diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2022-01-25 14:26:03 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2022-01-25 14:26:03 -0300 |
commit | c69aa69fc4a5dccb8033183461299dec4de9c503 (patch) | |
tree | e4b003eb16b8fb80937e89c813d3c9c542d66e20 | |
parent | 5cf0c43a3ff808b72a0fc1d6ce8264206a65b35b (diff) | |
download | hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.gz hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.bz2 |
Fix: provision: UEFI: mount /sys/firmware/efi/efivars and use --uefi-secure-boot on grub-install
-rwxr-xr-x | share/hydractl/provision | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index 26ed868..6d4dbaa 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -479,6 +479,10 @@ hydra_sudo_run mount -o bind /dev/ $WORK/dev hydra_sudo_run mount -o bind /dev/pts $WORK/dev/pts echo LANG=C | $SUDO tee $WORK/etc/default/locale > /dev/null +if [ "$boot_mode" == "bios" ]; then + hydra_sudo_run mount none -t efivarfs $WORK/sys/firmware/efi/efivars +fi + # Resolver configuration. echo "domain $domain" | $SUDO tee $WORK/etc/resolv.conf > /dev/null echo "search $hostname.$domain" | $SUDO tee -a $WORK/etc/resolv.conf > /dev/null @@ -593,7 +597,7 @@ fi # LVM. if [ "$discards" == "y" ]; then - $SUDO sed -i -e 's/issue_discards = 0/issue_discards = 1' $WORK/etc/lvm/lvm.conf + $SUDO sed -i -e 's/issue_discards = 0/issue_discards = 1/' $WORK/etc/lvm/lvm.conf fi # Boot device must be available before installing kernel and initramfs. @@ -667,6 +671,8 @@ if [ "$grub" == "y" ]; then fi if [ "$secure_boot" == "y" ]; then + grub_uefi_secure_boot="--uefi-secure-boot" + $APT_INSTALL grub-efi-${arch}-signed -y else $APT_INSTALL grub-efi-${arch} -y @@ -713,7 +719,9 @@ EOF if [ "$boot_mode" == "bios" ]; then hydra_sudo_run chroot $WORK/ grub-install --recheck --force $device else - hydra_sudo_run chroot $WORK/ grub-install --target=${grub_arch}-efi --efi-directory=/boot/efi $grub_uefi_nvram + hydra_sudo_run chroot $WORK/ grub-install --target=${grub_arch}-efi \ + --efi-directory=/boot/efi \ + $grub_uefi_nvram $grub_uefi_secure_boot fi fi @@ -779,6 +787,7 @@ echo "Umounting installation device..." if [ "$boot_mode" == "uefi" ]; then hydra_sudo_run umount $WORK/boot/efi + hydra_sudo_run umount $WORK/sys/firmware/efi/efivars fi if [ "$grub" == "y" ] && [ "$encrypt" != "y" ]; then |