diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec index 539d939..cdaa802 100644 --- a/SPECS/tboot.spec +++ b/SPECS/tboot.spec @@ -1,7 +1,7 @@ Summary: Performs a verified launch using Intel TXT Name: tboot Version: 1.10.5 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 License: BSD @@ -33,16 +33,41 @@ LDFLAGS="%{build_ldflags}"; export LDFLAGS make debug=y %{?_smp_mflags} %post -efidir=$(find /boot -type d -name EFI) -if [ -n "$efidir" ]; then +# Rmove the grub efi modules if they had been placed in the wrong directory by +# a previous install. +[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi +# create the tboot grub entry +grub2-mkconfig -o /boot/grub2/grub.cfg + +# For EFI based machines ... +if [ -d /sys/firmware/efi ]; then echo "EFI detected .." - mkdir -pv /boot/efi/EFI/redhat/x86_64-efi - cp -vf /usr/lib/grub/x86_64-efi/relocator.mod /boot/efi/EFI/redhat/x86_64-efi/ - cp -vf /usr/lib/grub/x86_64-efi/multiboot2.mod /boot/efi/EFI/redhat/x86_64-efi/ - gcfg=$(find /boot -name grub.cfg -print -quit) - [ -n "$gcfg" ] && grub2-mkconfig -o "$gcfg" + [ -d /boot/grub2/x86_64-efi ] || mkdir -pv /boot/grub2/x86_64-efi + cp -vf /usr/lib/grub/x86_64-efi/relocator.mod /boot/grub2/x86_64-efi/ + cp -vf /usr/lib/grub/x86_64-efi/multiboot2.mod /boot/grub2/x86_64-efi/ + + # If there were a previous install of tboot that overwrote the + # originally installed /boot/efi/EFI/redhat/grub.cfg stub, then + # recreate it. + if grep -q -m1 tboot /boot/efi/EFI/redhat/grub.cfg; then +cat << EOF > /boot/efi/EFI/redhat/grub.cfg +search --no-floppy --fs-uuid --set=dev \ + $(lsblk -no UUID $(df -P /boot/grub2 | awk 'END{print $1}')) +set prefix=(\$dev)/grub2 +export \$prefix +configfile \$prefix/grub.cfg +EOF + chown root:root /boot/efi/EFI/redhat/grub.cfg + chmod u=rwx,go= /boot/efi/EFI/redhat/grub.cfg + fi fi +%postun +# Remove residual grub efi modules. +[ -d /boot/grub2/x86_64-efi ] && rm -rf /boot/grub2/x86_64-efi +[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi +grub2-mkconfig -o /etc/grub2.cfg + %install make debug=y DISTDIR=$RPM_BUILD_ROOT install @@ -70,6 +95,21 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install /boot/tboot-syms %changelog +* Thu Aug 18 2022 Tony Camuso - 1:1.10.5-2 +- The install scriptlet in %post was choosing the first grub.cfg + file it encountered, which was /boot/efi/EFI/redhat/grub.cfg. + This is a stub that defines grub boot disk UUID necessary for + proper grubenv setup, and it must not be overwritten or changed. + Modify the scriptlet to target /boot/grub2/grub.cfg + Additionally, remove any wrongly created /boot/grub2/x86_64-efi + directory and recreate the correct /boot/efi/EFI/redhat/grub.cfg + stub file. + Added a %postun section to cleanup when removing tboot with + dnf erase. + Thanks to Lenny Szubowicz for the bash code to recreate the + /boot/efi/EFI/redhat/grub.cfg stub file. + Resolves: rhbz#2112236 + * Wed May 04 2022 Tony Camuso - 1:1.10.5-1 - Upgrade to tboot-1.10.5-1 for fixes and updates. - Added a Requires line to install grub2-efi-x64-modules