Add grub2-efi support and Secure Boot shim support.

This adds grub2-efi support in general as well as using the Secure Boot
shim loader on uefi media.
This commit is contained in:
Peter Jones 2012-07-25 11:51:24 -04:00
parent 0f2c6ed007
commit 72c1aa9cd3
6 changed files with 56 additions and 15 deletions

View File

@ -383,7 +383,8 @@ memtest86+
nss-mdns
-ibus-pinyin-db-open-phrase
-smartmontools
grub-efi
grub2-efi
grub2
shim
%end

View File

@ -0,0 +1,31 @@
set default="0"
function load_video {
insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus
insmod all_video
}
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set timeout=5
### END /etc/grub.d/00_header ###
search --no-floppy --set=root -l '@ISOLABEL@'
### BEGIN /etc/grub.d/10_linux ###
menuentry '@PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
linuxefi @KERNELPATH@ @ROOT@
initrdefi @INITRDPATH@
}
menuentry 'Test this media & start @PRODUCT@' --class fedora --class gnu-linux --class gnu --class os {
linuxefi @KERNELPATH@ @ROOT@ quiet rd.live.check
initrdefi @INITRDPATH@
}

View File

@ -1,4 +1,4 @@
<%page args="configdir, KERNELDIR, efiarch"/>
<%page args="configdir, KERNELDIR, efiarch, isolabel"/>
<%
EFIBOOTDIR="EFI/BOOT"
APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns"
@ -6,7 +6,10 @@ APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
%>
mkdir ${EFIBOOTDIR}
install boot/efi/EFI/redhat/grub.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
mkdir ${EFIBOOTDIR}/fonts/
install boot/efi/EFI/fedora/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
install boot/efi/EFI/fedora/grub-cd.efi ${EFIBOOTDIR}/grubx64.efi
install boot/efi/EFI/fedora/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
install boot/grub/splash.xpm.gz ${EFIBOOTDIR}
## actually make the EFI images
@ -19,7 +22,7 @@ ${make_efiboot("images/efiboot.img")}
<%def name="make_efiboot(img, include_kernel=False, disk=False, imgtype='default')">
<%
kdir = EFIBOOTDIR if include_kernel else KERNELDIR
eficonf = "%s/BOOT%s.conf" % (EFIBOOTDIR, efiarch)
eficonf = "%s/grub.cfg" % (EFIBOOTDIR, )
args = "--label=ANACONDA"
if disk: args += " --disk"
if imgtype == "apple": args += ' --apple --icon=%s --diskname=%s --product="%s %s"' % (APPLE_EFI_ICON, APPLE_EFI_DISKNAME, product.name, product.version)
@ -28,12 +31,14 @@ ${make_efiboot("images/efiboot.img")}
copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
%endif
install ${configdir}/grub.conf ${eficonf}
install ${configdir}/grub2-efi.cfg ${eficonf}
replace @PRODUCT@ '${product.name}' ${eficonf}
replace @VERSION@ ${product.version} ${eficonf}
replace @KERNELNAME@ vmlinuz ${eficonf}
replace @KERNELPATH@ /${kdir}/vmlinuz ${eficonf}
replace @INITRDPATH@ /${kdir}/initrd.img ${eficonf}
replace @SPLASHPATH@ /EFI/BOOT/splash.xpm.gz ${eficonf}
replace @ISOLABEL@ '${isolabel}' ${eficonf}
%if disk:
## FIXME: using root= causes problems with product.img (see bug 811979)
replace @ROOT@ root=live:LABEL=ANACONDA ${eficonf}

View File

@ -12,7 +12,7 @@ installpkg pigz
## firstaidkit (rescue mode) packages
installpkg firstaidkit-plugin-{passwd,key-recovery,mdadm-conf}
installpkg grub2
installpkg grub2 grub2-tools
## kernel and firmware
installpkg kernel
@ -30,7 +30,7 @@ installpkg kernel
installpkg kernel-PAE gpart
%endif
%if basearch in ("i386", "x86_64"):
installpkg grub-efi efibootmgr biosdevname memtest86+
installpkg shim grub2-efi efibootmgr biosdevname memtest86+
%endif
%if basearch in ("ppc", "ppc64"):
installpkg yaboot fbset hfsutils kernel-bootwrapper ppc64-utils

View File

@ -50,7 +50,7 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
## WHeeeeeeee, EFI.
## We could remove the basearch restriction someday..
<% efiargs=""; efigraft=""; efihybrid="" %>
%if exists("boot/efi/EFI/redhat/grub.efi") and basearch != 'i386':
%if exists("boot/efi/EFI/fedora/grub-cd.efi") and basearch != 'i386':
<%
efiarch = 'X64' if basearch=='x86_64' else 'IA32'
efigraft="EFI/BOOT={0}/EFI/BOOT".format(outroot)
@ -62,7 +62,7 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
efigraft += " {0}={1}/{0}".format(img,outroot)
efihybrid = "--uefi --mac" if domacboot else "--uefi"
%>
<%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch"/>
<%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch, isolabel=isolabel"/>
%endif
## make boot.iso

View File

@ -24,7 +24,7 @@ log = logging.getLogger()
import os, tempfile, argparse
from subprocess import check_call, PIPE
from pylorax.imgutils import mkdosimg, round_to_blocks, LoopDev, DMDev, dm_detach
from pylorax.imgutils import mkhfsimg, Mount
from pylorax.imgutils import mkhfsimg, Mount, estimate_size
import struct, shutil, glob
def mkefiboot(bootdir, outfile, label):
@ -39,7 +39,9 @@ def mkmacboot(bootdir, outfile, label, icon=None, product='Generic',
graft['.VolumeIcon.icns'] = icon
if diskname and os.path.exists(diskname):
graft['EFI/BOOT/.disk_label'] = diskname
mkhfsimg(None, outfile, label=label, graft=graft)
# everything winds up bein there twice...
size = estimate_size(bootdir, graft=graft) * 2
mkhfsimg(None, outfile, label=label, graft=graft, size=size)
macmunge(outfile, product)
# To make an HFS+ image bootable, we need to fill in parts of the
@ -55,8 +57,9 @@ def macmunge(imgfile, product):
# Get the inode number for the boot image and its parent directory
with LoopDev(imgfile) as loopdev:
with Mount(loopdev) as mnt:
loader = glob.glob(os.path.join(mnt,'EFI/BOOT/BOOT*.efi'))[0]
config = glob.glob(os.path.join(mnt,'EFI/BOOT/BOOT*.conf'))[0]
shim = glob.glob(os.path.join(mnt, 'EFI/BOOT/BOOT*.efi'))[0]
loader = glob.glob(os.path.join(mnt,'EFI/BOOT/grub*.efi'))[0]
config = glob.glob(os.path.join(mnt,'EFI/*/grub*.cfg'))[0]
blessnode = os.stat(loader).st_ino
dirnode = os.stat(os.path.dirname(loader)).st_ino
with open(os.path.join(mnt,'mach_kernel'), 'w') as kernel:
@ -77,8 +80,9 @@ def macmunge(imgfile, product):
</dict>
</plist>
''' % (product,))
shutil.copy(loader, os.path.join(sysdir,'boot.efi'))
shutil.copy(config, os.path.join(sysdir,'boot.conf'))
shutil.copy(shim, os.path.join(sysdir,'boot.efi'))
shutil.copy(loader, sysdir)
shutil.copy(config, sysdir)
# format data properly (big-endian UInt32)
nodedata = struct.pack(">i", blessnode)
dirdata = struct.pack(">i", dirnode)