g/librem14-coreboot-grub-qubes
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added post transaction dom0 symlink creation; draft grub.cfg

Browse Source
This commit is contained in:
Giulio 2022-01-08 00:22:45 +01:00
parent 3f38f87aad
commit e38c103010
5 changed files with 177 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md Normal file
View File

@ -0,0 +1,2 @@
sudo qubes-dom0-update python3-dnf-plugin-post-transaction-actions

77
build.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
# use TERM to exit on error # use TERM to exit on error
trap "exit 1" TERM trap "exit 1" TERM
export TOP_PID=$$ export TOP_PID=$$
@ -516,18 +518,10 @@ build_coreboot() {
# calculate hash of BIOS region before injecting bootorder/serial # calculate hash of BIOS region before injecting bootorder/serial
${IFDTOOL_CB} -x ${COREBOOT_IMAGE} ${IFDTOOL_CB} -x ${COREBOOT_IMAGE}
bios_sha=$(sha256sum flashregion_1_bios.bin | awk '{print $1}')
rm -f flashregion*.bin
# set serial # set serial
set_serial_number ${COREBOOT_IMAGE} set_serial_number ${COREBOOT_IMAGE}
#set boot delay
# add an 8s boot delay for the Librem Mini so splash screen
# actually shown on displays with sluggish init
if [[ ${LIBREM_MODEL^^} == "MINI"* ]]; then
${CBFSTOOL_CB} ${COREBOOT_IMAGE} add-int -i 8000 -n etc/boot-menu-wait >/dev/null
fi
# print CBFS contents # print CBFS contents
${CBFSTOOL_CB} ${COREBOOT_IMAGE} print ${CBFSTOOL_CB} ${COREBOOT_IMAGE} print
@ -535,56 +529,41 @@ build_coreboot() {
echo "" echo ""
echo "Finished building coreboot for Librem ${LIBREM_MODEL^}" echo "Finished building coreboot for Librem ${LIBREM_MODEL^}"
echo "" echo ""
COREBOOT_BIOS_SHA="COREBOOT_BIOS_SHA_${LIBREM_MODEL^^}"
COREBOOT_BIOS_SHA=${!COREBOOT_BIOS_SHA}
if [ "${bios_sha}" != "${COREBOOT_BIOS_SHA}" ]; then
echo "WARNING: Built coreboot image hash does not match expected reproducible build hash"
echo "Built: ${bios_sha}"
echo "Expected: ${COREBOOT_BIOS_SHA}"
else
echo "Built coreboot image hash matches expected reproducible build hash"
fi
# prompt to flash # prompt to flash
echo "" echo ""
if [ ${CURRENT_FW_TYPE} != "HEADS" ]; then flash=0
flash=0 while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do
while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do read -r -p "Do you want to flash the coreboot update now (y/N) ? " flash
read -r -p "Do you want to flash the coreboot update now (y/N) ? " flash if [ "$flash" = "" ] || [ "$flash" == "N" ]; then
if [ "$flash" = "" ] || [ "$flash" == "N" ]; then flash="n"
flash="n" fi
fi if [ "$flash" == "Y" ]; then
if [ "$flash" == "Y" ]; then flash="y"
flash="y" fi
fi done
done if [ "$flash" == "y" ]; then
if [ "$flash" == "y" ]; then # check for / get flashrom
# check for / get flashrom get_flashrom
get_flashrom echo ""
echo "coreboot flashing in progress. Do NOT interrupt this process."
echo ""
flash_firmware_internal ${COREBOOT_IMAGE}
if [ $? -eq 0 ]; then
echo "" echo ""
echo "coreboot flashing in progress. Do NOT interrupt this process." echo "You must reboot for the coreboot update to take effect."
echo "" echo ""
flash_firmware_internal ${COREBOOT_IMAGE} read -r -p "Reboot now? (y/N) ? " rb
if [ $? -eq 0 ]; then if [ "$rb" = "Y" ] || [ "$rb" == "y" ]; then
echo "" cleanup
echo "You must reboot for the coreboot update to take effect." reboot
echo ""
read -r -p "Reboot now? (y/N) ? " rb
if [ "$rb" = "Y" ] || [ "$rb" == "y" ]; then
cleanup
reboot
fi
fi fi
else
echo ""
fi fi
else else
echo "You may now copy the coreboot update file ($COREBOOT_IMAGE) to USB for updating via Heads."
echo "" echo ""
read -ep "Press [Enter] to exit."
cleanup
exit 0
fi fi
} }
check_dependencies() { check_dependencies() {

3
resources/00-kernel-xen-symlink.conf Normal file
View File

@ -0,0 +1,3 @@
kernel:upgraded:/usr/bin/ln -sfn /boot/initramfs-${ver}-${rel}.fc32.qubes.${arch}
kernel:upgraded:/usr/bin/ln -sfn /boot/vmlinuz-${ver}-${rel}.fc32.qubes.${arch}
xen-hypervisor:upgraded:/usr/bin/ln -sfn /boot/xen-${ver}.gz /boot/xen-latest.gz

BIN
resources/dejavusansmono.pf2 Normal file
View File

Binary file not shown.

144
resources/grub.cfg
View File

@ -0,0 +1,144 @@
set prefix=(memdisk)/boot/grub
insmod nativedisk
insmod usb
insmod usbms
insmod part_msdos
insmod ext2
insmod lvm
insmod gcry_rijndael
insmod gcry_sha256
insmod luks
insmod cryptodisk
insmod gfxmenu
insmod gfxterm_menu
insmod gfxterm_background
insmod chain
insmod jpeg
terminal_input --append at_keyboard
terminal_output --append cbmemc
gfxpayload=keep
terminal_output --append gfxterm
set menu_color_normal=white/black
set menu_color_highlight=white/cyan
# Default to first option, automatically boot after 1 second
set default="0>0"
set timeout=1
# This is useful when using 'cat' on long files on GRUB terminal
set pager=1
# Set a background image from CBFS
background_image (cbfsdisk)/background.jpg
# Set DejaVu Sans Mono as the default font
loadfont (cbfsdisk)/dejavusansmono.pf2
# Default keymap
keymap usqwerty
# Users
set superusers="admin"
password_pbkdf2 admin #password_placeholder#
export superusers
function try_user_config {
set root="${1}"
for dir in boot grub grub2 boot/grub boot/grub2; do
for name in '' autoboot_ libreboot_ coreboot_; do
if [ -f /"${dir}"/"${name}"grub.cfg ]; then
unset superusers
configfile /"${dir}"/"${name}"grub.cfg
fi
done
done
}
function search_grub {
for i in 0 1; do
# raw devices
try_user_config "(${1}${i})"
for part in 1 2 3 4 5; do
# MBR/GPT partitions
try_user_config "(${1}${i},${part})"
done
done
}
function try_isolinux_config {
set root="${1}"
for dir in '' /boot; do
if [ -f "${dir}"/isolinux/isolinux.cfg ]; then
syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg
elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then
syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg
fi
done
}
function search_isolinux {
for i in 0 1; do
# raw devices
try_isolinux_config "(${1}${i})"
for part in 1 2 3 4 5; do
# MBR/GPT partitions
try_isolinux_config "(${1}${i},${part})"
done
done
}
menuentry 'Qubes, with Xen hypervisor' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-/dev/mapper/qubes_dom0-root' {
insmod part_msdos
insmod ext2
cryptomount -a
set root='lvm/qubes_dom0-boot'
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 2c68125e-e8df-4d9f-b67f-74c44a6e9873
else
search --no-floppy --fs-uuid --set=root 2c68125e-e8df-4d9f-b67f-74c44a6e9873
fi
echo 'Loading Xen..'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot2 /xen-latest placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux...'
module2 /vmlinuz-latest placeholder root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-f8d0a06a-fb7a-411a-a662-4f7a6bf4931c rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles i915.alpha_support=1 rd.driver.pre=btrfs rhgb quiet rd.qubes.hide_all_usb
echo 'Loading initial ramdisk...'
module2 --nounzip /initramfs-latest
}
submenu 'Search for systems on external media' {
menuentry 'Search ISOLINUX menu (USB)' {
search_isolinux usb
}
menuentry 'Search ISOLINUX menu (AHCI)' {
search_isolinux ahci
}
menuentry 'Search for GRUB2 configuration on external media' {
search_grub usb
}
menuentry 'Load test configuration (grubtest.cfg) inside of CBFS' {
set root='(cbfsdisk)'
configfile /grubtest.cfg
}
menuentry 'Chainload bootloader on external media' {
set root='(usb0)'
chainloader +1
}
}
menuentry 'Reboot [r]' --hotkey='r' {
reboot
}
menuentry 'Poweroff [p]' --hotkey='p' {
halt
}