diff options
Diffstat (limited to 'modules/signing/preimage.40.sign-os.sh')
-rw-r--r-- | modules/signing/preimage.40.sign-os.sh | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh index 6756eb6..19ddc3b 100644 --- a/modules/signing/preimage.40.sign-os.sh +++ b/modules/signing/preimage.40.sign-os.sh @@ -8,23 +8,29 @@ okey=$(read_config signing okey) bios_crypto=$(read_config signing bios_crypto_path) [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0 -sign_os() { - local path="$fsmount"/boot/$1.zip - [ -f "$path" ] || return - +if [ -e "$fsmount/boot/vmlinuz" ]; then + echo "Signing kernel..." pushd $bios_crypto/build - unzip "$path" - mv data.img tmp.img + ./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip + popd + [ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip +fi - rm -f $path - ./sign-os.sh $okey tmp.img $path +if [ -e "$fsmount/boot/initrd.img" ]; then + echo "Signing initramfs..." + pushd $bios_crypto/build + ./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip + popd +fi - rm -f tmp.img +if [ -e "$fsmount/boot/actrd.img" ]; then + echo "Signing activation initramfs..." + pushd $bios_crypto/build + $bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip popd -} +fi + +# If no separate activation initramfs was provided, assume that the regular +# initramfs also handles activation. +[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip -echo "Signing initramfs/kernel..." -sign_os runos -sign_os actos -sign_os runrd -sign_os actrd |