[scripts] do not SecureBoot sign EFI images if SecureBoot private key is not found

This commit is contained in:
Fabio Erculiani
2013-01-27 15:32:28 +00:00
parent 7e1ce87581
commit f832bd2e7b

View File

@@ -97,7 +97,7 @@ sabayon_cert="${shim_dir}"/sabayon.crt
if [ -f "${efi_x86_64_file}" ] || [ -f "${efi_i386_file}" ]; then
if [ -f "${efi_x86_64_file}" ]; then
if [ -f "${efi_x86_64_file}" ] && [ -f "${sbsign_private_key}" ]; then
mv "${efi_x86_64_file}" "${grub_efi_file}" || exit 1
cp "${shim_data_dir}"/shim.efi "${efi_x86_64_file}" || exit 1
cp "${shim_data_dir}"/MokManager.efi "${EFI_BOOT_DIR}"/ || exit 1
@@ -111,6 +111,8 @@ if [ -f "${efi_x86_64_file}" ] || [ -f "${efi_i386_file}" ]; then
--output "${grub_efi_file}.signed" \
"${grub_efi_file}" || exit 1
mv "${grub_efi_file}.signed" "${grub_efi_file}" || exit 1
elif [ ! -f "${sbsign_private_key}" ]; then
echo "No private SecureBoot key file found at ${sbsign_private_key}" >&2
fi
# -- end of SecureBoot --