From a02b10b2ba4197c4dcd84eef053e4ab94995295b Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 16 Mar 2025 20:10:09 +0100
Subject: T861: use secure-boot certificates from data/certificates

---
 scripts/image-build/build-vyos-image | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'scripts')

diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image
index 94e326d4..aab5ed13 100755
--- a/scripts/image-build/build-vyos-image
+++ b/scripts/image-build/build-vyos-image
@@ -367,6 +367,11 @@ if __name__ == "__main__":
     shutil.copytree("data/live-build-config/", lb_config_dir)
     os.makedirs(lb_config_dir, exist_ok=True)
 
+    ## Secure Boot - Copy public Keys to image
+    sb_certs = 'data/certificates'
+    if os.path.isdir(sb_certs):
+        shutil.copytree(sb_certs, f'{lb_config_dir}/includes.chroot/var/lib/shim-signed/mok')
+
     # Switch to the build directory, this is crucial for the live-build work
     # because the efective build config files etc. are there.
     #
-- 
cgit v1.2.3