mirror of https://github.com/acidanthera/audk.git
47 lines
1.1 KiB
INI
47 lines
1.1 KiB
INI
## @file
|
|
# Execute a script to recover the SEV supplied secret and use it to
|
|
# decrypt a luks volume. For security, the kernel must be on an encrypted
|
|
# volume so reboot if none are found.
|
|
#
|
|
# Copyright (C) 2020 James Bottomley, IBM Corporation.
|
|
#
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
#
|
|
##
|
|
|
|
echo "Entering grub config"
|
|
sevsecret
|
|
if [ $? -ne 0 ]; then
|
|
echo "Failed to locate anything in the SEV secret area, prompting for password"
|
|
cryptomount -a
|
|
else
|
|
cryptomount -s
|
|
if [ $? -ne 0 ]; then
|
|
echo "Failed to mount root securely, retrying with password prompt"
|
|
cryptomount -a
|
|
fi
|
|
fi
|
|
set root=
|
|
for f in (crypto*); do
|
|
if [ -e $f/boot/grub/grub.cfg ]; then
|
|
set root=$f
|
|
set prefix=($root)/boot/grub
|
|
break;
|
|
fi
|
|
done
|
|
if [ x$root = x ]; then
|
|
echo "Failed to find any grub configuration on the encrypted volume"
|
|
sleep 5
|
|
reboot
|
|
fi
|
|
# rest of modules to get boot to work
|
|
set modules="
|
|
boot
|
|
loadenv
|
|
"
|
|
for f in $modules; do
|
|
insmod $f
|
|
done
|
|
echo "Transferring to ${prefix}/grub.cfg"
|
|
source $prefix/grub.cfg
|