From 897e5effe08f15de6b20099caeda7bc1167b7026 Mon Sep 17 00:00:00 2001
From: joamonwx <unknown>
Date: Wed, 20 Jul 2022 09:26:13 -1000
Subject: [PATCH] feat(dracut.sh): pass engine flag to sbsign allowing use with
 hardware devices

---
 dracut.sh             | 1 +
 man/dracut.conf.5.asc | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/dracut.sh b/dracut.sh
index 8c70befc0..ebc66cfac 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -2631,6 +2631,7 @@ if [[ $uefi == yes ]]; then
         "$uefi_stub" "${uefi_outdir}/linux.efi"; then
         if [[ -n ${uefi_secureboot_key} && -n ${uefi_secureboot_cert} ]]; then
             if sbsign \
+                ${uefi_secureboot_engine:+--engine "$uefi_secureboot_engine"} \
                 --key "${uefi_secureboot_key}" \
                 --cert "${uefi_secureboot_cert}" \
                 --output "$outfile" "${uefi_outdir}/linux.efi"; then
diff --git a/man/dracut.conf.5.asc b/man/dracut.conf.5.asc
index d9694a5df..39dfd34fb 100644
--- a/man/dracut.conf.5.asc
+++ b/man/dracut.conf.5.asc
@@ -294,6 +294,9 @@ Logging levels:
     Requires both certificate and key need to be specified and _sbsign_ to be
     installed.
 
+*uefi_secureboot_engine=*"_parameter_"::
+    Specifies an engine to use when signing the created UEFI executable. E.g. "pkcs11"
+
 *kernel_image=*"_<file>_"::
     Specifies the kernel image, which to include in the UEFI executable. The
     default is _/lib/modules/<KERNEL-VERSION>/vmlinuz_ or
-- 
2.47.3