Linux unified kernel setup for secureboot systemd-boot arch

unifiedkernelsetup.sh

#!/bin/bash

DATESTRING=$(date +%Y.%m.%d.%H.%M)
KERNEL=$(file -bL /boot/vmlinuz-linux-surface | grep -o 'version [^ ]*' | cut -d ' ' -f 2)

echo "Generating initramfs..."
mkinitcpio -p linux-surface -k $KERNEL

echo "Making copy of /usr/lib/os-release, Using suffux $KERNEL-$DATESTRING"
cp /usr/lib/os-release .
sed -i s/Arch\ Linux/Arch\ Linux\ $KERNEL-$DATESTRING/g os-release
sed -i s/rolling/$DATESTRING/g os-release

echo "Creating Intel ucode and initramfs image..."
cat /boot/intel-ucode.img /boot/initramfs-linux-surface.img > /boot/initramfs-linux-surface-unified.img

echo "Creating unified kernel image..."
objcopy -v --add-section .osrel=os-release --change-section-vma .osrel=0x20000 \
        --add-section .cmdline=kernel-command-line.txt --change-section-vma .cmdline=0x30000 \
        --add-section .linux=/boot/vmlinuz-linux-surface --change-section-vma .linux=0x40000 \
        --add-section .initrd=/boot/initramfs-linux-surface-unified.img --change-section-vma .initrd=0x3000000 \
        /usr/lib/systemd/boot/efi/linuxx64.efi.stub linux-$KERNEL-$DATESTRING.efi

echo "Signing efi image..."
sbsign --key /root/keys/DB.key --cert /root/keys/DB.crt --output /efi/EFI/Linux/linux-$KERNEL-$DATESTRING.efi ./linux-$KERNEL-$DATESTRING.efi

echo "Setting default boot image..."
bootctl set-default linux-$KERNEL-$DATESTRING

echo "removing local file..."
rm ./linux-$KERNEL-$DATESTRING.efi