libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit 35104a5a1951ef602eb1217dd0dccb6269a26c82
parent 89cc8c38c1cf3865c3684e5bd6658eedf0e61cfd
Author: Klemens Nanni <contact@autoboot.org>
Date:   Thu,  3 Mar 2016 19:48:46 +0100

grub.cfg: merge changes from autoboot

Subrouters for searching bootloaders/configurations files have
been split into individual subroutines for searching and
loading user configuartion.

LVM is searched via wildcards again. This is slow, and will
be removed on subsequent commits.

Intergrated keyfile support has been removed for now since
it's only been introducing errors. We need a better way
to accomplish this (keyfiles are not ideal anyway, so
whatever).

GRUB2 support supports keyfiles, the menuentry just
doesn't look for them on USB devices anymore on its own.

Usage of quoted variables has been unified.

Comments have been shortened to make everything readable.

Diffstat:
resources/grub/config/menuentries/common.cfg | 195++++++++++++++++++++++++++++++-------------------------------------------------
1 file changed, 74 insertions(+), 121 deletions(-)

diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg @@ -1,149 +1,102 @@ -function switch_to_grub_config { +function try_user_config { set root="${1}" - # a) Check possible file locations... - for p in boot/grub/coreboot_ grub/coreboot_ boot/grub/libreboot_ grub/libreboot_ boot/grub/autoboot_ grub/autoboot_ boot/grub/ grub/ boot/grub2/ grub2/; do - if [ -f "/${p}grub.cfg" ]; then - # b) And eventually try to load the config. Using ESC one can still exit and revert back to - # libreboot's menu. - configfile /${p}grub.cfg - fi + for dir in boot grub grub2 boot/grub boot/grub2; do + for name in '' autoboot_ libreboot_; do + if [ -f /"${dir}"/"${name}"grub.cfg ]; then + configfile /"${dir}"/"${name}"grub.cfg + fi + done + done +} +function search_grub { + for i in 0 1; do + # raw devices + try_user_config "(${1}${i})" + for part in 1 2 3 4 5; do + # MBR/GPT partitions + try_user_config "(${1}${i},${part})" + done done } -function parse_isolinux_config { - set root=${1} - for p in /isolinux /syslinux; do - if [ -f "${p}${p}.cfg" ]; then - syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ]; then - syslinux_configfile -i /boot${p}${p}.cfg +function try_isolinux_config { + set root="${1}" + for dir in '' /boot; do + if [ -f "${dir}"/isolinux/isolinux.cfg ]; then + syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg + elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then + syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg fi done } +function search_isolinux { + for i in 0 1; do + # raw devices + try_isolinux_config "(${1},${i})" + for part in 1 2 3 4 5; do + # MBR/GPT partitions + try_isolinux_config "(${1}${i},${part})" + done + done +} menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o' { +# GRUB2 handles (almost) every possible disk setup, but only the location of +# /boot is actually important since GRUB2 only loads the user's config. -# GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important, -# since GRUB only loads the user's config. As soon as the kernel takes over, libreboot's done. +# LVM, RAID, filesystems and encryption on both raw devices and partitions in +# all various combinations need to be supported. Since full disk encryption is +# possible with GRUB2 as payload and probably even used by most users, this +# configuration tries to load the operating system in the following way: -# filesystems and encryption on both raw devices and partitions in all various combinations -# need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used -# by most users, libreboot GRUB config tries to load the operating system (kernel) in the following way: +# 1. Look for user configuration on unencrypted devices first to avoid +# unnecessary decryption routines in the following order: - # Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common - - # prompt user for passphrase if LUKS header is found - cryptomount ahci0 - for j in 1 2 3 4 5 6 7 8 9; do - cryptomount ahci0,${j} +# 1) raw devices and MBR/GPT partitions + search_grub ahci +# 2) LVM and RAID which might be used accross multiple devices + lvm="lvm/*" + raid="md0 md0,1 md0,2 md0,3 md0,4 md0,6 md0,7 md0,8 md0,9" + for vol in ${lvm} ${raid}; do + try_user_config "(${vol})" done +# 2. In case no configuration could be found, try decrypting devices. Look +# on raw crypto devices as well as inside LVM volumes this time. - # 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content - # will be searched before everything else for obvious reasons. Regardless of this, the devices' - # hirachy stays the same. - for d in crypto0 ahci0; do - switch_to_grub_config ${d} +# The user will be prompted for a passphrase if a LUKS header was found. + for dev in ahci0 ahci1 ${lvm}; do + cryptomount "(${dev})" done - for j in 1 2 3 4 5 6 7 8 9; do - for d in crypto0 ahci0; do - switch_to_grub_config "${d},${j}" +# 3) encrypted devices/partitions + for i in 0 1; do + for part in 1 2 3 4 5; do + cryptomount "(ahci${i},${part})" done done - for l in lvm/matrix-root lvm/matrix-boot; do - switch_to_grub_config ${l} - done - # prompt user for passphrase if LUKS header is found but try using external keyfiles first - search -n -f /keyfile --set=kf --hint usb0, --hint usb1, - if [ $? = 0 ]; then - kf="-k (${kf})/keyfile ${d}" - fi - for d in ${devs}; do - cryptomount ${kf} ${d} - done - # 3. Do the same routine again, but for possibly decrypted data this time. - switch_to_grub_config crypto0 - for j in 1 2 3 4 5 6 7 8 9; do - switch_to_grub_config "crypto0,${j}" - done - for l in lvm/matrix-root lvm/matrix-boot; do - switch_to_grub_config ${l} - done - - # 3. Last resort, if none of the above succeeds, all you have is GRUB's shell - set root=ahci0,1 - for p in / /boot/; do - if [ -f "${p}vmlinuz" ]; then - linux ${p}vmlinuz root=/dev/sda1 rw - if [ -f "${p}initrd.img" ]; then - initrd ${p}initrd.img - fi - fi +# 3) encrypted devices/partitions + search_grub crypto +# 4) LVM inside LUKS containers + for vol in ${lvm}; do + try_user_config "(${vol})" done } -menuentry 'Parse ISOLINUX menu (AHCI) [a]' --hotkey='a' { - # Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS - parse_isolinux_config ahci0 - # Look for partitions - # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible - for j in 1 2 3 4 5 6 7 8 9; do - parse_isolinux_config "ahci0,${j}" - done +menuentry 'Search ISOLINUX menu (AHCI) [a]' --hotkey='a' { + search_isolinux ahci } -menuentry 'Parse ISOLINUX menu (USB) [u]' --hotkey='u' { - for i in 0 1; do - # Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS - parse_isolinux_config usb${i} - # Look for partitions - # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible - for j in 1 2 3 4 5 6 7 8 9; do - parse_isolinux_config "usb${i},${j}" - done - done +menuentry 'Search ISOLINUX menu (USB) [u]' --hotkey='u' { + search_isolinux usb } -menuentry 'Parse ISOLINUX menu (CD/DVD) [d]' --hotkey='d' { +menuentry 'Search ISOLINUX menu (CD/DVD) [d]' --hotkey='d' { insmod ata - for x in ata0 ahci1; do - parse_isolinux_config ${x} + for dev in ata0 ahci1; do + try_isolinux_config "(${dev})" done } -menuentry 'Switch to grubtest.cfg [t]' --hotkey='t' { - set root=cbfsdisk +menuentry 'Load test configuration (grubtest.cfg) inside of CBFS [t]' --hotkey='t' { + set root='(cbfsdisk)' configfile /grubtest.cfg } -menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS [s]' --hotkey='s' { - insmod ahci - insmod usbms - insmod part_msdos - insmod part_gpt - for x in (ahci0,1) (ahci0,2) (ahci0,3) (ahci0,4) (usb0) (usb0,1) (usb0,2) (usb0,3) (usb0,4); do - if [ -f "$x/grub/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /grub/grub.cfg - unset superusers - } - fi - if [ -f "$x/boot/grub/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /boot/grub/grub.cfg - unset superusers - } - fi - if [ -f "$x/grub2/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /grub2/grub.cfg - unset superusers - } - fi - if [ -f "$x/boot/grub2/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /boot/grub2/grub.cfg - unset superusers - } - fi - done +menuentry 'Search for GRUB2 configuration on external media [s]' --hotkey='s' { + search_grub usb } menuentry 'Poweroff [p]' --hotkey='p' { halt