SECUREBOOT.ECLASS
Section: eclass-manpages (5)Updated: Oct 2024
Index Return to Main Contents
NAME
secureboot.eclass - A small eclass to sign efi files for Secure BootDESCRIPTION
Eclass for packages that install .efi files. A use flag and two user variables allow signing these .efi files for use on systems with Secure Boot enabled.Signing the files during emerge ensures that any tooling that actually installs the bootloaders and kernels to ESP always uses a signed version. This prevents Secure Boot from accidentally breaking when upgrading the kernel or the bootloader.
Example use
src_install() { default secureboot_sign_efi_file in.efi out.efi.signed }
Or
src_install() { default secureboot_auto_sign }
Some tools will automatically detect and use EFI executables with the .signed suffix. For tools that do not do this the --in-place argument for secureboot_auto_sign can be used to ensure that the signed version is used.
SUPPORTED EAPIS
7 8FUNCTIONS
- secureboot_pkg_setup
- Checks if required user variables are set before starting the build
- secureboot_sign_efi_file <input file> [<output file>]
- Sign a file using sbsign and the requested key/certificate. If the file is already signed with our key then the file is skipped. If no output file is specified the output file will be the same as the input file, i.e. the file will be overwritten.
- secureboot_auto_sign [--in-place]
-
Automatically discover and sign efi files in the image directory.
By default signed files gain the .signed suffix. If the --in-place argument is given the efi files are replaced with a signed version in place.
ECLASS VARIABLES
- SECUREBOOT_SIGN_KEY (USER VARIABLE)
- Used with USE=secureboot. Should be set to the path of the private key in PEM format to use, or a PKCS#11 URI.
- SECUREBOOT_SIGN_CERT (USER VARIABLE)
- Used with USE=secureboot. Should be set to the path of the public key certificate in PEM format to use.
AUTHORS
Author: Andrew Ammerlaan <andrewammerlaan@gentoo.org>MAINTAINERS
Andrew Ammerlaan <andrewammerlaan@gentoo.org>REPORTING BUGS
Please report bugs via https://bugs.gentoo.org/FILES
secureboot.eclassSEE ALSO
ebuild(5)https://gitweb.gentoo.org/repo/gentoo.git/log/eclass/secureboot.eclass
Index
- NAME
- DESCRIPTION
- SUPPORTED EAPIS
- FUNCTIONS
- ECLASS VARIABLES
- AUTHORS
- MAINTAINERS
- REPORTING BUGS
- FILES
- SEE ALSO
This document was created by man2html, using the manual pages.
Time: 03:27:02 GMT, October 07, 2024