|
Last change
on this file since 93492 was 89983, checked in by vboxsync, 4 years ago |
|
Devices/EFI: Merge edk-stable202105 and openssl 1.1.1j and make it build, bugref:4643
|
-
Property svn:eol-style
set to
native
|
|
File size:
1.1 KB
|
| Line | |
|---|
| 1 | ## @file
|
|---|
| 2 | # Execute a script to recover the SEV supplied secret and use it to
|
|---|
| 3 | # decrypt a luks volume. For security, the kernel must be on an encrypted
|
|---|
| 4 | # volume so reboot if none are found.
|
|---|
| 5 | #
|
|---|
| 6 | # Copyright (C) 2020 James Bottomley, IBM Corporation.
|
|---|
| 7 | #
|
|---|
| 8 | # SPDX-License-Identifier: BSD-2-Clause-Patent
|
|---|
| 9 | #
|
|---|
| 10 | ##
|
|---|
| 11 |
|
|---|
| 12 | echo "Entering grub config"
|
|---|
| 13 | sevsecret
|
|---|
| 14 | if [ $? -ne 0 ]; then
|
|---|
| 15 | echo "Failed to locate anything in the SEV secret area, prompting for password"
|
|---|
| 16 | cryptomount -a
|
|---|
| 17 | else
|
|---|
| 18 | cryptomount -s
|
|---|
| 19 | if [ $? -ne 0 ]; then
|
|---|
| 20 | echo "Failed to mount root securely, retrying with password prompt"
|
|---|
| 21 | cryptomount -a
|
|---|
| 22 | fi
|
|---|
| 23 | fi
|
|---|
| 24 | set root=
|
|---|
| 25 | for f in (crypto*); do
|
|---|
| 26 | if [ -e $f/boot/grub/grub.cfg ]; then
|
|---|
| 27 | set root=$f
|
|---|
| 28 | set prefix=($root)/boot/grub
|
|---|
| 29 | break;
|
|---|
| 30 | fi
|
|---|
| 31 | done
|
|---|
| 32 | if [ x$root = x ]; then
|
|---|
| 33 | echo "Failed to find any grub configuration on the encrypted volume"
|
|---|
| 34 | sleep 5
|
|---|
| 35 | reboot
|
|---|
| 36 | fi
|
|---|
| 37 | # rest of modules to get boot to work
|
|---|
| 38 | set modules="
|
|---|
| 39 | boot
|
|---|
| 40 | loadenv
|
|---|
| 41 | "
|
|---|
| 42 | for f in $modules; do
|
|---|
| 43 | insmod $f
|
|---|
| 44 | done
|
|---|
| 45 | echo "Transferring to ${prefix}/grub.cfg"
|
|---|
| 46 | source $prefix/grub.cfg
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
