OvmfPkg/AmdSev/Grub/grub.sh

   1 ##  @file
   2 #  Build a version of grub capable of decrypting a luks volume with a SEV
   3 #  Supplied secret
   4 #
   5 #  Copyright (C) 2020 James Bottomley, IBM Corporation.
   6 #
   7 #  SPDX-License-Identifier: BSD-2-Clause-Patent
   8 #
   9 ##
  10
  11 set -e
  12 remove_efi=1
  13
  14 cleanup()  {
  15     # remove the intermediates
  16     for f in disk.fat grub-bootstrap.cfg; do
  17         rm -f -- "${basedir}/$f"
  18     done
  19     if [ $remove_efi -eq 1 ]; then
  20         rm -f -- "${basedir}/grub.efi"
  21     fi
  22 }
  23
  24 trap cleanup EXIT
  25
  26 GRUB_MODULES="
  27             part_msdos
  28             part_gpt
  29             cryptodisk
  30             luks
  31             gcry_rijndael
  32             gcry_sha256
  33             ext2
  34             btrfs
  35             xfs
  36             fat
  37             configfile
  38             memdisk
  39             sleep
  40             normal
  41             echo
  42             test
  43             regexp
  44             linux
  45             linuxefi
  46             reboot
  47             sevsecret
  48             "
  49 basedir=$(dirname -- "$0")
  50
  51 # don't run a build if grub.efi exists and is newer than the config files
  52 if [ -e "${basedir}/grub.efi" ] && \
  53      [ "${basedir}/grub.efi" -nt "${basedir}/grub.cfg" ] && \
  54      [ "${basedir}/grub.efi" -nt "${basedir}/grub.sh" ]; then
  55     remove_efi=0
  56     echo "preserving existing grub.efi" >&2
  57     exit 0
  58 fi
  59
  60 ##
  61 # different distributions have different names for grub-mkimage, so
  62 # search all the known ones
  63 ##
  64 mkimage=
  65 for b in grub2-mkimage grub-mkimage; do
  66     if which "$b" > /dev/null 2>&1; then
  67         mkimage="$b"
  68         break
  69     fi
  70 done
  71 if [ -z "$mkimage" ]; then
  72     echo "Can't find grub mkimage" >&2
  73     exit 1
  74 fi
  75
  76 # GRUB's rescue parser doesn't understand 'if'.
  77 echo 'normal (memdisk)/grub.cfg' > "${basedir}/grub-bootstrap.cfg"
  78
  79 # Now build a memdisk with the correct grub.cfg
  80 rm -f -- "${basedir}/disk.fat"
  81 mkfs.msdos -C -- "${basedir}/disk.fat" 64
  82 mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg
  83
  84
  85 ${mkimage} -O x86_64-efi \
  86            -p '(crypto0)' \
  87            -c "${basedir}/grub-bootstrap.cfg" \
  88            -m "${basedir}/disk.fat" \
  89            -o "${basedir}/grub.efi" \
  90            ${GRUB_MODULES}
  91
  92 remove_efi=0
  93 echo "grub.efi generated in ${basedir}"