aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2022-01-25 14:26:03 -0300
committerSilvio Rhatto <rhatto@riseup.net>2022-01-25 14:26:03 -0300
commitc69aa69fc4a5dccb8033183461299dec4de9c503 (patch)
treee4b003eb16b8fb80937e89c813d3c9c542d66e20
parent5cf0c43a3ff808b72a0fc1d6ce8264206a65b35b (diff)
downloadhydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.gz
hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.bz2
Fix: provision: UEFI: mount /sys/firmware/efi/efivars and use --uefi-secure-boot on grub-install
-rwxr-xr-xshare/hydractl/provision13
1 files changed, 11 insertions, 2 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision
index 26ed868..6d4dbaa 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -479,6 +479,10 @@ hydra_sudo_run mount -o bind /dev/ $WORK/dev
hydra_sudo_run mount -o bind /dev/pts $WORK/dev/pts
echo LANG=C | $SUDO tee $WORK/etc/default/locale > /dev/null
+if [ "$boot_mode" == "bios" ]; then
+ hydra_sudo_run mount none -t efivarfs $WORK/sys/firmware/efi/efivars
+fi
+
# Resolver configuration.
echo "domain $domain" | $SUDO tee $WORK/etc/resolv.conf > /dev/null
echo "search $hostname.$domain" | $SUDO tee -a $WORK/etc/resolv.conf > /dev/null
@@ -593,7 +597,7 @@ fi
# LVM.
if [ "$discards" == "y" ]; then
- $SUDO sed -i -e 's/issue_discards = 0/issue_discards = 1' $WORK/etc/lvm/lvm.conf
+ $SUDO sed -i -e 's/issue_discards = 0/issue_discards = 1/' $WORK/etc/lvm/lvm.conf
fi
# Boot device must be available before installing kernel and initramfs.
@@ -667,6 +671,8 @@ if [ "$grub" == "y" ]; then
fi
if [ "$secure_boot" == "y" ]; then
+ grub_uefi_secure_boot="--uefi-secure-boot"
+
$APT_INSTALL grub-efi-${arch}-signed -y
else
$APT_INSTALL grub-efi-${arch} -y
@@ -713,7 +719,9 @@ EOF
if [ "$boot_mode" == "bios" ]; then
hydra_sudo_run chroot $WORK/ grub-install --recheck --force $device
else
- hydra_sudo_run chroot $WORK/ grub-install --target=${grub_arch}-efi --efi-directory=/boot/efi $grub_uefi_nvram
+ hydra_sudo_run chroot $WORK/ grub-install --target=${grub_arch}-efi \
+ --efi-directory=/boot/efi \
+ $grub_uefi_nvram $grub_uefi_secure_boot
fi
fi
@@ -779,6 +787,7 @@ echo "Umounting installation device..."
if [ "$boot_mode" == "uefi" ]; then
hydra_sudo_run umount $WORK/boot/efi
+ hydra_sudo_run umount $WORK/sys/firmware/efi/efivars
fi
if [ "$grub" == "y" ] && [ "$encrypt" != "y" ]; then