16d2b2315a
The pull request at https://gitee.com/src-openeuler/grub2/pulls/468 added efisecret.mod to the grub2-efi-x64-modules package. Based on this package, we can build OVMF.fd using AmdSevX64.dsc to support booting a VM with full disk encryption. Signed-off-by: hanliyang <hanliyang@hygon.cn>
90 lines
2.6 KiB
Diff
90 lines
2.6 KiB
Diff
From ac649358f044a4fa25327cf2ed6db6d35b8bd8be Mon Sep 17 00:00:00 2001
|
|
From: hanliyang <hanliyang@hygon.cn>
|
|
Date: Fri, 2 Aug 2024 02:06:58 +0800
|
|
Subject: [PATCH] OvmfPkg/AmdSev: Integrate grub2 x86_64-efi modules from the
|
|
system path to grub.efi which is used to support Full Disk Encryption
|
|
|
|
The pull request at https://gitee.com/src-openeuler/grub2/pulls/468
|
|
added efisecret.mod to the grub2-efi-x64-modules package. Based on this
|
|
package, we can build OVMF.fd using AmdSevX64.dsc to support booting a
|
|
VM with full disk encryption.
|
|
|
|
* How to build the OVMF.fd manually:
|
|
|
|
When we build the OVMF.fd which support full-disk encryption, we
|
|
should delete stale grub.efi in the source tree:
|
|
|
|
$ rm OvmfPkg/AmdSev/Grub/grub.efi
|
|
|
|
And specify the dsc file:
|
|
|
|
$ OvmfPkg/build.sh ... -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc ...
|
|
|
|
Signed-off-by: hanliyang <hanliyang@hygon.cn>
|
|
---
|
|
OvmfPkg/AmdSev/Grub/grub.cfg | 22 +++++++++++++++-------
|
|
OvmfPkg/AmdSev/Grub/grub.sh | 3 +--
|
|
2 files changed, 16 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg
|
|
index 17be9427..93eea0b4 100644
|
|
--- a/OvmfPkg/AmdSev/Grub/grub.cfg
|
|
+++ b/OvmfPkg/AmdSev/Grub/grub.cfg
|
|
@@ -10,16 +10,12 @@
|
|
##
|
|
|
|
echo "Entering grub config"
|
|
-sevsecret
|
|
+cryptomount -s efisecret
|
|
if [ $? -ne 0 ]; then
|
|
echo "Failed to locate anything in the SEV secret area, prompting for password"
|
|
+ echo "OR"
|
|
+ echo "Failed to mount root securely, retrying with password prompt"
|
|
cryptomount -a
|
|
-else
|
|
- cryptomount -s
|
|
- if [ $? -ne 0 ]; then
|
|
- echo "Failed to mount root securely, retrying with password prompt"
|
|
- cryptomount -a
|
|
- fi
|
|
fi
|
|
set root=
|
|
for f in (crypto*); do
|
|
@@ -27,6 +23,18 @@ for f in (crypto*); do
|
|
set root=$f
|
|
set prefix=($root)/boot/grub
|
|
break;
|
|
+ elif [ -e $f/boot/grub2/grub.cfg ]; then
|
|
+ set root=$f
|
|
+ set prefix=($root)/boot/grub
|
|
+ break;
|
|
+ elif [ -e $f/grub/grub.cfg ]; then
|
|
+ set root=$f
|
|
+ set prefix=($root)/grub
|
|
+ break;
|
|
+ elif [ -e $f/grub2/grub.cfg ]; then
|
|
+ set root=$f
|
|
+ set prefix=($root)/grub2
|
|
+ break;
|
|
fi
|
|
done
|
|
if [ x$root = x ]; then
|
|
diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
|
|
index 99807d72..760a03b8 100644
|
|
--- a/OvmfPkg/AmdSev/Grub/grub.sh
|
|
+++ b/OvmfPkg/AmdSev/Grub/grub.sh
|
|
@@ -42,9 +42,8 @@ GRUB_MODULES="
|
|
test
|
|
regexp
|
|
linux
|
|
- linuxefi
|
|
reboot
|
|
- sevsecret
|
|
+ efisecret
|
|
"
|
|
basedir=$(dirname -- "$0")
|
|
|
|
--
|
|
2.43.0
|
|
|