julian-klode · February 19, 2026 14:31
diff --git a/shimctl b/shimctl
 #!/bin/bash -x

 GRUB_DIR=/usr/lib/grub/x86_64-efi
 [ "$SHIM" ] || SHIM=/usr/lib/shim/shimx64.efi
 set -e

 tmp=$(mktemp -d)
 trap "rm -rf $tmp" exit

 if echo "$1" | grep -q '.deb'; then
 	mkdir $tmp/deb
 	dpkg -x "$1" $tmp/deb
 	GRUB_DIR="$tmp/deb/$GRUB_DIR"
 	shift
 fi
 if [ -z "$OVMF_VARS" ]; then
 	OVMF_VARS=$tmp/OVMF_VARS.fd
 fi


 case "$1" in 
 	netboot|netboot-*)
 		sudo cat /boot/vmlinuz > $tmp/vmlinuz
 		cp $SHIM.signed $tmp/shimx64.efi
        if [ -e ${GRUB_DIR}-signed ]; then
            cp ${GRUB_DIR}-signed/grubnetx64.efi.signed $tmp/grubx64.efi
        else
            cp ${GRUB_DIR}/monolithic/grubnetx64.efi $tmp/grubx64.efi
        fi
 #		cp /home/jak/Projects/Ubuntu/grub/obj/mono*/*/grubnetx64.efi  $tmp/grubx64.efi

 		case "$1" in
 			netboot-unsigned-grub)
 				sbattach --remove $tmp/grubx64.efi
 				;;
 			netboot-unsigned-shim)
 				cp $SHIM $tmp/shimx64.efi
 				;;
 			netboot-unsigned-kernel)
 				sbattach --remove $tmp/vmlinuz
 				;;
 			netboot-smbios)
 				;;
 			netboot)
 				;;
 			*)
 				echo "Unknown netboot variant $1" >&2
 				exit 1
 		esac
 		[ -e ${OVMF_VARS} ] || cp /usr/share/OVMF/OVMF_VARS.fd  ${OVMF_VARS}

 		mkdir -p $tmp/initrd/{usr/,}{s,}bin $tmp/initrd/{proc,sys,dev}
 		cp /bin/busybox $tmp/initrd/bin/busybox
 		sudo chroot $tmp/initrd /bin/busybox --install

 		echo "#!/bin/sh" > $tmp/initrd/init
 		echo "mount -t devtmpfs devtmpfs /dev" >> $tmp/initrd/init
 		echo "mount -t proc proc /proc" >> $tmp/initrd/init
 		echo "mount -t sysfs sysfs /sys" >> $tmp/initrd/init
 		echo "mount -t efivarfs efivarfs /sys/firmware/efi/efivars" >> $tmp/initrd/init
 		echo "dmesg | grep -i lockdown | grep -v tracefs" >> $tmp/initrd/init
 		echo "while true; do sh; done" >> $tmp/initrd/init

 		echo "cut -f3 -d= /proc/cmdline | tr ':' '\n' > a" > $tmp/initrd/diff.sh
 		echo "cat /sys/class/dmi/id/modalias | tr ':' '\n' > b" >> $tmp/initrd/diff.sh
 		echo "diff a b" >> $tmp/initrd/diff.sh
 		chmod 755 $tmp/initrd/init
 		( cd $tmp/initrd && find | cpio -H newc -o --file $tmp/initrd.img )

        #dd if=/dev/zero of=$tmp/initrd.img bs=1M count=400 oflag=append

 		mkdir $tmp/grub
 		
 		case "$1" in
 			netboot-smbios)
 				cp -a ${GRUB_DIR} $tmp/grub/
 				echo "set pager=1" > $tmp/grub/grub.cfg
 				;;
 			*)
                echo "set root=(hd0,msdos1)" > $tmp/grub/grub.cfg
                echo "set debug=linux" >> $tmp/grub/grub.cfg
                echo "clear" >>  $tmp/grub/grub.cfg
 				#echo "linux /vmlinuz" >> $tmp/grub/grub.cfg
 				#echo "initrd /initrd.img" >> $tmp/grub/grub.cfg
 				#echo "boot" >> $tmp/grub/grub.cfg
 				;;
 		esac

 		mkdir $tmp/esp
        #cp -a /tmp/EFI $tmp/esp
        #cp -a $tmp/shimx64.efi $tmp/esp/EFI/boot/bootx64.efi

        
 		cp -a $tmp/grub/grub.cfg $tmp/esp
 		cp -a $tmp/*.* $tmp/esp
 		cp -a $tmp/vmlinuz $tmp/esp
 		touch $tmp/esp/this-is-esp
 		#cp ${GRUB_DIR}-signed/grubx64.efi.signed $tmp/esp/grubx64.efi
 		#cp  /usr/libexec/fwupd/efi/fwupdx64.efi $tmp/esp/
 		
 #		cp ca.der $tmp/esp

 		#cp $SHIM.signed.esp $tmp/shimx64.efi
        
 #		echo "chainloader (hd0,msdos1)/shimx64.efi" > $tmp/grub/grub.cfg
 ##		echo "chainloader (http,10.0.2.2)/EFI/ubuntu/shimx64.efi" > $tmp/grub/grub.cfg
 #        echo "echo Chainloading from disk " >> $tmp/grub/grub.cfg
 #        echo "sleep 3" >> $tmp/grub/grub.cfg
 #		echo "boot" >> $tmp/grub/grub.cfg



 		#-drive if=pflash,format=raw,file=${OVMF_VARS}
 		qemu-system-x86_64 \
 			-drive if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_CODE.fd \
 			-drive if=pflash,format=raw,file=${OVMF_VARS} \
 			-drive file=fat:rw:$tmp/esp \
 			-device e1000,netdev=n1  -netdev user,id=n1,tftp=$tmp,bootfile=/shimx64.efi  \
 			-M q35 \
 			-m 2048
 		;;

 	*)
 		echo "E: Iinvalid argument $1 - use one of"
 		echo "   - netboot"
 		echo "   - netboot-unsigned-grub"
 		;;
 esac
	#!/bin/bash -x

	GRUB_DIR=/usr/lib/grub/x86_64-efi
	[ "$SHIM" ] \|\| SHIM=/usr/lib/shim/shimx64.efi
	set -e

	tmp=$(mktemp -d)
	trap "rm -rf $tmp" exit

	if echo "$1" \| grep -q '.deb'; then
	mkdir $tmp/deb
	dpkg -x "$1" $tmp/deb
	GRUB_DIR="$tmp/deb/$GRUB_DIR"
	shift
	fi
	if [ -z "$OVMF_VARS" ]; then
	OVMF_VARS=$tmp/OVMF_VARS.fd
	fi


	case "$1" in
	netboot\|netboot-*)
	sudo cat /boot/vmlinuz > $tmp/vmlinuz
	cp $SHIM.signed $tmp/shimx64.efi
	if [ -e ${GRUB_DIR}-signed ]; then
	cp ${GRUB_DIR}-signed/grubnetx64.efi.signed $tmp/grubx64.efi
	else
	cp ${GRUB_DIR}/monolithic/grubnetx64.efi $tmp/grubx64.efi
	fi
	# cp /home/jak/Projects/Ubuntu/grub/obj/mono//grubnetx64.efi $tmp/grubx64.efi

	case "$1" in
	netboot-unsigned-grub)
	sbattach --remove $tmp/grubx64.efi
	;;
	netboot-unsigned-shim)
	cp $SHIM $tmp/shimx64.efi
	;;
	netboot-unsigned-kernel)
	sbattach --remove $tmp/vmlinuz
	;;
	netboot-smbios)
	;;
	netboot)
	;;
	*)
	echo "Unknown netboot variant $1" >&2
	exit 1
	esac
	[ -e ${OVMF_VARS} ] \|\| cp /usr/share/OVMF/OVMF_VARS.fd ${OVMF_VARS}

	mkdir -p $tmp/initrd/{usr/,}{s,}bin $tmp/initrd/{proc,sys,dev}
	cp /bin/busybox $tmp/initrd/bin/busybox
	sudo chroot $tmp/initrd /bin/busybox --install

	echo "#!/bin/sh" > $tmp/initrd/init
	echo "mount -t devtmpfs devtmpfs /dev" >> $tmp/initrd/init
	echo "mount -t proc proc /proc" >> $tmp/initrd/init
	echo "mount -t sysfs sysfs /sys" >> $tmp/initrd/init
	echo "mount -t efivarfs efivarfs /sys/firmware/efi/efivars" >> $tmp/initrd/init
	echo "dmesg \| grep -i lockdown \| grep -v tracefs" >> $tmp/initrd/init
	echo "while true; do sh; done" >> $tmp/initrd/init

	echo "cut -f3 -d= /proc/cmdline \| tr ':' '\n' > a" > $tmp/initrd/diff.sh
	echo "cat /sys/class/dmi/id/modalias \| tr ':' '\n' > b" >> $tmp/initrd/diff.sh
	echo "diff a b" >> $tmp/initrd/diff.sh
	chmod 755 $tmp/initrd/init
	( cd $tmp/initrd && find \| cpio -H newc -o --file $tmp/initrd.img )

	#dd if=/dev/zero of=$tmp/initrd.img bs=1M count=400 oflag=append

	mkdir $tmp/grub

	case "$1" in
	netboot-smbios)
	cp -a ${GRUB_DIR} $tmp/grub/
	echo "set pager=1" > $tmp/grub/grub.cfg
	;;
	*)
	echo "set root=(hd0,msdos1)" > $tmp/grub/grub.cfg
	echo "set debug=linux" >> $tmp/grub/grub.cfg
	echo "clear" >> $tmp/grub/grub.cfg
	#echo "linux /vmlinuz" >> $tmp/grub/grub.cfg
	#echo "initrd /initrd.img" >> $tmp/grub/grub.cfg
	#echo "boot" >> $tmp/grub/grub.cfg
	;;
	esac

	mkdir $tmp/esp
	#cp -a /tmp/EFI $tmp/esp
	#cp -a $tmp/shimx64.efi $tmp/esp/EFI/boot/bootx64.efi


	cp -a $tmp/grub/grub.cfg $tmp/esp
	cp -a $tmp/. $tmp/esp
	cp -a $tmp/vmlinuz $tmp/esp
	touch $tmp/esp/this-is-esp
	#cp ${GRUB_DIR}-signed/grubx64.efi.signed $tmp/esp/grubx64.efi
	#cp /usr/libexec/fwupd/efi/fwupdx64.efi $tmp/esp/

	# cp ca.der $tmp/esp

	#cp $SHIM.signed.esp $tmp/shimx64.efi

	# echo "chainloader (hd0,msdos1)/shimx64.efi" > $tmp/grub/grub.cfg
	## echo "chainloader (http,10.0.2.2)/EFI/ubuntu/shimx64.efi" > $tmp/grub/grub.cfg
	# echo "echo Chainloading from disk " >> $tmp/grub/grub.cfg
	# echo "sleep 3" >> $tmp/grub/grub.cfg
	# echo "boot" >> $tmp/grub/grub.cfg



	#-drive if=pflash,format=raw,file=${OVMF_VARS}
	qemu-system-x86_64 \
	-drive if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_CODE.fd \
	-drive if=pflash,format=raw,file=${OVMF_VARS} \
	-drive file=fat:rw:$tmp/esp \
	-device e1000,netdev=n1 -netdev user,id=n1,tftp=$tmp,bootfile=/shimx64.efi \
	-M q35 \
	-m 2048
	;;

	*)
	echo "E: Iinvalid argument $1 - use one of"
	echo " - netboot"
	echo " - netboot-unsigned-grub"
	;;
	esac
No results found