grub2/grub2-secureboot-use-linuxefi-on-uefi.patch
Stephan Kulow 7127299ebe Accepting request 143018 from devel:openSUSE:Factory
- ship a Secure Boot UEFI compatible bootloader (fate#314485)
- added secureboot patches which introduces new linuxefi module
  that is able to perform verifying signed images via exported
  protocol from shim. The insmod command will not function if
  secure boot enabled (as all modules should built in grub.efi
  and signed).
  - grub2-secureboot-add-linuxefi.patch
  - grub2-secureboot-use-linuxefi-on-uefi.patch
  - grub2-secureboot-no-insmod-on-sb.patch
  - grub2-secureboot-provide-linuxefi-config.patch
- Makefile.core.am : support building linuxefi module
- Make grub.efi image that is with all relevant modules incorporated
  and signed, it will be the second stage to the shim loader which
  will verified it when secureboot enabled.
- Make grub.efi's path to align with shim loader's default loader
  lookup path.
- The changes has been verified not affecting any factory instalation,
  but will allow us to run & test secure boot setup manually with shim. (forwarded request 143007 from michael-chang)

OBS-URL: https://build.opensuse.org/request/show/143018
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=52
2012-11-28 09:34:03 +00:00

52 lines
1.7 KiB
Diff

From 151b1691fe0cf885df101c6e6a7cb1defc50428b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 16 Jul 2012 18:57:11 -0400
Subject: [PATCH] Use "linuxefi" and "initrdefi" where appropriate
References: fate#314485
Patch-Mainline: no
Signed-off-by: Michael Chang <mchang@suse.com>
---
util/grub.d/10_linux.in | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
Index: grub-2.00/util/grub.d/10_linux.in
===================================================================
--- grub-2.00.orig/util/grub.d/10_linux.in
+++ grub-2.00/util/grub.d/10_linux.in
@@ -133,17 +133,31 @@ linux_entry ()
printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
fi
message="$(gettext_printf "Loading Linux %s ..." ${version})"
- sed "s/^/$submenu_indentation/" << EOF
+ if [ -d /sys/firmware/efi ]; then
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$message'
+ linuxefi ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
+EOF
+ else
+ sed "s/^/$submenu_indentation/" << EOF
echo '$(echo "$message" | grub_quote)'
linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ${args}
EOF
+ fi
if test -n "${initrd}" ; then
# TRANSLATORS: ramdisk isn't identifier. Should be translated.
message="$(gettext_printf "Loading initial ramdisk ...")"
- sed "s/^/$submenu_indentation/" << EOF
+ if [ -d /sys/firmware/efi ]; then
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$message'
+ initrdefi ${rel_dirname}/${initrd}
+EOF
+ else
+ sed "s/^/$submenu_indentation/" << EOF
echo '$(echo "$message" | grub_quote)'
initrd ${rel_dirname}/${initrd}
EOF
+ fi
fi
sed "s/^/$submenu_indentation/" << EOF
}