From: Eliot Roxbergh Date: Sat, 25 May 2019 19:09:43 +0000 (+0200) Subject: Added custom grub config file X-Git-Url: https://git.g-eek.se/?a=commitdiff_plain;h=9c01fbcaa888de84adf20b67acacce09a410405b;p=inbyggd-frihet-wiki.git Added custom grub config file --- diff --git a/konfigurationer/resources/grub_0.cfg b/konfigurationer/resources/grub_0.cfg new file mode 100644 index 0000000..a6ecedb --- /dev/null +++ b/konfigurationer/resources/grub_0.cfg @@ -0,0 +1,234 @@ +set prefix=(memdisk)/boot/grub + +insmod nativedisk +insmod ehci +insmod ohci +insmod uhci +insmod usb +insmod usbms +insmod usbserial_pl2303 +insmod usbserial_ftdi +insmod usbserial_usbdebug + +# Serial and keyboard configuration, very important. +serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 +terminal_input --append serial +terminal_output --append serial +terminal_input --append at_keyboard +terminal_output --append cbmemc + +gfxpayload=keep +terminal_output --append gfxterm + +# Default to first option, automatically boot after 1 second +set default="0" +set timeout=2 + +# This is useful when using 'cat' on long files on GRUB terminal +set pager=1 +insmod png + +background_image (cbfsdisk)/background.png +loadfont (memdisk)/dejavusansmono.pf2 + +## Force kernel and other files used to be signed +trust (cbfsdisk)/public.key +set check_signatures=enforce + +## CREATE SUPERUSER and SET PASSWORD +#set superusers="user" +#password_pbkdf2 user ##can set pw with + +keymap usqwerty +function try_user_config { + set root="${1}" + for dir in boot grub grub2 boot/grub boot/grub2; do + for name in libreboot_ autoboot_ librecore_ coreboot_ ''; do + if [ -f /"${dir}"/"${name}"grub.cfg ]; then + unset superusers + configfile /"${dir}"/"${name}"grub.cfg + fi + done + done +} +function search_grub { + for i in 0 1; do + # raw devices + try_user_config "(${1}${i})" + for part in 1 2 3 4 5; do + # MBR/GPT partitions + try_user_config "(${1}${i},${part})" + done + done +} +function try_isolinux_config { + set root="${1}" + for dir in '' /boot; do + if [ -f "${dir}"/isolinux/isolinux.cfg ]; then + syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg + elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then + syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg + fi + done +} +function search_isolinux { + for i in 0 1; do + # raw devices + try_isolinux_config "(${1}${i})" + for part in 1 2 3 4 5; do + # MBR/GPT partitions + try_isolinux_config "(${1}${i},${part})" + done + done +} + + +menuentry 'Boot to custom signed OS [q]' --hotkey='q' --unrestricted { + cryptomount -H (cbfsdisk)/luks_header (usb0,gpt1) + cryptomount -H (cbfsdisk)/luks_header (usb0,msdos1) + + #try boot first since / might symlink to boot and break + set root=(lvm/matrix-boot) + if [ -f "/vmlinuz" ]; then + if [ -f "/initrd.img" ]; then + linux /vmlinuz + initrd /initrd.img + fi + + else + echo "Trying to boot lvm/matrix-boot.." + echo "Couldn't find kernel" + echo "Trying to boot lvm/matrix-rootvol.." + set root=(lvm/matrix-rootvol) + if [ -f "/vmlinuz" ]; then + if [ -f "/initrd.img" ]; then + linux /vmlinuz + initrd /initrd.img + fi + fi + + fi + #echo "Couldn't find kernel or initrd, or it wasn't signed" + #echo "Is the newest kernel signed? Is the luks header signed on boot flash?" +} + +menuentry 'Boot to regular encrypted OS [x]' --hotkey='x' { +#Simple setup to boot from encrypted boot partition +#LUKS -> LVM -> logical volumes +#LVM name matrix and boot volume rootvol or boot +#Might get weird if multiple lvm devices connected + set check_signatures=no + cryptomount -a + + #try boot first since / might symlink to boot and break + set root=(lvm/matrix-boot) + if [ -f "/vmlinuz" ]; then + if [ -f "/initrd.img" ]; then + linux /vmlinuz + initrd /initrd.img + fi + + else + echo "Trying to boot lvm/matrix-boot.." + echo "Couldn't find kernel" + echo "Trying to boot lvm/matrix-rootvol.." + set root=(lvm/matrix-rootvol) + if [ -f "/vmlinuz" ]; then + if [ -f "/initrd.img" ]; then + linux /vmlinuz + initrd /initrd.img + fi + fi + + fi +} +menuentry 'Load Operating Systems (vanilla) [o]' --hotkey='o' { +# GRUB2 handles (almost) every possible disk setup, but only the location of +# /boot is actually important since GRUB2 only loads the user's config. + +# LVM, RAID, filesystems and encryption on both raw devices and partitions in +# all various combinations need to be supported. Since full disk encryption is +# possible with GRUB2 as payload and probably even used by most users, this +# configuration tries to load the operating system in the following way: + +# 1. Look for user configuration on unencrypted devices first to avoid +# unnecessary decryption routines in the following order: + +# 1) raw devices and MBR/GPT partitions + search_grub ahci + search_grub ata +# 2) LVM and RAID which might be used accross multiple devices + lvm="lvm/matrix-rootvol lvm/matrix-boot" + raid="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9" + for vol in ${lvm} ${raid}; do + try_user_config "(${vol})" + done +# 2. In case no configuration could be found, try decrypting devices. Look +# on raw crypto devices as well as inside LVM volumes this time. + +# The user will be prompted for a passphrase if a LUKS header was found. + for dev in ahci0 ata0 usb0 ${lvm}; do + cryptomount "(${dev})" + done +# 3) encrypted devices/partitions + for i in 0 1; do + for part in 1 2 3 4 5; do + for type in ahci ata; do + cryptomount "(${type}${i},${part})" + done + done + done + +# 3) encrypted devices/partitions + search_grub crypto +# 4) LVM inside LUKS containers + for vol in ${lvm}; do + try_user_config "(${vol})" + done + + # Last resort, if all else fails + set root=ahci0,1 + for p in / /boot/; do + if [ -f "${p}vmlinuz" ]; then + linux ${p}vmlinuz root=/dev/sda1 rw + if [ -f "${p}initrd.img" ]; then + initrd ${p}initrd.img + fi + fi + done + + # Last resort (for GA-G41-ES2L which uses IDE emulation mode for SATA) + set root=ata0,1 + for p in / /boot/; do + if [ -f "${p}vmlinuz" ]; then + linux ${p}vmlinuz root=/dev/sda1 rw + if [ -f "${p}initrd.img" ]; then + initrd ${p}initrd.img + fi + fi + done +} + +menuentry 'Search ISOLINUX menu (USB) [u]' --hotkey='u' { + set check_signatures=no + search_isolinux usb +} +menuentry 'Load test configuration [t]' --hotkey='t' { + set check_signatures=no + set root='(cbfsdisk)' + configfile /grubtest.cfg +} +menuentry 'Search for GRUB2 configuration [s]' --hotkey='s' { + set check_signatures=no + search_grub usb +} +menuentry 'Poweroff [p]' --hotkey='p' --unrestricted { + halt +} +menuentry 'Reboot [r]' --hotkey='r' --unrestricted { + reboot +} + + + +