msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7a8e7174ba01fcb789435d5144cbe6d141b386a394b791451acea2f5f93dba7
CISS.debian.installer/lib/cdi_0110_interactive/0110_check_kernel.sh
Marc S. Weidner 7cd962a3d0
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 56s
Details
V8.00.000.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-06 11:16:22 +02:00

149 lines
5.1 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Kernel Image Selector.
# Globals:
# VAR_KERNEL
# VAR_KERNEL_SRT
# VAR_KERNEL_TMP
# Arguments:
# None
# Returns:
# 0: on success
# 42: On sorting Error.
#######################################
check_kernel() {
declare -i counter=1 rc=0
declare first_string="" line="" name="" options="" var_cpu_vendor="" var_system_architecture=""
# shellcheck disable=SC2312
var_cpu_vendor=$(</proc/cpuinfo grep 'vendor_id' | head -n1 | cut -d: -f2 | xargs)
var_system_architecture="$(dpkg --print-architecture)"
cat << EOF >| "${VAR_NOTES}"
Build: ${VAR_VERSION}
Press 'EXIT' to go back to the menu [Select the Kernel for the CISS.debian.installer].
Kernel available
This section lists available Debian kernel variants. Each type addresses specific requirements such as
hardware support, virtualization, real-time processing, or Secure Boot compatibility.
*+bpo* : Debian Backported Kernel
Backported kernels from Debian testing or unstable, offering newer features, improved hardware
support, and updated drivers—especially useful on modern systems or special-purpose hardware.
*cloud* : Special lightweight images for KVM
Cloud-optimized kernels tailored for virtualized environments (e.g., KVM, OpenStack). These images
are minimal, fast-booting, and reduce unnecessary modules and firmware to save memory and time.
*unsigned* : Unsigned Kernel
Kernel images without Microsoft Secure Boot signatures. These require custom Secure Boot key
management (e.g., using your own PK/KEK/DB or MOK with shim) and will not boot on locked-down systems.
*preempt_rt* : Special Kernel for real-time-computing
Real-time variant with full preemption enabled. Designed for workloads needing deterministic latency
such as robotics, industrial control, scientific instrumentation, or low-latency audio processing.
Note:
All kernel packages **not** marked as *unsigned* are **Microsoft-signed** and should work out of the
box with Secure Boot enabled, assuming the UEFI firmware trusts Microsofts root keys.
EOF
case "${var_system_architecture}" in
amd64)
# shellcheck disable=SC2312
apt-cache search linux-image | grep linux-image | grep amd64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
;;
arm64)
# shellcheck disable=SC2312
apt-cache search linux-image | grep linux-image | grep arm64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
;;
*)
do_log "info" "file_only" "4140() Unknown Architecture: '${var_system_architecture}' and / or unsupported CPU vendor: '${var_cpu_vendor}', skipping."
;;
esac
sort --output="${VAR_KERNEL_SRT}" "${VAR_KERNEL_TMP}" || {
printf "❌ Error 0110_check_kernel.sh Line 52 sort failed\n" >&2
# shellcheck disable=SC2162
read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
return 42
}
while IFS= read -r line; do
first_string=${line%% *}
name=${first_string#linux-image-}
options+=("${name}" "${counter}" off)
((counter++))
done < "${VAR_KERNEL_SRT}"
while true; do
# shellcheck disable=SC2034
if VAR_KERNEL=$(dialog \
--no-collapse \
--ascii-lines \
--clear \
--help-button --help-label "Info" \
--backtitle "CISS.debian.installer" \
--title "Select the Kernel for the CISS.debian.installer" \
--radiolist "Kernel available \n *+bpo* : Debian Backported Kernel \n *cloud* : Special lightweight images for KVM \n *unsigned* : Unsigned Kernel \n *preempt_rt* : Special Kernel for real-time-computing \n Not unsigned marked are MS signed Kernel for Secure Boot \n" 0 0 "${options[@]}" 3>&1 1>&2 2>&3 3>&-)
then
clear
[[ "${VAR_KERNEL}" != linux-image-* ]] && VAR_KERNEL="linux-image-${VAR_KERNEL}"
do_log "info" "file_only" "0110() Kernel image selected interactively: '${VAR_KERNEL}'."
break
else
rc=$?
if (( "${rc}" == 1 )); then
clear
VAR_KERNEL=""
break
elif (( "${rc}" == 2 )); then
clear
dialog --no-collapse \
--ascii-lines \
--clear \
--backtitle "CISS.debian.installer" \
--title "Select the Kernel for the CISS.debian.installer" \
--scrollbar \
--textbox "${VAR_NOTES}" 32 128
clear
continue
fi
fi
done
# shellcheck disable=SC2312
cat "${VAR_DIALOG}" | tail -n 30
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink