From f832bd2e7b3dc257c8b3fbac38daa014b7e97c6c Mon Sep 17 00:00:00 2001 From: Fabio Erculiani Date: Sun, 27 Jan 2013 15:32:28 +0000 Subject: [PATCH] [scripts] do not SecureBoot sign EFI images if SecureBoot private key is not found --- scripts/make_grub_efi.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/make_grub_efi.sh b/scripts/make_grub_efi.sh index 3206314..6e697f5 100755 --- a/scripts/make_grub_efi.sh +++ b/scripts/make_grub_efi.sh @@ -97,7 +97,7 @@ sabayon_cert="${shim_dir}"/sabayon.crt if [ -f "${efi_x86_64_file}" ] || [ -f "${efi_i386_file}" ]; then - if [ -f "${efi_x86_64_file}" ]; then + if [ -f "${efi_x86_64_file}" ] && [ -f "${sbsign_private_key}" ]; then mv "${efi_x86_64_file}" "${grub_efi_file}" || exit 1 cp "${shim_data_dir}"/shim.efi "${efi_x86_64_file}" || exit 1 cp "${shim_data_dir}"/MokManager.efi "${EFI_BOOT_DIR}"/ || exit 1 @@ -111,6 +111,8 @@ if [ -f "${efi_x86_64_file}" ] || [ -f "${efi_i386_file}" ]; then --output "${grub_efi_file}.signed" \ "${grub_efi_file}" || exit 1 mv "${grub_efi_file}.signed" "${grub_efi_file}" || exit 1 + elif [ ! -f "${sbsign_private_key}" ]; then + echo "No private SecureBoot key file found at ${sbsign_private_key}" >&2 fi # -- end of SecureBoot --