diff --git a/secureboot.sh b/secureboot.sh index 74b6509..500727f 100755 --- a/secureboot.sh +++ b/secureboot.sh @@ -42,7 +42,7 @@ sbkeysync --verbose --pk chmod -R g-rwx /etc/secureboot chmod -R g-rwx /etc/secureboot -grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile tpm gzio part_gpt cryptodisk luks gcry_rijndael gcry_sha256 btrfs" --disable-shim-lock +grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile gzio part_gpt cryptodisk luks gcry_rijndael gcry_sha256 btrfs tpm" --disable-shim-lock sbsign --key /etc/efi-keys/DB.key --cert /etc/efi-keys/DB.crt --output /boot/efi/EFI/GRUB/grubx64.efi /boot/efi/EFI/GRUB/grubx64.efi grub-mkconfig -o /boot/grub/grub.cfg @@ -58,7 +58,7 @@ Description=Update grubx64.efi Depends=grub When=PostTransaction NeedsTargets -Exec=/bin/bash -c 'grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile tpm gzio part_gpt cryptodisk luks gcry_rijndael gcry_sha256 btrfs" --disable-shim-lock && /usr/bin/sbsign --key /etc/efi-keys/DB.key --cert /etc/efi-keys/DB.crt --output /boot/efi/EFI/GRUB/grubx64.efi /boot/efi/EFI/GRUB/grubx64.efi && /usr/bin/sed -i 's#rootflags=subvol=${rootsubvol} ##g' /etc/grub.d/10_linux && /usr/bin/sed -i 's#rootflags=subvol=${rootsubvol} ##g' /etc/grub.d/20_linux_xen && /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg' +Exec=/bin/bash -c 'grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile gzio part_gpt cryptodisk luks gcry_rijndael gcry_sha256 btrfs tpm" --disable-shim-lock && /usr/bin/sbsign --key /etc/efi-keys/DB.key --cert /etc/efi-keys/DB.crt --output /boot/efi/EFI/GRUB/grubx64.efi /boot/efi/EFI/GRUB/grubx64.efi && /usr/bin/sed -i 's#rootflags=subvol=${rootsubvol} ##g' /etc/grub.d/10_linux && /usr/bin/sed -i 's#rootflags=subvol=${rootsubvol} ##g' /etc/grub.d/20_linux_xen && /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg' EOF chmod 600 /etc/pacman.d/hooks/*