Fix: provision: UEFI: mount /sys/firmware/efi/efivars and use --uefi-secure-boot on grub-install

author: Silvio Rhatto <rhatto@riseup.net> 2022-01-25 14:26:03 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2022-01-25 14:26:03 -0300
commit: c69aa69fc4a5dccb8033183461299dec4de9c503 (patch)
tree: e4b003eb16b8fb80937e89c813d3c9c542d66e20 /share
parent: 5cf0c43a3ff808b72a0fc1d6ce8264206a65b35b (diff)
download: hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.gz
hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.bz2
1 files changed, 11 insertions, 2 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision
index 26ed868..6d4dbaa 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -479,6 +479,10 @@ hydra_sudo_run mount -o bind /dev/    $WORK/dev
 hydra_sudo_run mount -o bind /dev/pts $WORK/dev/pts
 echo LANG=C | $SUDO tee $WORK/etc/default/locale > /dev/null
 
+if [ "$boot_mode" == "bios" ]; then
+  hydra_sudo_run mount none -t efivarfs $WORK/sys/firmware/efi/efivars
+fi
+
 # Resolver configuration.
 echo "domain $domain"            | $SUDO tee    $WORK/etc/resolv.conf > /dev/null
 echo "search $hostname.$domain"  | $SUDO tee -a $WORK/etc/resolv.conf > /dev/null
@@ -593,7 +597,7 @@ fi
 
 # LVM.
 if [ "$discards" == "y" ]; then
-  $SUDO sed -i -e 's/issue_discards = 0/issue_discards = 1' $WORK/etc/lvm/lvm.conf
+  $SUDO sed -i -e 's/issue_discards = 0/issue_discards = 1/' $WORK/etc/lvm/lvm.conf
 fi
 
 # Boot device must be available before installing kernel and initramfs.
@@ -667,6 +671,8 @@ if [ "$grub" == "y" ]; then
     fi
 
     if [ "$secure_boot" == "y" ]; then
+      grub_uefi_secure_boot="--uefi-secure-boot"
+
       $APT_INSTALL grub-efi-${arch}-signed -y
     else
       $APT_INSTALL grub-efi-${arch} -y
@@ -713,7 +719,9 @@ EOF
   if [ "$boot_mode" == "bios" ]; then
     hydra_sudo_run chroot $WORK/ grub-install --recheck --force $device
   else
-    hydra_sudo_run chroot $WORK/ grub-install --target=${grub_arch}-efi --efi-directory=/boot/efi $grub_uefi_nvram
+    hydra_sudo_run chroot $WORK/ grub-install --target=${grub_arch}-efi \
+                                              --efi-directory=/boot/efi \
+                                              $grub_uefi_nvram $grub_uefi_secure_boot
   fi
 fi
 
@@ -779,6 +787,7 @@ echo "Umounting installation device..."
 
 if [ "$boot_mode" == "uefi" ]; then
   hydra_sudo_run umount $WORK/boot/efi
+  hydra_sudo_run umount $WORK/sys/firmware/efi/efivars
 fi
 
 if [ "$grub" == "y" ] && [ "$encrypt" != "y" ]; then
author	Silvio Rhatto <rhatto@riseup.net>	2022-01-25 14:26:03 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2022-01-25 14:26:03 -0300
commit	c69aa69fc4a5dccb8033183461299dec4de9c503 (patch)
tree	e4b003eb16b8fb80937e89c813d3c9c542d66e20 /share
parent	5cf0c43a3ff808b72a0fc1d6ce8264206a65b35b (diff)
download	hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.gz hydra-c69aa69fc4a5dccb8033183461299dec4de9c503.tar.bz2