blob: 99807d7291b6ae41044f0616720dbde417c63573 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
## @file
# Build a version of grub capable of decrypting a luks volume with a SEV
# Supplied secret
#
# Copyright (C) 2020 James Bottomley, IBM Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
set -e
remove_efi=1
cleanup() {
# remove the intermediates
for f in disk.fat grub-bootstrap.cfg; do
rm -f -- "${basedir}/$f"
done
if [ $remove_efi -eq 1 ]; then
rm -f -- "${basedir}/grub.efi"
fi
}
trap cleanup EXIT
GRUB_MODULES="
part_msdos
part_gpt
cryptodisk
luks
gcry_rijndael
gcry_sha256
ext2
btrfs
xfs
fat
configfile
memdisk
sleep
normal
echo
test
regexp
linux
linuxefi
reboot
sevsecret
"
basedir=$(dirname -- "$0")
# don't run a build if grub.efi exists and is newer than the config files
if [ -e "${basedir}/grub.efi" ] && \
[ "${basedir}/grub.efi" -nt "${basedir}/grub.cfg" ] && \
[ "${basedir}/grub.efi" -nt "${basedir}/grub.sh" ]; then
remove_efi=0
echo "preserving existing grub.efi" >&2
exit 0
fi
##
# different distributions have different names for grub-mkimage, so
# search all the known ones
##
mkimage=
for b in grub2-mkimage grub-mkimage; do
if which "$b" > /dev/null 2>&1; then
mkimage="$b"
break
fi
done
if [ -z "$mkimage" ]; then
echo "Can't find grub mkimage" >&2
exit 1
fi
# GRUB's rescue parser doesn't understand 'if'.
echo 'normal (memdisk)/grub.cfg' > "${basedir}/grub-bootstrap.cfg"
# Now build a memdisk with the correct grub.cfg
rm -f -- "${basedir}/disk.fat"
mkfs.msdos -C -- "${basedir}/disk.fat" 64
mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg
${mkimage} -O x86_64-efi \
-p '(crypto0)' \
-c "${basedir}/grub-bootstrap.cfg" \
-m "${basedir}/disk.fat" \
-o "${basedir}/grub.efi" \
${GRUB_MODULES}
remove_efi=0
echo "grub.efi generated in ${basedir}"
|
