |
|---|---|---|---|
| 49da0ae4fd | |||
| 93d13824d9 | |||
| 58ba8cc5cf |
20
shim-install
20
shim-install
@@ -84,6 +84,22 @@ case "$OS_ID" in
|
||||
ca_string='SUSE Linux Enterprise Secure Boot CA1';;
|
||||
esac
|
||||
|
||||
# bsc#1230316 Check if the system is encrypted SL-Micro
|
||||
is_encrypted_slm () {
|
||||
if test "$GRUB_DISTRIBUTOR" = "SL Micro" && test -n "$GRUB_TPM2_SEALED_KEY" ; then
|
||||
# return true
|
||||
return 0
|
||||
fi
|
||||
|
||||
# return false
|
||||
return 1
|
||||
}
|
||||
|
||||
# bsc#1230316 For encrypted SL-Micro, always install shim/grub2 with the "removable" way
|
||||
if is_encrypted_slm; then
|
||||
removable=yes
|
||||
fi
|
||||
|
||||
is_azure () {
|
||||
local bios_vendor;
|
||||
local product_name;
|
||||
@@ -471,6 +487,9 @@ if test "$no_nvram" = no && test -n "$bootloader_id"; then
|
||||
$efibootmgr -b "$bootnum" -B
|
||||
done
|
||||
|
||||
# bsc#1230316 Skip the creation of the boot option for encrypted SL-Micro to make
|
||||
# the system always boot from the default boot path (\EFI\BOOT\boot<arch>.efi)
|
||||
if ! is_encrypted_slm; then
|
||||
efidir_drive="$("$grub_probe" --target=drive --device-map= "$efidir")"
|
||||
efidir_disk="$("$grub_probe" --target=disk --device-map= "$efidir")"
|
||||
if test -z "$efidir_drive" || test -z "$efidir_disk"; then
|
||||
@@ -498,6 +517,7 @@ if test "$no_nvram" = no && test -n "$bootloader_id"; then
|
||||
$efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
|
||||
-L "$bootloader_id" -l "\\EFI\\$efi_distributor\\$efi_file"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# bsc#1185464 bsc#1185961
|
||||
|
||||
22
shim.changes
22
shim.changes
@@ -1,3 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 22 20:39:33 UTC 2025 - Eugenio Paolantonio <eugenio.paolantonio@suse.com>
|
||||
|
||||
- Undefine %_enable_debug_packages to fix building with rpm-4.20
|
||||
(backport of the fix from Factory in SR#1232808)
|
||||
- Fix build with rpm 4.20 by copying the extracted directories
|
||||
explicitly
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 19 06:27:27 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Update shim-install to limit the scope of the 'removable'
|
||||
SL-Micro to the image booting with TPM2 unsealing (bsc#1210382)
|
||||
* 769e41d Limit the removable option to encrypted SL-Micro
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 16 07:28:57 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Update shim-install to use the 'removable' way for SL-Micro
|
||||
(bsc#1230316)
|
||||
* 433cc4e Always use the removable way for SL-Micro
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun May 19 15:08:27 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
%undefine _debuginfo_subpackages
|
||||
%undefine _build_create_debug
|
||||
%undefine _enable_debug_packages
|
||||
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
|
||||
%define sysefibasedir %{_datadir}/efi
|
||||
%define sysefidir %{sysefibasedir}/%{_target_cpu}
|
||||
@@ -87,7 +88,7 @@ rpm2cpio %{SOURCE5} | cpio --extract --unconditional --preserve-modification-tim
|
||||
|
||||
%install
|
||||
# purely repackaged
|
||||
cp -a * %{buildroot}
|
||||
cp -a etc usr %{buildroot}
|
||||
|
||||
%if %{defined shim_lib64_share_compat}
|
||||
echo old
|
||||
|
||||
Reference in New Issue
Block a user