diff --git a/debian/changelog b/debian/changelog index a718cad59..ea70920ae 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,8 @@ grub2 (2.00-16) UNRELEASED; urgency=low * Merge from Ubuntu: - Treat Kubuntu as an alias for Ubuntu in GRUB_DISTRIBUTOR (Harald Sitter). + - Make any EFI system boot into the shim (if installed) even if + SecureBoot is disabled (Stéphane Graber). -- Colin Watson Sun, 11 Aug 2013 12:12:54 +0100 diff --git a/debian/patches/install_bios_setup_path.patch b/debian/patches/install_bios_setup_path.patch index 55fce37a7..228b9d043 100644 --- a/debian/patches/install_bios_setup_path.patch +++ b/debian/patches/install_bios_setup_path.patch @@ -8,7 +8,7 @@ Index: b/util/grub-install.in =================================================================== --- a/util/grub-install.in +++ b/util/grub-install.in -@@ -368,6 +368,9 @@ +@@ -363,6 +363,9 @@ if test "x$grub_setup" = x && [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "i386-pc" ]; then grub_setup="${sbindir}/`echo grub-bios-setup | sed ${transform}`" diff --git a/debian/patches/install_signed.patch b/debian/patches/install_signed.patch index cb63c6569..2e5fd1c0f 100644 --- a/debian/patches/install_signed.patch +++ b/debian/patches/install_signed.patch @@ -1,26 +1,22 @@ Description: Install signed images if UEFI Secure Boot is enabled Author: Colin Watson +Author: Stéphane Graber Forwarded: no -Last-Update: 2012-12-10 +Last-Update: 2013-08-12 Index: b/util/grub-install.in =================================================================== --- a/util/grub-install.in +++ b/util/grub-install.in -@@ -63,6 +63,12 @@ +@@ -63,6 +63,7 @@ removable=no efi_quiet= -+sb_var=/sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data -+if [ -e "$sb_var" ] && [ "$(printf %x \'"$(cat "$sb_var")")" = 1 ]; then -+ uefi_secure_boot=yes -+else -+ uefi_secure_boot=no -+fi ++uefi_secure_boot=yes # Get GRUB_DISTRIBUTOR. if test -f "${sysconfdir}/default/grub" ; then -@@ -117,6 +123,8 @@ +@@ -117,6 +118,8 @@ print_option_help "--removable" "$(gettext "the installation device is removable. This option is only available on EFI.")" print_option_help "--bootloader-id=$(gettext "ID")" "$(gettext "the ID of bootloader. This option is only available on EFI.")" print_option_help "--efi-directory=$(gettext "DIR")" "$(gettext "use DIR as the EFI System Partition root.")" @@ -29,7 +25,7 @@ Index: b/util/grub-install.in echo gettext "INSTALL_DEVICE must be system device filename.";echo echo -@@ -258,6 +266,11 @@ +@@ -258,6 +261,11 @@ -f | --force) setup_force="--force" ;; @@ -41,7 +37,7 @@ Index: b/util/grub-install.in -*) gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 usage -@@ -460,39 +473,32 @@ +@@ -460,39 +468,32 @@ # not collide with other vendors. To minimise collisions, we use the # name of our distributor if possible. efi_distributor="$bootloader_id" @@ -98,7 +94,7 @@ Index: b/util/grub-install.in # TODO: We should also use efibootmgr, if available, to add a Boot # entry for ourselves. fi -@@ -653,7 +659,7 @@ +@@ -653,7 +654,7 @@ install_drive="$grub_drive" fi @@ -107,7 +103,7 @@ Index: b/util/grub-install.in # generic method (used on coreboot and ata mod) uuid= if [ x"$force_file_id" != xy ]; then -@@ -828,10 +834,32 @@ +@@ -828,10 +829,32 @@ gettext "You will have to set \`SystemPartition' and \`OSLoader' manually." 1>&2 echo 1>&2 elif [ x"$grub_modinfo_platform" = xefi ]; then diff --git a/util/grub-install.in b/util/grub-install.in index d79540015..f40be3614 100644 --- a/util/grub-install.in +++ b/util/grub-install.in @@ -63,12 +63,7 @@ update_nvram=yes removable=no efi_quiet= -sb_var=/sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data -if [ -e "$sb_var" ] && [ "$(printf %x \'"$(cat "$sb_var")")" = 1 ]; then - uefi_secure_boot=yes -else - uefi_secure_boot=no -fi +uefi_secure_boot=yes # Get GRUB_DISTRIBUTOR. if test -f "${sysconfdir}/default/grub" ; then