From f7c738234397472f78886a672e6687bf4213b338 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 22 Jun 2021 14:00:51 -0400
Subject: [PATCH] Update pxeboot_setup.sh to use stock grubx64.efi

Secure boot fails for load setup with pxeboot_setup.sh, as the kernel
signature check fails validation due to the recent grub2 update for
CVE-2020-15705. This commit updates pxeboot_setup.sh to use the older
stock grubx64.efi, which will postpone the kernel validation until the
load is installed.

Change-Id: Ic6bfd236b076fc9023a77b1c2d8b9d4f8feee8b8
Closes-Bug: 1933263
Signed-off-by: Don Penney <don.penney@windriver.com>
---
 bsp-files/pxeboot_setup.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bsp-files/pxeboot_setup.sh b/bsp-files/pxeboot_setup.sh
index 95a2f169..08f0c0fc 100755
--- a/bsp-files/pxeboot_setup.sh
+++ b/bsp-files/pxeboot_setup.sh
@@ -97,6 +97,9 @@ mv ${COPY_DIR}/pxeboot_grub.cfg ${COPY_DIR}/grub.cfg
 #TFTP Server or dnsmasq
 ln -sf ../grub.cfg ${COPY_DIR}/EFI/grub.cfg
 
+# Copy grubx64.efi from the EFI/BOOT dir to the EFI dir
+cp -f ${ISODIR}/EFI/BOOT/grubx64.efi ${COPY_DIR}/EFI/
+
 #Variable replacement
 sed -i "s#xxxHTTP_URLxxx#${BASE_URL}#g;
         s#xxxHTTP_URL_PATCHESxxx#${BASE_URL}/patches#g;