diff options
-rw-r--r-- | docs/index.html | 5 | ||||
-rw-r--r-- | docs/tasks.html | 14 | ||||
-rw-r--r-- | resources/grub/config/menuentries/common.cfg | 52 |
3 files changed, 23 insertions, 48 deletions
diff --git a/docs/index.html b/docs/index.html index 2784128..b4562b7 100644 --- a/docs/index.html +++ b/docs/index.html @@ -78,9 +78,8 @@ Libreboot has many practical advantages over <a href="https://gnu.org/philosophy/proprietary/">proprietary</a> boot firmware, such as faster boot speeds and better security. You can <a href="gnulinux/index.html">install GNU/Linux with encrypted /boot/</a>, - <a href="http://www.coreboot.org/GRUB2#signed_kernels">verify GPG signatures on your kernel</a>, - run a <a href="http://proteanos.com/">full operating system</a> directly - from the flash chip (planned for a future release), and more. + <a href="http://www.coreboot.org/GRUB2#signed_kernels">verify GPG signatures on your kernel</a>, + put a kernel in the flash chip and more. </p> <h2> diff --git a/docs/tasks.html b/docs/tasks.html index 0659f35..234e99a 100644 --- a/docs/tasks.html +++ b/docs/tasks.html @@ -342,20 +342,6 @@ </div> <div class="section"> - <h1>Payloads</h1> - <ul> - <li> - Add ProteanOS payload to systems with big enough flash chips. (eg X200/R400). - This page (outdated, but still useful according to the maintainer) has some info: - <a href="http://www.proteanos.com/doc/plat/porting/">http://www.proteanos.com/doc/plat/porting/</a>. - pehjota says that once the port is done, prokit can be modified to generate the entire - distribution as a vmlinuz and initrd.img file. - </li> - </ul> - <p><a href="#pagetop">Back to top of page.</a></p> - </div> - - <div class="section"> <h1>Build system</h1> <ul> <li>Patch the coreboot build system, so that version information is still reliably generated diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg index 8a48dec..7b74ec3 100644 --- a/resources/grub/config/menuentries/common.cfg +++ b/resources/grub/config/menuentries/common.cfg @@ -1,51 +1,41 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [O]' --hotkey='o' --hotkey='O' { # GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important, -# since GRUB only loads the user's config. As soon as the kernel takes over, libreboot's done. +# since GRUB only loads the user's config. As soon as the kernel takes over, autoboot's done. # LVM, RAID, filesystems and encryption on both raw devices and partitions in all various combinations # need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used -# by most users, libreboot GRUB config tries to load the operating system (kernel) in the following way: +# by most users, autoboot GRUB config tries to load the operating system (kernel) in the following way: # 1. Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common # a) Try LVM and RAID first, they might be used (accross multiple (raw) devices) # b) Always try LVM before RAID (LVM on (raw) RAID) # c) Try MBR/GPT partitions at last, one might still conviniently uses a single partition - devs="(lvm/*) md/0 (md/0,*) ahci0 ahci1 (ahci0,*) (ahci1,*)" - # d) Check every unencrypted device/partition first to avoid unnecessary decryption if /boot is - # not encrypted - for d in ${devs}; do + + for d in (lvm/*) md/0 (md/0,*) ahci0 ahci1 (ahci0,*) (ahci1,*); do + # prompt user for passphrase if LUKS header is found + cryptomount ${d} + done + + # (This way, we only need to scan for encrypted data once while covering every possible disk setup, + # be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT + # 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content # will be searched before everything else for obvious reasons. Regardless of this, the devices' # hirachy stays the same. + for d in crypto0 (crypt0,*) (lvm/*) md/0 (md0/,*) ahci0 ahci1 (ahci0,*) (ahci1,*); do set root=${d} # a) Check possible file locations... - for p in boot/grub/libreboot_ grub/libreboot_ boot/grub/ grub/; do + for p in boot/grub/autoboot_ grub/autoboot_ boot/grub/ grub/; do if [ -f "/${p}grub.cfg" ]; then # b) And eventually try to load the config. Using ESC one can still exit and revert back to - # libreboot's menu. - configfile /${p}grub.cfg - fi - done - done - # (This way, we only need to scan for encrypted data once while covering every possible disk setup, - # be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT - for d in ${devs}; do - # prompt user for passphrase if LUKS header is found - cryptomount ${d} - done - # 3. Do the same routine again, but for possibly decrypted data this time. There might be an LVM - # inside the LUKS container, but check crypto0 first since lvm/* also covers already existing (and - # therefore already scanned volumes as well) - for d in crypto0 (crypt0,*) (lvm/*); do - set root=${d} - for p in boot/grub/libreboot_ grub/libreboot_ boot/grub/ grub/; do - if [ -f "/${p}grub.cfg" ]; then + # autoboot's menu. configfile /${p}grub.cfg fi done done - # 4. Last resort, if none of the above succeeds, all you have is GRUB's shell + + # 3. Last resort, if none of the above succeeds, all you have is GRUB's shell set root=ahci0,1 for p in / /boot/; do if [ -f "${p}vmlinuz" ]; then @@ -96,7 +86,7 @@ menuentry 'Parse ISOLINUX menu (USB) [U]' --hotkey='u' --hotkey='U' { # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible for j in 0 1 2 3 4 5 6 7 8 9; do set root=usb${i},${j} - for p in /isolinux /syslinux; do + for p in "/isolinux" "/syslinux"; do if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg elif [ -f "/boot${p}${p}.cfg" ]; then @@ -110,7 +100,7 @@ menuentry 'Parse ISOLINUX menu (CD/DVD) [D]' --hotkey='d' --hotkey='D' { insmod ata for x in ata0 ahci1; do set root=${x} - for p in /isolinux /syslinux; do + for p in "/isolinux" "/syslinux"; do if [ -f "${p}${p}.cfg" ]; then syslinux_configfile -i ${p}${p}.cfg elif [ -f "/boot${p}${p}.cfg" ]; then @@ -127,11 +117,11 @@ menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS [S]' --hotk for i in ahci0 ahci1 usb0 usb1; do for j in 1 2 3 4 5 6 7 8 9; do x=${i},${j} - for p in "" /grub /boot/grub /grub2 /boot/grub2; do - if [ -f "${x}${p}/grub.cfg" ]; then + for p in "grub" "boot/grub" "grub2" "boot/grub2"; do + if [ -f "${x}/${p}/grub.cfg" ]; then submenu "Load Config from ${x}" ${x} { root=$2 - source ${p}/grub.cfg + source /${p}/grub.cfg unset superusers } fi |