projects / grml-live.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Secure Boot support
[grml-live.git] / templates / secureboot / grub.cfg
diff --git a/templates/secureboot/grub.cfg b/templates/secureboot/grub.cfg
new file mode 100644 (file)
index 0000000..b378aab
--- /dev/null
+++ b/templates/secureboot/grub.cfg
@@ -0,0 +1,112 @@
+set grml_orig_prefix=$prefix
+export grml_orig_prefix
+set grml_orig_root=$root
+export grml_orig_root
+
+set prefix=(hd0)/boot/grub/
+set root=(hd0)
+source (hd0)/boot/grub/grmlenv.cfg
+set prefix=(hd0)/boot/grub/
+
+if [ "$grml_secureboot" = false ] ; then
+  set root=(hd0)
+  configfile /boot/grub/grub.cfg
+else
+  set prefix=$grml_orig_prefix
+  set root=$grml_orig_root
+
+  set timeout=20
+  set root=(hd0)
+
+  # this is basically a copy of templates/boot/grub/header.cfg but to avoid
+  # failures due to Secure Boot restrictions and sourcing addons.cfg via
+  # /boot/grub/loopback.cfg (and then showing entries that are at the wrong
+  # position as well as don't work at all) we have to specify the appropriate
+  # config here
+  if loadfont /boot/grub/ascii.pf2 ; then
+    set gfxmode=auto
+    insmod efi_gop
+    insmod efi_uga
+    insmod gfxterm
+    insmod png
+    # this is forbidden to be loaded under Secure Boot:
+    #insmod vbe
+    terminal_output gfxterm
+  fi
+
+  if [ -f /boot/grub/%GRML_NAME%-theme/theme.txt ] ; then
+    set theme=/boot/grub/%GRML_NAME%-theme/theme.txt
+    export theme
+  elif [ -f /boot/grub/grml-theme/theme.txt ] ; then
+    set theme=/boot/grub/grml-theme/theme.txt
+    export theme
+  else
+    set menu_color_normal=white/black
+    set menu_color_highlight=black/light-gray
+    set color_normal=white/black
+  fi
+
+  menuentry "Boot %GRML_NAME% in normal mode (release %VERSION%, Secure Boot enabled)" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - enable persistency" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 persistence 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - copy %GRML_NAME% to RAM" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 toram=%GRML_NAME%.squashfs 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - copy whole medium to RAM" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 toram 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - disable framebuffer/kernel mode setting" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 video=vesafb:off cirrus.modeset=0 i915.modeset=0 mgag200.modeset=0 nomodeset nouveau.modeset=0 radeon.modeset=0 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - enable forensic mode" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 read-only nofstab noraid nodmraid nolvm noautoconfig noswap raid=noautodetect 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - enable serial console" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 video=vesafb:off console=tty1 console=ttyS0,9600n8 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+
+  menuentry "Boot %GRML_NAME% - debug mode" {
+      set gfxpayload=keep
+      echo 'Loading kernel...'
+      linux   /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 initcall verbose debug=vc systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M 
+      echo 'Loading initrd...'
+      initrd  /boot/%SHORT_NAME%/initrd.img
+  }
+fi
build system for creating a Grml (based) live system