Make lorax's installation of lockdown.efi conditional on its existence.

lockdown.efi only exists in the beta, but it'll probably also exist in
the 7.1 beta.  So don't toss this stuff out completely, but don't use it
if shim doesn't provide lockdown.efi either.

Resolves: rhbz#1071380

Signed-off-by: Peter Jones <pjones@redhat.com>

share/config_files/x86/grub2-efi-lockdown.cfg

@@ -0,0 +1,43 @@
+set default="1"
+
+function load_video {
+  insmod efi_gop
+  insmod efi_uga
+  insmod video_bochs
+  insmod video_cirrus
+  insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=60
+### END /etc/grub.d/00_header ###
+
+search --no-floppy --set=root -l '@ISOLABEL@'
+
+### BEGIN /etc/grub.d/10_linux ###
+menuentry 'Install @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi @KERNELPATH@ @ROOT@ quiet
+	initrdefi @INITRDPATH@
+}
+menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi @KERNELPATH@ @ROOT@ rd.live.check quiet
+	initrdefi @INITRDPATH@
+}
+submenu 'Troubleshooting -->' {
+	menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
+		linuxefi @KERNELPATH@ @ROOT@ xdriver=vesa nomodeset quiet
+		initrdefi @INITRDPATH@
+	}
+	menuentry 'Rescue a @PRODUCT@ system' --class fedora --class gnu-linux --class gnu --class os {
+		linuxefi @KERNELPATH@ @ROOT@ rescue quiet
+		initrdefi @INITRDPATH@
+	}
+	menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
+		chainloader /EFI/BOOT/lockdown.efi
+	}
+}

share/config_files/x86/grub2-efi.cfg

@@ -37,7 +37,4 @@ submenu 'Troubleshooting -->' {
 		linuxefi @KERNELPATH@ @ROOT@ rescue quiet
 		initrdefi @INITRDPATH@
 	}
-	menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
-		chainloader /EFI/BOOT/lockdown.efi
-	}
 }

share/efi.tmpl

@@ -13,10 +13,12 @@ install boot/efi/EFI/*/grubaa64.efi ${EFIBOOTDIR}/grubaa64.efi
 %else:
 install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
 install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
-install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
 install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
 %endif
 install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
+%if exists("usr/share/shim/lockdown.efi"):
+    install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
+%endif
 
 ## actually make the EFI images
 ${make_efiboot("images/efiboot.img")}
@@ -37,7 +39,11 @@ ${make_efiboot("images/efiboot.img")}
         copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
         copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
     %endif
-    install ${configdir}/grub2-efi.cfg ${eficonf}
+    %if exists("usr/share/shim/lockdown.efi"):
+        install ${configdir}/grub2-efi-lockdown.cfg ${eficonf}
+    %else:
+        install ${configdir}/grub2-efi.cfg ${eficonf}
+    %endif
     replace @PRODUCT@ '${product.name}' ${eficonf}
     replace @VERSION@ ${product.version} ${eficonf}
     replace @KERNELNAME@ vmlinuz ${eficonf}

share/live/config_files/x86/grub2-efi-lockdown.cfg

@@ -0,0 +1,43 @@
+set default="1"
+
+function load_video {
+  insmod efi_gop
+  insmod efi_uga
+  insmod video_bochs
+  insmod video_cirrus
+  insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=60
+### END /etc/grub.d/00_header ###
+
+search --no-floppy --set=root -l '@ISOLABEL@'
+
+### BEGIN /etc/grub.d/10_linux ###
+menuentry 'Start @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi @KERNELPATH@ @ROOT@ rd.live.image quiet
+	initrdefi @INITRDPATH@
+}
+menuentry 'Test this media & start @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi @KERNELPATH@ @ROOT@ rd.live.image rd.live.check quiet
+	initrdefi @INITRDPATH@
+}
+submenu 'Troubleshooting -->' {
+	menuentry 'Start @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
+		linuxefi @KERNELPATH@ @ROOT@ rd.live.image xdriver=vesa nomodeset quiet
+		initrdefi @INITRDPATH@
+	}
+	menuentry 'Rescue a @PRODUCT@ system' --class fedora --class gnu-linux --class gnu --class os {
+		linuxefi @KERNELPATH@ @ROOT@ rd.live.image rescue quiet
+		initrdefi @INITRDPATH@
+	}
+	menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
+		chainloader /EFI/BOOT/lockdown.efi
+	}
+}

share/live/config_files/x86/grub2-efi.cfg

@@ -37,7 +37,4 @@ submenu 'Troubleshooting -->' {
 		linuxefi @KERNELPATH@ @ROOT@ rd.live.image rescue quiet
 		initrdefi @INITRDPATH@
 	}
-	menuentry '@PRODUCT@ @VERSION@ Secure Boot Lockdown' {
-		chainloader /EFI/BOOT/lockdown.efi
-	}
 }

share/live/efi.tmpl

@@ -9,9 +9,11 @@ mkdir ${EFIBOOTDIR}
 mkdir ${EFIBOOTDIR}/fonts/
 install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
 install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
-install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
 install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
 install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
+%if exists("usr/share/shim/lockdown.efi"):
+    install usr/share/shim/lockdown.efi ${EFIBOOTDIR}/
+%endif
 
 ## actually make the EFI images
 ${make_efiboot("images/efiboot.img")}
@@ -32,7 +34,11 @@ ${make_efiboot("images/efiboot.img")}
         copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
         copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
     %endif
-    install ${configdir}/grub2-efi.cfg ${eficonf}
+    %if exists("usr/share/shim/lockdown.efi"):
+        install ${configdir}/grub2-efi-lockdown.cfg ${eficonf}
+    %else:
+        install ${configdir}/grub2-efi.cfg ${eficonf}
+    %endif
     replace @PRODUCT@ '${product.name}' ${eficonf}
     replace @VERSION@ ${product.version} ${eficonf}
     replace @KERNELNAME@ vmlinuz ${eficonf}