def _setup_secure_boot_efi_image(self, lookup_path):
"""
Provide the shim loader and the shim signed grub2 loader
in the required boot path. Normally this task is done by
the shim-install tool. However, shim-install does not exist
on all distributions and the script does not operate well
in e.g CD environments from which we generate live and/or
install media. Thus shim-install is used if possible at
install time of the bootloader because it requires access
to the target block device. In any other case this setup
code should act as the fallback solution
"""
if not lookup_path:
lookup_path = self.root_dir
shim_image = Defaults.get_shim_loader(lookup_path)
if not shim_image:
raise KiwiBootLoaderGrubSecureBootError(
'Microsoft signed shim loader not found'
)
grub_image = Defaults.get_signed_grub_loader(lookup_path)
if not grub_image:
raise KiwiBootLoaderGrubSecureBootError(
'Shim signed grub2 efi loader not found'
)
Command.run(
['cp', shim_image, self._get_efi_image_name()]
)
Command.run(
['cp', grub_image, self.efi_boot_path]
)
def _setup_secure_boot_efi_image(self, lookup_path):
"""
Provide the shim loader and the shim signed grub2 loader
in the required boot path. Normally this task is done by
the shim-install tool. However, shim-install does not exist
on all distributions and the script does not operate well
in e.g CD environments from which we generate live and/or
install media. Thus shim-install is used if possible at
install time of the bootloader because it requires access
to the target block device. In any other case this setup
code should act as the fallback solution
"""
log.warning(
'--> Running fallback setup for shim secure boot efi image')
if not lookup_path:
lookup_path = self.boot_dir
grub_image = Defaults.get_signed_grub_loader(lookup_path)
if not grub_image:
raise KiwiBootLoaderGrubSecureBootError(
'Signed grub2 efi loader not found')
shim_image = Defaults.get_shim_loader(lookup_path)
if shim_image:
# The shim concept is based on a two step system including a
# grub image(shim) that got signed by Microsoft followed by
# a grub image that got signed by the shim. The shim image
# is the one that gets loaded by the firmware which itself
# loads the second stage grub image
Command.run(['cp', shim_image, self._get_efi_image_name()])
Command.run(['cp', grub_image, self.efi_boot_path])
else:
# Without shim a self signed grub image is used that
# gets loaded by the firmware
Command.run(['cp', grub_image, self._get_efi_image_name()])