#!/usr/bin/env bash # Created by Tobias Powalowski build () { # https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot apps="openssl python3 cert-to-efi-hash-list efi-readvar efi-updatevar efitool-mkusb flash-var \ hash-to-efi-sig-list sig-list-to-certs cert-to-efi-sig-list sign-efi-sig-list sbattach sbkeysync \ sbsiglist sbsign sbvarsign sbverify mokutil" add_file "/etc/ssl/openssl.cnf" for i in $apps; do add_binary "$i" done # add mkkeys.sh MKKEYS=$(mktemp /var/tmp/mkkeys.XXXX) curl -s -L -o "${MKKEYS}" https://pkgbuild.com/~tpowa/archboot-helper/mkkeys//mkkeys.sh chmod 755 "${MKKEYS}" add_file "${MKKEYS}" "/usr/bin/mkkeys.sh" # add python3 files for script add_full_dir /usr/lib/python3.10/encodings add_full_dir /usr/lib/python3.10/collections add_full_dir /usr/lib/python3.10/logging PYTHON_FILES="_collections_abc keyword heapq platform types enum uuid \ _sitebuiltins genericpath posixpath _collections_abc stat os site abc io codecs \ operator reprlib re sre_compile sre_parse sre_constants functools copyreg subprocess \ signal threading _weakrefset warnings contextlib random bisect hashlib traceback \ linecache tokenize token weakref string selectors" if [[ "$(uname -m)" == "x86_64" ]]; then PYTHON_DYN="select.cpython-310-x86_64-linux-gnu math.cpython-310-x86_64-linux-gnu _random.cpython-310-x86_64-linux-gnu \ _sha512.cpython-310-x86_64-linux-gnu _posixsubprocess.cpython-310-x86_64-linux-gnu" fi if [[ "$(uname -m)" == "aarch64" ]]; then PYTHON_DYN="select.cpython-310-aarch64-linux-gnu math.cpython-310-aarch64-linux-gnu _random.cpython-310-aarch64-linux-gnu \ _sha512.cpython-310-aarch64-linux-gnu _posixsubprocess.cpython-310-aarch64-linux-gnu" fi for i in ${PYTHON_FILES}; do add_file "/usr/lib/python3.10/$i.py" done for i in ${PYTHON_DYN}; do add_file "/usr/lib/python3.10/lib-dynload/$i.so" done # add efitools files if [[ "$(uname -m)" == "x86_64" ]]; then add_file "/usr/share/efitools/efi/PreLoader.efi" fi add_file "/usr/share/efitools/efi/HashTool.efi" add_file "/usr/share/efitools/efi/KeyTool.efi" # add shim signed files from fedora _SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim" _SHIM=$(mktemp -d /var/tmp/shim.XXXX) if [[ "$(uname -m)" == "x86_64" ]]; then curl -s --create-dirs -L -O --output-dir "${_SHIM}" "${_SHIM_URL}"/{mmx64.efi,shimx64.efi,mmia32.efi,shimia32.efi} add_file "${_SHIM}/mmx64.efi" "/usr/share/archboot/fedora-shim/mmx64.efi" add_file "${_SHIM}/shimx64.efi" "/usr/share/archboot/fedora-shim/shimx64.efi" add_file "${_SHIM}/mmia32.efi" "/usr/share/archboot/fedora-shim/mmia32.efi" add_file "${_SHIM}/shimia32.efi" "/usr/share/archboot/fedora-shim/shimia32.efi" fi if [[ "$(uname -m)" == "aarch64" ]]; then curl -s --create-dirs -L -O --output-dir "${_SHIM}" "${_SHIM_URL}"/{mmaa64.efi,shimaa64.efi} add_file "${_SHIM}/mmaa64.efi" "/usr/share/archboot/fedora-shim/mmaa64.efi" add_file "${_SHIM}/shimaa64.efi" "/usr/share/archboot/fedora-shim/shimaa64.efi" fi # add generate keys script add_file "/usr/bin/archboot-secureboot-keys.sh" "/usr/bin/secureboot-keys.sh" } help () { cat<