feat(dracut.sh): pass engine flag to sbsign allowing use with hardware devices

author joamonwx <unknown>

Wed, 20 Jul 2022 19:26:13 +0000 (09:26 -1000)

committer Jóhann B. Guðmundsson <johannbg@gmail.com>

Fri, 12 Aug 2022 11:12:41 +0000 (11:12 +0000)
author joamonwx <unknown>
Wed, 20 Jul 2022 19:26:13 +0000 (09:26 -1000)
committer Jóhann B. Guðmundsson <johannbg@gmail.com>
Fri, 12 Aug 2022 11:12:41 +0000 (11:12 +0000)
diff --git a/dracut.sh b/dracut.sh

index 8c70befc017f7bb013774abfd06759b043107f74..ebc66cfac1d1331ddc63490fd25243b968c9be62 100755 (executable)
--- a/dracut.sh
+++ b/dracut.sh
@@ -2631,6 +2631,7 @@ if [[ $uefi == yes ]]; then
          "$uefi_stub" "${uefi_outdir}/linux.efi"; then
          if [[ -n ${uefi_secureboot_key} && -n ${uefi_secureboot_cert} ]]; then
              if sbsign \
+                ${uefi_secureboot_engine:+--engine "$uefi_secureboot_engine"} \
                  --key "${uefi_secureboot_key}" \
                  --cert "${uefi_secureboot_cert}" \
                  --output "$outfile" "${uefi_outdir}/linux.efi"; then
diff --git a/man/dracut.conf.5.asc b/man/dracut.conf.5.asc

index d9694a5df0e26f0d136a8a8dce8a45ddd1d73490..39dfd34fb3e95cef6a092f31abe4b68c3b02c666 100644 (file)
--- a/man/dracut.conf.5.asc
+++ b/man/dracut.conf.5.asc
@@ -294,6 +294,9 @@ Logging levels:
      Requires both certificate and key need to be specified and _sbsign_ to be
      installed.
  
+*uefi_secureboot_engine=*"_parameter_"::
+    Specifies an engine to use when signing the created UEFI executable. E.g. "pkcs11"
+
  *kernel_image=*"_<file>_"::
      Specifies the kernel image, which to include in the UEFI executable. The
      default is _/lib/modules/<KERNEL-VERSION>/vmlinuz_ or
author	joamonwx <unknown>
	Wed, 20 Jul 2022 19:26:13 +0000 (09:26 -1000)
committer	Jóhann B. Guðmundsson <johannbg@gmail.com>
	Fri, 12 Aug 2022 11:12:41 +0000 (11:12 +0000)
dracut.sh		patch \| blob \| blame \| history
man/dracut.conf.5.asc		patch \| blob \| blame \| history