From: joamonwx <unknown>
Date: Wed, 20 Jul 2022 19:26:13 +0000 (-1000)
Subject: feat(dracut.sh): pass engine flag to sbsign allowing use with hardware devices
X-Git-Tag: 058~199
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=897e5effe08f15de6b20099caeda7bc1167b7026;p=thirdparty%2Fdracut.git

feat(dracut.sh): pass engine flag to sbsign allowing use with hardware devices
---

diff --git a/dracut.sh b/dracut.sh
index 8c70befc0..ebc66cfac 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -2631,6 +2631,7 @@ if [[ $uefi == yes ]]; then
         "$uefi_stub" "${uefi_outdir}/linux.efi"; then
         if [[ -n ${uefi_secureboot_key} && -n ${uefi_secureboot_cert} ]]; then
             if sbsign \
+                ${uefi_secureboot_engine:+--engine "$uefi_secureboot_engine"} \
                 --key "${uefi_secureboot_key}" \
                 --cert "${uefi_secureboot_cert}" \
                 --output "$outfile" "${uefi_outdir}/linux.efi"; then
diff --git a/man/dracut.conf.5.asc b/man/dracut.conf.5.asc
index d9694a5df..39dfd34fb 100644
--- a/man/dracut.conf.5.asc
+++ b/man/dracut.conf.5.asc
@@ -294,6 +294,9 @@ Logging levels:
     Requires both certificate and key need to be specified and _sbsign_ to be
     installed.
 
+*uefi_secureboot_engine=*"_parameter_"::
+    Specifies an engine to use when signing the created UEFI executable. E.g. "pkcs11"
+
 *kernel_image=*"_<file>_"::
     Specifies the kernel image, which to include in the UEFI executable. The
     default is _/lib/modules/<KERNEL-VERSION>/vmlinuz_ or