## @file # Execute a script to recover the EFI supplied secret and use it to # decrypt a luks volume. For security, the kernel must be on an encrypted # volume so reboot if none are found. # # Copyright (C) 2020 James Bottomley, IBM Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # ## echo "Entering grub config" cryptomount -s efisecret if [ $? -ne 0 ]; then echo "Failed to mount root securely, retrying with password prompt" cryptomount -a fi set root= for f in (crypto*); do if [ -e $f/boot/grub/grub.cfg ]; then set root=$f set prefix=($root)/boot/grub break; elif [ -e $f/boot/grub2/grub.cfg ]; then set root=$f set prefix=($root)/boot/grub2 break; fi done if [ x$root = x ]; then echo "Failed to find any grub configuration on the encrypted volume" sleep 5 reboot fi # rest of modules to get boot to work set modules=" boot loadenv " for f in $modules; do insmod $f done echo "Transferring to ${prefix}/grub.cfg" source $prefix/grub.cfg