OvmfPkg/AmdSev/Grub/grub.cfg

   1 ##  @file
   2 #  Execute a script to recover the SEV supplied secret and use it to
   3 #  decrypt a luks volume.  For security, the kernel must be on an encrypted
   4 #  volume so reboot if none are found.
   5 #
   6 #  Copyright (C) 2020 James Bottomley, IBM Corporation.
   7 #
   8 #  SPDX-License-Identifier: BSD-2-Clause-Patent
   9 #
  10 ##
  11
  12 echo "Entering grub config"
  13 sevsecret
  14 if [ $? -ne 0 ]; then
  15     echo "Failed to locate anything in the SEV secret area, prompting for password"
  16     cryptomount -a
  17 else
  18     cryptomount -s
  19     if [ $? -ne 0 ]; then
  20         echo "Failed to mount root securely, retrying with password prompt"
  21         cryptomount -a
  22     fi
  23 fi
  24 set root=
  25 for f in (crypto*); do
  26     if [ -e $f/boot/grub/grub.cfg ]; then
  27         set root=$f
  28         set prefix=($root)/boot/grub
  29         break;
  30     fi
  31 done
  32 if [ x$root = x ]; then
  33     echo "Failed to find any grub configuration on the encrypted volume"
  34     sleep 5
  35     reboot
  36 fi
  37 # rest of modules to get boot to work
  38 set modules="
  39     boot
  40     loadenv
  41     "
  42 for f in $modules; do
  43     insmod $f
  44 done
  45 echo "Transferring to ${prefix}/grub.cfg"
  46 source $prefix/grub.cfg