Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support Grml's new Secure Boot approach
Secure Boot support was kind of broken and in grml-live commit 518eb395d we reworked the layout and handling of the configuration. The main change is the new GRUB prefix /boot/grub/grub.cfg instead of /EFI/ubuntu. We need to adopt this accordingly, though it's probably not worth being backwards compatible (given that we never released official Grml ISOs with Secure Boot). NOTE: the configuration file /boot/grub/grub.cfg *inside* the efi.img doesn't get adjusted via handle_grub_config() yet, so if we should ever add custom boot entries directly into this grub configuration file (which is known as the grml-live template file templates/secureboot/grub.cfg), we'd have to adjust handle_grub_config() or invoke handle_grub_config() from inside handle_secure_boot(). Also we install the grub.cfg from inside EFI as /boot/grub/x86_64-efi/grub.cfg. Looking at GRUB's default configuration file (see `cat (memdisk)/grub.cfg`) shows that if /boot/grub/x86_64-efi/grub.cfg exists it's getting sourced before /boot/grub/grub.cfg. Since our *actual* GRUB configuration of the Grml ISO is residing as /boot/grub/grub.cfg, we can use /boot/grub/x86_64-efi/grub.cfg to control behavior in Secure Boot mode. Also ensure we take over file /conf/bootfile_*, which we rely on from with grml-live's templates/secureboot/grub.cfg. This work was funded by Grml-Forensic.
- Loading branch information