kings-way/build_bootable_img.sh

## build_bootable_img.sh
#!/bin/bash
# Author:  kings_way
# Version: 20230101

# Build bootable image for BIOS and UEFI secure boot.
# Host OS: Ubuntu 20.04

set -e
KERNEL_FILE="/boot/vmlinuz"
INITRD_FILE="/boot/initrd.img"


# prepare dirs
rm -rf /tmp/work
mkdir -p /tmp/work/initrd
mkdir -p /tmp/work/rootfs/efi/{boot,ubuntu}

# install packages (assume the host has grub-efi already)
apt install shim-signed grub-efi-amd64-signed grub-pc-bin busybox-static

# build initramfs
cd /tmp/work/initrd
unmkinitramfs $INITRD_FILE .
for i in $(main/bin/busybox --list); do rm main/bin/$i; done
busybox --install main/bin

# hack init
sed -i '/load_modules/,$d' main/init
cat >> main/init << 'EOF'
load_modules
clear && echo
[ -d "/sys/firmware/efi" ] && echo "[boot mode]: UEFI" || echo "[boot mode]: BIOS"
echo -n "[Secure Boot]: " && dmesg | grep -o "secureboot.*" | head -1 && echo
sh
reboot -f
EOF

# delete useless drivers and tools
cd /tmp/work/initrd/main
rm -rf bin/plymouth usr/share/{fonts,plymouth} lib/x86_64-linux-gnu/libply*
rm -rf lib/i386-linux-gnu lib/x86_64-linux-gnu/plymouth lib/firmware/{netronome,amdgpu,radeon,mellanox,liquidio,cxgb4,nvidia,phanfw.bin}
cd /tmp/work/initrd/main/lib/modules/
for i in `ls`;do
    cd /tmp/work/initrd/main/lib/modules/"$i"/kernel/drivers
    rm -rf {../net,../sound,../fs,../../updates,net,gpu,regulator,thunderbolt,firewire,fpga,infiniband}
done

# build the initrd
cd /tmp/work/initrd/main
find . | cpio -o -Hnewc | gzip > /tmp/work/initrd/initrd.gz


# install shim, grub, kernel and initrd
cd /tmp/work/rootfs
cp -avH /usr/lib/shim/shimx64.efi.signed   efi/boot/bootx64.efi
cp -avH /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed  efi/boot/grubx64.efi
cp -avH $KERNEL_FILE  efi/ubuntu/vmlinuz
cp -avH /tmp/work/initrd/initrd.gz efi/ubuntu/initrd

# setup grub.cfg
cat > efi/ubuntu/grub.cfg << 'EOF'
echo 'Loading kernel...'
linux /efi/ubuntu/vmlinuz ro quiet
echo 'Loading initramfs...'
initrd /efi/ubuntu/initrd
echo 'Booting...'
boot
EOF

# build img
cd /tmp/work
IMG_SIZE=$(du -hs rootfs|awk '{print $1}')
fallocate -o 8M -l "$IMG_SIZE" boot.img
# UEFI boot img
#echo -ne 'g\n n\n\n\n\n t\n C12A7328-F81F-11D2-BA4B-00A0C93EC93B\n w\n' | fdisk boot.img
# BIOS/UEFI (MBR/GPT) hybrid boot img
echo -ne 'g\n n\n\n\n+1M\n t\n 21686148-6449-6E6F-744E-656564454649\n n\n\n\n\n t\n\n C12A7328-F81F-11D2-BA4B-00A0C93EC93B\n w\n' | fdisk boot.img
losetup -P loop7788 boot.img
mkfs.fat -F32 /dev/loop7788p2
mkdir loop
mount /dev/loop7788p2 /tmp/work/loop
# grub, i386-pc
grub-install --target=i386-pc --root-directory=/tmp/work/loop /dev/loop7788
cp -avH rootfs/efi/ubuntu/grub.cfg loop/boot/grub/

# grub, x86_64-efi
cp -avrH rootfs/* loop/  && sync && umount loop && losetup -d /dev/loop7788
	#!/bin/bash
	# Author: kings_way
	# Version: 20230101

	# Build bootable image for BIOS and UEFI secure boot.
	# Host OS: Ubuntu 20.04

	set -e
	KERNEL_FILE="/boot/vmlinuz"
	INITRD_FILE="/boot/initrd.img"


	# prepare dirs
	rm -rf /tmp/work
	mkdir -p /tmp/work/initrd
	mkdir -p /tmp/work/rootfs/efi/{boot,ubuntu}

	# install packages (assume the host has grub-efi already)
	apt install shim-signed grub-efi-amd64-signed grub-pc-bin busybox-static

	# build initramfs
	cd /tmp/work/initrd
	unmkinitramfs $INITRD_FILE .
	for i in $(main/bin/busybox --list); do rm main/bin/$i; done
	busybox --install main/bin

	# hack init
	sed -i '/load_modules/,$d' main/init
	cat >> main/init << 'EOF'
	load_modules
	clear && echo
	[ -d "/sys/firmware/efi" ] && echo "[boot mode]: UEFI" \|\| echo "[boot mode]: BIOS"
	echo -n "[Secure Boot]: " && dmesg \| grep -o "secureboot.*" \| head -1 && echo
	sh
	reboot -f
	EOF

	# delete useless drivers and tools
	cd /tmp/work/initrd/main
	rm -rf bin/plymouth usr/share/{fonts,plymouth} lib/x86_64-linux-gnu/libply*
	rm -rf lib/i386-linux-gnu lib/x86_64-linux-gnu/plymouth lib/firmware/{netronome,amdgpu,radeon,mellanox,liquidio,cxgb4,nvidia,phanfw.bin}
	cd /tmp/work/initrd/main/lib/modules/
	for i in `ls`;do
	cd /tmp/work/initrd/main/lib/modules/"$i"/kernel/drivers
	rm -rf {../net,../sound,../fs,../../updates,net,gpu,regulator,thunderbolt,firewire,fpga,infiniband}
	done

	# build the initrd
	cd /tmp/work/initrd/main
	find . \| cpio -o -Hnewc \| gzip > /tmp/work/initrd/initrd.gz


	# install shim, grub, kernel and initrd
	cd /tmp/work/rootfs
	cp -avH /usr/lib/shim/shimx64.efi.signed efi/boot/bootx64.efi
	cp -avH /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed efi/boot/grubx64.efi
	cp -avH $KERNEL_FILE efi/ubuntu/vmlinuz
	cp -avH /tmp/work/initrd/initrd.gz efi/ubuntu/initrd

	# setup grub.cfg
	cat > efi/ubuntu/grub.cfg << 'EOF'
	echo 'Loading kernel...'
	linux /efi/ubuntu/vmlinuz ro quiet
	echo 'Loading initramfs...'
	initrd /efi/ubuntu/initrd
	echo 'Booting...'
	boot
	EOF

	# build img
	cd /tmp/work
	IMG_SIZE=$(du -hs rootfs\|awk '{print $1}')
	fallocate -o 8M -l "$IMG_SIZE" boot.img
	# UEFI boot img
	#echo -ne 'g\n n\n\n\n\n t\n C12A7328-F81F-11D2-BA4B-00A0C93EC93B\n w\n' \| fdisk boot.img
	# BIOS/UEFI (MBR/GPT) hybrid boot img
	echo -ne 'g\n n\n\n\n+1M\n t\n 21686148-6449-6E6F-744E-656564454649\n n\n\n\n\n t\n\n C12A7328-F81F-11D2-BA4B-00A0C93EC93B\n w\n' \| fdisk boot.img
	losetup -P loop7788 boot.img
	mkfs.fat -F32 /dev/loop7788p2
	mkdir loop
	mount /dev/loop7788p2 /tmp/work/loop
	# grub, i386-pc
	grub-install --target=i386-pc --root-directory=/tmp/work/loop /dev/loop7788
	cp -avH rootfs/efi/ubuntu/grub.cfg loop/boot/grub/

	# grub, x86_64-efi
	cp -avrH rootfs/* loop/ && sync && umount loop && losetup -d /dev/loop7788