Add grub2-efi support and Secure Boot shim support.
This adds grub2-efi support in general as well as using the Secure Boot shim loader on uefi media.
This commit is contained in:
parent
0f2c6ed007
commit
72c1aa9cd3
@ -383,7 +383,8 @@ memtest86+
|
|||||||
nss-mdns
|
nss-mdns
|
||||||
-ibus-pinyin-db-open-phrase
|
-ibus-pinyin-db-open-phrase
|
||||||
-smartmontools
|
-smartmontools
|
||||||
grub-efi
|
grub2-efi
|
||||||
grub2
|
grub2
|
||||||
|
shim
|
||||||
|
|
||||||
%end
|
%end
|
||||||
|
31
share/config_files/x86/grub2-efi.cfg
Normal file
31
share/config_files/x86/grub2-efi.cfg
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
set default="0"
|
||||||
|
|
||||||
|
function load_video {
|
||||||
|
insmod efi_gop
|
||||||
|
insmod efi_uga
|
||||||
|
insmod video_bochs
|
||||||
|
insmod video_cirrus
|
||||||
|
insmod all_video
|
||||||
|
}
|
||||||
|
|
||||||
|
load_video
|
||||||
|
set gfxpayload=keep
|
||||||
|
insmod gzio
|
||||||
|
insmod part_gpt
|
||||||
|
insmod ext2
|
||||||
|
|
||||||
|
set timeout=5
|
||||||
|
### END /etc/grub.d/00_header ###
|
||||||
|
|
||||||
|
search --no-floppy --set=root -l '@ISOLABEL@'
|
||||||
|
|
||||||
|
### BEGIN /etc/grub.d/10_linux ###
|
||||||
|
menuentry '@PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
|
||||||
|
linuxefi @KERNELPATH@ @ROOT@
|
||||||
|
initrdefi @INITRDPATH@
|
||||||
|
}
|
||||||
|
menuentry 'Test this media & start @PRODUCT@' --class fedora --class gnu-linux --class gnu --class os {
|
||||||
|
linuxefi @KERNELPATH@ @ROOT@ quiet rd.live.check
|
||||||
|
initrdefi @INITRDPATH@
|
||||||
|
}
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
<%page args="configdir, KERNELDIR, efiarch"/>
|
<%page args="configdir, KERNELDIR, efiarch, isolabel"/>
|
||||||
<%
|
<%
|
||||||
EFIBOOTDIR="EFI/BOOT"
|
EFIBOOTDIR="EFI/BOOT"
|
||||||
APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns"
|
APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns"
|
||||||
@ -6,7 +6,10 @@ APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
|
|||||||
%>
|
%>
|
||||||
|
|
||||||
mkdir ${EFIBOOTDIR}
|
mkdir ${EFIBOOTDIR}
|
||||||
install boot/efi/EFI/redhat/grub.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
|
mkdir ${EFIBOOTDIR}/fonts/
|
||||||
|
install boot/efi/EFI/fedora/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
|
||||||
|
install boot/efi/EFI/fedora/grub-cd.efi ${EFIBOOTDIR}/grubx64.efi
|
||||||
|
install boot/efi/EFI/fedora/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
|
||||||
install boot/grub/splash.xpm.gz ${EFIBOOTDIR}
|
install boot/grub/splash.xpm.gz ${EFIBOOTDIR}
|
||||||
|
|
||||||
## actually make the EFI images
|
## actually make the EFI images
|
||||||
@ -19,7 +22,7 @@ ${make_efiboot("images/efiboot.img")}
|
|||||||
<%def name="make_efiboot(img, include_kernel=False, disk=False, imgtype='default')">
|
<%def name="make_efiboot(img, include_kernel=False, disk=False, imgtype='default')">
|
||||||
<%
|
<%
|
||||||
kdir = EFIBOOTDIR if include_kernel else KERNELDIR
|
kdir = EFIBOOTDIR if include_kernel else KERNELDIR
|
||||||
eficonf = "%s/BOOT%s.conf" % (EFIBOOTDIR, efiarch)
|
eficonf = "%s/grub.cfg" % (EFIBOOTDIR, )
|
||||||
args = "--label=ANACONDA"
|
args = "--label=ANACONDA"
|
||||||
if disk: args += " --disk"
|
if disk: args += " --disk"
|
||||||
if imgtype == "apple": args += ' --apple --icon=%s --diskname=%s --product="%s %s"' % (APPLE_EFI_ICON, APPLE_EFI_DISKNAME, product.name, product.version)
|
if imgtype == "apple": args += ' --apple --icon=%s --diskname=%s --product="%s %s"' % (APPLE_EFI_ICON, APPLE_EFI_DISKNAME, product.name, product.version)
|
||||||
@ -28,12 +31,14 @@ ${make_efiboot("images/efiboot.img")}
|
|||||||
copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
|
copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
|
||||||
copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
|
copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
|
||||||
%endif
|
%endif
|
||||||
install ${configdir}/grub.conf ${eficonf}
|
install ${configdir}/grub2-efi.cfg ${eficonf}
|
||||||
replace @PRODUCT@ '${product.name}' ${eficonf}
|
replace @PRODUCT@ '${product.name}' ${eficonf}
|
||||||
replace @VERSION@ ${product.version} ${eficonf}
|
replace @VERSION@ ${product.version} ${eficonf}
|
||||||
|
replace @KERNELNAME@ vmlinuz ${eficonf}
|
||||||
replace @KERNELPATH@ /${kdir}/vmlinuz ${eficonf}
|
replace @KERNELPATH@ /${kdir}/vmlinuz ${eficonf}
|
||||||
replace @INITRDPATH@ /${kdir}/initrd.img ${eficonf}
|
replace @INITRDPATH@ /${kdir}/initrd.img ${eficonf}
|
||||||
replace @SPLASHPATH@ /EFI/BOOT/splash.xpm.gz ${eficonf}
|
replace @SPLASHPATH@ /EFI/BOOT/splash.xpm.gz ${eficonf}
|
||||||
|
replace @ISOLABEL@ '${isolabel}' ${eficonf}
|
||||||
%if disk:
|
%if disk:
|
||||||
## FIXME: using root= causes problems with product.img (see bug 811979)
|
## FIXME: using root= causes problems with product.img (see bug 811979)
|
||||||
replace @ROOT@ root=live:LABEL=ANACONDA ${eficonf}
|
replace @ROOT@ root=live:LABEL=ANACONDA ${eficonf}
|
||||||
|
@ -12,7 +12,7 @@ installpkg pigz
|
|||||||
|
|
||||||
## firstaidkit (rescue mode) packages
|
## firstaidkit (rescue mode) packages
|
||||||
installpkg firstaidkit-plugin-{passwd,key-recovery,mdadm-conf}
|
installpkg firstaidkit-plugin-{passwd,key-recovery,mdadm-conf}
|
||||||
installpkg grub2
|
installpkg grub2 grub2-tools
|
||||||
|
|
||||||
## kernel and firmware
|
## kernel and firmware
|
||||||
installpkg kernel
|
installpkg kernel
|
||||||
@ -30,7 +30,7 @@ installpkg kernel
|
|||||||
installpkg kernel-PAE gpart
|
installpkg kernel-PAE gpart
|
||||||
%endif
|
%endif
|
||||||
%if basearch in ("i386", "x86_64"):
|
%if basearch in ("i386", "x86_64"):
|
||||||
installpkg grub-efi efibootmgr biosdevname memtest86+
|
installpkg shim grub2-efi efibootmgr biosdevname memtest86+
|
||||||
%endif
|
%endif
|
||||||
%if basearch in ("ppc", "ppc64"):
|
%if basearch in ("ppc", "ppc64"):
|
||||||
installpkg yaboot fbset hfsutils kernel-bootwrapper ppc64-utils
|
installpkg yaboot fbset hfsutils kernel-bootwrapper ppc64-utils
|
||||||
|
@ -50,7 +50,7 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
|
|||||||
## WHeeeeeeee, EFI.
|
## WHeeeeeeee, EFI.
|
||||||
## We could remove the basearch restriction someday..
|
## We could remove the basearch restriction someday..
|
||||||
<% efiargs=""; efigraft=""; efihybrid="" %>
|
<% efiargs=""; efigraft=""; efihybrid="" %>
|
||||||
%if exists("boot/efi/EFI/redhat/grub.efi") and basearch != 'i386':
|
%if exists("boot/efi/EFI/fedora/grub-cd.efi") and basearch != 'i386':
|
||||||
<%
|
<%
|
||||||
efiarch = 'X64' if basearch=='x86_64' else 'IA32'
|
efiarch = 'X64' if basearch=='x86_64' else 'IA32'
|
||||||
efigraft="EFI/BOOT={0}/EFI/BOOT".format(outroot)
|
efigraft="EFI/BOOT={0}/EFI/BOOT".format(outroot)
|
||||||
@ -62,7 +62,7 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
|
|||||||
efigraft += " {0}={1}/{0}".format(img,outroot)
|
efigraft += " {0}={1}/{0}".format(img,outroot)
|
||||||
efihybrid = "--uefi --mac" if domacboot else "--uefi"
|
efihybrid = "--uefi --mac" if domacboot else "--uefi"
|
||||||
%>
|
%>
|
||||||
<%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch"/>
|
<%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch, isolabel=isolabel"/>
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
## make boot.iso
|
## make boot.iso
|
||||||
|
@ -24,7 +24,7 @@ log = logging.getLogger()
|
|||||||
import os, tempfile, argparse
|
import os, tempfile, argparse
|
||||||
from subprocess import check_call, PIPE
|
from subprocess import check_call, PIPE
|
||||||
from pylorax.imgutils import mkdosimg, round_to_blocks, LoopDev, DMDev, dm_detach
|
from pylorax.imgutils import mkdosimg, round_to_blocks, LoopDev, DMDev, dm_detach
|
||||||
from pylorax.imgutils import mkhfsimg, Mount
|
from pylorax.imgutils import mkhfsimg, Mount, estimate_size
|
||||||
import struct, shutil, glob
|
import struct, shutil, glob
|
||||||
|
|
||||||
def mkefiboot(bootdir, outfile, label):
|
def mkefiboot(bootdir, outfile, label):
|
||||||
@ -39,7 +39,9 @@ def mkmacboot(bootdir, outfile, label, icon=None, product='Generic',
|
|||||||
graft['.VolumeIcon.icns'] = icon
|
graft['.VolumeIcon.icns'] = icon
|
||||||
if diskname and os.path.exists(diskname):
|
if diskname and os.path.exists(diskname):
|
||||||
graft['EFI/BOOT/.disk_label'] = diskname
|
graft['EFI/BOOT/.disk_label'] = diskname
|
||||||
mkhfsimg(None, outfile, label=label, graft=graft)
|
# everything winds up bein there twice...
|
||||||
|
size = estimate_size(bootdir, graft=graft) * 2
|
||||||
|
mkhfsimg(None, outfile, label=label, graft=graft, size=size)
|
||||||
macmunge(outfile, product)
|
macmunge(outfile, product)
|
||||||
|
|
||||||
# To make an HFS+ image bootable, we need to fill in parts of the
|
# To make an HFS+ image bootable, we need to fill in parts of the
|
||||||
@ -55,8 +57,9 @@ def macmunge(imgfile, product):
|
|||||||
# Get the inode number for the boot image and its parent directory
|
# Get the inode number for the boot image and its parent directory
|
||||||
with LoopDev(imgfile) as loopdev:
|
with LoopDev(imgfile) as loopdev:
|
||||||
with Mount(loopdev) as mnt:
|
with Mount(loopdev) as mnt:
|
||||||
loader = glob.glob(os.path.join(mnt,'EFI/BOOT/BOOT*.efi'))[0]
|
shim = glob.glob(os.path.join(mnt, 'EFI/BOOT/BOOT*.efi'))[0]
|
||||||
config = glob.glob(os.path.join(mnt,'EFI/BOOT/BOOT*.conf'))[0]
|
loader = glob.glob(os.path.join(mnt,'EFI/BOOT/grub*.efi'))[0]
|
||||||
|
config = glob.glob(os.path.join(mnt,'EFI/*/grub*.cfg'))[0]
|
||||||
blessnode = os.stat(loader).st_ino
|
blessnode = os.stat(loader).st_ino
|
||||||
dirnode = os.stat(os.path.dirname(loader)).st_ino
|
dirnode = os.stat(os.path.dirname(loader)).st_ino
|
||||||
with open(os.path.join(mnt,'mach_kernel'), 'w') as kernel:
|
with open(os.path.join(mnt,'mach_kernel'), 'w') as kernel:
|
||||||
@ -77,8 +80,9 @@ def macmunge(imgfile, product):
|
|||||||
</dict>
|
</dict>
|
||||||
</plist>
|
</plist>
|
||||||
''' % (product,))
|
''' % (product,))
|
||||||
shutil.copy(loader, os.path.join(sysdir,'boot.efi'))
|
shutil.copy(shim, os.path.join(sysdir,'boot.efi'))
|
||||||
shutil.copy(config, os.path.join(sysdir,'boot.conf'))
|
shutil.copy(loader, sysdir)
|
||||||
|
shutil.copy(config, sysdir)
|
||||||
# format data properly (big-endian UInt32)
|
# format data properly (big-endian UInt32)
|
||||||
nodedata = struct.pack(">i", blessnode)
|
nodedata = struct.pack(">i", blessnode)
|
||||||
dirdata = struct.pack(">i", dirnode)
|
dirdata = struct.pack(">i", dirnode)
|
||||||
|
Loading…
Reference in New Issue
Block a user