Skip to content
This repository has been archived by the owner on Apr 22, 2024. It is now read-only.

feat: Add Secure Boot Support and Remove Grub Entry for Test this Media #28

Merged
merged 4 commits into from
Feb 23, 2024
Merged

feat: Add Secure Boot Support and Remove Grub Entry for Test this Media #28

merged 4 commits into from
Feb 23, 2024

Conversation

noelmiller
Copy link
Member

Purpose

The purpose of this PR is to add secure boot support and remove the grub entry that does not currently work for the ISO installer. These were the last 2 items that needed to be fixed before we consider our ISOs good to ship. We are fast tracking this change in order to make sure we are ready for upcoming conferences (KubeCon and SCALE)

What was done

Secure Boot Support

Secure boot support is using the method we previously used in our old Isogenerator to enable secure boot support. This imports our key on the users system on first boot if secure boot is detected and opens mokutil to walk the user through importing it.

Removing Grub Entry

Current method for fixing this is by removing the entry in the template config file for both grub2-bios.cfg and grub2-efi.cfg using sed command. There is probably a way to override the config file, but this will work for now.

Conclusion

With these final 2 issues sorted out, I feel comfortable with shipping the new ISOs for Bluefin and Bazzite. We will come back to optimize at a later date.

@noelmiller noelmiller self-assigned this Feb 23, 2024
@noelmiller noelmiller requested a review from JasonN3 as a code owner February 23, 2024 17:27
@KyleGospo
Copy link
Member

Looks good to me, secure boot fix is 100% proper and while the testing fix could be better, I think the sed command works fine as a patch and I'd rather it not be shown than be shown and lie about the status of the check.

bigpod98
bigpod98 approved these changes Feb 23, 2024
View reviewed changes
Copy link

@bigpod98 bigpod98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

having both secure boot and better grub experiance is important, Everything appears to be OK

@bsherman
Copy link

I downloaded and tested the generated test ISO for Fedora 38.

I confirm:

  • the grub menu entry for ISO validation was removed
  • the secure boot MOK import works and after install the user boots direct to the MOK UEFI tool

Looks good!

@noelmiller noelmiller added this pull request to the merge queue Feb 23, 2024
Merged via the queue into main with commit bf4d136 Feb 23, 2024
8 checks passed
@noelmiller noelmiller deleted the secureboot branch February 25, 2024 13:17
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@KyleGospo KyleGospo KyleGospo approved these changes

@bigpod98 bigpod98 bigpod98 approved these changes

@bsherman bsherman bsherman approved these changes

@castrojo castrojo Awaiting requested review from castrojo

@p5 p5 Awaiting requested review from p5

@JasonN3 JasonN3 Awaiting requested review from JasonN3

Assignees

@noelmiller noelmiller

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@noelmiller @KyleGospo @bsherman @bigpod98