From cc34dec4186f6e308b2c0411cee7a61ac708bbdf Mon Sep 17 00:00:00 2001 From: Kroese Date: Fri, 19 Apr 2024 22:20:09 +0200 Subject: [PATCH] fix: Disable secure boot by default (#41) --- src/boot.sh | 21 ++++++++++++++------- src/config.sh | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/boot.sh b/src/boot.sh index f9e62b3..4e5dd8d 100644 --- a/src/boot.sh +++ b/src/boot.sh @@ -5,25 +5,32 @@ set -Eeuo pipefail : "${BIOS:=""}" # Bios file BOOT_OPTS="" +SECURE=",secure=off" DIR="/usr/share/qemu" case "${BOOT_MODE,,}" in uefi) - ROM="AAVMF_CODE.fd" + ROM="AAVMF_CODE.no-secboot.fd" VARS="AAVMF_VARS.fd" ;; secure) - ROM="AAVMF_CODE.fd" + SECURE=",secure=on" + ROM="AAVMF_CODE.secboot.fd" VARS="AAVMF_VARS.fd" ;; windows) + ROM="AAVMF_CODE.no-secboot.fd" + VARS="AAVMF_VARS.fd" + ;; + windows_secure) + SECURE=",secure=on" ROM="AAVMF_CODE.ms.fd" VARS="AAVMF_VARS.ms.fd" ;; *) info "Unknown boot mode '${BOOT_MODE}', defaulting to 'uefi'" BOOT_MODE="uefi" - ROM="AAVMF_CODE.fd" + ROM="AAVMF_CODE.no-secboot.fd" VARS="AAVMF_VARS.fd" ;; esac @@ -38,15 +45,15 @@ fi AAVMF="/usr/share/AAVMF/" DEST="$STORAGE/${BOOT_MODE,,}" -if [ ! -s "$DEST.rom" ]; then - [ ! -s "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44 +if [ ! -s "$DEST.rom" ] || [ ! -f "$DEST.rom" ]; then + [ ! -s "$AAVMF/$ROM" ] || [ ! -f "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44 rm -f "$DEST.rom" dd if=/dev/zero "of=$DEST.rom" bs=1M count=64 status=none dd "if=$AAVMF/$ROM" "of=$DEST.rom" conv=notrunc status=none fi -if [ ! -s "$DEST.vars" ]; then - [ ! -s "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45 +if [ ! -s "$DEST.vars" ] || [ ! -f "$DEST.vars" ]; then + [ ! -s "$AAVMF/$VARS" ] || [ ! -f "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45 rm -f "$DEST.vars" dd if=/dev/zero "of=$DEST.vars" bs=1M count=64 status=none dd "if=$AAVMF/$VARS" "of=$DEST.vars" conv=notrunc status=none diff --git a/src/config.sh b/src/config.sh index 57749fd..5ad2ad8 100644 --- a/src/config.sh +++ b/src/config.sh @@ -11,7 +11,7 @@ USB_OPTS="-device $USB -device usb-kbd -device usb-tablet" RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g') CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1" MON_OPTS="-monitor $MONITOR -name $PROCESS,process=$PROCESS,debug-threads=on" -MAC_OPTS="-machine type=${MACHINE},secure=off,dump-guest-core=off${KVM_OPTS}" +MAC_OPTS="-machine type=${MACHINE}${SECURE},dump-guest-core=off${KVM_OPTS}" DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4" DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom" DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"