The aarch64 kernel is a gzip'ed EFI image, this means
that pesign needs to sign the original image and then
zip it for grub to be able to validate the kernel image.
Signed-off-by: Jeremy Linton <jeremy.linton@xxxxxxx>
---
kernel.spec | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/kernel.spec b/kernel.spec
index 25e4676a..e6601758 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -10,7 +10,7 @@ Summary: The Linux kernel
# Sign modules on x86. Make sure the config files match this setting if more
# architectures are added.
-%ifarch %{ix86} x86_64
+%ifarch %{ix86} x86_64 aarch64
%global signkernel 1
%global signmodules 1
%global zipmodules 1
@@ -1288,13 +1288,26 @@ BuildKernel() {
cp arch/$Arch/boot/zImage.stub $RPM_BUILD_ROOT/lib/modules/$KernelVer/zImage.stub-$KernelVer || :
fi
%if %{signkernel}
+ # aarch64 kernels are gziped EFI images
+ KernelExtension=${KernelImage##*.}
+ if [ "$KernelExtension" == "gz" ]; then
+ SignImage=${KernelImage%.*}
+ else
+ SignImage=$KernelImage
+ fi
+
# Sign the image if we're using EFI
- %pesign -s -i $KernelImage -o vmlinuz.signed
+ %pesign -s -i $SignImage -o vmlinuz.signed
if [ ! -s vmlinuz.signed ]; then
echo "pesigning failed"
exit 1
fi
- mv vmlinuz.signed $KernelImage
+ mv vmlinuz.signed $SignImage
+
+ if [ "$KernelExtension" == "gz" ]; then
+ gzip -f9 $SignImage
+ fi
+
%endif
$CopyKernel $KernelImage \
$RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
--
2.19.1
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
