dist-kernel-utils.eclass: optionally sign the kernels

Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>

1 files changed, 17 insertions, 1 deletions

diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel-utils.eclass
index 1ef3104245c6..cb0021f8b3a7 100644
--- a/eclass/dist-kernel-utils.eclass
+++ b/eclass/dist-kernel-utils.eclass
@@ -12,6 +12,13 @@
 # This eclass provides various utility functions related to Distribution
 # Kernels.
 
+# @ECLASS_VARIABLE: KERNEL_IUSE_SECUREBOOT
+# @PRE_INHERIT
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# If set to a non-null value, inherits secureboot.eclass
+# and allows signing of generated kernel images.
+
 if [[ ! ${_DIST_KERNEL_UTILS} ]]; then
 
 case ${EAPI} in
@@ -19,6 +26,10 @@ case ${EAPI} in
 	*) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;;
 esac
 
+if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+	inherit secureboot
+fi
+
 # @FUNCTION: dist-kernel_build_initramfs
 # @USAGE: <output> <version>
 # @DESCRIPTION:
@@ -104,7 +115,7 @@ dist-kernel_install_kernel() {
 	if [[ ${magic} == MZ ]]; then
 		einfo "Combined UEFI kernel+initramfs executable found"
 		# install the combined executable in place of kernel
-		image=${initrd}.efi
+		image=${initrd%/*}/uki.efi
 		mv "${initrd}" "${image}" || die
 		# We moved the generated initrd, prevent dracut from running again
 		# https://github.com/dracutdevs/dracut/pull/2405
@@ -122,6 +133,11 @@ dist-kernel_install_kernel() {
 		export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}"
 	fi
 
+	if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+		# Kernel-install requires uki's are named uki.efi, sign in-place
+		secureboot_sign_efi_file "${image}" "${image}"
+	fi
+
 	ebegin "Installing the kernel via installkernel"
 	# note: .config is taken relatively to System.map;
 	# initrd relatively to bzImage