From 72c1aa9cd3c43a0c83e7b071aeb8fde04ada7639 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 25 Jul 2012 11:51:24 -0400
Subject: [PATCH] Add grub2-efi support and Secure Boot shim support.

This adds grub2-efi support in general as well as using the Secure Boot
shim loader on uefi media.
---
 docs/fedora-livemedia.ks             |  3 ++-
 share/config_files/x86/grub2-efi.cfg | 31 ++++++++++++++++++++++++++++
 share/efi.tmpl                       | 13 ++++++++----
 share/runtime-install.tmpl           |  4 ++--
 share/x86.tmpl                       |  4 ++--
 src/sbin/mkefiboot                   | 16 ++++++++------
 6 files changed, 56 insertions(+), 15 deletions(-)
 create mode 100644 share/config_files/x86/grub2-efi.cfg

diff --git a/docs/fedora-livemedia.ks b/docs/fedora-livemedia.ks
index c2ca05c6..5e81c4c0 100644
--- a/docs/fedora-livemedia.ks
+++ b/docs/fedora-livemedia.ks
@@ -383,7 +383,8 @@ memtest86+
 nss-mdns
 -ibus-pinyin-db-open-phrase
 -smartmontools
-grub-efi
+grub2-efi
 grub2
+shim
 
 %end
diff --git a/share/config_files/x86/grub2-efi.cfg b/share/config_files/x86/grub2-efi.cfg
new file mode 100644
index 00000000..f21d085b
--- /dev/null
+++ b/share/config_files/x86/grub2-efi.cfg
@@ -0,0 +1,31 @@
+set default="0"
+
+function load_video {
+  insmod efi_gop
+  insmod efi_uga
+  insmod video_bochs
+  insmod video_cirrus
+  insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=5
+### END /etc/grub.d/00_header ###
+
+search --no-floppy --set=root -l '@ISOLABEL@'
+
+### BEGIN /etc/grub.d/10_linux ###
+menuentry '@PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi @KERNELPATH@ @ROOT@
+	initrdefi @INITRDPATH@
+}
+menuentry 'Test this media & start @PRODUCT@' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi @KERNELPATH@ @ROOT@ quiet rd.live.check
+	initrdefi @INITRDPATH@
+}
+
diff --git a/share/efi.tmpl b/share/efi.tmpl
index 3181eb14..aa430ec1 100644
--- a/share/efi.tmpl
+++ b/share/efi.tmpl
@@ -1,4 +1,4 @@
-<%page args="configdir, KERNELDIR, efiarch"/>
+<%page args="configdir, KERNELDIR, efiarch, isolabel"/>
 <%
 EFIBOOTDIR="EFI/BOOT"
 APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns"
@@ -6,7 +6,10 @@ APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
 %>
 
 mkdir ${EFIBOOTDIR}
-install boot/efi/EFI/redhat/grub.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
+mkdir ${EFIBOOTDIR}/fonts/
+install boot/efi/EFI/fedora/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
+install boot/efi/EFI/fedora/grub-cd.efi ${EFIBOOTDIR}/grubx64.efi
+install boot/efi/EFI/fedora/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
 install boot/grub/splash.xpm.gz ${EFIBOOTDIR}
 
 ## actually make the EFI images
@@ -19,7 +22,7 @@ ${make_efiboot("images/efiboot.img")}
 <%def name="make_efiboot(img, include_kernel=False, disk=False, imgtype='default')">
     <%
     kdir = EFIBOOTDIR if include_kernel else KERNELDIR
-    eficonf = "%s/BOOT%s.conf" % (EFIBOOTDIR, efiarch)
+    eficonf = "%s/grub.cfg" % (EFIBOOTDIR, )
     args = "--label=ANACONDA"
     if disk: args += " --disk"
     if imgtype == "apple": args += ' --apple --icon=%s --diskname=%s --product="%s %s"' % (APPLE_EFI_ICON, APPLE_EFI_DISKNAME, product.name, product.version)
@@ -28,12 +31,14 @@ ${make_efiboot("images/efiboot.img")}
         copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
         copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
     %endif
-    install ${configdir}/grub.conf ${eficonf}
+    install ${configdir}/grub2-efi.cfg ${eficonf}
     replace @PRODUCT@ '${product.name}' ${eficonf}
     replace @VERSION@ ${product.version} ${eficonf}
+    replace @KERNELNAME@ vmlinuz ${eficonf}
     replace @KERNELPATH@ /${kdir}/vmlinuz ${eficonf}
     replace @INITRDPATH@ /${kdir}/initrd.img ${eficonf}
     replace @SPLASHPATH@ /EFI/BOOT/splash.xpm.gz ${eficonf}
+    replace @ISOLABEL@ '${isolabel}' ${eficonf}
     %if disk:
         ## FIXME: using root= causes problems with product.img (see bug 811979)
         replace @ROOT@ root=live:LABEL=ANACONDA ${eficonf}
diff --git a/share/runtime-install.tmpl b/share/runtime-install.tmpl
index 8398cde3..acd65b1e 100644
--- a/share/runtime-install.tmpl
+++ b/share/runtime-install.tmpl
@@ -12,7 +12,7 @@ installpkg pigz
 
 ## firstaidkit (rescue mode) packages
 installpkg firstaidkit-plugin-{passwd,key-recovery,mdadm-conf}
-installpkg grub2
+installpkg grub2 grub2-tools
 
 ## kernel and firmware
 installpkg kernel
@@ -30,7 +30,7 @@ installpkg kernel
     installpkg kernel-PAE gpart
 %endif
 %if basearch in ("i386", "x86_64"):
-    installpkg grub-efi efibootmgr biosdevname memtest86+
+    installpkg shim grub2-efi efibootmgr biosdevname memtest86+
 %endif
 %if basearch in ("ppc", "ppc64"):
     installpkg yaboot fbset hfsutils kernel-bootwrapper ppc64-utils
diff --git a/share/x86.tmpl b/share/x86.tmpl
index 0ab19718..849eef81 100644
--- a/share/x86.tmpl
+++ b/share/x86.tmpl
@@ -50,7 +50,7 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
 ## WHeeeeeeee, EFI.
 ## We could remove the basearch restriction someday..
 <% efiargs=""; efigraft=""; efihybrid="" %>
-%if exists("boot/efi/EFI/redhat/grub.efi") and basearch != 'i386':
+%if exists("boot/efi/EFI/fedora/grub-cd.efi") and basearch != 'i386':
     <%
     efiarch = 'X64' if basearch=='x86_64' else 'IA32'
     efigraft="EFI/BOOT={0}/EFI/BOOT".format(outroot)
@@ -62,7 +62,7 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
         efigraft += " {0}={1}/{0}".format(img,outroot)
     efihybrid = "--uefi --mac" if domacboot else "--uefi"
     %>
-    <%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch"/>
+    <%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch, isolabel=isolabel"/>
 %endif
 
 ## make boot.iso
diff --git a/src/sbin/mkefiboot b/src/sbin/mkefiboot
index a50cb5bf..2a8c82db 100755
--- a/src/sbin/mkefiboot
+++ b/src/sbin/mkefiboot
@@ -24,7 +24,7 @@ log = logging.getLogger()
 import os, tempfile, argparse
 from subprocess import check_call, PIPE
 from pylorax.imgutils import mkdosimg, round_to_blocks, LoopDev, DMDev, dm_detach
-from pylorax.imgutils import mkhfsimg, Mount
+from pylorax.imgutils import mkhfsimg, Mount, estimate_size
 import struct, shutil, glob
 
 def mkefiboot(bootdir, outfile, label):
@@ -39,7 +39,9 @@ def mkmacboot(bootdir, outfile, label, icon=None, product='Generic',
         graft['.VolumeIcon.icns'] = icon
     if diskname and os.path.exists(diskname):
         graft['EFI/BOOT/.disk_label'] = diskname
-    mkhfsimg(None, outfile, label=label, graft=graft)
+    # everything winds up bein there twice...
+    size = estimate_size(bootdir, graft=graft) * 2
+    mkhfsimg(None, outfile, label=label, graft=graft, size=size)
     macmunge(outfile, product)
 
 # To make an HFS+ image bootable, we need to fill in parts of the
@@ -55,8 +57,9 @@ def macmunge(imgfile, product):
     # Get the inode number for the boot image and its parent directory
     with LoopDev(imgfile) as loopdev:
         with Mount(loopdev) as mnt:
-            loader = glob.glob(os.path.join(mnt,'EFI/BOOT/BOOT*.efi'))[0]
-            config = glob.glob(os.path.join(mnt,'EFI/BOOT/BOOT*.conf'))[0]
+            shim = glob.glob(os.path.join(mnt, 'EFI/BOOT/BOOT*.efi'))[0]
+            loader = glob.glob(os.path.join(mnt,'EFI/BOOT/grub*.efi'))[0]
+            config = glob.glob(os.path.join(mnt,'EFI/*/grub*.cfg'))[0]
             blessnode = os.stat(loader).st_ino
             dirnode = os.stat(os.path.dirname(loader)).st_ino
             with open(os.path.join(mnt,'mach_kernel'), 'w') as kernel:
@@ -77,8 +80,9 @@ def macmunge(imgfile, product):
 </dict>
 </plist>
 ''' % (product,))
-            shutil.copy(loader, os.path.join(sysdir,'boot.efi'))
-            shutil.copy(config, os.path.join(sysdir,'boot.conf'))
+            shutil.copy(shim, os.path.join(sysdir,'boot.efi'))
+            shutil.copy(loader, sysdir)
+            shutil.copy(config, sysdir)
     # format data properly (big-endian UInt32)
     nodedata = struct.pack(">i", blessnode)
     dirdata = struct.pack(">i", dirnode)