diff options
-rw-r--r-- | resources/grub/config/menuentries/common.cfg | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg index 439105e..feaefe6 100644 --- a/resources/grub/config/menuentries/common.cfg +++ b/resources/grub/config/menuentries/common.cfg @@ -3,27 +3,26 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o # GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important, # since GRUB only loads the user's config. As soon as the kernel takes over, libreboot's done. -# LVM, RAID, filesystems and encryption on both raw devices and partitions in all various combinations +# RAID, filesystems and encryption on both raw devices and partitions in all various combinations # need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used # by most users, libreboot GRUB config tries to load the operating system (kernel) in the following way: # 1. Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common - # a) Try LVM and RAID first, they might be used (accross multiple (raw) devices) - # b) Always try LVM before RAID (LVM on (raw) RAID) - # c) Try MBR/GPT partitions at last, one might still conviniently uses a single partition + # a) Try RAID first, they might be used (accross multiple (raw) devices) + # b) Try MBR/GPT partitions at last, one might still conviniently uses a single partition - for d in (lvm/*) md/0 ahci0 ahci1 (ahci0,*) (ahci1,*); do + for d in md/0 ahci0 ahci1 (ahci0,*) (ahci1,*); do # prompt user for passphrase if LUKS header is found cryptomount ${d} done # (This way, we only need to scan for encrypted data once while covering every possible disk setup, - # be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT + # be it BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT # 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content # will be searched before everything else for obvious reasons. Regardless of this, the devices' # hirachy stays the same. - for d in crypto0 (crypt0,*) (lvm/*) md/0 ahci0 ahci1 (ahci0,*) (ahci1,*); do + for d in crypto0 (crypt0,*) md/0 ahci0 ahci1 (ahci0,*) (ahci1,*); do set root=${d} # a) Check possible file locations... for p in boot/grub/libreboot_ grub/libreboot_ boot/grub/ grub/ boot/grub2 grub2/; do @@ -40,14 +39,12 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o kf="-k (${kf})/keyfile ${d}" fi # (This way, we only need to scan for encrypted data once while covering every possible disk setup, - # be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT + # be it BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT for d in ${devs}; do cryptomount ${kf} ${d} done - # 3. Do the same routine again, but for possibly decrypted data this time. There might be an LVM - # inside the LUKS container, but check crypto0 first since lvm/* also covers already existing (and - # therefore already scanned volumes as well) - for d in crypto0 (crypt0,*) (lvm/*); do + # 3. Do the same routine again, but for possibly decrypted data this time. + for d in crypto0 (crypt0,*); do set root=${d} for p in boot/grub/libreboot_ grub/libreboot_ boot/grub/ grub/ boot/grub2 grub2/; do if [ -f "/${p}grub.cfg" ]; then |