g/librem14-coreboot-grub-qubes
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added post transaction dom0 symlink creation; draft grub.cfg

Browse Source
This commit is contained in:
Giulio 2022-01-08 00:22:45 +01:00
parent 3f38f87aad
commit e38c103010
5 changed files with 177 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md Normal file
View File

@ -0,0 +1,2 @@
sudo qubes-dom0-update python3-dnf-plugin-post-transaction-actions

31
build.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
# use TERM to exit on error # use TERM to exit on error
trap "exit 1" TERM trap "exit 1" TERM
export TOP_PID=$$ export TOP_PID=$$
@ -516,18 +518,10 @@ build_coreboot() {
# calculate hash of BIOS region before injecting bootorder/serial # calculate hash of BIOS region before injecting bootorder/serial
${IFDTOOL_CB} -x ${COREBOOT_IMAGE} ${IFDTOOL_CB} -x ${COREBOOT_IMAGE}
bios_sha=$(sha256sum flashregion_1_bios.bin | awk '{print $1}')
rm -f flashregion*.bin
# set serial # set serial
set_serial_number ${COREBOOT_IMAGE} set_serial_number ${COREBOOT_IMAGE}
#set boot delay
# add an 8s boot delay for the Librem Mini so splash screen
# actually shown on displays with sluggish init
if [[ ${LIBREM_MODEL^^} == "MINI"* ]]; then
${CBFSTOOL_CB} ${COREBOOT_IMAGE} add-int -i 8000 -n etc/boot-menu-wait >/dev/null
fi
# print CBFS contents # print CBFS contents
${CBFSTOOL_CB} ${COREBOOT_IMAGE} print ${CBFSTOOL_CB} ${COREBOOT_IMAGE} print
@ -535,19 +529,10 @@ build_coreboot() {
echo "" echo ""
echo "Finished building coreboot for Librem ${LIBREM_MODEL^}" echo "Finished building coreboot for Librem ${LIBREM_MODEL^}"
echo "" echo ""
COREBOOT_BIOS_SHA="COREBOOT_BIOS_SHA_${LIBREM_MODEL^^}"
COREBOOT_BIOS_SHA=${!COREBOOT_BIOS_SHA}
if [ "${bios_sha}" != "${COREBOOT_BIOS_SHA}" ]; then
echo "WARNING: Built coreboot image hash does not match expected reproducible build hash"
echo "Built: ${bios_sha}"
echo "Expected: ${COREBOOT_BIOS_SHA}"
else
echo "Built coreboot image hash matches expected reproducible build hash"
fi
# prompt to flash # prompt to flash
echo "" echo ""
if [ ${CURRENT_FW_TYPE} != "HEADS" ]; then
flash=0 flash=0
while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do
read -r -p "Do you want to flash the coreboot update now (y/N) ? " flash read -r -p "Do you want to flash the coreboot update now (y/N) ? " flash
@ -578,13 +563,7 @@ build_coreboot() {
else else
echo "" echo ""
fi fi
else
echo "You may now copy the coreboot update file ($COREBOOT_IMAGE) to USB for updating via Heads."
echo ""
read -ep "Press [Enter] to exit."
cleanup
exit 0
fi
} }
check_dependencies() { check_dependencies() {

3
resources/00-kernel-xen-symlink.conf Normal file
View File

@ -0,0 +1,3 @@
kernel:upgraded:/usr/bin/ln -sfn /boot/initramfs-${ver}-${rel}.fc32.qubes.${arch}
kernel:upgraded:/usr/bin/ln -sfn /boot/vmlinuz-${ver}-${rel}.fc32.qubes.${arch}
xen-hypervisor:upgraded:/usr/bin/ln -sfn /boot/xen-${ver}.gz /boot/xen-latest.gz

BIN
resources/dejavusansmono.pf2 Normal file
View File

Binary file not shown.

144
resources/grub.cfg
View File

@ -0,0 +1,144 @@
set prefix=(memdisk)/boot/grub
insmod nativedisk
insmod usb
insmod usbms
insmod part_msdos
insmod ext2
insmod lvm
insmod gcry_rijndael
insmod gcry_sha256
insmod luks
insmod cryptodisk
insmod gfxmenu
insmod gfxterm_menu
insmod gfxterm_background
insmod chain
insmod jpeg
terminal_input --append at_keyboard
terminal_output --append cbmemc
gfxpayload=keep
terminal_output --append gfxterm
set menu_color_normal=white/black
set menu_color_highlight=white/cyan
# Default to first option, automatically boot after 1 second
set default="0>0"
set timeout=1
# This is useful when using 'cat' on long files on GRUB terminal
set pager=1
# Set a background image from CBFS
background_image (cbfsdisk)/background.jpg
# Set DejaVu Sans Mono as the default font
loadfont (cbfsdisk)/dejavusansmono.pf2
# Default keymap
keymap usqwerty
# Users
set superusers="admin"
password_pbkdf2 admin #password_placeholder#
export superusers
function try_user_config {
set root="${1}"
for dir in boot grub grub2 boot/grub boot/grub2; do
for name in '' autoboot_ libreboot_ coreboot_; do
if [ -f /"${dir}"/"${name}"grub.cfg ]; then
unset superusers
configfile /"${dir}"/"${name}"grub.cfg
fi
done
done
}
function search_grub {
for i in 0 1; do
# raw devices
try_user_config "(${1}${i})"
for part in 1 2 3 4 5; do
# MBR/GPT partitions
try_user_config "(${1}${i},${part})"
done
done
}
function try_isolinux_config {
set root="${1}"
for dir in '' /boot; do
if [ -f "${dir}"/isolinux/isolinux.cfg ]; then
syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg
elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then
syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg
fi
done
}
function search_isolinux {
for i in 0 1; do
# raw devices
try_isolinux_config "(${1}${i})"
for part in 1 2 3 4 5; do
# MBR/GPT partitions
try_isolinux_config "(${1}${i},${part})"
done
done
}
menuentry 'Qubes, with Xen hypervisor' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-/dev/mapper/qubes_dom0-root' {
insmod part_msdos
insmod ext2
cryptomount -a
set root='lvm/qubes_dom0-boot'
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 2c68125e-e8df-4d9f-b67f-74c44a6e9873
else
search --no-floppy --fs-uuid --set=root 2c68125e-e8df-4d9f-b67f-74c44a6e9873
fi
echo 'Loading Xen..'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot2 /xen-latest placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux...'
module2 /vmlinuz-latest placeholder root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-f8d0a06a-fb7a-411a-a662-4f7a6bf4931c rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles i915.alpha_support=1 rd.driver.pre=btrfs rhgb quiet rd.qubes.hide_all_usb
echo 'Loading initial ramdisk...'
module2 --nounzip /initramfs-latest
}
submenu 'Search for systems on external media' {
menuentry 'Search ISOLINUX menu (USB)' {
search_isolinux usb
}
menuentry 'Search ISOLINUX menu (AHCI)' {
search_isolinux ahci
}
menuentry 'Search for GRUB2 configuration on external media' {
search_grub usb
}
menuentry 'Load test configuration (grubtest.cfg) inside of CBFS' {
set root='(cbfsdisk)'
configfile /grubtest.cfg
}
menuentry 'Chainload bootloader on external media' {
set root='(usb0)'
chainloader +1
}
}
menuentry 'Reboot [r]' --hotkey='r' {
reboot
}
menuentry 'Poweroff [p]' --hotkey='p' {
halt
}