thinkpad-coreboot-qubes/config/grub.cfg

272 lines
9.8 KiB
INI
Raw Permalink Normal View History

2018-03-27 20:01:52 +02:00
set prefix=(memdisk)/boot/grub
insmod nativedisk
insmod ehci
insmod ohci
insmod uhci
insmod usb
insmod usbms
insmod part_msdos
insmod ext2
insmod lvm
insmod gcry_rijndael
insmod gcry_sha256
insmod luks
insmod cryptodisk
# insmod usbserial_pl2303
# insmod usbserial_ftdi
# insmod usbserial_usbdebug
insmod gfxmenu
insmod gfxterm_menu
insmod gfxterm_background
insmod chain
insmod jpeg
# Serial and keyboard configuration, very important.
# serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
# terminal_input --append serial
# terminal_output --append serial
terminal_input --append at_keyboard
terminal_output --append cbmemc
gfxpayload=keep
terminal_output --append gfxterm
set menu_color_normal=white/black
set menu_color_highlight=white/cyan
# Default to first option, automatically boot after 1 second
set default="0>0"
set timeout=1
# This is useful when using 'cat' on long files on GRUB terminal
set pager=1
# Set a background image from CBFS
background_image (cbfsdisk)/background.jpg
# Set DejaVu Sans Mono as the default font
loadfont (cbfsdisk)/dejavusansmono.pf2
# Default keymap
keymap usqwerty
function try_user_config {
set root="${1}"
for dir in boot grub grub2 boot/grub boot/grub2; do
for name in '' autoboot_ libreboot_ coreboot_; do
if [ -f /"${dir}"/"${name}"grub.cfg ]; then
unset superusers
configfile /"${dir}"/"${name}"grub.cfg
fi
done
done
}
function search_grub {
for i in 0 1; do
# raw devices
try_user_config "(${1}${i})"
for part in 1 2 3 4 5; do
# MBR/GPT partitions
try_user_config "(${1}${i},${part})"
done
done
}
function try_isolinux_config {
set root="${1}"
for dir in '' /boot; do
if [ -f "${dir}"/isolinux/isolinux.cfg ]; then
syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg
elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then
syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg
fi
done
}
function search_isolinux {
for i in 0 1; do
# raw devices
try_isolinux_config "(${1}${i})"
for part in 1 2 3 4 5; do
# MBR/GPT partitions
try_isolinux_config "(${1}${i},${part})"
done
done
}
menuentry 'Qubes, with Xen hypervisor' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-1c874f0f-b41d-4120-8058-b327554c11bf' {
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 55e7e06a-cad4-4a8d-ba89-9205493e87d7
else
search --no-floppy --fs-uuid --set=root 55e7e06a-cad4-4a8d-ba89-9205493e87d7
fi
echo 'Loading Xen 4.8.3 ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot /xen-4.8.3.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ${xen_rm_opts}
echo 'Loading Linux 4.14.18-1.pvops.qubes.x86_64 ...'
module /vmlinuz-4.14.18-1.pvops.qubes.x86_64 placeholder iomem=relaxed root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-8453f049-6322-4e5d-b05a-a6c4688fd3a5 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet rd.qubes.hide_all_usb
echo 'Loading initial ramdisk ...'
module --nounzip /initramfs-4.14.18-1.pvops.qubes.x86_64.img
}
menuentry 'Qubes, with Xen hypervisor FDE' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-1c874f0f-b41d-4120-8058-b327554c11bf' {
cryptomount -a
set root='lvm/qubes_dom0-boot'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 55e7e06a-cad4-4a8d-ba89-9205493e87d7
else
search --no-floppy --fs-uuid --set=root 55e7e06a-cad4-4a8d-ba89-9205493e87d7
fi
echo 'Loading Xen 4.8.3 ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot /xen-4.8.3.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ${xen_rm_opts}
echo 'Loading Linux 4.14.18-1.pvops.qubes.x86_64 ...'
module /vmlinuz-4.14.18-1.pvops.qubes.x86_64 placeholder iomem=relaxed root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-8453f049-6322-4e5d-b05a-a6c4688fd3a5 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet rd.qubes.hide_all_usb
echo 'Loading initial ramdisk ...'
module --nounzip /initramfs-4.14.18-1.pvops.qubes.x86_64.img
}
submenu 'Boot from a LUKS+LVM setup [l]' --hotkey='l' {
menuentry 'Linux-libre kernel' {
cryptomount -a
set root='lvm/matrix-system'
linux /boot/vmlinuz-linux-libre root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap
initrd /boot/initramfs-linux-libre.img
}
menuentry 'Linux-libre-lts kernel' {
cryptomount -a
set root='lvm/matrix-system'
linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap
initrd /boot/initramfs-linux-libre-lts.img
}
menuentry 'Linux-libre-grsec kernel' {
cryptomount -a
set root='lvm/matrix-system'
linux /boot/vmlinuz-linux-libre-grsec root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap
initrd /boot/initramfs-linux-libre-grsec.img
}
menuentry 'Linux kernel' {
cryptomount -a
set root='lvm/matrix-system'
linux /boot/vmlinuz-linux root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap
initrd /boot/initramfs-linux.img
}
menuentry 'Linux-lts kernel' {
cryptomount -a
set root='lvm/matrix-system'
linux /boot/vmlinuz-linux-lts root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap
initrd /boot/initramfs-linux-lts.img
}
menuentry 'Linux-grsec kernel' {
cryptomount -a
set root='lvm/matrix-system'
linux /boot/vmlinuz-linux-grsec root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap
initrd /boot/initramfs-linux-grsec.img
}
}
menuentry 'Load operating system from HDD [o]' --hotkey='o' {
# GRUB2 handles (almost) every possible disk setup, but only the location of
# /boot is actually important since GRUB2 only loads the user's config.
# LVM, RAID, filesystems and encryption on both raw devices and partitions in
# all various combinations need to be supported. Since full disk encryption is
# possible with GRUB2 as payload and probably even used by most users, this
# configuration tries to load the operating system in the following way:
# 1. Look for user configuration on unencrypted devices first to avoid
# unnecessary decryption routines in the following order:
# 1) raw devices and MBR/GPT partitions
search_grub ahci
search_grub ata
# 2) LVM and RAID which might be used accross multiple devices
lvm="lvm/matrix-rootvol lvm/matrix-boot"
raid="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9"
for vol in ${lvm} ${raid}; do
try_user_config "(${vol})"
done
# 2. In case no configuration could be found, try decrypting devices. Look
# on raw crypto devices as well as inside LVM volumes this time.
# The user will be prompted for a passphrase if a LUKS header was found.
for dev in ahci0 ata0 ${lvm}; do
cryptomount "(${dev})"
done
# 3) encrypted devices/partitions
for i in 0 1; do
for part in 1 2 3 4 5; do
for type in ahci ata; do
cryptomount "(${type}${i},${part})"
done
done
done
# 3) encrypted devices/partitions
search_grub crypto
# 4) LVM inside LUKS containers
for vol in ${lvm}; do
try_user_config "(${vol})"
done
# Last resort, if all else fails
set root=ahci0,1
for p in / /boot/; do
if [ -f "${p}vmlinuz" ]; then
linux ${p}vmlinuz root=/dev/sda1 rw
if [ -f "${p}initrd.img" ]; then
initrd ${p}initrd.img
fi
fi
done
# Last resort (for GA-G41-ES2L which uses IDE emulation mode for SATA)
set root=ata0,1
for p in / /boot/; do
if [ -f "${p}vmlinuz" ]; then
linux ${p}vmlinuz root=/dev/sda1 rw
if [ -f "${p}initrd.img" ]; then
initrd ${p}initrd.img
fi
fi
done
}
submenu 'Search for systems on external media [u]' --hotkey="u" {
menuentry 'Search ISOLINUX menu (USB) [u]' --hotkey='u' {
search_isolinux usb
}
menuentry 'Search ISOLINUX menu (AHCI) [a]' --hotkey='a' {
search_isolinux ahci
}
menuentry 'Search ISOLINUX menu (CD/DVD) [d]' --hotkey='d' {
insmod ata
for dev in ata0 ata1 ata2 ata3 ahci1; do
try_isolinux_config "(${dev})"
done
}
menuentry 'Search for GRUB2 configuration on external media [s]' --hotkey='s' {
search_grub usb
}
menuentry 'Load test configuration (grubtest.cfg) inside of CBFS [t]' --hotkey='t' {
set root='(cbfsdisk)'
configfile /grubtest.cfg
}
menuentry 'Chainload bootloader on external media [c]' --hotkey='c' {
set root='(usb0)'
chainloader +1
}
}
menuentry 'Reboot [r]' --hotkey='r' {
reboot
}
menuentry 'Poweroff [p]' --hotkey='p' {
halt
}