Update Verity hash for both UKI and GRUB.

microsoft · Jan 8, 2025 · 29bf6a0 · 29bf6a0
1 parent f33af7e
commit 29bf6a0
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
@@ -931,6 +931,13 @@ func customizeVerityImageHelper(buildDir string, baseConfigPath string, config *
 		if err != nil {
 			return fmt.Errorf("failed to update kernel cmdline arguments for verity:\n%w", err)
 		}
+
+		// Temporary make UKI also update GRUB for Verity hash.
+		err = updateGrubConfigForVerity(rootfsVerity, rootHash, grubCfgFullPath, partIdToPartUuid, diskPartitions,
+			rootHashSignatureArgument, requireRootHashSignatureArgument, bootPartition.Uuid)
+		if err != nil {
+			return fmt.Errorf("failed to update grub config for verity:\n%w", err)
+		}
 	} else {
 		// UKI is not enabled, update grub.cfg as usual.
 		err = updateGrubConfigForVerity(rootfsVerity, rootHash, grubCfgFullPath, partIdToPartUuid, diskPartitions,