Make any EFI system boot into the shim (if installed) even if

SecureBoot is disabled (Stéphane Graber).
This commit is contained in:
Colin Watson 2013-08-12 14:29:04 +02:00
parent 4c8b510c70
commit 089fcef395
4 changed files with 13 additions and 20 deletions

2
debian/changelog vendored
View File

@ -8,6 +8,8 @@ grub2 (2.00-16) UNRELEASED; urgency=low
* Merge from Ubuntu:
- Treat Kubuntu as an alias for Ubuntu in GRUB_DISTRIBUTOR (Harald
Sitter).
- Make any EFI system boot into the shim (if installed) even if
SecureBoot is disabled (Stéphane Graber).
-- Colin Watson <cjwatson@debian.org> Sun, 11 Aug 2013 12:12:54 +0100

View File

@ -8,7 +8,7 @@ Index: b/util/grub-install.in
===================================================================
--- a/util/grub-install.in
+++ b/util/grub-install.in
@@ -368,6 +368,9 @@
@@ -363,6 +363,9 @@
if test "x$grub_setup" = x && [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "i386-pc" ]; then
grub_setup="${sbindir}/`echo grub-bios-setup | sed ${transform}`"

View File

@ -1,26 +1,22 @@
Description: Install signed images if UEFI Secure Boot is enabled
Author: Colin Watson <cjwatson@ubuntu.com>
Author: Stéphane Graber <stgraber@ubuntu.com>
Forwarded: no
Last-Update: 2012-12-10
Last-Update: 2013-08-12
Index: b/util/grub-install.in
===================================================================
--- a/util/grub-install.in
+++ b/util/grub-install.in
@@ -63,6 +63,12 @@
@@ -63,6 +63,7 @@
removable=no
efi_quiet=
+sb_var=/sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data
+if [ -e "$sb_var" ] && [ "$(printf %x \'"$(cat "$sb_var")")" = 1 ]; then
+ uefi_secure_boot=yes
+else
+ uefi_secure_boot=no
+fi
+uefi_secure_boot=yes
# Get GRUB_DISTRIBUTOR.
if test -f "${sysconfdir}/default/grub" ; then
@@ -117,6 +123,8 @@
@@ -117,6 +118,8 @@
print_option_help "--removable" "$(gettext "the installation device is removable. This option is only available on EFI.")"
print_option_help "--bootloader-id=$(gettext "ID")" "$(gettext "the ID of bootloader. This option is only available on EFI.")"
print_option_help "--efi-directory=$(gettext "DIR")" "$(gettext "use DIR as the EFI System Partition root.")"
@ -29,7 +25,7 @@ Index: b/util/grub-install.in
echo
gettext "INSTALL_DEVICE must be system device filename.";echo
echo
@@ -258,6 +266,11 @@
@@ -258,6 +261,11 @@
-f | --force)
setup_force="--force" ;;
@ -41,7 +37,7 @@ Index: b/util/grub-install.in
-*)
gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
usage
@@ -460,39 +473,32 @@
@@ -460,39 +468,32 @@
# not collide with other vendors. To minimise collisions, we use the
# name of our distributor if possible.
efi_distributor="$bootloader_id"
@ -98,7 +94,7 @@ Index: b/util/grub-install.in
# TODO: We should also use efibootmgr, if available, to add a Boot
# entry for ourselves.
fi
@@ -653,7 +659,7 @@
@@ -653,7 +654,7 @@
install_drive="$grub_drive"
fi
@ -107,7 +103,7 @@ Index: b/util/grub-install.in
# generic method (used on coreboot and ata mod)
uuid=
if [ x"$force_file_id" != xy ]; then
@@ -828,10 +834,32 @@
@@ -828,10 +829,32 @@
gettext "You will have to set \`SystemPartition' and \`OSLoader' manually." 1>&2
echo 1>&2
elif [ x"$grub_modinfo_platform" = xefi ]; then

View File

@ -63,12 +63,7 @@ update_nvram=yes
removable=no
efi_quiet=
sb_var=/sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data
if [ -e "$sb_var" ] && [ "$(printf %x \'"$(cat "$sb_var")")" = 1 ]; then
uefi_secure_boot=yes
else
uefi_secure_boot=no
fi
uefi_secure_boot=yes
# Get GRUB_DISTRIBUTOR.
if test -f "${sysconfdir}/default/grub" ; then