diff options
Diffstat (limited to 'modules/signing/preimage.40.sign-os.sh')
-rw-r--r-- | modules/signing/preimage.40.sign-os.sh | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh index 19ddc3b..6756eb6 100644 --- a/modules/signing/preimage.40.sign-os.sh +++ b/modules/signing/preimage.40.sign-os.sh @@ -8,29 +8,23 @@ okey=$(read_config signing okey) bios_crypto=$(read_config signing bios_crypto_path) [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0 -if [ -e "$fsmount/boot/vmlinuz" ]; then - echo "Signing kernel..." - pushd $bios_crypto/build - ./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip - popd - [ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip -fi +sign_os() { + local path="$fsmount"/boot/$1.zip + [ -f "$path" ] || return -if [ -e "$fsmount/boot/initrd.img" ]; then - echo "Signing initramfs..." pushd $bios_crypto/build - ./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip - popd -fi + unzip "$path" + mv data.img tmp.img -if [ -e "$fsmount/boot/actrd.img" ]; then - echo "Signing activation initramfs..." - pushd $bios_crypto/build - $bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip - popd -fi + rm -f $path + ./sign-os.sh $okey tmp.img $path -# If no separate activation initramfs was provided, assume that the regular -# initramfs also handles activation. -[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip + rm -f tmp.img + popd +} +echo "Signing initramfs/kernel..." +sign_os runos +sign_os actos +sign_os runrd +sign_os actrd |