diff options
-rw-r--r-- | resources/grub/config/menuentries/common.cfg | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg index 9e5c04e..95599df 100644 --- a/resources/grub/config/menuentries/common.cfg +++ b/resources/grub/config/menuentries/common.cfg @@ -24,25 +24,20 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o # GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important, # since GRUB only loads the user's config. As soon as the kernel takes over, libreboot's done. -# RAID, filesystems and encryption on both raw devices and partitions in all various combinations +# filesystems and encryption on both raw devices and partitions in all various combinations # need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used # by most users, libreboot GRUB config tries to load the operating system (kernel) in the following way: - # 1. Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common - # a) Try RAID first, they might be used (accross multiple (raw) devices) - # b) Try MBR/GPT partitions at last, one might still conviniently uses a single partition + # Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common # prompt user for passphrase if LUKS header is found - for d in md/0 ahci0; do cryptomount ${d}; done - for j in 1 2 3 4 5 6 7 8 9; do cryptomount "ahci0,${j}"; done - - # (This way, we only need to scan for encrypted data once while covering every possible disk setup, - # be it BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT + cryptomount ahci0 + for j in 1 2 3 4 5 6 7 8 9; do cryptomount ahci0,${j}; done # 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content # will be searched before everything else for obvious reasons. Regardless of this, the devices' # hirachy stays the same. - for d in crypto0 md/0 ahci0; do switch_to_grub_config ${d}; done + for d in crypto0 ahci0; do switch_to_grub_config ${d}; done for j in 1 2 3 4 5 6 7 8 9; do for d in crypto0 ahci0; do switch_to_grub_config "${d},${j}"; done done @@ -52,8 +47,6 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o if [ $? = 0 ]; then kf="-k (${kf})/keyfile ${d}" fi - # (This way, we only need to scan for encrypted data once while covering every possible disk setup, - # be it BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT for d in ${devs}; do cryptomount ${kf} ${d} done |