summaryrefslogtreecommitdiffstats
path: root/grub.tpl
diff options
context:
space:
mode:
author Eric Hameleers <alien@slackware.com>2021-11-08 09:18:14 +0100
committer Eric Hameleers <alien@slackware.com>2021-11-08 09:18:14 +0100
commitf5a3e197512428a14925376345215fcc79f73c8b (patch)
tree6318419b1d61e33f40757c7d6a68e88eb97ca4e9 /grub.tpl
parent5321fa4452c34f5b5d2547682ac9ea890378268c (diff)
downloadliveslak-f5a3e197512428a14925376345215fcc79f73c8b.tar.gz
liveslak-f5a3e197512428a14925376345215fcc79f73c8b.tar.xz
liveslak: add Secure Boot support to all 64bit ISOs
Read the updates in the README for more background and guidance. User notice: As a one-time action the very first time you boot a Secure Boot enabled liveslak ISO, you will have to enroll the liveslak certificate (/EFI/BOOT/liveslak.der) with which the Slackware boot-up binaries (grub and kernel) were signed into your computer's MOK (Machine Owner Key database). This enrollment request will show on-screen during initial boot, just follow the prompts to 'enroll from disk'. Afterwards the computer will reboot and from then on, your liveslak will boot without any user intervention on your Secure Boot computer. Note: liveslak uses Fedora's initial boot loader (the 'shim') which has been signed by Microsoft. In future we may get our own signed shim for liveslak and/or Slackware, but don't hold your breath.
Diffstat (limited to 'grub.tpl')
-rw-r--r--grub.tpl6
1 files changed, 6 insertions, 0 deletions
diff --git a/grub.tpl b/grub.tpl
index ead3a36..82ecf32 100644
--- a/grub.tpl
+++ b/grub.tpl
@@ -22,6 +22,12 @@ if [ -z "$sl_locale" ]; then
export sl_locale
fi
+# Check whether we are in a Secure Boot scenario:
+if [ "x$lockdown" != "x" ]; then
+ set check_signatures=enforce
+ export check_signatures
+fi
+
# Determine whether we can show a graphical themed menu:
insmod font
if loadfont $prefix/theme/dejavusansmono12.pf2 ; then