This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revisionBoth sides next revision |
uefi_secure_boot [2017/11/08 11:05] – brot | uefi_secure_boot [2017/11/08 11:07] – [Getting there] brot |
---|
=== Creating new kernel === | === Creating new kernel === |
Now, with Secure Boot working, we want a faster method of creating new kernels and signing those. I use the following command line to generate new kernels. | Now, with Secure Boot working, we want a faster method of creating new kernels and signing those. I use the following command line to generate new kernels. |
| |
| |
<code bash> | <code bash> |
export KVER=`make kernelversion` && make -j6 && make modules_install && dracut ./initramfs.img --force --no-compress -H $KVER --omit "i18n" --add-drivers i915 && cp /proc/cmdline ./cmdline.txt && objcopy --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 --add-section .cmdline="./cmdline.txt" --change-section-vma .cmdline=0x30000 --add-section .linux="./arch/x86/boot/bzImage" --change-section-vma .linux=0x40000 --add-section .initrd="./initramfs.img" --change-section-vma .initrd=0x3000000 /usr/lib/systemd/boot/efi/linuxx64.efi.stub kernel-$KVER.efi && sbsign --key /root/efi-keys-try1/db.key --cert /root/efi-keys-try1/db.crt --output ./kernel-$KVER-signed.efi ./kernel-$KVER.efi && mount /boot/efi && cp ./kernel-$KVER-signed.efi /boot/efi/ | export KVER=`make kernelversion` && make -j6 && make modules_install && dracut ./initramfs.img --force --no-compress -H $KVER --omit "i18n" --add-drivers i915 && \ |
| cp /proc/cmdline ./cmdline.txt && objcopy --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 --add-section .cmdline="./cmdline.txt" \ |
| --change-section-vma .cmdline=0x30000 --add-section .linux="./arch/x86/boot/bzImage" --change-section-vma .linux=0x40000 --add-section .initrd="./initramfs.img" \ |
| --change-section-vma .initrd=0x3000000 /usr/lib/systemd/boot/efi/linuxx64.efi.stub kernel-$KVER.efi && \ |
| sbsign --key /root/efi-keys-try1/db.key --cert /root/efi-keys-try1/db.crt --output ./kernel-$KVER-signed.efi ./kernel-$KVER.efi && mount /boot/efi && \ |
| cp ./kernel-$KVER-signed.efi /boot/efi/ && echo -e "title Gentoo Linux signed\nversion $KVER\nlinux /kernel-$KVER-signed.efi" > /boot/efi/loader/entries/gentoo-$KVER.conf |
</code> | </code> |
| |