[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

grub-install --removable uses CD boot image instead of normal disk boot image

Package: grub-efi-amd64-bin
Version: 2.06-3~deb11u5
Tags: patch
When installing GRUB for UEFI secure boot, "grub-install --removable" uses the CD boot image gcd{arch}.efi.signed which is designed for CD boot and lacks encryption, LVM and RAID support. Such image cannot read /boot on LUKS, LVM or Linux RAID.
The attached patch uses the normal disk boot image grub{arch}.efi.signed instead. This is now possible because the normal disk image embeds a config file which searches grub.cfg in $prefix (/EFI/debian) then $cmdpath (/EFI/BOOT), instead of $prefix only in previous versions. IMO it would be better to reverse the order, cf. patch attached to bug #925309.
From 304e813b0c1ff030c4d4dd896aeb46be88478763 Mon Sep 17 00:00:00 2001
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Fri, 23 Dec 2022 12:13:20 +0100
Subject: [PATCH] Use normal signed EFI disk boot image with --removable

grub-install --removable uses the CD boot image gcd{arch}.efi.signed
which is designed for CD boot and lacks crypto, lvm and raid support.
Use the normal disk boot image grub{arch}.efi.signed instead.
---
 debian/patches/install-signed.patch | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/debian/patches/install-signed.patch b/debian/patches/install-signed.patch
index bfeb3a938..2a5329f13 100644
--- a/debian/patches/install-signed.patch
+++ b/debian/patches/install-signed.patch
@@ -11,15 +11,15 @@ Author: Steve Langasek <steve.langasek@ubuntu.com>
 Author: Linn Crosetto <linn@hpe.com>
 Author: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
 Forwarded: no
-Last-Update: 2021-09-24
+Last-Update: 2022-12-23
 
 Patch-Name: install-signed.patch
 ---
- util/grub-install.c | 212 ++++++++++++++++++++++++++++++++------------
- 1 file changed, 153 insertions(+), 59 deletions(-)
+ util/grub-install.c | 209 +++++++++++++++++++++++++++++++-------------
+ 1 file changed, 150 insertions(+), 59 deletions(-)
 
 diff --git a/util/grub-install.c b/util/grub-install.c
-index 48e2d3779..f49c78d0b 100644
+index 48e2d3779..a18a35ac8 100644
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
 @@ -80,6 +80,7 @@ static char *label_color;
@@ -192,7 +192,7 @@ index 48e2d3779..f49c78d0b 100644
  	}
        t = grub_util_path_concat (3, efidir, "EFI", efi_distributor);
        free (efidir);
-@@ -1376,14 +1379,41 @@ main (int argc, char *argv[])
+@@ -1376,14 +1379,38 @@ main (int argc, char *argv[])
  	}
      }
  
@@ -208,10 +208,7 @@ index 48e2d3779..f49c78d0b 100644
 +      {
 +	char *dir = xasprintf ("%s-signed", grub_install_source_directory);
 +	char *signed_image;
-+	if (removable)
-+	  signed_image = xasprintf ("gcd%s.efi.signed", efi_suffix);
-+	else
-+	  signed_image = xasprintf ("grub%s.efi.signed", efi_suffix);
++	signed_image = xasprintf ("grub%s.efi.signed", efi_suffix);
 +	efi_signed = grub_util_path_concat (2, dir, signed_image);
 +	break;
 +      }
@@ -236,7 +233,7 @@ index 48e2d3779..f49c78d0b 100644
  	{
  	  char *uuid = NULL;
  	  /*  generic method (used on coreboot and ata mod).  */
-@@ -1941,7 +1971,71 @@ main (int argc, char *argv[])
+@@ -1941,7 +1968,71 @@ main (int argc, char *argv[])
      case GRUB_INSTALL_PLATFORM_IA64_EFI:
        {
  	char *dst = grub_util_path_concat (2, efidir, efi_file);
-- 
2.30.2
Reply to: