ad4c1853ad
- ship a Secure Boot UEFI compatible bootloader (fate#314485) - added secureboot patches which introduces new linuxefi module that is able to perform verifying signed images via exported protocol from shim. The insmod command will not function if secure boot enabled (as all modules should built in grub.efi and signed). - grub2-secureboot-add-linuxefi.patch - grub2-secureboot-use-linuxefi-on-uefi.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-provide-linuxefi-config.patch - Makefile.core.am : support building linuxefi module - Make grub.efi image that is with all relevant modules incorporated and signed, it will be the second stage to the shim loader which will verified it when secureboot enabled. - Make grub.efi's path to align with shim loader's default loader lookup path. - The changes has been verified not affecting any factory instalation, but will allow us to run & test secure boot setup manually with shim. (forwarded request 143007 from michael-chang) OBS-URL: https://build.opensuse.org/request/show/143018 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=52
52 lines
1.7 KiB
Diff
52 lines
1.7 KiB
Diff
From 151b1691fe0cf885df101c6e6a7cb1defc50428b Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Mon, 16 Jul 2012 18:57:11 -0400
|
|
Subject: [PATCH] Use "linuxefi" and "initrdefi" where appropriate
|
|
|
|
References: fate#314485
|
|
Patch-Mainline: no
|
|
|
|
Signed-off-by: Michael Chang <mchang@suse.com>
|
|
---
|
|
util/grub.d/10_linux.in | 18 ++++++++++++++++--
|
|
1 files changed, 16 insertions(+), 2 deletions(-)
|
|
|
|
Index: grub-2.00/util/grub.d/10_linux.in
|
|
===================================================================
|
|
--- grub-2.00.orig/util/grub.d/10_linux.in
|
|
+++ grub-2.00/util/grub.d/10_linux.in
|
|
@@ -133,17 +133,31 @@ linux_entry ()
|
|
printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
|
|
fi
|
|
message="$(gettext_printf "Loading Linux %s ..." ${version})"
|
|
- sed "s/^/$submenu_indentation/" << EOF
|
|
+ if [ -d /sys/firmware/efi ]; then
|
|
+ sed "s/^/$submenu_indentation/" << EOF
|
|
+ echo '$message'
|
|
+ linuxefi ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
|
|
+EOF
|
|
+ else
|
|
+ sed "s/^/$submenu_indentation/" << EOF
|
|
echo '$(echo "$message" | grub_quote)'
|
|
linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ${args}
|
|
EOF
|
|
+ fi
|
|
if test -n "${initrd}" ; then
|
|
# TRANSLATORS: ramdisk isn't identifier. Should be translated.
|
|
message="$(gettext_printf "Loading initial ramdisk ...")"
|
|
- sed "s/^/$submenu_indentation/" << EOF
|
|
+ if [ -d /sys/firmware/efi ]; then
|
|
+ sed "s/^/$submenu_indentation/" << EOF
|
|
+ echo '$message'
|
|
+ initrdefi ${rel_dirname}/${initrd}
|
|
+EOF
|
|
+ else
|
|
+ sed "s/^/$submenu_indentation/" << EOF
|
|
echo '$(echo "$message" | grub_quote)'
|
|
initrd ${rel_dirname}/${initrd}
|
|
EOF
|
|
+ fi
|
|
fi
|
|
sed "s/^/$submenu_indentation/" << EOF
|
|
}
|