From 35010ba47f365aa83ebfdb13847ebc7e453a7a49 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 16 May 2023 06:23:33 +0000
Subject: [PATCH] import tboot-1.10.5-2.el8

---
 SPECS/tboot.spec | 48 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 40 insertions(+), 8 deletions(-)

diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
index 9940d6e..a9200d3 100644
--- a/SPECS/tboot.spec
+++ b/SPECS/tboot.spec
@@ -1,7 +1,7 @@
 Summary:        Performs a verified launch using Intel TXT
 Name:           tboot
 Version:        1.10.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          1
 
 Group:          System Environment/Base
@@ -34,16 +34,39 @@ LDFLAGS="$RPM_LD_FLAGS"; export LDFLAGS
 make debug=y %{?_smp_mflags}
 
 %post
-efidir=$(find /boot -type d -name EFI)
-if [ -n "$efidir" ]; then
+# create the tboot entry and copy the modules to the grubenvdir
+grublib='/usr/lib/grub/x86_64-efi/'
+
+if [ -d /sys/firmware/efi ]; then
 	echo "EFI detected .."
-	mkdir -pv /boot/efi/EFI/redhat/x86_64-efi
-	cp -vf /usr/lib/grub/x86_64-efi/relocator.mod /boot/efi/EFI/redhat/x86_64-efi/
-	cp -vf /usr/lib/grub/x86_64-efi/multiboot2.mod /boot/efi/EFI/redhat/x86_64-efi/
-	gcfg=$(find /boot -name grub.cfg -print -quit)
-	[ -n "$gcfg" ] && grub2-mkconfig -o "$gcfg"
+	grubenvdir='/boot/efi/EFI/redhat'
+else
+	echo "Legacy BIOS detected .."
+	grubenvdir='/boot/grub2'
+	# If previous install put the modules in the wrong dir
+	[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
 fi
 
+grub2-mkconfig -o $grubenvdir/grub.cfg
+[ -d $grubenvdir/x86_64-efi ] || mkdir -pv $grubenvdir/x86_64-efi
+cp -vf $grublib/relocator.mod $grubenvdir/x86_64-efi/
+cp -vf $grublib/multiboot2.mod $grubenvdir/x86_64-efi/
+
+%postun
+# Cleanup all tboot files
+
+# Remove residual grub efi modules.
+if [ -d /sys/firmware/efi ]; then
+	echo "EFI detected .."
+	grubenvdir='/boot/efi/EFI/redhat'
+else
+	echo "Legacy BIOS detected .."
+	grubenvdir='/boot/grub2'
+fi
+
+[ -d $grubenvdir/x86_64-efi ] && rm -rf $grubenvdir/x86_64-efi
+grub2-mkconfig -o $grubenvdir/grub.cfg
+
 %install
 echo "installing tboot"
 make debug=y DISTDIR=$RPM_BUILD_ROOT install
@@ -72,6 +95,15 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
 /boot/tboot-syms
 
 %changelog
+* Fri Aug 26 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-2
+- The install scriptlet in %post was not choosing the correct
+  grubenv directory. In RHEL8, the efi and legacy bios grubenv
+  directories are different. This change assures that the
+  correct directory is used for grub.cfg and related modules.
+  Added a %postun section to cleanup when removing tboot with
+  dnf erase.
+  Resolves: rhbz#2121836
+
 * Wed Apr 20 2022 Tony Camuso <tcamuso@redhat.com> - 1:1.10.5-1
   Upgrade to tboot-1.10.5-1 for fixes and updates.
   Added a scriptlet to the tboot.spec file to automatically install