- ship a Secure Boot UEFI compatible bootloader (fate#314485)
- added secureboot patches which introduces new linuxefi module
that is able to perform verifying signed images via exported
protocol from shim. The insmod command will not function if
secure boot enabled (as all modules should built in grub.efi
and signed).
- grub2-secureboot-add-linuxefi.patch
- grub2-secureboot-use-linuxefi-on-uefi.patch
- grub2-secureboot-no-insmod-on-sb.patch
- grub2-secureboot-provide-linuxefi-config.patch
- Makefile.core.am : support building linuxefi module
- Make grub.efi image that is with all relevant modules incorporated
and signed, it will be the second stage to the shim loader which
will verified it when secureboot enabled.
- Make grub.efi's path to align with shim loader's default loader
lookup path.
- The changes has been verified not affecting any factory instalation,
but will allow us to run & test secure boot setup manually with shim. (forwarded request 143007 from michael-chang)
OBS-URL: https://build.opensuse.org/request/show/143018
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=52
