metal/bsp-files/pxeboot_setup.sh
Don Penney f7c7382343 Update pxeboot_setup.sh to use stock grubx64.efi
Secure boot fails for load setup with pxeboot_setup.sh, as the kernel
signature check fails validation due to the recent grub2 update for
CVE-2020-15705. This commit updates pxeboot_setup.sh to use the older
stock grubx64.efi, which will postpone the kernel validation until the
load is installed.

Change-Id: Ic6bfd236b076fc9023a77b1c2d8b9d4f8feee8b8
Closes-Bug: 1933263
Signed-off-by: Don Penney <don.penney@windriver.com>
2021-06-22 14:00:51 -04:00

127 lines
3.2 KiB
Bash
Executable File

#!/bin/bash
OPTIND=1
BASE_URL=""
TFTP_DIR=""
WORKING_DIR=""
COPY_DIR=""
ISODIR=$(dirname `readlink -f $0`)
usage() {
echo "Usage: $0 -u <http base URL> [-t <tftp pxeboot directory>] or [-w <working directory>]" 1>&2;
exit 0;
}
while getopts ":u:t:w:" opt; do
case "$opt" in
u)
BASE_URL=${OPTARG}
;;
t)
TFTP_DIR=${OPTARG}
;;
w)
WORKING_DIR=${OPTARG}
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
if [ -z "$BASE_URL" ]; then
echo "HTTP base URL is required: -u <http base URL>"
exit 0
fi
if [ -z "$TFTP_DIR" ] && [ -z "$WORKING_DIR" ]; then
echo "Either tftp pxeboot directory or working directory has to be specified:"
echo "-t <tftp pxeboot directory> or -w <working directory>"
exit 0
elif [ -n "$TFTP_DIR" ]; then
if [ -n "$WORKING_DIR" ]; then
echo "tftp pxeboot directory is supplied, working directory will be ignored."
fi
COPY_DIR=$TFTP_DIR
elif [ -n "$WORKING_DIR" ]; then
COPY_DIR=$WORKING_DIR
fi
if [ ! -d ${COPY_DIR} ] ; then
if [ -w "$(dirname $COPY_DIR)" ]; then
echo "Create ${COPY_DIR}"
mkdir ${COPY_DIR}
chmod +w ${COPY_DIR}
if [ $? -ne 0 ]; then
echo "Can't create ${COPY_DIR}"
exit 1
fi
else
echo "$COPY_DIR parent directory is not writeable."
exit 0
fi
else
echo "$COPY_DIR already exists"
read -p "WARNING: Files in this folder will get overwritten, continue? [y/N] " confirm
if [[ "${confirm}" != "y" ]]; then
exit 1
fi
fi
#Copy the vmlinuz and initrd files to the destination directory
cp ${ISODIR}/vmlinuz ${COPY_DIR}/
cp ${ISODIR}/initrd.img ${COPY_DIR}/
#Copy the contents of distribution to the destination directory
cp -r ${ISODIR}/* ${COPY_DIR}/
#Find the number of directories in the URL
dirpath=$(echo ${BASE_URL#"http://"})
DIRS=$(grep -o "/" <<< "$dirpath" | wc -l)
#Escape path for sed
BASE_URL="${BASE_URL//\//\\/}"
#Copy pxeboot files
mkdir -p ${COPY_DIR}/EFI/centos/x86_64-efi/
cp -Rf ${COPY_DIR}/pxeboot/* ${COPY_DIR}/
#Rename the UEFI grub config
mv ${COPY_DIR}/pxeboot_grub.cfg ${COPY_DIR}/grub.cfg
#Create a symlink of the UEFI grub config, the bootloader could be also looking
#for it under the EFI/ folder depending on if the PXE Server is configured with a
#TFTP Server or dnsmasq
ln -sf ../grub.cfg ${COPY_DIR}/EFI/grub.cfg
# Copy grubx64.efi from the EFI/BOOT dir to the EFI dir
cp -f ${ISODIR}/EFI/BOOT/grubx64.efi ${COPY_DIR}/EFI/
#Variable replacement
sed -i "s#xxxHTTP_URLxxx#${BASE_URL}#g;
s#xxxHTTP_URL_PATCHESxxx#${BASE_URL}/patches#g;
s#NUM_DIRS#${DIRS}#g" \
${COPY_DIR}/pxeboot.cfg \
${COPY_DIR}/grub.cfg \
${COPY_DIR}/pxeboot_controller.cfg \
${COPY_DIR}/pxeboot_smallsystem.cfg \
${COPY_DIR}/pxeboot_smallsystem_lowlatency.cfg
# Delete unnecessary files
rm -Rf ${COPY_DIR}/EFI/BOOT
rm -Rf ${COPY_DIR}/pxeboot
if [ -n "$TFTP_DIR" ]; then
#Create pxelinux.cfg directory and default link
if [ ! -d ${TFTP_DIR}/pxelinux.cfg ] ; then
mkdir ${TFTP_DIR}/pxelinux.cfg
fi
chmod 755 ${TFTP_DIR}/pxelinux.cfg
ln -sf ../pxeboot.cfg ${TFTP_DIR}/pxelinux.cfg/default
fi
echo "The setup is complete"