Changes

Linux: Secure Boot

136 bytes removed, 07:20, 6 June 2018
/* GRUB EFI setup */
* Create initial GRUB configuration script grub.init.cfg
EFI_UUID=$(lsblk -f | grep -i efi | grep -E -o "[A-Z0-9]{4}-[A-Z0-9]{4}")
GRUB_PASSWORD="Your GRUB password"
GRUB_PASSWORD_HASH=$(echo -e "$GRUB_PASSWORD\n$GRUB_PASSWORD" | grub-mkpasswd-pbkdf2 | grep -o "grub.*")
EFI_UUID=$(lsblk -f | grep -i efi | grep -E -o "[A-Z0-9]{4}-[A-Z0-9]{4}")
 
cat > grub.init.cfg << EOF
set check_signatures=enforce
reboot
EOF
### as result grub.init.cfg will be created
* Generate your GPG key
GPG_PASSWORD="Your GPG password"
cat > gpg.batch.file << EOF
%echo Generating a basic OpenPGP key
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Denis Turischev Your Name-Comment: Compulab LTD Name-Email: denisyour.turischevname@compulab.coaddress.ilcom
Expire-Date: 0
Passphrase: "$GPG_PASSWORD"
%echo done
EOF
gpg --batch --gen-key gpg.batch.file 2>&1 | tee gpg.log
GPG_KEY=$(cat gpg.log | grep -o "gpg: key [0-9A-Z]* marked as ultimately trusted" | awk '{ print $3 }')
echo GPG_KEY=$GPG_KEY
gpg --export $GPG_KEY > gpg.key
* Sing grub.init.cfg with your GPG key
export GPG_TTY=# you will be required to enter value of $(tty)GPG_PASSWORD manually # https://github.com/keybase/keybase-issues/issues/2798 # gpg: signing failed: Inappropriate ioctl for device #2798 echo -e "$GPG_PASSWORD" | gpg --yes --default-key $GPG_KEY --detach-sign grub.init.cfg
### as result grub.init.cfg.sig will be created
425
edits