T861: use secure-boot certificates from data/certificates

author: Christian Breunig <christian@breunig.cc> 2025-03-16 20:10:09 +0100
committer: Christian Breunig <christian@breunig.cc> 2025-03-18 16:19:39 +0100
commit: a02b10b2ba4197c4dcd84eef053e4ab94995295b (patch)
tree: 73f9111f5a7f28e317c5c8d533f14831d4eedac3 /scripts
parent: 8d58a72368e6462fb464dad88bbc97599476b863 (diff)
download: vyos-build-a02b10b2ba4197c4dcd84eef053e4ab94995295b.tar.gz
vyos-build-a02b10b2ba4197c4dcd84eef053e4ab94995295b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image
index 94e326d4..aab5ed13 100755
--- a/scripts/image-build/build-vyos-image
+++ b/scripts/image-build/build-vyos-image
@@ -367,6 +367,11 @@ if __name__ == "__main__":
     shutil.copytree("data/live-build-config/", lb_config_dir)
     os.makedirs(lb_config_dir, exist_ok=True)
 
+    ## Secure Boot - Copy public Keys to image
+    sb_certs = 'data/certificates'
+    if os.path.isdir(sb_certs):
+        shutil.copytree(sb_certs, f'{lb_config_dir}/includes.chroot/var/lib/shim-signed/mok')
+
     # Switch to the build directory, this is crucial for the live-build work
     # because the efective build config files etc. are there.
     #
author	Christian Breunig <christian@breunig.cc>	2025-03-16 20:10:09 +0100
committer	Christian Breunig <christian@breunig.cc>	2025-03-18 16:19:39 +0100
commit	a02b10b2ba4197c4dcd84eef053e4ab94995295b (patch)
tree	73f9111f5a7f28e317c5c8d533f14831d4eedac3 /scripts
parent	8d58a72368e6462fb464dad88bbc97599476b863 (diff)
download	vyos-build-a02b10b2ba4197c4dcd84eef053e4ab94995295b.tar.gz vyos-build-a02b10b2ba4197c4dcd84eef053e4ab94995295b.zip