diff options
-rw-r--r-- | resources/grub/config/menuentries/common.cfg | 195 |
1 files changed, 74 insertions, 121 deletions
diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg index 3b0dae4..094a0fa 100644 --- a/resources/grub/config/menuentries/common.cfg +++ b/resources/grub/config/menuentries/common.cfg @@ -1,149 +1,102 @@ -function switch_to_grub_config { +function try_user_config { set root="${1}" - # a) Check possible file locations... - for p in boot/grub/coreboot_ grub/coreboot_ boot/grub/libreboot_ grub/libreboot_ boot/grub/autoboot_ grub/autoboot_ boot/grub/ grub/ boot/grub2/ grub2/; do - if [ -f "/${p}grub.cfg" ]; then - # b) And eventually try to load the config. Using ESC one can still exit and revert back to - # libreboot's menu. - configfile /${p}grub.cfg - fi + for dir in boot grub grub2 boot/grub boot/grub2; do + for name in '' autoboot_ libreboot_; do + if [ -f /"${dir}"/"${name}"grub.cfg ]; then + configfile /"${dir}"/"${name}"grub.cfg + fi + done + done +} +function search_grub { + for i in 0 1; do + # raw devices + try_user_config "(${1}${i})" + for part in 1 2 3 4 5; do + # MBR/GPT partitions + try_user_config "(${1}${i},${part})" + done done } -function parse_isolinux_config { - set root=${1} - for p in /isolinux /syslinux; do - if [ -f "${p}${p}.cfg" ]; then - syslinux_configfile -i ${p}${p}.cfg - elif [ -f "/boot${p}${p}.cfg" ]; then - syslinux_configfile -i /boot${p}${p}.cfg +function try_isolinux_config { + set root="${1}" + for dir in '' /boot; do + if [ -f "${dir}"/isolinux/isolinux.cfg ]; then + syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg + elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then + syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg fi done } +function search_isolinux { + for i in 0 1; do + # raw devices + try_isolinux_config "(${1},${i})" + for part in 1 2 3 4 5; do + # MBR/GPT partitions + try_isolinux_config "(${1}${i},${part})" + done + done +} menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o' { +# GRUB2 handles (almost) every possible disk setup, but only the location of +# /boot is actually important since GRUB2 only loads the user's config. -# GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important, -# since GRUB only loads the user's config. As soon as the kernel takes over, libreboot's done. +# LVM, RAID, filesystems and encryption on both raw devices and partitions in +# all various combinations need to be supported. Since full disk encryption is +# possible with GRUB2 as payload and probably even used by most users, this +# configuration tries to load the operating system in the following way: -# filesystems and encryption on both raw devices and partitions in all various combinations -# need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used -# by most users, libreboot GRUB config tries to load the operating system (kernel) in the following way: +# 1. Look for user configuration on unencrypted devices first to avoid +# unnecessary decryption routines in the following order: - # Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common - - # prompt user for passphrase if LUKS header is found - cryptomount ahci0 - for j in 1 2 3 4 5 6 7 8 9; do - cryptomount ahci0,${j} +# 1) raw devices and MBR/GPT partitions + search_grub ahci +# 2) LVM and RAID which might be used accross multiple devices + lvm="lvm/*" + raid="md0 md0,1 md0,2 md0,3 md0,4 md0,6 md0,7 md0,8 md0,9" + for vol in ${lvm} ${raid}; do + try_user_config "(${vol})" done +# 2. In case no configuration could be found, try decrypting devices. Look +# on raw crypto devices as well as inside LVM volumes this time. - # 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content - # will be searched before everything else for obvious reasons. Regardless of this, the devices' - # hirachy stays the same. - for d in crypto0 ahci0; do - switch_to_grub_config ${d} +# The user will be prompted for a passphrase if a LUKS header was found. + for dev in ahci0 ahci1 ${lvm}; do + cryptomount "(${dev})" done - for j in 1 2 3 4 5 6 7 8 9; do - for d in crypto0 ahci0; do - switch_to_grub_config "${d},${j}" +# 3) encrypted devices/partitions + for i in 0 1; do + for part in 1 2 3 4 5; do + cryptomount "(ahci${i},${part})" done done - for l in lvm/matrix-root lvm/matrix-boot; do - switch_to_grub_config ${l} - done - # prompt user for passphrase if LUKS header is found but try using external keyfiles first - search -n -f /keyfile --set=kf --hint usb0, --hint usb1, - if [ $? = 0 ]; then - kf="-k (${kf})/keyfile ${d}" - fi - for d in ${devs}; do - cryptomount ${kf} ${d} - done - # 3. Do the same routine again, but for possibly decrypted data this time. - switch_to_grub_config crypto0 - for j in 1 2 3 4 5 6 7 8 9; do - switch_to_grub_config "crypto0,${j}" - done - for l in lvm/matrix-root lvm/matrix-boot; do - switch_to_grub_config ${l} - done - - # 3. Last resort, if none of the above succeeds, all you have is GRUB's shell - set root=ahci0,1 - for p in / /boot/; do - if [ -f "${p}vmlinuz" ]; then - linux ${p}vmlinuz root=/dev/sda1 rw - if [ -f "${p}initrd.img" ]; then - initrd ${p}initrd.img - fi - fi +# 3) encrypted devices/partitions + search_grub crypto +# 4) LVM inside LUKS containers + for vol in ${lvm}; do + try_user_config "(${vol})" done } -menuentry 'Parse ISOLINUX menu (AHCI) [a]' --hotkey='a' { - # Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS - parse_isolinux_config ahci0 - # Look for partitions - # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible - for j in 1 2 3 4 5 6 7 8 9; do - parse_isolinux_config "ahci0,${j}" - done +menuentry 'Search ISOLINUX menu (AHCI) [a]' --hotkey='a' { + search_isolinux ahci } -menuentry 'Parse ISOLINUX menu (USB) [u]' --hotkey='u' { - for i in 0 1; do - # Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS - parse_isolinux_config usb${i} - # Look for partitions - # GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible - for j in 1 2 3 4 5 6 7 8 9; do - parse_isolinux_config "usb${i},${j}" - done - done +menuentry 'Search ISOLINUX menu (USB) [u]' --hotkey='u' { + search_isolinux usb } -menuentry 'Parse ISOLINUX menu (CD/DVD) [d]' --hotkey='d' { +menuentry 'Search ISOLINUX menu (CD/DVD) [d]' --hotkey='d' { insmod ata - for x in ata0 ahci1; do - parse_isolinux_config ${x} + for dev in ata0 ahci1; do + try_isolinux_config "(${dev})" done } -menuentry 'Switch to grubtest.cfg [t]' --hotkey='t' { - set root=cbfsdisk +menuentry 'Load test configuration (grubtest.cfg) inside of CBFS [t]' --hotkey='t' { + set root='(cbfsdisk)' configfile /grubtest.cfg } -menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS [s]' --hotkey='s' { - insmod ahci - insmod usbms - insmod part_msdos - insmod part_gpt - for x in (ahci0,1) (ahci0,2) (ahci0,3) (ahci0,4) (usb0) (usb0,1) (usb0,2) (usb0,3) (usb0,4); do - if [ -f "$x/grub/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /grub/grub.cfg - unset superusers - } - fi - if [ -f "$x/boot/grub/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /boot/grub/grub.cfg - unset superusers - } - fi - if [ -f "$x/grub2/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /grub2/grub.cfg - unset superusers - } - fi - if [ -f "$x/boot/grub2/grub.cfg" ] ; then - submenu "Load Config from $x" $x { - root=$2 - source /boot/grub2/grub.cfg - unset superusers - } - fi - done +menuentry 'Search for GRUB2 configuration on external media [s]' --hotkey='s' { + search_grub usb } menuentry 'Poweroff [p]' --hotkey='p' { halt |