[Git-commits] [grml/grml-live] 332ae5: Secure Boot support

Michael Prokop mika at grml.org
Thu Aug 31 02:55:05 CEST 2017 

  Branch: refs/heads/master
  Home:   https://github.com/grml/grml-live
  Commit: 332ae52de9efa6a0ac5c3619823fe547e35828a0
      https://github.com/grml/grml-live/commit/332ae52de9efa6a0ac5c3619823fe547e35828a0
  Author: Michael Prokop <mika at grml.org>
  Date:   2017-08-31 (Thu, 31 Aug 2017)

  Changed paths:
    M debian/control
    M debian/copyright
    M debian/grml-live.install
    M etc/grml/fai/config/scripts/GRMLBASE/45-grub-images
    M etc/grml/grml-live.conf
    M grml-live
    A templates/EFI/BOOT/README
    A templates/EFI/BOOT/grubx64.efi.signed
    A templates/EFI/BOOT/shimx64.efi.signed
    A templates/EFI/ubuntu/grub.cfg
    A templates/boot/grub/grmlenv.cfg
    A templates/secureboot/grub.cfg

  Log Message:
  -----------
  Secure Boot support

Thanks to the way the signed GRUB by Ubuntu works we seem to be
able to keep our common EFI GRUB configs working next to the new
Secure Boot related EFI GRUB configs. If Secure Boot is enabled
we get the same look and feel like with common EFI boot, though
with a Secure Boot specific boot menu (since e.g. the linux16
command isn't available under Secure Boot). If EFI is running
with Secure Boot *disabled* it continues to look like it used to
do so far. If this is working out as planned there's no visible
change from a user point of view on systems with Secure Boot
disabled.

With this change we also get rid of some magic with grml-live
relying on behavior of
/etc/grml/fai/config/scripts/GRMLBASE/45-grub-images, including
moving files around.

We also no longer skip the boot stage during rebuilds. This has
been a source of frustration and annoying debugging sessions when
files inside grml_cd/boot/ didn't receive changes during rebuilds
and the user in front of the system is ignoring the according
"skip" notice or forgot to remove grml_cd/boot.

While at it rewrite debian/copyright in
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

Thanks: Michael Schierl <schierlm at gmx.de> for help regarding the Secure Boot setup

More information about the Git-commits mailing list