#! /bin/sh set -e # Automatically added by dh_installdeb/13.3.4 dpkg-maintscript-helper symlink_to_dir /usr/share/doc/shim-signed shim-signed-common 1.36\~ shim-signed -- "$@" # End automatically added section # If we're not on an EFI system, do nothing else if [ ! -d /sys/firmware/efi ]; then exit 0 fi # Must load the confmodule for our template to be installed correctly. . /usr/share/debconf/confmodule # Select the right target architecture for grub-install ARCH=$(dpkg --print-architecture) case ${ARCH} in i386|amd64) FW_SIZE=$(cat /sys/firmware/efi/fw_platform_size) if [ "$FW_SIZE"x = "32"x ]; then SHIM_REMOVE="shimia32.efi" GRUB_EFI_TARGET="i386-efi" elif [ "$FW_SIZE"x = "64"x ]; then GRUB_EFI_TARGET="x86_64-efi" SHIM_REMOVE="shimx64.efi" else echo "Unable to read a valid value from fw_platform_size, ABORT" exit 1 fi ;; arm64) SHIM_REMOVE="shimaa64.efi" GRUB_EFI_TARGET="arm64-efi" ;; *) echo "Unsupported dpkg architecture ${ARCH} in $0. ABORT" exit 1 ;; esac # Pull out a config value from /etc/default/grub config_item () { if [ -f /etc/default/grub ]; then . /etc/default/grub || return for x in /etc/default/grub.d/*.cfg; do if [ -e "$x" ]; then # Lose any output here so we don't confuse our # caller. The xen packages echo stuff here, Aargh! . "$x" > /dev/null fi done fi eval echo "\$$1" } # Call grub-install but don't fail on errors. Let's not break upgrades run_grub_install() { if ! grub-install $@ ; then echo "Failed: grub-install $@" >&2 echo "WARNING: Bootloader is not properly installed, system may not be bootable" >&2 fi } case $1 in remove|purge) bootloader_id="$(config_item GRUB_DISTRIBUTOR | tr A-Z a-z | \ cut -d' ' -f1)" case $bootloader_id in kubuntu) bootloader_id=ubuntu ;; esac # If we're being removed, try to call grub-install to drop us # from the boot chain in the ESP if [ "$bootloader_id" ] && \ [ -d "/boot/efi/EFI/$bootloader_id" ] && \ which grub-install >/dev/null 2>&1 then # Check for some of the options that matter, so we can # call grub-install without dropping them OPTIONS="" db_get grub2/force_efi_extra_removable || RET=false if [ "$RET" = true ]; then OPTIONS="$OPTIONS --force-extra-removable" fi db_get grub2/update_nvram || RET=true if [ "$RET" = false ]; then OPTIONS="$OPTIONS --no-nvram" fi run_grub_install --target=${GRUB_EFI_TARGET} $OPTIONS if dpkg --compare-versions "$2" lt-nl "1.22~"; then rm -f /boot/efi/EFI/ubuntu/MokManager.efi fi # Now remove the signed shim binary that was copied into # the ESP; grub-install doesn't clean that up for us. rm -f "/boot/efi/EFI/$bootloader_id/$SHIM_REMOVE" fi if which update-secureboot-policy >/dev/null 2>&1; then SHIM_NOTRIGGER=y update-secureboot-policy fi ;; esac exit 0