From 93cbba765dbd23acd3486d12af2a381c22c14aea Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Thu, 14 Nov 2024 16:08:04 +0000 Subject: [PATCH] grub_install.sh: Only install additional GRUB modules for non-SB targets Secure Boot prevents you from loading additional modules so remove them to save space. These modules could be useful for debugging with Secure Boot disabled, but manually copying the modules with debug symbols is even more useful and not that difficult. Signed-off-by: James Le Cuirot --- build_library/grub_install.sh | 24 ++++++++++++-------- changelog/changes/2024-11-18-grub-modules.md | 1 + 2 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 changelog/changes/2024-11-18-grub-modules.md diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh index 5c5e7a43b3..cbe2958b96 100755 --- a/build_library/grub_install.sh +++ b/build_library/grub_install.sh @@ -126,11 +126,21 @@ if [[ -z ${MOUNTED} ]]; then fi sudo mkdir -p "${ESP_DIR}/${GRUB_DIR}" "${ESP_DIR}/${GRUB_IMAGE%/*}" -info "Compressing modules in ${GRUB_DIR}" -for file in "${GRUB_SRC}"/*{.lst,.mod}; do - out="${ESP_DIR}/${GRUB_DIR}/${file##*/}" - gzip --best --stdout "${file}" | sudo_clobber "${out}" -done +# Additional GRUB modules cannot be loaded with Secure Boot enabled, so only +# copy and compress these for target that don't support it. +case "${FLAGS_target}" in + x86_64-efi|arm64-efi) : ;; + *) + info "Compressing modules in ${GRUB_DIR}" + for file in "${GRUB_SRC}"/*{.lst,.mod}; do + for core_mod in "${CORE_MODULES[@]}"; do + [[ ${file} == ${GRUB_SRC}/${core_mod}.mod ]] && continue 2 + done + out="${ESP_DIR}/${GRUB_DIR}/${file##*/}" + gzip --best --stdout "${file}" | sudo_clobber "${out}" + done + ;; +esac info "Generating ${GRUB_DIR}/load.cfg" # Include a small initial config in the core image to search for the ESP @@ -177,10 +187,6 @@ sudo grub-mkimage \ --output "${ESP_DIR}/${GRUB_IMAGE}" \ "${CORE_MODULES[@]}" -for mod in "${CORE_MODULES[@]}"; do - sudo rm "${ESP_DIR}/${GRUB_DIR}/${mod}.mod" -done - # Now target specific steps to make the system bootable case "${FLAGS_target}" in x86_64-efi|arm64-efi) diff --git a/changelog/changes/2024-11-18-grub-modules.md b/changelog/changes/2024-11-18-grub-modules.md new file mode 100644 index 0000000000..ed8f3d096b --- /dev/null +++ b/changelog/changes/2024-11-18-grub-modules.md @@ -0,0 +1 @@ +- Additional GRUB modules are no longer installed for UEFI platforms to save space and also because they cannot be loaded with Secure Boot enabled. This does not affect existing installations.