+def handle_secure_boot(target, efi_img):
+ """Provide secure boot support by extracting files from /boot/efi.img
+
+ @target: path where grml's main files should be copied to
+ @efi_img: path to the efi.img file that includes the files for secure boot
+ """
+
+ mkdir(target + '/efi/boot/')
+ efi_mountpoint = tempfile.mkdtemp(prefix="grml2usb", dir=os.path.abspath(options.tmpdir))
+ logging.debug("efi_mountpoint = %s" % efi_mountpoint)
+ register_tmpfile(efi_mountpoint)
+
+ try:
+ logging.debug("mount(%s, %s, ['-o', 'ro', '-t', 'vfat']" % (efi_img, efi_mountpoint))
+ mount(efi_img, efi_mountpoint, ['-o', 'ro', '-t', 'vfat'])
+ except CriticalException as error:
+ logging.critical("Fatal: %s", error)
+ sys.exit(1)
+
+ ubuntu_cfg = search_file('grub.cfg', efi_mountpoint + '/EFI/ubuntu')
+ logging.debug("ubuntu_cfg = %s" % ubuntu_cfg)
+ if not ubuntu_cfg:
+ logging.info("No /EFI/ubuntu/grub.cfg found inside EFI image, looks like Secure Boot support is missing.")
+ else:
+ mkdir(target + '/efi/ubuntu')
+ logging.debug("exec_rsync(%s, %s + '/efi/ubuntu/grub.cfg')" % (ubuntu_cfg, target))
+ exec_rsync(ubuntu_cfg, target + '/efi/ubuntu/grub.cfg')
+
+ logging.debug("exec_rsync(%s + '/EFI/BOOT/grubx64.efi', %s + '/efi/boot/grubx64.efi')'" % (efi_mountpoint, target))
+ exec_rsync(efi_mountpoint + '/EFI/BOOT/grubx64.efi', target + '/efi/boot/grubx64.efi')
+
+ # NOTE - we're overwriting /efi/boot/bootx64.efi from copy_bootloader_files here
+ logging.debug("exec_rsync(%s + '/EFI/BOOT/bootx64.efi', %s + '/efi/boot/bootx64.efi')'" % (efi_mountpoint, target))
+ exec_rsync(efi_mountpoint + '/EFI/BOOT/bootx64.efi', target + '/efi/boot/bootx64.efi')
+
+ try:
+ unmount(efi_mountpoint, "")
+ logging.debug('Unmounted %s' % efi_mountpoint)
+ os.rmdir(efi_mountpoint)
+ logging.debug('Removed directory %s' % efi_mountpoint)
+ except Exception:
+ logging.critical('RuntimeError while umount %s' % efi_mountpoint)
+ sys.exit(1)
+
+