[Git-commits] [grml/grml2usb] 92ffc0: Support Grml's new Secure Boot approach
Michael Prokop
noreply at github.com
Fri Jun 19 15:15:05 CEST 2020
Branch: refs/heads/master
Home: https://github.com/grml/grml2usb
Commit: 92ffc08bb28f73c79f195ded2fba02eeebfe925b
https://github.com/grml/grml2usb/commit/92ffc08bb28f73c79f195ded2fba02eeebfe925b
Author: Michael Prokop <mika at grml.org>
Date: 2020-06-19 (Fri, 19 Jun 2020)
Changed paths:
M grml2usb
Log Message:
-----------
Support Grml's new Secure Boot approach
Secure Boot support was kind of broken and in grml-live commit 518eb395d
we reworked the layout and handling of the configuration.
The main change is the new GRUB prefix /boot/grub/grub.cfg instead
of /EFI/ubuntu. We need to adopt this accordingly, though it's probably
not worth being backwards compatible (given that we never released
official Grml ISOs with Secure Boot).
NOTE: the configuration file /boot/grub/grub.cfg *inside* the efi.img
doesn't get adjusted via handle_grub_config() yet, so if we should ever
add custom boot entries directly into this grub configuration file
(which is known as the grml-live template file
templates/secureboot/grub.cfg), we'd have to adjust handle_grub_config()
or invoke handle_grub_config() from inside handle_secure_boot().
Also we install the grub.cfg from inside EFI as /boot/grub/x86_64-efi/grub.cfg.
Looking at GRUB's default configuration file (see `cat
(memdisk)/grub.cfg`) shows that if /boot/grub/x86_64-efi/grub.cfg exists
it's getting sourced before /boot/grub/grub.cfg. Since our *actual*
GRUB configuration of the Grml ISO is residing as /boot/grub/grub.cfg,
we can use /boot/grub/x86_64-efi/grub.cfg to control behavior in Secure
Boot mode.
Also ensure we take over file /conf/bootfile_*, which we
rely on from with grml-live's templates/secureboot/grub.cfg.
This work was funded by Grml-Forensic.
More information about the Git-commits
mailing list