From 9bfda7f106a696b8813c0dcd8a992b38041fa316 Mon Sep 17 00:00:00 2001 From: Anduin Xue Date: Mon, 2 Sep 2024 12:30:22 +0000 Subject: [PATCH 1/9] Support secure boot. --- README.md | 29 +++++++++++------------------ scripts/build.sh | 17 +++++++---------- 2 files changed, 18 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 6797623..a573059 100644 --- a/README.md +++ b/README.md @@ -591,30 +591,22 @@ After everything has been installed and preconfigured in the **chrooted** enviro cd $HOME/live-ubuntu-from-scratch/image ``` -2. Create a grub UEFI image - - ```shell - grub-mkstandalone \ - --format=x86_64-efi \ - --output=isolinux/bootx64.efi \ - --locales="" \ - --fonts="" \ - "boot/grub/grub.cfg=isolinux/grub.cfg" - ``` - -3. Create a FAT16 UEFI boot disk image containing the EFI bootloader +2. Create a FAT16 UEFI boot disk image containing the EFI bootloader ```shell ( cd isolinux && \ dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ sudo mkfs.vfat efiboot.img && \ - LC_CTYPE=C mmd -i efiboot.img efi efi/boot && \ - LC_CTYPE=C mcopy -i efiboot.img ./bootx64.efi ::efi/boot/ + mkdir efi && \ + sudo mount efiboot.img efi && \ + sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram && \ + sudo umount efi && \ + rm -rf efi ) ``` -4. Create a grub BIOS image +3. Create a grub BIOS image ```shell grub-mkstandalone \ @@ -627,19 +619,19 @@ After everything has been installed and preconfigured in the **chrooted** enviro "boot/grub/grub.cfg=isolinux/grub.cfg" ``` -5. Combine a bootable Grub cdboot.img +4. Combine a bootable Grub cdboot.img ```shell cat /usr/lib/grub/i386-pc/cdboot.img isolinux/core.img > isolinux/bios.img ``` -6. Generate md5sum.txt +5. Generate md5sum.txt ```shell sudo /bin/bash -c "(find . -type f -print0 | xargs -0 md5sum | grep -v -e 'md5sum.txt' -e 'bios.img' -e 'efiboot.img' > md5sum.txt)" ``` -7. Create iso from the image directory using the command-line +6. Create iso from the image directory using the command-line ```shell sudo xorriso \ @@ -663,6 +655,7 @@ After everything has been installed and preconfigured in the **chrooted** enviro -m "isolinux/bios.img" \ -graft-points \ "/EFI/efiboot.img=isolinux/efiboot.img" \ + "/boot/grub/grub.cfg=isolinux/grub.cfg" \ "/boot/grub/bios.img=isolinux/bios.img" \ "." ``` diff --git a/scripts/build.sh b/scripts/build.sh index 84ea0c7..52dbace 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -99,7 +99,7 @@ function check_config() { function setup_host() { echo "=====> running setup_host ..." sudo apt update - sudo apt install -y binutils debootstrap squashfs-tools xorriso grub-pc-bin grub-efi-amd64-bin mtools dosfstools unzip + sudo apt install -y binutils debootstrap squashfs-tools xorriso grub-pc-bin grub-efi-amd64-bin mtools dosfstools unzip grub2-common sudo mkdir -p chroot } @@ -223,19 +223,15 @@ EOF # create iso image pushd $SCRIPT_DIR/image - grub-mkstandalone \ - --format=x86_64-efi \ - --output=isolinux/bootx64.efi \ - --locales="" \ - --fonts="" \ - "boot/grub/grub.cfg=isolinux/grub.cfg" - ( cd isolinux && \ dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ sudo mkfs.vfat efiboot.img && \ - LC_CTYPE=C mmd -i efiboot.img efi efi/boot && \ - LC_CTYPE=C mcopy -i efiboot.img ./bootx64.efi ::efi/boot/ + mkdir efi && \ + sudo mount efiboot.img efi && \ + sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram && \ + sudo umount efi && \ + rm -rf efi ) grub-mkstandalone \ @@ -272,6 +268,7 @@ EOF -m "isolinux/bios.img" \ -graft-points \ "/EFI/efiboot.img=isolinux/efiboot.img" \ + "/boot/grub/grub.cfg=isolinux/grub.cfg" \ "/boot/grub/bios.img=isolinux/bios.img" \ "." From 6e2415228853a925634d2a2f5e8e8af1e2b1df37 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 18:23:15 -0300 Subject: [PATCH 2/9] fix(build.sh): generate efiboot.img --- scripts/build.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/build.sh b/scripts/build.sh index 52dbace..45c83f0 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -227,10 +227,12 @@ EOF cd isolinux && \ dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ sudo mkfs.vfat efiboot.img && \ + LOOP_DEVICE=`losetup --find --show $PWD/efiboot.img` && \ mkdir efi && \ - sudo mount efiboot.img efi && \ - sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram && \ - sudo umount efi && \ + sudo mount $LOOP_DEVICE efi && \ + sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ + sudo umount $LOOP_DEVICE && \ + sudo losetup --detach $LOOP_DEVICE && \ rm -rf efi ) From cfc73ceed2f2a6d99498e64c51d490a827ec7d14 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 18:26:34 -0300 Subject: [PATCH 3/9] Update README.md --- README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a573059..f1fafba 100644 --- a/README.md +++ b/README.md @@ -595,14 +595,16 @@ After everything has been installed and preconfigured in the **chrooted** enviro ```shell ( - cd isolinux && \ - dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ - sudo mkfs.vfat efiboot.img && \ - mkdir efi && \ - sudo mount efiboot.img efi && \ - sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram && \ - sudo umount efi && \ - rm -rf efi + cd isolinux && \ + dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ + sudo mkfs.vfat efiboot.img && \ + LOOP_DEVICE=`losetup --find --show $PWD/efiboot.img` && \ + mkdir efi && \ + sudo mount $LOOP_DEVICE efi && \ + sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ + sudo umount $LOOP_DEVICE && \ + sudo losetup --detach $LOOP_DEVICE && \ + rm -rf efi ) ``` From 9196b7802fc9b9166c04ccca5add10728343ec83 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 18:33:57 -0300 Subject: [PATCH 4/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f1fafba..f6d6637 100644 --- a/README.md +++ b/README.md @@ -598,7 +598,7 @@ After everything has been installed and preconfigured in the **chrooted** enviro cd isolinux && \ dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ sudo mkfs.vfat efiboot.img && \ - LOOP_DEVICE=`losetup --find --show $PWD/efiboot.img` && \ + LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ mkdir efi && \ sudo mount $LOOP_DEVICE efi && \ sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ From d5623e85968896edae3e78fec623c78e9526c78a Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 18:34:26 -0300 Subject: [PATCH 5/9] fix(build.sh): generate efiboot.img --- scripts/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build.sh b/scripts/build.sh index 45c83f0..7f4ee1c 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -227,7 +227,7 @@ EOF cd isolinux && \ dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ sudo mkfs.vfat efiboot.img && \ - LOOP_DEVICE=`losetup --find --show $PWD/efiboot.img` && \ + LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ mkdir efi && \ sudo mount $LOOP_DEVICE efi && \ sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ From dc1643db3c9e3aa26e82f55d93ae64639f5b4865 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:56:17 -0300 Subject: [PATCH 6/9] fix(build.sh): generate efiboot.img --- scripts/build.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/build.sh b/scripts/build.sh index 7f4ee1c..0bd74d1 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -225,15 +225,15 @@ EOF pushd $SCRIPT_DIR/image ( cd isolinux && \ - dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ - sudo mkfs.vfat efiboot.img && \ + sudo dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ - mkdir efi && \ + sudo mkfs.vfat -F 32 $LOOP_DEVICE && \ + sudo mkdir efi && \ sudo mount $LOOP_DEVICE efi && \ - sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ + sudo grub-install --target=x86_64-efi --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ sudo umount $LOOP_DEVICE && \ sudo losetup --detach $LOOP_DEVICE && \ - rm -rf efi + sudo rm -rf efi ) grub-mkstandalone \ From 382ff18b15e4fe9aee6eef123fd209e33daaeb83 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 21:13:11 -0300 Subject: [PATCH 7/9] Update README.md --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index f6d6637..a6bc5b7 100644 --- a/README.md +++ b/README.md @@ -595,16 +595,16 @@ After everything has been installed and preconfigured in the **chrooted** enviro ```shell ( - cd isolinux && \ - dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ - sudo mkfs.vfat efiboot.img && \ - LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ - mkdir efi && \ - sudo mount $LOOP_DEVICE efi && \ - sudo grub-install --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ - sudo umount $LOOP_DEVICE && \ - sudo losetup --detach $LOOP_DEVICE && \ - rm -rf efi + cd isolinux && \ + sudo dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ + LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ + sudo mkfs.vfat -F 32 $LOOP_DEVICE && \ + sudo mkdir efi && \ + sudo mount $LOOP_DEVICE efi && \ + sudo grub-install --target=x86_64-efi --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ + sudo umount $LOOP_DEVICE && \ + sudo losetup --detach $LOOP_DEVICE && \ + sudo rm -rf efi ) ``` From bf0ac557e562537524dbfbb8a51dd81230365f7a Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 21:41:57 -0300 Subject: [PATCH 8/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a6bc5b7..2c9ed76 100644 --- a/README.md +++ b/README.md @@ -598,7 +598,7 @@ After everything has been installed and preconfigured in the **chrooted** enviro cd isolinux && \ sudo dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ - sudo mkfs.vfat -F 32 $LOOP_DEVICE && \ + sudo mkfs.vfat -F 16 $LOOP_DEVICE && \ sudo mkdir efi && \ sudo mount $LOOP_DEVICE efi && \ sudo grub-install --target=x86_64-efi --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \ From 89cd99775e48929b946de373e61c9277d0344792 Mon Sep 17 00:00:00 2001 From: Marcos Tischer Vallim <19291569+mvallim@users.noreply.github.com> Date: Mon, 2 Sep 2024 21:42:20 -0300 Subject: [PATCH 9/9] fix(build.sh): generate efiboot.img --- scripts/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build.sh b/scripts/build.sh index 0bd74d1..dfdc84d 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -227,7 +227,7 @@ EOF cd isolinux && \ sudo dd if=/dev/zero of=efiboot.img bs=1M count=10 && \ LOOP_DEVICE=`sudo losetup --find --show $PWD/efiboot.img` && \ - sudo mkfs.vfat -F 32 $LOOP_DEVICE && \ + sudo mkfs.vfat -F 16 $LOOP_DEVICE && \ sudo mkdir efi && \ sudo mount $LOOP_DEVICE efi && \ sudo grub-install --target=x86_64-efi --efi-directory=efi --uefi-secure-boot --removable --no-nvram $LOOP_DEVICE && \