Skip to content

Instantly share code, notes, and snippets.

@strayge
Created October 7, 2017 21:27
Show Gist options
  • Save strayge/76917c5d9a7effcaf46a0d66136a0a29 to your computer and use it in GitHub Desktop.
Save strayge/76917c5d9a7effcaf46a0d66136a0a29 to your computer and use it in GitHub Desktop.
Create GRUB for secureboot (only builtin modules allowed) for Kali and Parrot OS on usb stick
# GRUB for secureboot (only builtin modules allowed) for Kali and Parrot OS on usb stick
# main part from kali build scripts: http://git.kali.org/gitweb/?p=packages/live-build.git;a=blob;f=scripts/build/efi-image
# parrot os includes already compiled binaries
# generate keys for secureboot: https://habrahabr.ru/post/273497/
# compiled binary can just replaced builded on efi partition on usb stick
mkdir grub-efi-temp-x86_64-efi
mkdir workdir
mkdir -p workdir/boot/grub
# default builtin config
$ cat >"workdir/boot/grub/grub.cfg" <<EOF
search --file --set=root /.disk/info
set prefix=(\$root)/boot/grub
source \$prefix/x86_64-efi/grub.cfg
EOF
# create memdisk
(cd "workdir"; tar -cf - boot) >"memdisk_img"
# generate default efi binary
#grub-mkimage -O "x86_64-efi" -m "memdisk_img" -o "workdir/bootx64.efi" -p '(memdisk)/boot/grub' search iso9660 configfile normal memdisk tar part_msdos part_gpt fat
# generate efi binary with additional modules
grub-mkimage -O "x86_64-efi" -m "memdisk_img" -o "bootx64.efi.unsigned" --compress=xz -p '(memdisk)/boot/grub' search iso9660 configfile normal memdisk tar part_msdos part_gpt fat linux linuxefi png all_video gfxterm crypto cryptodisk gcry_blowfish gcry_camellia gcry_md5 gcry_rijndael gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_twofish gcry_whirlpool password password_pbkdf2 pbkdf2 bitmap bitmap_scale gettext gfxmenu gfxterm_background gfxterm_menu halt sleep reboot ls tga test
# test - for if in configs
# linux linuxefi - for load os
# sign
sbsign --key ISK.key --cert ISK.pem --output "bootx64.efi" "bootx64.efi.unsigned"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment