set prefix=(memdisk)/boot/grub insmod nativedisk insmod ehci insmod ohci insmod uhci insmod usb insmod usbms insmod part_msdos insmod ext2 insmod lvm insmod gcry_rijndael insmod gcry_sha256 insmod luks insmod cryptodisk # insmod usbserial_pl2303 # insmod usbserial_ftdi # insmod usbserial_usbdebug insmod gfxmenu insmod gfxterm_menu insmod gfxterm_background insmod chain insmod jpeg # Serial and keyboard configuration, very important. # serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 # terminal_input --append serial # terminal_output --append serial terminal_input --append at_keyboard terminal_output --append cbmemc gfxpayload=keep terminal_output --append gfxterm set menu_color_normal=white/black set menu_color_highlight=white/cyan # Default to first option, automatically boot after 1 second set default="0>0" set timeout=1 # This is useful when using 'cat' on long files on GRUB terminal set pager=1 # Set a background image from CBFS background_image (cbfsdisk)/background.jpg # Set DejaVu Sans Mono as the default font loadfont (cbfsdisk)/dejavusansmono.pf2 # Default keymap keymap usqwerty function try_user_config { set root="${1}" for dir in boot grub grub2 boot/grub boot/grub2; do for name in '' autoboot_ libreboot_ coreboot_; do if [ -f /"${dir}"/"${name}"grub.cfg ]; then unset superusers configfile /"${dir}"/"${name}"grub.cfg fi done done } function search_grub { for i in 0 1; do # raw devices try_user_config "(${1}${i})" for part in 1 2 3 4 5; do # MBR/GPT partitions try_user_config "(${1}${i},${part})" done done } function try_isolinux_config { set root="${1}" for dir in '' /boot; do if [ -f "${dir}"/isolinux/isolinux.cfg ]; then syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg fi done } function search_isolinux { for i in 0 1; do # raw devices try_isolinux_config "(${1}${i})" for part in 1 2 3 4 5; do # MBR/GPT partitions try_isolinux_config "(${1}${i},${part})" done done } menuentry 'Qubes, with Xen hypervisor' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-1c874f0f-b41d-4120-8058-b327554c11bf' { set root='hd0,msdos1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 55e7e06a-cad4-4a8d-ba89-9205493e87d7 else search --no-floppy --fs-uuid --set=root 55e7e06a-cad4-4a8d-ba89-9205493e87d7 fi echo 'Loading Xen 4.8.3 ...' if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then xen_rm_opts= else xen_rm_opts="no-real-mode edd=off" fi multiboot /xen-4.8.3.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ${xen_rm_opts} echo 'Loading Linux 4.14.18-1.pvops.qubes.x86_64 ...' module /vmlinuz-4.14.18-1.pvops.qubes.x86_64 placeholder iomem=relaxed root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-8453f049-6322-4e5d-b05a-a6c4688fd3a5 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet rd.qubes.hide_all_usb echo 'Loading initial ramdisk ...' module --nounzip /initramfs-4.14.18-1.pvops.qubes.x86_64.img } menuentry 'Qubes, with Xen hypervisor FDE' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-1c874f0f-b41d-4120-8058-b327554c11bf' { cryptomount -a set root='lvm/qubes_dom0-boot' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 55e7e06a-cad4-4a8d-ba89-9205493e87d7 else search --no-floppy --fs-uuid --set=root 55e7e06a-cad4-4a8d-ba89-9205493e87d7 fi echo 'Loading Xen 4.8.3 ...' if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then xen_rm_opts= else xen_rm_opts="no-real-mode edd=off" fi multiboot /xen-4.8.3.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ${xen_rm_opts} echo 'Loading Linux 4.14.18-1.pvops.qubes.x86_64 ...' module /vmlinuz-4.14.18-1.pvops.qubes.x86_64 placeholder iomem=relaxed root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-8453f049-6322-4e5d-b05a-a6c4688fd3a5 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet rd.qubes.hide_all_usb echo 'Loading initial ramdisk ...' module --nounzip /initramfs-4.14.18-1.pvops.qubes.x86_64.img } submenu 'Boot from a LUKS+LVM setup [l]' --hotkey='l' { menuentry 'Linux-libre kernel' { cryptomount -a set root='lvm/matrix-system' linux /boot/vmlinuz-linux-libre root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap initrd /boot/initramfs-linux-libre.img } menuentry 'Linux-libre-lts kernel' { cryptomount -a set root='lvm/matrix-system' linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap initrd /boot/initramfs-linux-libre-lts.img } menuentry 'Linux-libre-grsec kernel' { cryptomount -a set root='lvm/matrix-system' linux /boot/vmlinuz-linux-libre-grsec root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap initrd /boot/initramfs-linux-libre-grsec.img } menuentry 'Linux kernel' { cryptomount -a set root='lvm/matrix-system' linux /boot/vmlinuz-linux root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap initrd /boot/initramfs-linux.img } menuentry 'Linux-lts kernel' { cryptomount -a set root='lvm/matrix-system' linux /boot/vmlinuz-linux-lts root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap initrd /boot/initramfs-linux-lts.img } menuentry 'Linux-grsec kernel' { cryptomount -a set root='lvm/matrix-system' linux /boot/vmlinuz-linux-grsec root=/dev/matrix/system cryptdevice=/dev/sda1:lvm cryptkey=rootfs:/etc/keyfile resume=/dev/mapper/matrix-swap initrd /boot/initramfs-linux-grsec.img } } menuentry 'Load operating system from HDD [o]' --hotkey='o' { # GRUB2 handles (almost) every possible disk setup, but only the location of # /boot is actually important since GRUB2 only loads the user's config. # LVM, RAID, filesystems and encryption on both raw devices and partitions in # all various combinations need to be supported. Since full disk encryption is # possible with GRUB2 as payload and probably even used by most users, this # configuration tries to load the operating system in the following way: # 1. Look for user configuration on unencrypted devices first to avoid # unnecessary decryption routines in the following order: # 1) raw devices and MBR/GPT partitions search_grub ahci search_grub ata # 2) LVM and RAID which might be used accross multiple devices lvm="lvm/matrix-rootvol lvm/matrix-boot" raid="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9" for vol in ${lvm} ${raid}; do try_user_config "(${vol})" done # 2. In case no configuration could be found, try decrypting devices. Look # on raw crypto devices as well as inside LVM volumes this time. # The user will be prompted for a passphrase if a LUKS header was found. for dev in ahci0 ata0 ${lvm}; do cryptomount "(${dev})" done # 3) encrypted devices/partitions for i in 0 1; do for part in 1 2 3 4 5; do for type in ahci ata; do cryptomount "(${type}${i},${part})" done done done # 3) encrypted devices/partitions search_grub crypto # 4) LVM inside LUKS containers for vol in ${lvm}; do try_user_config "(${vol})" done # Last resort, if all else fails set root=ahci0,1 for p in / /boot/; do if [ -f "${p}vmlinuz" ]; then linux ${p}vmlinuz root=/dev/sda1 rw if [ -f "${p}initrd.img" ]; then initrd ${p}initrd.img fi fi done # Last resort (for GA-G41-ES2L which uses IDE emulation mode for SATA) set root=ata0,1 for p in / /boot/; do if [ -f "${p}vmlinuz" ]; then linux ${p}vmlinuz root=/dev/sda1 rw if [ -f "${p}initrd.img" ]; then initrd ${p}initrd.img fi fi done } submenu 'Search for systems on external media [u]' --hotkey="u" { menuentry 'Search ISOLINUX menu (USB) [u]' --hotkey='u' { search_isolinux usb } menuentry 'Search ISOLINUX menu (AHCI) [a]' --hotkey='a' { search_isolinux ahci } menuentry 'Search ISOLINUX menu (CD/DVD) [d]' --hotkey='d' { insmod ata for dev in ata0 ata1 ata2 ata3 ahci1; do try_isolinux_config "(${dev})" done } menuentry 'Search for GRUB2 configuration on external media [s]' --hotkey='s' { search_grub usb } menuentry 'Load test configuration (grubtest.cfg) inside of CBFS [t]' --hotkey='t' { set root='(cbfsdisk)' configfile /grubtest.cfg } menuentry 'Chainload bootloader on external media [c]' --hotkey='c' { set root='(usb0)' chainloader +1 } } menuentry 'Reboot [r]' --hotkey='r' { reboot } menuentry 'Poweroff [p]' --hotkey='p' { halt }