blob: 17be94277a8099fbf105982b511f5474e15440ed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
## @file
# Execute a script to recover the SEV supplied secret and use it to
# decrypt a luks volume. For security, the kernel must be on an encrypted
# volume so reboot if none are found.
#
# Copyright (C) 2020 James Bottomley, IBM Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
echo "Entering grub config"
sevsecret
if [ $? -ne 0 ]; then
echo "Failed to locate anything in the SEV secret area, prompting for password"
cryptomount -a
else
cryptomount -s
if [ $? -ne 0 ]; then
echo "Failed to mount root securely, retrying with password prompt"
cryptomount -a
fi
fi
set root=
for f in (crypto*); do
if [ -e $f/boot/grub/grub.cfg ]; then
set root=$f
set prefix=($root)/boot/grub
break;
fi
done
if [ x$root = x ]; then
echo "Failed to find any grub configuration on the encrypted volume"
sleep 5
reboot
fi
# rest of modules to get boot to work
set modules="
boot
loadenv
"
for f in $modules; do
insmod $f
done
echo "Transferring to ${prefix}/grub.cfg"
source $prefix/grub.cfg
|
