fix: Disable secure boot by default (#41)
This commit is contained in:
Kroese
GitHub
parent
866ecb26a1
commit
cc34dec418
2 changed files with 15 additions and 8 deletions
21
src/boot.sh
21
src/boot.sh
|
|
@ -5,25 +5,32 @@ set -Eeuo pipefail
|
|||
: "${BIOS:=""}" # Bios file
|
||||
|
||||
BOOT_OPTS=""
|
||||
SECURE=",secure=off"
|
||||
DIR="/usr/share/qemu"
|
||||
|
||||
case "${BOOT_MODE,,}" in
|
||||
uefi)
|
||||
ROM="AAVMF_CODE.fd"
|
||||
ROM="AAVMF_CODE.no-secboot.fd"
|
||||
VARS="AAVMF_VARS.fd"
|
||||
;;
|
||||
secure)
|
||||
ROM="AAVMF_CODE.fd"
|
||||
SECURE=",secure=on"
|
||||
ROM="AAVMF_CODE.secboot.fd"
|
||||
VARS="AAVMF_VARS.fd"
|
||||
;;
|
||||
windows)
|
||||
ROM="AAVMF_CODE.no-secboot.fd"
|
||||
VARS="AAVMF_VARS.fd"
|
||||
;;
|
||||
windows_secure)
|
||||
SECURE=",secure=on"
|
||||
ROM="AAVMF_CODE.ms.fd"
|
||||
VARS="AAVMF_VARS.ms.fd"
|
||||
;;
|
||||
*)
|
||||
info "Unknown boot mode '${BOOT_MODE}', defaulting to 'uefi'"
|
||||
BOOT_MODE="uefi"
|
||||
ROM="AAVMF_CODE.fd"
|
||||
ROM="AAVMF_CODE.no-secboot.fd"
|
||||
VARS="AAVMF_VARS.fd"
|
||||
;;
|
||||
esac
|
||||
|
|
@ -38,15 +45,15 @@ fi
|
|||
AAVMF="/usr/share/AAVMF/"
|
||||
DEST="$STORAGE/${BOOT_MODE,,}"
|
||||
|
||||
if [ ! -s "$DEST.rom" ]; then
|
||||
[ ! -s "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44
|
||||
if [ ! -s "$DEST.rom" ] || [ ! -f "$DEST.rom" ]; then
|
||||
[ ! -s "$AAVMF/$ROM" ] || [ ! -f "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44
|
||||
rm -f "$DEST.rom"
|
||||
dd if=/dev/zero "of=$DEST.rom" bs=1M count=64 status=none
|
||||
dd "if=$AAVMF/$ROM" "of=$DEST.rom" conv=notrunc status=none
|
||||
fi
|
||||
|
||||
if [ ! -s "$DEST.vars" ]; then
|
||||
[ ! -s "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45
|
||||
if [ ! -s "$DEST.vars" ] || [ ! -f "$DEST.vars" ]; then
|
||||
[ ! -s "$AAVMF/$VARS" ] || [ ! -f "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45
|
||||
rm -f "$DEST.vars"
|
||||
dd if=/dev/zero "of=$DEST.vars" bs=1M count=64 status=none
|
||||
dd "if=$AAVMF/$VARS" "of=$DEST.vars" conv=notrunc status=none
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ USB_OPTS="-device $USB -device usb-kbd -device usb-tablet"
|
|||
RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
|
||||
CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"
|
||||
MON_OPTS="-monitor $MONITOR -name $PROCESS,process=$PROCESS,debug-threads=on"
|
||||
MAC_OPTS="-machine type=${MACHINE},secure=off,dump-guest-core=off${KVM_OPTS}"
|
||||
MAC_OPTS="-machine type=${MACHINE}${SECURE},dump-guest-core=off${KVM_OPTS}"
|
||||
DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
|
||||
DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
|
||||
DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
|
||||
|
|
|
|||
Loading…
Reference in a new issue