toolkit/func/core/pkg_secureboot/11-test-shim-certs.sh

#!/bin/bash
r_log "secureboot" "Verify that grub2-efi is correctly signed"

if [ ! -d /sys/firmware/efi ]; then
  r_log "secureboot" "System was not booted in EFI mode. It is likely that grub2-efi is also not installed."
  if [ -f /boot/efi/EFI/rocky/grubx64.efi ]; then
    r_log "secureboot" "Correct, system is not EFI and thus does not have grub2-efi installed."
    exit 0
  fi
else
  if [[ "$rl_arch" == "x86_64" ]]; then
    p_installPackageNormal pesign
    pesign --show-signature --in /boot/efi/EFI/rocky/shim.efi | grep -Eq "Microsoft Windows UEFI Driver Publisher"
    r_checkExitStatus $?
  else
    r_log "secureboot" "x86_64 is the only supported secureboot arch at this time"
    exit 0
  fi
fi
Initial commit 2021-07-05 06:50:25 +00:00			`#!/bin/bash`
			`r_log "secureboot" "Verify that grub2-efi is correctly signed"`

			`if [ ! -d /sys/firmware/efi ]; then`
			`r_log "secureboot" "System was not booted in EFI mode. It is likely that grub2-efi is also not installed."`
			`if [ -f /boot/efi/EFI/rocky/grubx64.efi ]; then`
			`r_log "secureboot" "Correct, system is not EFI and thus does not have grub2-efi installed."`
			`exit 0`
			`fi`
			`else`
func: add starting podman tests 2023-11-13 17:28:48 +00:00			`if [[ "$rl_arch" == "x86_64" ]]; then`
			`p_installPackageNormal pesign`
			`pesign --show-signature --in /boot/efi/EFI/rocky/shim.efi \| grep -Eq "Microsoft Windows UEFI Driver Publisher"`
			`r_checkExitStatus $?`
			`else`
			`r_log "secureboot" "x86_64 is the only supported secureboot arch at this time"`
			`exit 0`
			`fi`
Initial commit 2021-07-05 06:50:25 +00:00			`fi`