From ac649358f044a4fa25327cf2ed6db6d35b8bd8be Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Fri, 2 Aug 2024 02:06:58 +0800
Subject: [PATCH] OvmfPkg/AmdSev: Integrate grub2 x86_64-efi modules from the
 system path to grub.efi which is used to support Full Disk Encryption

The pull request at https://gitee.com/src-openeuler/grub2/pulls/468
added efisecret.mod to the grub2-efi-x64-modules package. Based on this
package, we can build OVMF.fd using AmdSevX64.dsc to support booting a
VM with full disk encryption.

* How to build the OVMF.fd manually:

  When we build the OVMF.fd which support full-disk encryption, we
  should delete stale grub.efi in the source tree:

  $ rm OvmfPkg/AmdSev/Grub/grub.efi

  And specify the dsc file:

  $ OvmfPkg/build.sh ... -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc ...

Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 OvmfPkg/AmdSev/Grub/grub.cfg | 22 +++++++++++++++-------
 OvmfPkg/AmdSev/Grub/grub.sh  |  3 +--
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg
index 17be9427..93eea0b4 100644
--- a/OvmfPkg/AmdSev/Grub/grub.cfg
+++ b/OvmfPkg/AmdSev/Grub/grub.cfg
@@ -10,16 +10,12 @@
 ##
 
 echo "Entering grub config"
-sevsecret
+cryptomount -s efisecret
 if [ $? -ne 0 ]; then
     echo "Failed to locate anything in the SEV secret area, prompting for password"
+    echo "OR"
+    echo "Failed to mount root securely, retrying with password prompt"
     cryptomount -a
-else
-    cryptomount -s
-    if [ $? -ne 0 ]; then
-        echo "Failed to mount root securely, retrying with password prompt"
-        cryptomount -a
-    fi
 fi
 set root=
 for f in (crypto*); do
@@ -27,6 +23,18 @@ for f in (crypto*); do
         set root=$f
         set prefix=($root)/boot/grub
         break;
+    elif [ -e $f/boot/grub2/grub.cfg ]; then
+        set root=$f
+        set prefix=($root)/boot/grub
+        break;
+    elif [ -e $f/grub/grub.cfg ]; then
+        set root=$f
+        set prefix=($root)/grub
+        break;
+    elif [ -e $f/grub2/grub.cfg ]; then
+        set root=$f
+        set prefix=($root)/grub2
+        break;
     fi
 done
 if [ x$root = x ]; then
diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
index 99807d72..760a03b8 100644
--- a/OvmfPkg/AmdSev/Grub/grub.sh
+++ b/OvmfPkg/AmdSev/Grub/grub.sh
@@ -42,9 +42,8 @@ GRUB_MODULES="
             test
             regexp
             linux
-            linuxefi
             reboot
-            sevsecret
+            efisecret
             "
 basedir=$(dirname -- "$0")
 
-- 
2.43.0