GamePlayer-8 · December 23, 2023 09:44
diff --git a/grub-sb.sh b/grub-sb.sh
 #!/bin/sh

 export platform="${platform:-x86_64-efi}"

 export CD_MODULES="all_video
 	boot
 	btrfs
 	cat
 	chain
 	configfile
 	echo
 	efifwsetup
 	efinet
 	ext2
 	fat
 	font
 	gettext
 	gfxmenu
 	gfxterm
 	gfxterm_background
 	gzio
 	halt
 	help
 	hfsplus
 	iso9660
 	jpeg
 	keystatus
 	loadenv
 	loopback
 	linux
 	ls
 	lsefi
 	lsefimmap
 	lsefisystab
 	lssal
 	memdisk
 	minicmd
 	normal
 	ntfs
 	part_apple
 	part_msdos
 	part_gpt
 	password_pbkdf2
 	png
 	probe
 	reboot
 	regexp
 	search
 	search_fs_uuid
 	search_fs_file
 	search_label
 	sleep
 	smbios
 	squash4
 	test
 	true
 	video
 	xfs
 	zfs
 	zfscrypt
 	zfsinfo"

 # Platform-specific modules
 case $platform in
    x86_64-efi|i386-efi)
 	export CD_MODULES="$CD_MODULES
 	cpuid
 	play
 	tpm"
 	;;
 esac

 export GRUB_MODULES="$CD_MODULES
 	cryptodisk
 	gcry_arcfour
 	gcry_blowfish
 	gcry_camellia
 	gcry_cast5
 	gcry_crc
 	gcry_des
 	gcry_dsa
 	gcry_idea
 	gcry_md4
 	gcry_md5
 	gcry_rfc2268
 	gcry_rijndael
 	gcry_rmd160
 	gcry_rsa
 	gcry_seed
 	gcry_serpent
 	gcry_sha1
 	gcry_sha256
 	gcry_sha512
 	gcry_tiger
 	gcry_twofish
 	gcry_whirlpool
 	luks
 	lvm
 	mdraid09
 	mdraid1x
 	raid5rec
 	raid6rec"

 export NET_MODULES="$CD_MODULES
 	http
 	tftp"

 export ESP_PATH=/boot/efi
 export BESP_PATH=/boot

 grub-install --target=x86_64-efi \
 		--efi-directory=/boot/efi \
 		--modules="${GRUB_MODULES}" \
 		--sbat /usr/share/grub/sbat.csv \
 		/dev/mmcblk1

 update-grub

 for efi_file in $(find "$BESP_PATH" -type f -name '*.efi'); do
 	sbctl sign -s "$efi_file"
 done

 sbctl verify
	#!/bin/sh

	export platform="${platform:-x86_64-efi}"

	export CD_MODULES="all_video
	boot
	btrfs
	cat
	chain
	configfile
	echo
	efifwsetup
	efinet
	ext2
	fat
	font
	gettext
	gfxmenu
	gfxterm
	gfxterm_background
	gzio
	halt
	help
	hfsplus
	iso9660
	jpeg
	keystatus
	loadenv
	loopback
	linux
	ls
	lsefi
	lsefimmap
	lsefisystab
	lssal
	memdisk
	minicmd
	normal
	ntfs
	part_apple
	part_msdos
	part_gpt
	password_pbkdf2
	png
	probe
	reboot
	regexp
	search
	search_fs_uuid
	search_fs_file
	search_label
	sleep
	smbios
	squash4
	test
	true
	video
	xfs
	zfs
	zfscrypt
	zfsinfo"

	# Platform-specific modules
	case $platform in
	x86_64-efi\|i386-efi)
	export CD_MODULES="$CD_MODULES
	cpuid
	play
	tpm"
	;;
	esac

	export GRUB_MODULES="$CD_MODULES
	cryptodisk
	gcry_arcfour
	gcry_blowfish
	gcry_camellia
	gcry_cast5
	gcry_crc
	gcry_des
	gcry_dsa
	gcry_idea
	gcry_md4
	gcry_md5
	gcry_rfc2268
	gcry_rijndael
	gcry_rmd160
	gcry_rsa
	gcry_seed
	gcry_serpent
	gcry_sha1
	gcry_sha256
	gcry_sha512
	gcry_tiger
	gcry_twofish
	gcry_whirlpool
	luks
	lvm
	mdraid09
	mdraid1x
	raid5rec
	raid6rec"

	export NET_MODULES="$CD_MODULES
	http
	tftp"

	export ESP_PATH=/boot/efi
	export BESP_PATH=/boot

	grub-install --target=x86_64-efi \
	--efi-directory=/boot/efi \
	--modules="${GRUB_MODULES}" \
	--sbat /usr/share/grub/sbat.csv \
	/dev/mmcblk1

	update-grub

	for efi_file in $(find "$BESP_PATH" -type f -name '*.efi'); do
	sbctl sign -s "$efi_file"
	done

	sbctl verify