mirror of
				https://github.com/flatcar/scripts.git
				synced 2025-10-25 06:11:07 +02:00 
			
		
		
		
	With secure boot a failed shim signature check will leave us stuck in grub. Enable automatic fallback in that case.
		
			
				
	
	
		
			141 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
			
		
		
	
	
			141 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
| # Main GRUB config
 | |
| 
 | |
| # Set the prefix back to the correct value after we're done with memdisk
 | |
| set prefix=($root)/flatcar/grub
 | |
| 
 | |
| # Load any and all video drivers.
 | |
| # Required under UEFI to boot Linux with a working console.
 | |
| insmod all_video
 | |
| 
 | |
| # Default menuentry id and boot timeout
 | |
| set default="flatcar"
 | |
| # Retry default boot entry - this will decrement the gpt tries counter and
 | |
| # switch to previous entry when all attempts are exhausted.
 | |
| set fallback="0 0 0"
 | |
| set timeout=1
 | |
| 
 | |
| # Default kernel args for root filesystem, console, and Flatcar.
 | |
| set linux_root="root=LABEL=ROOT"
 | |
| set linux_console=""
 | |
| set first_boot=""
 | |
| set randomize_disk_guid=""
 | |
| set oem_id=""
 | |
| 
 | |
| # Anything else the OEM adds should use this variable.
 | |
| set linux_append=""
 | |
| 
 | |
| set secure_boot="0"
 | |
| 
 | |
| if [ "$net_default_server" != "" ]; then
 | |
|    smbios --type 1 --get-uuid 8 --set uuid
 | |
|    smbios --type 1 --get-string 7 --set serial
 | |
|    set mac=$net_default_mac
 | |
|    # Re-DHCP as grub to get the API endpoint
 | |
|    net_bootp $net_default_interface
 | |
|    # This is awful, but grub doesn't support a nice way to do this
 | |
|    for i in "$net_efinet0_dhcp_boot_file" "$net_efinet1_dhcp_boot_file" "$net_efinet2_dhcp_boot_file" "$net_efinet3_dhcp_boot_file" "$net_efinet4_dhcp_boot_file" "$net_efinet5_dhcp_boot_file" "$net_efinet6_dhcp_boot_file" "$net_efinet7_dhcp_boot_file" "$net_efinet8_dhcp_boot_file" "$net_efinet9_dhcp_boot_file"; do
 | |
|       if [ "$i" != "" ]; then
 | |
|           set endpoint="$i"
 | |
|           break
 | |
|       fi
 | |
|    done
 | |
|    if [ "$endpoint" != "" ]; then
 | |
|       set url="${endpoint}?uuid=$uuid&serial=$serial&mac=$mac"
 | |
|       if [ "$gpgpubkey" != "" ]; then
 | |
|          set check_signatures="enforce"
 | |
|       fi
 | |
|       configfile $url
 | |
|    fi
 | |
| fi
 | |
| 
 | |
| # Search for the OEM partition, load additional configuration if found.
 | |
| if [ "$secure_boot" = "0" ]; then
 | |
|    search --no-floppy --set oem --part-label OEM --hint "$root"
 | |
|    if [ -n "$oem" -a -f "($oem)/grub.cfg" ]; then
 | |
|        source "($oem)/grub.cfg"
 | |
|    fi
 | |
| fi
 | |
| 
 | |
| # Determine if this is a first boot.
 | |
| if [ -f "($root)/flatcar/first_boot" ]; then
 | |
|     set first_boot="flatcar.first_boot=detected"
 | |
| fi
 | |
| if [ -f "($root)/coreos/first_boot" ]; then
 | |
|     set first_boot="flatcar.first_boot=detected"
 | |
| fi
 | |
| 
 | |
| set oem=""
 | |
| if [ -n "$oem_id" ]; then
 | |
|     set oem="flatcar.oem.id=$oem_id"
 | |
| fi
 | |
| 
 | |
| # If no specific console has been set by the OEM then select based on
 | |
| # platform, most systems use vga text as primary and ttyS0 as secondary.
 | |
| if [ -z "$linux_console" ]; then
 | |
|     if [ "$grub_platform" = pc ]; then
 | |
|         set linux_console="console=ttyS0,115200n8 console=tty0"
 | |
|         serial com0 --speed=115200 --word=8 --parity=no
 | |
|         terminal_input console serial_com0
 | |
|         terminal_output console serial_com0
 | |
|     elif [ "$grub_platform" = efi ]; then
 | |
|         if [ "$grub_cpu" = arm64 ]; then
 | |
|             set linux_console="console=ttyAMA0,115200n8"
 | |
|         else
 | |
|             set linux_console="console=ttyS0,115200n8 console=tty0"
 | |
|        fi
 | |
|     elif [ "$grub_platform" = xen ]; then
 | |
|         set linux_console="console=hvc0"
 | |
|     fi
 | |
| fi
 | |
| 
 | |
| set extra_options=""
 | |
| if [ "$grub_cpu" = arm64 ]; then
 | |
| 	set extra_options="acpi=force"
 | |
| fi
 | |
| 
 | |
| set suf=""
 | |
| 
 | |
| # Assemble the options applicable to all the kernels below
 | |
| set linux_cmdline="rootflags=rw mount.usrflags=ro consoleblank=0 $linux_root $linux_console $first_boot $randomize_disk_guid $extra_options $oem $linux_append"
 | |
| 
 | |
| # Re-implement grub_abort() since no command exposes it.
 | |
| function abort {
 | |
|     echo
 | |
|     echo "Aborted. Press enter to exit GRUB."
 | |
|     read anything
 | |
|     exit
 | |
| }
 | |
| 
 | |
| # Select the kernel and usr partition to boot.
 | |
| function gptprio {
 | |
|     # TODO: device name is no longer needed, should make it optional...
 | |
|     gptprio.next -d usr_device -u usr_uuid
 | |
|     if [ $? -ne 0 -o -z "$usr_uuid" ]; then
 | |
|         echo
 | |
|         echo "Reading or updating the GPT failed!"
 | |
|         echo "Please file a bug with any messages above to Flatcar:"
 | |
|         echo " https://issues.flatcar.org"
 | |
|         abort
 | |
|     fi
 | |
| 
 | |
|     set gptprio_cmdline="@@MOUNTUSR@@=PARTUUID=$usr_uuid"
 | |
|     if [ "$usr_uuid" = "7130c94a-213a-4e5a-8e26-6cce9662f132" ]; then
 | |
|         set gptprio_kernel="/flatcar/vmlinuz-a"
 | |
|     else
 | |
|         set gptprio_kernel="/flatcar/vmlinuz-b"
 | |
|     fi
 | |
| }
 | |
| 
 | |
| menuentry "Flatcar default" --id=flatcar --unrestricted {
 | |
|     gptprio
 | |
|     linux$suf $gptprio_kernel $gptprio_cmdline $linux_cmdline
 | |
| }
 | |
| 
 | |
| menuentry "Flatcar USR-A" --id=flatcar-a {
 | |
|    linux$suf /flatcar/vmlinuz-a @@MOUNTUSR@@=PARTLABEL=USR-A $linux_cmdline
 | |
| }
 | |
| 
 | |
| menuentry "Flatcar USR-B" --id=flatcar-b {
 | |
|    linux$suf /flatcar/vmlinuz-b @@MOUNTUSR@@=PARTLABEL=USR-B $linux_cmdline
 | |
| }
 |