Commit graph

291 commits

Author SHA1 Message Date
Ian Jackson
a81401ff49 templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK)
XSM is enabled by adding "flask=enforcing" as a Xen command line
argument, and providing the policy file as a grub module.

We make entries for both with and without XSM. If XSM is not compiled
into Xen, then there are no policy files, so no change to the boot
options.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-05-25 15:00:56 +02:00
Ian Jackson
7a9b30143b templates/20_linux_xen: Ignore xenpolicy and config files too
file_is_not_sym() currently only checks for xen-syms. Extend it to
disregard xenpolicy (XSM policy files) and files ending .config (which
are built by the Xen upstream build system in some configurations and
can therefore end up in /boot).

Rename the function accordingly, to file_is_not_xen_garbage().

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-05-25 15:00:37 +02:00
Steve Langasek
46d76f8fef templates: Output a menu entry for firmware setup on UEFI FastBoot systems
The fwsetup command allows to reboot into the EFI firmware setup menu, add
a template to include a menu entry on EFI systems that makes use of that
command to reboot into the EFI firmware settings.

This is useful for users since the hotkey to enter into the EFI setup menu
may not be the same on all systems so users can use the menu entry without
needing to figure out what key needs to be pressed.

Also, if fastboot is enabled in the BIOS then often it is not possible to
enter the firmware setup menu. So the entry is again useful for this case.

Signed-off-by: Steve Langasek <steve.langasek@ubuntu.com>
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-21 22:14:12 +02:00
Eli Schwartz
28a7e597de grub-mkconfig: Use portable "command -v" to detect installed programs
The "which" utility is not guaranteed to be installed either, and if it
is, its behavior is not portable either.

Conversely, the "command -v" shell builtin is required to exist in all
POSIX 2008 compliant shells, and is thus guaranteed to work everywhere.

Examples of open-source shells likely to be installed as /bin/sh on
Linux, which implement the 11-year-old standard: ash, bash, busybox,
dash, ksh, mksh and zsh.

A side benefit of using the POSIX portable option is that it requires
neither an external disk executable, nor (because unlike "which", the
exit code is reliable) a subshell fork. This therefore represents a mild
speedup.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-10-28 15:38:48 +01:00
Prarit Bhargava
ee4bd79ef2 templates: Fix bad test on GRUB_DISABLE_SUBMENU
The GRUB_DISABLE_SUBMENU option is different than the others in the sense
that it has to be set to "y" instead of "true" to be enabled.

That causes a lot of confusion to users, some may wrongly set it to "true"
expecting that will work the same than with most options, and some may set
it to "yes" since for other options the value to set is a word and not a
single character.

This patch changes all the grub.d scripts using the GRUB_DISABLE_SUBMENU
option, so they check if it was set to "true" instead of "y", making it
consistent with all the other options.

But to keep backward compatibility for users that set the option to "y" in
/etc/default/grub file, keep testing for this value. And also do it for
"yes", since it is a common mistake made by users caused by this option
being inconsistent with the others.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-10-21 14:05:02 +02:00
Peter Große
e86f6aafb8 grub-mkconfig/20_linux_xen: Support multiple early initrd images
Add support for multiple, shared, early initrd images. These early
images will be loaded in the order declared, and all will be loaded
before the initrd image.

While many classes of data can be provided by early images, the
immediate use case would be for distributions to provide CPU
microcode to mitigate the Meltdown and Spectre vulnerabilities.

Xen has also support to load microcode updates provided as additional
modules by the bootloader.

There are two environment variables provided for declaring the early
images.

* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
  images that are provided by the distribution or installed packages.
  If undeclared, this will default to a set of common microcode image
  names.

* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
  images will be loaded after the stock images.

These separate configurations allow the distribution and user to
declare different image sets without clobbering each other.

This also makes a minor update to ensure that UUID partition labels
stay disabled when no initrd image is found, even if early images are
present.

This is basically a copy of a698240d "grub-mkconfig/10_linux: Support
multiple early initrd images" by Matthew S. Turnbull.

Signed-off-by: Peter Große <pegro@friiks.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-01-14 11:56:19 +01:00
Colin Watson
e720eef6a6 Cope with / being on a ZFS root dataset
If / is on the root dataset in a ZFS pool, then ${bootfs} will be set to
"/" (whereas if it is on a non-root dataset, there will be no trailing
slash).  Passing "root=ZFS=${rpool}/" will fail to boot, but
"root=ZFS=${rpool}" works fine, so strip the trailing slash.

Fixes: https://savannah.gnu.org/bugs/?52746

Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Tested-by: Fejes József <jozsef.fejes@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-11-09 13:36:52 +01:00
Daniel Kiper
ba474d531a templates: Add missing "]"
Commit 51be337 (templates: Update grub script template files)
lacked one "]", so, add it.

Reported-by: Philip <philm@manjaro.org>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-06-05 13:04:04 +02:00
Nicholas Vinson
51be3372ec templates: Update grub script template files
Update grub-mkconfig.in and 10_linux.in to support grub-probe's new
partuuid target.  Update grub.texi documentation.  The following table
shows how GRUB_DISABLE_LINUX_UUID, GRUB_DISABLE_LINUX_PARTUUID, and
initramfs detection interact:

Initramfs  GRUB_DISABLE_LINUX_PARTUUID  GRUB_DISABLE_LINUX_UUID  Linux Root
detected   Set                          Set                      ID Method

false      false                        false                    part UUID
false      false                        true                     part UUID
false      true                         false                    dev name
false      true                         true                     dev name
true       false                        false                    fs UUID
true       false                        true                     part UUID
true       true                         false                    fs UUID
true       true                         true                     dev name

Note: GRUB_DISABLE_LINUX_PARTUUID and GRUB_DISABLE_LINUX_UUID equate to
      'false' when unset or set to any value other than 'true'.
      GRUB_DISABLE_LINUX_PARTUUID defaults to 'true'.

Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-04-23 13:31:02 +02:00
Matthew S. Turnbull
a698240df0 grub-mkconfig/10_linux: Support multiple early initrd images
Add support for multiple, shared, early initrd images. These early
images will be loaded in the order declared, and all will be loaded
before the initrd image.

While many classes of data can be provided by early images, the
immediate use case would be for distributions to provide CPU
microcode to mitigate the Meltdown and Spectre vulnerabilities.

There are two environment variables provided for declaring the early
images.

* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
  images that are provided by the distribution or installed packages.
  If undeclared, this will default to a set of common microcode image
  names.

* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
  images will be loaded after the stock images.

These separate configurations allow the distribution and user to
declare different image sets without clobbering each other.

This also makes a minor update to ensure that UUID partition labels
stay disabled when no initrd image is found, even if early images are
present.

This is a continuation of a previous patch published by Christian
Hesse in 2016:
http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html

Down stream Gentoo bug:
https://bugs.gentoo.org/645088

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-14 13:23:27 +01:00
dann frazier
d73badfd0a Revert "Keep the native terminal active when enabling gfxterm"
This can cause an issue where GRUB is trying to display both a text and
graphical menu on the display at the same time, resulting in a flickering
effect when e.g. scrolling quickly through a menu (LP: #1752767).

Revert for now while we look for a better solution for the original issue.

This reverts commit 52ef7b23f5.

Signed-off-by: dann frazier <dann.frazier@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 15:26:42 +01:00
dann frazier
52ef7b23f5 Keep the native terminal active when enabling gfxterm
grub-mkconfig will set GRUB_TERMINAL_OUTPUT to "gfxterm" unless the user
has overridden it. On EFI systems, this will stop output from going to the
default "console" terminal. When the EFI fw console is configured to output to
both serial and video, this will cause GRUB to only display on video - while
continuing to accept input from both video and serial.

Instead of switching from "console" to "gfxterm", let's output to both.

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-01-29 12:51:03 +01:00
Konrad Rzeszutek Wilk
b4d709b6ee Use grub-file to figure out whether multiboot2 should be used for Xen.gz
The multiboot2 is much more preferable than multiboot. Especiall
if booting under EFI where multiboot does not have the functionality
to pass ImageHandler.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-09-07 23:25:29 +02:00
Konrad Rzeszutek Wilk
a8e0f1adf7 Fix util/grub.d/20_linux_xen.in: Add xen_boot command support for aarch64
Commit d33045ce7f introduced
the support for this, but it does not work under x86 (as it stops
20_linux_xen from running).

The 20_linux_xen is run under a shell and any exits from within it:

(For example on x86):
+ /usr/bin/grub2-file --is-arm64-efi /boot/xen-4.9.0.gz
[root@tst063 grub]# echo $?
1

will result in 20_linux_xen exiting without continuing
and also causing grub2-mkconfig to stop processing.

As in:

 [root@tst063 grub]# ./grub-mkconfig | tail
 Generating grub configuration file ...
 Found linux image: /boot/vmlinuz-4.13.0-0.rc5.git1.1.fc27.x86_64
 Found initrd image: /boot/initramfs-4.13.0-0.rc5.git1.1.fc27.x86_64.img
 Found linux image: /boot/vmlinuz-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2
 Found initrd image: /boot/initramfs-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2.img
 		echo	'Loading Linux 0-rescue-ec082ee24aea41b9b16aca52a6d10cc2 ...'
 		linux	/vmlinuz-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2 root=/dev/mapper/fedora_tst063-root ro single
 		echo	'Loading initial ramdisk ...'
 		initrd	/initramfs-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2.img
 	}
 }

 ### END /usr/local/etc/grub.d/10_linux ###

 ### BEGIN /usr/local/etc/grub.d/20_linux_xen ###

 root@tst063 grub]#

And no more.

This patch wraps the invocation of grub-file to be a in subshell
and to process the return value in a conditional. That fixes
the issue.

RH-BZ 1486002: grub2-mkconfig does not work if xen.gz is installed.

CC: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-09-07 23:25:29 +02:00
Fu Wei
d33045ce7f util/grub.d/20_linux_xen.in: Add xen_boot command support for aarch64
This patch adds the support of xen_boot command for aarch64:
    xen_hypervisor
    xen_module
These two commands are only for aarch64, since it has its own protocol and
commands to boot xen hypervisor and Dom0, but not multiboot.

For other architectures, they are still using multiboot and module
commands.

Signed-off-by: Fu Wei <fu.wei@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-05-18 22:30:35 +02:00
Andrei Borzenkov
9545a8fd04 20_linux_xen: fix test for GRUB_DEVICE
Same fix as in 082bc9f.
2016-03-06 08:54:19 +03:00
Mike Gilbert
082bc9f77b 10_linux: Fix grouping of tests for GRUB_DEVICE
Commit 7290bb562 causes GRUB_DISABLE_LINUX_UUID to be ignored due to
mixing of || and && operators. Add some parens to help with that.
2016-03-06 08:51:07 +03:00
Vladimir Serbinenko
7c35f65aac xnu: Add new kernel path to autoconfig. 2016-02-12 15:42:26 +01:00
Andrei Borzenkov
7290bb5623 10_linux: avoid multi-device root= kernel argument
If root filesystem is multidev btrfs, do not attempt to pass all devices as
kernel root= argument. This results in splitting command line in GRUB due to
embedded newline and even if we managed to quote it, kernel does not know how
to interpret it anyway. Multidev btrfs requires user space device scanning,
so passing single device would not work too.

This still respects user settings GRUB_DISABLE_LINUX_UUID. Not sure what we
should do in this case.

Closes: 45709
2016-02-01 20:13:48 +03:00
Andrey Borzenkov
2333a83baa 30_os-prober: derive --class from os-prober generated label
Currently only Windows gets distinguished icons, everything else is displayed
using the same generic one. Add additional --class based on os-prober returned
label, which usually is expected to match primary distribution name.

Also use it for Windows as well - chainloader prober may actually return
different strings (Windows, MS-DOS, Windows9xME).
2015-12-30 22:30:16 +03:00
Andrei Borzenkov
104dff36ea grub-mkconfig: use $pkgdatadir in scripts
Otherwise scripts will source wrong grub-mkconfig_lib.
2015-04-29 19:18:54 +03:00
Andrei Borzenkov
cdae5bf208 Avoid use of non-portable echo -n in grub-mkconfig
util/grub-mkconfig_lib.in(version_test_gt): "echo -n" is not really needed,
final newline is stripped by command substitution.

util/grub.d/10_kfreebsd.in, util/grub.d/10_linux.in,
util/grub.d/20_linux_xen.in: change how list is built, to avoid echo -n
completely.

util/grub.d/30_os-prober.in: add spaces to printed line directly

Closes 43668.
2014-12-07 14:56:17 +03:00
Colin Watson
0901e7855f Fix an infinite loop in grub-mkconfig
* util/grub.d/10_hurd.in: Make kernel list progression not fail on
kernels whose paths contain regex metacharacters.
* util/grub.d/10_kfreebsd.in: Likewise.
* util/grub.d/10_linux.in: Likewise.
* util/grub.d/20_linux_xen.in: Likewise.

Reported by: Heimo Stranner.
2014-07-08 23:54:30 +01:00
Colin Watson
3a310e842f Tolerate devices with no filesystem UUID returned by os-prober
* util/grub.d/30_os-prober.in: Tolerate devices with no filesystem
UUID.  Other parts of grub-mkconfig tolerate these, they were
previously allowed here up to commit
55e706c918, and they can arise in
practice when the system has active LVM snapshots.
Fixes Ubuntu bug #1287436.
2014-04-10 16:54:33 +01:00
Colin Watson
ff66b8e7d8 Prefer more portable test(1) constructs
* util/grub.d/00_header.in (make_timeout): Use && rather than test
-a.
* util/grub.d/10_windows.in: Likewise.
* util/grub.d/10_netbsd.in (netbsd_load_fs_module): Use || rather
than test -o.
* util/grub.d/30_os-prober.in: Use && rather than test -a, and ||
rather than test -o.
2014-01-17 15:29:43 +00:00
Vladimir Serbinenko
faf4a65e1e Revert grub-file usage in grub-mkconfig. 2013-12-24 17:47:27 +01:00
Andrey Borzenkov
569766e49b * util/grub.d/00_header.in: Improve compatibility with old config. 2013-12-24 17:26:05 +01:00
Vladimir Serbinenko
ec824e0f2a Implement grub_file tool and use it to implement generating of config
in separate root.
2013-12-17 14:39:48 +01:00
Vladimir Serbinenko
4c4ea9c7b5 Merge GRUBFS and GRUB_FS variables. 2013-12-07 16:09:39 +01:00
Andrey Borzenkov
ad73cc3312 fix use of grub-probe instead of ${grub_probe} 2013-12-07 14:24:25 +04:00
Colin Watson
9b70860ecc Consolidate timeout generation code a bit. 2013-11-29 16:11:53 +00:00
Colin Watson
095588ef34 Consistently ignore GRUB_TIMEOUT if GRUB_HIDDEN_TIMEOUT is set
Pointed out by Vladimir Serbinenko.
2013-11-29 15:30:44 +00:00
Colin Watson
53cc63bf85 Add GRUB_TIMEOUT_STYLE_BUTTON support
Suggested by Vladimir Serbinenko.
2013-11-29 15:18:05 +00:00
Colin Watson
8f236c1419 Revamp hidden timeout handling
Add a new timeout_style environment variable and a corresponding
GRUB_TIMEOUT_STYLE configuration key for grub-mkconfig.  This
controls hidden-timeout handling more simply than the previous
arrangements, and pressing any hotkeys associated with menu entries
during the hidden timeout will now boot the corresponding menu entry
immediately.

GRUB_HIDDEN_TIMEOUT=<non-empty> + GRUB_TIMEOUT=<non-zero> now
generates a warning, and if it shows the menu it will do so as if
the second timeout were not present.  Other combinations are
translated into reasonable equivalents.
2013-11-28 02:29:15 +00:00
Axel Kellermann
55e706c918 * util/grub.d/30_os-prober.in: Add GRUB_OS_PROBER_SKIP_LIST to
selectively skipping systems.
2013-11-19 23:39:51 +01:00
Lukas Schwaighofer
2d357558fb * util/grub.d/20_linux_xen.in: Don't decompress initrd. 2013-11-12 21:03:27 +01:00
Fam Zheng
e756ec8284 * util/grub.d/30_os-prober.in: Add minix entry. 2013-11-11 00:24:49 +01:00
Vladimir Serbinenko
323de05ba2 Support GRUB_DISABLE_SUBMENU config.
Inspired by patch from Prarit Bhargava.
2013-11-04 00:15:31 +01:00
Vladimir Serbinenko
fb9f12a02d * util/grub.d/30_os-prober.in: Add unhiding of partition if on msdos. 2013-11-02 22:00:59 +01:00
Grégoire Sutre
f37bf9c778 * util/grub.d/00_header.in: Don't use LANG if it's not set. 2013-10-26 20:11:55 +02:00
Samuel Thibault
1db3830418 * util/grub.d/10_hurd.in: Use version_find_latest to sort gnumach
kernels by version order.
2013-10-06 01:52:24 +02:00
Tim Hardeck
9c262ff966 * util/grub.d/10_hurd.in: Filter out character for the class.
* util/grub.d/10_kfreebsd.in: Likewise.
	* util/grub.d/10_linux.in: Likewise.
	* util/grub.d/20_linux_xen.in: Likewise.
2013-09-23 17:48:38 +02:00
Andrey Borzenkov
f25870887b * util/grub.d/30_os-prober.in: Add support for probing EFI
System Partition (as of os-prober 1.58).
2013-05-31 20:29:03 +04:00
Andrey Borzenkov
5945c2f849 Reimplement grub-reboot to not depend on saved_entry. Use next_entry
variable for one time boot menu entry.
2013-05-06 22:13:34 +04:00
Andrey Borzenkov
4eafa17565 * util/grub.d/30_os-prober.in: Add onstr to linux entries in one
more place.
2013-04-19 12:08:46 +04:00
Andrey Borzenkov
f4b1fa4f3c * util/grub.d/30_os-prober.in: Add onstr to entries for visual
distinction.
2013-04-11 15:11:14 +02:00
Fedora Ninjas
1f44478c26 * util/grub.d/30_os-prober.in: Support btrrfs linux-prober extensions. 2013-04-05 14:55:37 +02:00
Vladimir 'phcoder' Serbinenko
ff99babdfe * util/grub.d/20_linux_xen.in: Automatically add no-real-mode edd=off on
non-BIOS platforms.
2013-03-24 14:03:33 +01:00
Vladimir 'phcoder' Serbinenko
a4c3ed4c8f * util/grub.d/10_kfreebsd.in: Correct the patch to zpool.cache as it's
always in /boot/zfs.
	Reported by: Yuta Satoh.
2013-01-03 23:19:19 +01:00
Yuta Satoh
0b716507a1 * util/grub.d/10_kfreebsd.in: Fix improper references to grub-probe by
${grub_probe}
2013-01-03 23:06:07 +01:00