libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit 5dad7b53413384d1a93180dacbc51f3480bb3300
parent 4f924a4b50679ec0308d93a56634feedbc0af3f6
Author: Klemens Nanni <contact@autoboot.org>
Date:   Tue,  6 Oct 2015 23:25:48 +0100

Merge kl3's GRUB enhancements from autoboot

Diffstat:
resources/grub/config/menuentries/common.cfg | 182++++++++++++++++++++++++++++++++++++++-----------------------------------------
1 file changed, 88 insertions(+), 94 deletions(-)

diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg @@ -1,143 +1,137 @@ -menuentry 'Load Operating System' { - insmod ahci - insmod part_msdos - insmod part_gpt - # Iterate through all possible disks and partitions - for i in 0 1; do - # Look for fully encrypted disks, prompt for passphrase if successful - cryptomount "(ahci${i})" - # Check for filesystems replacing MBR/GPT at all, e.g. BTRFS or ZFS - x="(crypto${i})" - set root=${x} - for p in "grub/libreboot_" "boot/grub/libreboot_" "grub/" "boot/grub/"; do - if [ -f "${x}/${p}grub.cfg" ] ; then +menuentry 'Load Operating System (incl. fully encrypted disks) [O]' --hotkey='o' --hotkey='O' { + +# GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important, +# since GRUB only loads the user's config. As soon as the kernel takes over, autoboot's done. + +# LVM, RAID, filesystems and encryption on both raw devices and partitions in all various combinations +# need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used +# by most users, autoboot GRUB config tries to load the operating system (kernel) in the following way: + + # 1. Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common + # a) Try LVM and RAID first, they might be used (accross multiple (raw) devices) + # b) Always try LVM before RAID (LVM on (raw) RAID) + # c) Try MBR/GPT partitions at last, one might still conviniently uses a single partition + devs="(lvm/*) md/0 (md/0,*) ahci0 ahci1 (ahci0,*) (ahci1,*)" + # d) Check every unencrypted device/partition first to avoid unnecessary decryption if /boot is + # not encrypted + for d in ${devs}; do + # 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content + # will be searched before everything else for obvious reasons. Regardless of this, the devices' + # hirachy stays the same. + set root=${d} + # a) Check possible file locations... + for p in boot/grub/autoboot_ grub/autoboot_ boot/grub/ grub/; do + if [ -f "/${p}grub.cfg" ]; then + # b) And eventually try to load the config. Using ESC one can still exit and revert back to + # autoboot's menu. configfile /${p}grub.cfg fi done - for j in 0 1 2 3 4 5 6 7 8 9; do - # Check for normal MBR/GPT disks - # GPT allows more than 4 partitions, /boot on /dev/sda7 is highly unlikely but still possible - # /boot can still be encrypted - for k in "crypto" "ahci"; do - x="(${k}${i},${j})" - set root=${x} - for p in "grub/libreboot_" "boot/grub/libreboot_" "grub/" "boot/grub/"; do - if [ -f "${x}/${p}grub.cfg" ] ; then - configfile /${p}grub.cfg - fi - done - done - done done - - set root='md/0' - for p in "/" "/boot/"; do - if [ -f "${p}vmlinuz" ] ; then - linux ${p}vmlinuz root=/dev/md0 rw - if [ -f "${p}initrd.img" ] ; then - initrd ${p}initrd.img + # (This way, we only need to scan for encrypted data once while covering every possible disk setup, + # be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT + for d in ${devs}; do + # prompt user for passphrase if LUKS header is found + cryptomount ${d} + done + # 3. Do the same routine again, but for possibly decrypted data this time. There might be an LVM + # inside the LUKS container, but check crypto0 first since lvm/* also covers already existing (and + # therefore already scanned volumes as well) + for d in crypto0 (crypt0,*) (lvm/*); do + set root=${d} + for p in boot/grub/autoboot_ grub/autoboot_ boot/grub/ grub/; do + if [ -f "/${p}grub.cfg" ]; then + configfile /${p}grub.cfg fi - fi + done done - - set root='ahci0,1' - for p in "/" "/boot/"; do - if [ -f "${p}vmlinuz" ] ; then + # 4. Last resort, if none of the above succeeds, all you have is GRUB's shell + set root=ahci0,1 + for p in / /boot/; do + if [ -f "${p}vmlinuz" ]; then linux ${p}vmlinuz root=/dev/sda1 rw - if [ -f "${p}initrd.img" ] ; then + if [ -f "${p}initrd.img" ]; then initrd ${p}initrd.img fi fi done } -menuentry 'Parse ISOLINUX menu (SATA)' { - insmod ahci - insmod part_msdos - insmod part_gpt +menuentry 'Parse ISOLINUX menu (AHCI) [A]' --hotkey='a' --hotkey='A' { for i in 0 1; do - # Check for filesystems replacing MBR/GPT at all, e.g. BTRFS or ZFS - set root="(ahci${i})" - for p in "/isolinux" "/syslinux"; do - if [ -f "${p}${p}.cfg" ] ; then + # Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS + set root=ahci${i} + for p in /isolinux /syslinux; do + if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ] ; then + elif [ -f "/boot${p}${p}.cfg" ]; then syslinux_configfile -i /boot${p}${p}.cfg fi done - # Check for normal MBR/GPT disks - # GPT allows more than 4 partitions, /boot on /dev/sda7 is highly unlikely but still possible + # Look for partitions + # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible for j in 0 1 2 3 4 5 6 7 8 9; do - set root="(ahci${i},${j})" - for p in "/isolinux" "/syslinux"; do - if [ -f "${p}${p}.cfg" ] ; then + set root="ahci${i},${j}" + for p in /isolinux /syslinux; do + if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ] ; then + elif [ -f "/boot${p}${p}.cfg" ]; then syslinux_configfile -i /boot${p}${p}.cfg fi done done done } -menuentry 'Parse ISOLINUX menu (USB)' { - insmod usbms - insmod part_msdos - insmod part_gpt +menuentry 'Parse ISOLINUX menu (USB) [U]' --hotkey='u' --hotkey='U' { for i in 0 1; do - # Check for filesystems replacing MBR/GPT at all, e.g. BTRFS or ZFS - set root="(usb${i})" - for p in "/isolinux" "/syslinux"; do - if [ -f "${p}${p}.cfg" ] ; then + # Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS + set root=usb${i} + for p in /isolinux /syslinux; do + if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ] ; then + elif [ -f "/boot${p}${p}.cfg" ]; then syslinux_configfile -i /boot${p}${p}.cfg fi done - # Check for normal MBR/GPT disks - # GPT allows more than 4 partitions, /boot on /dev/sda7 is highly unlikely but still possible + # Look for partitions + # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible for j in 0 1 2 3 4 5 6 7 8 9; do - set root="(usb${i},${j})" - for p in "/isolinux" "/syslinux"; do - if [ -f "${p}${p}.cfg" ] ; then + set root=usb${i},${j} + for p in /isolinux /syslinux; do + if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ] ; then + elif [ -f "/boot${p}${p}.cfg" ]; then syslinux_configfile -i /boot${p}${p}.cfg fi done done done } -menuentry 'Parse ISOLINUX menu (CD/DVD)' { - insmod ahci +menuentry 'Parse ISOLINUX menu (CD/DVD) [D]' --hotkey='d' --hotkey='D' { insmod ata - insmod iso9660 - for x in (ata0) (ahci1); do + for x in ata0 ahci1; do set root=${x} - for p in "/isolinux" "/syslinux"; do - if [ -f "${p}${p}.cfg" ] ; then + for p in /isolinux /syslinux; do + if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ] ; then + elif [ -f "/boot${p}${p}.cfg" ]; then syslinux_configfile -i /boot${p}${p}.cfg fi done done } -menuentry 'Switch to grubtest.cfg' { - set root='cbfsdisk' - configfile (cbfsdisk)/grubtest.cfg +menuentry 'Switch to grubtest.cfg [T]' --hotkey='t' --hotkey='T' { + set root=cbfsdisk + configfile /grubtest.cfg } -menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS' { - insmod ahci - insmod usbms - insmod part_msdos - insmod part_gpt - for i in ahci0 usb0 usb1; do +menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS [S]' --hotkey='s' --hotkey='S' { + for i in ahci0 ahci1 usb0 usb1; do for j in 1 2 3 4 5 6 7 8 9; do - x="(${i},${j})" - for p in "grub" "boot/grub" "grub2" "boot/grub2"; do - if [ -f "${x}/${p}/grub.cfg" ] ; then + x=${i},${j} + for p in "" /grub /boot/grub /grub2 /boot/grub2; do + if [ -f "${x}${p}/grub.cfg" ]; then submenu "Load Config from ${x}" ${x} { root=$2 - source /${p}/grub.cfg + source ${p}/grub.cfg unset superusers } fi @@ -145,9 +139,9 @@ menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS' { done done } -menuentry 'Poweroff' { -halt +menuentry 'Poweroff [P]' --hotkey='p' --hotkey='P' { + halt } -menuentry 'Reboot' { -reboot +menuentry 'Reboot [R]' --hotkey='r' --hotkey='R' { + reboot }