feat: enable secureboot

README.md

@@ -662,7 +662,7 @@ remove packages specified in `filesystem.manifest` that are *not* listed in `fil
 4. Add .sbat sections
 
    ```shell
-   objcopy --set-section-alignment '.sbat=512' --add-section .sbat=isolinux/sbat.csv isolinux/grubx64.efi --adjust-section-vma .sbat+10000000
+   objcopy --add-section .sbat=isolinux/sbat.csv isolinux/grubx64.efi --change-section-address .sbat=10000000
    ```
 
 5. UEFI secure boot signing

scripts/chroot_build.sh

@@ -372,7 +372,7 @@ EOF
     sed -i 's/SecureBoot/SecureB00t/' isolinux/grubx64.efi
 
     # add .sbat sections
-    objcopy --set-section-alignment '.sbat=512' --add-section .sbat=isolinux/sbat.csv isolinux/grubx64.efi --adjust-section-vma .sbat+10000000
+    objcopy --add-section .sbat=isolinux/sbat.csv isolinux/grubx64.efi --change-section-address .sbat=10000000
 
     # UEFI secure boot signing
     sbsign --key /certificates/db.key --cert /certificates/db.pem --output isolinux/grubx64.efi isolinux/grubx64.efi

scripts/default_config.sh

@@ -5,9 +5,9 @@
 # Usage: Copy this file to config.sh and make changes there.  Keep this file (default_config.sh) as-is
 #   so that subsequent changes can be easily merged from upstream.  Keep all customiations in config.sh
 
-# The version of Ubuntu to generate.  Successfully tested: bionic, cosmic, disco, eoan, focal, groovy, jammy
+# The version of Ubuntu to generate.  Successfully tested LTS: bionic, focal, jammy, noble
 # See https://wiki.ubuntu.com/DevelopmentCodeNames for details
-export TARGET_UBUNTU_VERSION="jammy"
+export TARGET_UBUNTU_VERSION="noble"
 
 # The Ubuntu Mirror URL. It's better to change for faster download.
 # More mirrors see: https://launchpad.net/ubuntu/+archivemirrors
@@ -41,7 +41,7 @@ export TARGET_PACKAGE_REMOVE="
 function customize_image() {
     # install graphics and desktop
     apt-get install -y \
-    plymouth-theme-ubuntu-logo \
+    plymouth-themes \
     ubuntu-gnome-desktop \
     ubuntu-gnome-wallpapers