Created
October 7, 2017 21:27
-
-
Save strayge/76917c5d9a7effcaf46a0d66136a0a29 to your computer and use it in GitHub Desktop.
Create GRUB for secureboot (only builtin modules allowed) for Kali and Parrot OS on usb stick
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# GRUB for secureboot (only builtin modules allowed) for Kali and Parrot OS on usb stick | |
# main part from kali build scripts: http://git.kali.org/gitweb/?p=packages/live-build.git;a=blob;f=scripts/build/efi-image | |
# parrot os includes already compiled binaries | |
# generate keys for secureboot: https://habrahabr.ru/post/273497/ | |
# compiled binary can just replaced builded on efi partition on usb stick | |
mkdir grub-efi-temp-x86_64-efi | |
mkdir workdir | |
mkdir -p workdir/boot/grub | |
# default builtin config | |
$ cat >"workdir/boot/grub/grub.cfg" <<EOF | |
search --file --set=root /.disk/info | |
set prefix=(\$root)/boot/grub | |
source \$prefix/x86_64-efi/grub.cfg | |
EOF | |
# create memdisk | |
(cd "workdir"; tar -cf - boot) >"memdisk_img" | |
# generate default efi binary | |
#grub-mkimage -O "x86_64-efi" -m "memdisk_img" -o "workdir/bootx64.efi" -p '(memdisk)/boot/grub' search iso9660 configfile normal memdisk tar part_msdos part_gpt fat | |
# generate efi binary with additional modules | |
grub-mkimage -O "x86_64-efi" -m "memdisk_img" -o "bootx64.efi.unsigned" --compress=xz -p '(memdisk)/boot/grub' search iso9660 configfile normal memdisk tar part_msdos part_gpt fat linux linuxefi png all_video gfxterm crypto cryptodisk gcry_blowfish gcry_camellia gcry_md5 gcry_rijndael gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_twofish gcry_whirlpool password password_pbkdf2 pbkdf2 bitmap bitmap_scale gettext gfxmenu gfxterm_background gfxterm_menu halt sleep reboot ls tga test | |
# test - for if in configs | |
# linux linuxefi - for load os | |
# sign | |
sbsign --key ISK.key --cert ISK.pem --output "bootx64.efi" "bootx64.efi.unsigned" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment