sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ca53af1184
diskimage-builder/elements/ubuntu-signed/post-install.d/90-get-signed-kernel
Shivanand Tendulker 06e3d7c767 Add element ubuntu-signed to provide signed kernel 
ubuntu-signed element would install 'linux-signed-image-generic' that
provides signed kernel that can be used for deploy in UEFI secure boot mode.

Package 'linux-signed-image-generic' ships signed kernel with extension
'.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed').

The kernel modules directory for signed kernel and unsigned kernel is same.
It is without 'efi.signed' extension to its name. This is different from normal
practice of directory naming in '/lib/modules' (Ex. For signed kernel
'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is
'/lib/modules/3.13.0-49-generic').
This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to
copy kernel modules.

The signed kernel package contains both signed and unsigned kernel. The
unsiged kernel is without extension '.efi.signed' (Ex.
'/boot/vmlinuz-3.13.0-49-generic'). This required change into
'/lib/img-functions' and 'baremetal' element to pick up signed kernel version
when this element is used.

Closes-Bug: 1443076
Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
2015-04-12 11:36:17 -07:00

37 lines
1.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Copyright 2015 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# Get signed kernel version
LATEST_SIGNED_KERNEL=$(ls /boot/vmlinu*.efi.signed | sort | tail -1)
if [ "$LATEST_SIGNED_KERNEL" == "" ]; then
echo "Unable to find a suitable kernel" >>/dev/stderr
exit 1
fi
SIGNED_KERNEL_VERSION=${LATEST_SIGNED_KERNEL##/boot/vmlinu[zx]-}
echo "Found signed ubuntu kernel version $SIGNED_KERNEL_VERSION"
cat > /dib-signed-kernel-version << EOF
DIB_SIGNED_KERNEL_VERSION=$SIGNED_KERNEL_VERSION
EOF
Reference in New Issue View Git Blame Copy Permalink