efi-mkuki is a simple script for creating an EFI Unified Kernel Image [1] — a single EFI PE executable combining an EFI stub loader, a kernel image (vmlinuz), the kernel command line, and optionally an initramfs image, CPU microcode update, and a splash image.
Unified Kernel Image is basically an EFI application with all the components necessary for booting Linux directly from UEFI instead of relying on a bootloader. This image can be easily signed for Secure Boot.
To learn more about Secure Boot and why signing just a kernel image (when you use initramfs) is not sufficient, I recomend reading Secure Boot on Arch Linux Wiki.
-
POSIX-sh compatible shell (e.g. Busybox ash, dash, ZSH, bash, …)
-
cat,grep,sed,tr(BSD, Busybox or GNU) -
objcopyfrom GNU binutils -
EFI stub for your machine architecture from gummiboot [2] or systemd
Install package efi-mkuki from AUR:
yay -S efi-mkukiOr use another AUR helper.
Please note that I’m not maintainer of this package.
wget https://github.com/jirutka/efi-mkuki/archive/v0.1.0/efi-mkuki-0.1.0.tar.gz
tar -xzf efi-mkuki-0.1.0.tar.gz
cd efi-mkuki-0.1.0
make install DESTDIR=/ prefix=/usr/local…or just download the efi-mkuki script directly.
NOTE: efi-mkuki expects EFI stubs in /usr/lib/gummiboot. This can be rewritten to another path via EFISTUB_DIR variable passed to make install. If /usr/lib/systemd/boot/efi/ directory exists, make install will use it automatically.
See the help section in efi-mkuki (or run efi-mkuki -h).
-
Unified Extensible Firmware Interface/Secure Boot on Arch Linux Wiki
-
Sakaki’s EFI Install Guide/Configuring Secure Boot on Gentoo Wiki
This project is licensed under MIT License. For the full text of the license, see the LICENSE file.