From fc28e72322a7650aaaeb604cf9d61cba3caf0644 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Wed, 3 Jan 2024 21:22:00 +0530
Subject: [PATCH] sys-boot/grub: install file with sbat contents, add --sbat to
 script

This is just the contents of the section, but the section
itself is written by grub-mkimage. sbat.csv needs to be passed
with --sbat.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 build_library/grub_install.sh                                | 5 +++++
 .../coreos-overlay/sys-boot/grub/files/sbat.csv.in           | 3 +++
 .../grub/{grub-2.06-r9.ebuild => grub-2.06-r10.ebuild}       | 5 +++++
 3 files changed, 13 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/sbat.csv.in
 rename sdk_container/src/third_party/coreos-overlay/sys-boot/grub/{grub-2.06-r9.ebuild => grub-2.06-r10.ebuild} (97%)

diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh
index eb070f8bb9..324be19c90 100755
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@@ -52,6 +52,8 @@ CORE_NAME=
 # fixed up the board root's grub will always be used.
 BOARD_GRUB=1
 
+SBAT_ARG=()
+
 case "${FLAGS_target}" in
     i386-pc)
         CORE_MODULES+=( biosdisk serial )
@@ -60,6 +62,7 @@ case "${FLAGS_target}" in
     x86_64-efi)
 	CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp )
         CORE_NAME="core.efi"
+        SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" )
         ;;
     x86_64-xen)
         CORE_NAME="core.elf"
@@ -68,6 +71,7 @@ case "${FLAGS_target}" in
         CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp )
         CORE_NAME="core.efi"
         BOARD_GRUB=1
+        SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" )
         ;;
     *)
         die_notrace "Unknown GRUB target ${FLAGS_target}"
@@ -174,6 +178,7 @@ sudo grub-mkimage \
     --directory "${GRUB_SRC}" \
     --config "${ESP_DIR}/${GRUB_DIR}/load.cfg" \
     --memdisk "${ESP_DIR}/flatcar/grub/grub.cfg.tar" \
+    "${SBAT_ARG[@]}" \
     --output "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
     "${CORE_MODULES[@]}"
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/sbat.csv.in b/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/sbat.csv.in
new file mode 100644
index 0000000000..21d760043e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/sbat.csv.in
@@ -0,0 +1,3 @@
+sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
+grub,4,Free Software Foundation,grub,@@UPSTREAM_VERSION@@,https://www.gnu.org/software/grub/
+grub.flatcar,1,Flatcar,grub2,@@VERSION@@,https://github.com/flatcar/flatcar
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r10.ebuild
similarity index 97%
rename from sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r9.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r10.ebuild
index 72140d4ab9..a05b1f03c8 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r9.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r10.ebuild
@@ -321,6 +321,11 @@ src_install() {
 
 	# https://bugs.gentoo.org/231935
 	dostrip -x /usr/lib/grub
+
+	# SBAT format documentation https://github.com/rhboot/shim/blob/main/SBAT.md
+	dodir /usr/share/grub
+	sed -e "s/@@UPSTREAM_VERSION@@/${PV}/" -e "s/@@VERSION@@/${PVR}/" "${FILESDIR}"/sbat.csv.in >"${ED}/usr/share/grub/sbat.csv"
+
 }
 
 pkg_postinst() {