This reverts commit 93004a8494,
because it broke Rawhide. It also tries to fixes BLS ostree
detection to work in chroots (e.g. during installation) by also
checking for /ostree/repo.
- Add luks2 to GRUB_MODULES
- 20-grub-install: Create a symvers.gz symbolic link
- 20-grub-install: Always use fedora as the boot entry --class
Resolves: rhbz#1957014
- grub.macros: Install font in /boot/grub2 instead of the ESP
Resolves: rhbz#1739762
- grub.macros: Use consistent file mode for legacy and EFI
Resolves: rhbz#1965794
- Drop grub2 prelink configuration
Resolves: rhbz#1659675
- Remove triggers needed to upgrade from legacy GRUB
- Don't harcode grub2 in the spec file
- Update to unifont-13.0.06
Resolves: rhbz#1939125
- 20-grub-install: Use relative paths for btrfs in BLS snippets
Resolves: rhbz#1906191
- Don't update the cmdline when generating legacy menuentry commands
- Suppress gettext error message
Resolves: rhbz#1592124
- grub-boot-success.timer: Only run if not in a container
Resolves: rhbz#1914571
- grub-set-password: Always use /boot/grub2/user.cfg as password default
Resolves: rhbz#1955294
- Remove outdated URL for BLS document
Resolves: rhbz#1926453
- templates: Check for EFI at runtime instead of config generation time
Resolves: rhbz#1823864
- efi: Print an error if boot to firmware setup is not supported
Resolves: rhbz#1823864
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- Remove -fcf-protection compiler flag to allow i386 builds (law)
Related: rhbz#1915452
- Unify GRUB configuration file location across all platforms
Related: rhbz#1918817
- Add 'at_keyboard_fallback_set' var to force the set manually (rmetrich)
- Add appended signatures support for ppc64le LPAR Secure Boot (daxtens)
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
OSTree doesn't support installations that don't have a boot partition. The
BLS snippets assume that there will be one, so this has to be checked and
only mark GRUB as supporting BLS in OSTree systems have a boot partition.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Since GRUB 2.04 there is support for TPM measurements in a tpm module that
uses the verifiers framework. So this is used now instead of the previous
downstream patches that we were carrying.
But we forgot to enable this module when rebasing to 2.04 which leads to
GRUB no longer measuring the kernel, initrd and command line parameters.
One side effect of using the verifiers framework is that if measurements
fail, GRUB won't be able to open the files since the errors from the tpm
module are propagated. This means that a firmware with a buggy tpm support
will prevent the machine to boot, which was not the case with the previous
downstream patches. Don't propagate the measurement errors to prevent this.
Resolves: rhbz#1836433
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The kernel cmdline was stored as a kernelopts variable in the grubenv file
and the BLS snippets used that. But this turned out to be fragile since the
grubenv file could be removed or get corrupted easily.
To prevent the entries to not have a cmdline if the grubenv can't be read,
a fallback variable was set in the GRUB config file. But this still caused
issues since the config needs to be re-generated to change the parameters.
Instead, let's store the cmdline in the BLS snippets. This will make the
configuration more robust, since it will work even without the grubenv
file and the BLS entries will contain all the information needed to boot.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
blscfg: Lookup default_kernelopts variable as fallback for options
Related: rhbz#1765297
10_linux.in: fix early exit due error when reading petitboot version
Resolves: rhbz#1827397
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The logic to parse the BLS configs to generate a set of menuentry commands
that's needed on ppc64le machines with bootloaders that don't have support
to parse BLS config directly, was implemented in a 10_linux_bls script.
But there's no need to have a separate script just for this and this logic
can be merged into the 10_linux script to avoid code duplication.
Also since the blscfg module will also now be used by ostree-based distros
there is a possible corner case in which a user set the blsdir variable to
a BLS directory path that is different than the default used by ostree.
So to avoid possible issues, only drop the marker file to specify that the
bootloader has support to parse BLS files if this variable hasn't been set.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>