Add Secure Boot for Satellite and RHEL

theforeman · Dec 4, 2024 · 86fb5e0 · 86fb5e0
1 parent e02c19f
commit 86fb5e0
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/guides/common/assembly_using-pxe-to-provision-hosts.adoc b/guides/common/assembly_using-pxe-to-provision-hosts.adoc
@@ -11,7 +11,6 @@ include::modules/proc_creating-hosts-with-pxeless-provisioning.adoc[leveloffset=
 
 include::modules/proc_creating-hosts-with-uefi-http-boot-provisioning.adoc[leveloffset=+1]
 
-ifndef::satellite[]
 :extract_deb_prefix: cd /tmp && ar x /tmp
 :extract_deb_xz_suffix: && tar -xf data.tar.xz && cd -
 :extract_deb_zst_suffix: && tar --use-compress-program=unzstd -xf data.tar.zst && cd -
@@ -21,6 +20,7 @@ ifndef::satellite[]
 :parent-client-pkg-ext: {client-pkg-ext}
 :secureboot-os-name: My_Operating_System_In_Lowercase
 
+ifndef::satellite[]
 :client-os-context: almalinux
 :client-os: AlmaLinux
 :client-pkg-ext: rpm
@@ -65,7 +65,24 @@ include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-h
 :extract_grub: {extract_rpm_prefix}/{grub_efi_downloaded_package_name} {extract_rpm_suffix}
 :extract_shim: {extract_rpm_prefix}/{shim_efi_downloaded_package_name} {extract_rpm_suffix}
 include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc[leveloffset=+1]
+endif::[]
 
+:client-os-context: rhel
+:client-os: {RHEL}
+:client-pkg-ext: rpm
+:grub_efi_download_url: https://access.redhat.com/downloads/content/package-browser[Package browser] on the Red{nbsp}Hat Customer Portal
+:grub_efi_downloaded_package_name: grub2-efi-x64.rpm
+:grub_efi_package_name: grub2-efi-x64
+:grub_efi_tmp_binary_path: /tmp/boot/efi/EFI/{client-os-context}/grubx64.efi
+:shim_efi_download_url: https://access.redhat.com/downloads/content/package-browser[Package browser] on the Red{nbsp}Hat Customer Portal
+:shim_efi_downloaded_package_name: shim-x64.rpm
+:shim_efi_package_name: shim-x64
+:shim_efi_tmp_binary_path: /tmp/boot/efi/EFI/{client-os-context}/shimx64.efi
+:extract_grub: {extract_rpm_prefix}/{grub_efi_downloaded_package_name} {extract_rpm_suffix}
+:extract_shim: {extract_rpm_prefix}/{shim_efi_downloaded_package_name} {extract_rpm_suffix}
+include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc[leveloffset=+1]
+
+ifndef::satellite[]
 :client-os-context: ubuntu
 :client-os: Ubuntu
 :client-pkg-ext: deb
@@ -80,6 +97,7 @@ include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-h
 :extract_grub: {extract_deb_prefix}/{grub_efi_downloaded_package_name} {extract_deb_zst_suffix}
 :extract_shim: {extract_deb_prefix}/{shim_efi_downloaded_package_name} {extract_deb_xz_suffix}
 include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc[leveloffset=+1]
+endif::[]
 
 // reset global attributes
 :client-os: {parent-client-os}
@@ -103,7 +121,6 @@ include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-h
 :!shim_efi_downloaded_package_name:
 :!shim_efi_package_name:
 :!shim_efi_tmp_binary_path:
-endif::[]
 
 include::modules/proc_deploying-ssh-keys-during-provisioning.adoc[leveloffset=+1]
 :!using-pxe-to-provision-hosts:
diff --git a/guides/common/modules/con_using-pxe-to-provision-hosts.adoc b/guides/common/modules/con_using-pxe-to-provision-hosts.adoc
@@ -43,22 +43,23 @@ In {Project} provisioning, the PXE loader option defines the DHCP `filename` opt
 * For BIOS systems, select the *PXELinux BIOS* option to enable a provisioned host to download the `pxelinux.0` file over TFTP.
 * For UEFI systems, select the *Grub2 UEFI* option to enable a TFTP client to download `grubx64.efi` file, or select the *Grub2 UEFI HTTP* option to enable an UEFI HTTP client to download `grubx64.efi` with the HTTP Boot feature.
 
-ifndef::satellite[]
 {ProjectName} supports UEFI Secure Boot.
 SecureBoot PXE loaders enable a client to download the `shim.efi` bootstrap boot loader that then loads the signed `grubx64.efi`.
 Use the *Grub2 UEFI SecureBoot* PXE loader for PXE-boot provisioning or *Grub2 UEFI HTTPS SecureBoot* for HTTP-boot provisioning.
 
 By default, you can provision operating systems from the vendor of the operating system of your {ProjectServer} on Secure Boot enabled hosts.
 To provision operating systems on Secure Boot enabled hosts from different vendors, you have to provide signed shim and GRUB2 binaries provided by the vendor of your operating system.
-ifndef::orcharhino[]
+ifdef::satellite[]
+For more information, see xref:configuring-{smart-proxy-context}-to-provision-rhel-on-Secure-Boot-enabled-hosts[].
+endif::[]
+ifndef::orcharhino,satellite[]
 For more information, see:
 
 * xref:configuring-{smart-proxy-context}-to-provision-almalinux-on-Secure-Boot-enabled-hosts[]
 * xref:configuring-{smart-proxy-context}-to-provision-debian-on-Secure-Boot-enabled-hosts[]
 * xref:configuring-{smart-proxy-context}-to-provision-rocky-on-Secure-Boot-enabled-hosts[]
 * xref:configuring-{smart-proxy-context}-to-provision-ubuntu-on-Secure-Boot-enabled-hosts[]
 endif::[]
-endif::[]
 
 ifdef::satellite[]
 For more information about supported workflows, see https://access.redhat.com/solutions/2674001[Supported architectures and provisioning scenarios].