[scripts] do not SecureBoot sign EFI images if SecureBoot private key is not found
This commit is contained in:
@@ -97,7 +97,7 @@ sabayon_cert="${shim_dir}"/sabayon.crt
|
||||
|
||||
if [ -f "${efi_x86_64_file}" ] || [ -f "${efi_i386_file}" ]; then
|
||||
|
||||
if [ -f "${efi_x86_64_file}" ]; then
|
||||
if [ -f "${efi_x86_64_file}" ] && [ -f "${sbsign_private_key}" ]; then
|
||||
mv "${efi_x86_64_file}" "${grub_efi_file}" || exit 1
|
||||
cp "${shim_data_dir}"/shim.efi "${efi_x86_64_file}" || exit 1
|
||||
cp "${shim_data_dir}"/MokManager.efi "${EFI_BOOT_DIR}"/ || exit 1
|
||||
@@ -111,6 +111,8 @@ if [ -f "${efi_x86_64_file}" ] || [ -f "${efi_i386_file}" ]; then
|
||||
--output "${grub_efi_file}.signed" \
|
||||
"${grub_efi_file}" || exit 1
|
||||
mv "${grub_efi_file}.signed" "${grub_efi_file}" || exit 1
|
||||
elif [ ! -f "${sbsign_private_key}" ]; then
|
||||
echo "No private SecureBoot key file found at ${sbsign_private_key}" >&2
|
||||
fi
|
||||
|
||||
# -- end of SecureBoot --
|
||||
|
||||
Reference in New Issue
Block a user