Source: grub2
Version: 2.02~beta2-26
Severity: wishlist
Tags: patch
In #789798 against grub-installer I said:
I have a need to repeatedly install Debian from PXE on systems which are
UEFI only (arm64 as it happens but I think all of the below applies to x86
UEFI too). When we want to actually boot the installed OS we chainload from
the PXE grub.efi to the one on the ESP (using
grub-installer/force-efi-extra-removable for simplicity, but that's by the
by, I think).
This is for automated testing which does a fresh install before most tests.
The problem is that during install Debian inserts itself into the UEFI boot
order _before_ the PXE entry, this happens via grub-installer.udeb ->
grub-install (from the main grub deb) -> efibootmgr -c.
This means that when we come to want to regroove the box it won't boot from
PXE.
grub-install offers an option to avoid this (--no-nvram) which is passed by
grub-installer under some very specific circumstances (known broken
hardware) but it would be very useful if this was a pre-seedable option so
it could be used in circumstances such as the above as well.
The solution to this turns out to require patching the grub2 packages as well,
to avoid it installing to NVRAM either during initial package installation or
upgrade. This is achieved by having grub-installer propagate a debconf setting
which is added by this patch. The text of the question was reviewed by
debian-l10n-english in the context of #789798.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf, armel, arm64
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
>From c4edeef5bf548675aadf3aa75e1061a162cb61c2 Mon Sep 17 00:00:00 2001
From: Ian Campbell <[email protected]>
Date: Sat, 11 Jul 2015 11:15:18 +0100
Subject: [PATCH] Add debconf question to avoid installation to NVRAM on EFI or
IEEE1275 systems.
On systems which demand greater control over the boot order (e.g. ones which
PXE boot) it is useful to avoid messing with this during installation.
grub-install exposes --no-nvram for this purpose which only has meaning for
these to classes of systems, so only ask it on those.
(Closes: #xxxxxx)
---
debian/changelog | 7 +++++++
debian/config.in | 5 +++++
debian/postinst.in | 15 +++++++++++++--
debian/templates.in | 11 +++++++++++
4 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 0c2d2ee..d4692f5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+grub2 (2.02~beta2-27) UNRELEASED; urgency=medium
+
+ * Add option to avoid installation to NVRAM on EFI or IEEE1275 systems.
+ (Closes: #xxxxxx)
+
+ -- Ian Campbell <[email protected]> Sat, 11 Jul 2015 11:14:37 +0100
+
grub2 (2.02~beta2-26) unstable; urgency=medium
[ William Grant ]
diff --git a/debian/config.in b/debian/config.in
index 27775c3..e498da7 100644
--- a/debian/config.in
+++ b/debian/config.in
@@ -78,4 +78,9 @@ case @PACKAGE@ in
db_input low grub2/force_efi_extra_removable || true
;;
esac
+case @PACKAGE@ in
+ grub-*efi*|grub-*ieee1275*)
+ db_input low grub2/install_to_nvram || true
+ ;;
+esac
db_go
diff --git a/debian/postinst.in b/debian/postinst.in
index 0ea6fd4..c56c333 100644
--- a/debian/postinst.in
+++ b/debian/postinst.in
@@ -384,6 +384,16 @@ case "$1" in
;;
esac
+ case @PACKAGE@ in
+ grub-*efi*|grub-*ieee1275*)
+ db_get grub2/install_to_nvram
+ if [ "$RET" = false ]; then
+ NO_INSTALL_TO_NVRAM="--no-nvram"
+ # else default is to do so on relevant platforms
+ fi
+ ;;
+ esac
+
ucf --three-way --debconf-ok --sum-file=/usr/share/grub/default/grub.md5sum ${tmp_default_grub} /etc/default/grub
package="$(ucfq --with-colons /etc/default/grub | cut -d : -f 2)"
if echo $package | grep -q "^grub-" ; then
@@ -707,7 +717,7 @@ case "$1" in
if [ "$RET" = true ]; then
FORCE_EXTRA_REMOVABLE="--force-extra-removable"
fi
- run_grub_install --target="$target" "$FORCE_EXTRA_REMOVABLE"
+ run_grub_install --target="$target" "$NO_INSTALL_TO_NVRAM" "$FORCE_EXTRA_REMOVABLE"
fi
# /boot/grub/ has more chances of being accessible by GRUB
@@ -725,7 +735,8 @@ case "$1" in
# Output may be empty; if so, just update the core image but
# don't install it to any PReP partition.
prep_bootdev="$(/usr/lib/grub/powerpc-ieee1275/prep-bootdev)"
- run_grub_install --target=powerpc-ieee1275 $prep_bootdev
+
+ run_grub_install --target=powerpc-ieee1275 "$NO_INSTALL_TO_NVRAM" $prep_bootdev
;;
esac
;;
diff --git a/debian/templates.in b/debian/templates.in
index c71ae97..d415c39 100644
--- a/debian/templates.in
+++ b/debian/templates.in
@@ -24,6 +24,17 @@ _Description: Force extra installation to the EFI removable media path?
GRUB is configured successfully to be able to boot any other OS installations
correctly.
+Template: grub2/install_to_nvram
+Type: boolean
+Default: true
+_Description: Add GRUB to firmware NVRAM configuration?
+ By default, GRUB will be registered into NVRAM on platforms where this is
+ required, such as UEFI Boot Manager or OpenFirmware boot devices.
+ .
+ Occasionally this is not desired (for instance on systems that PXE boot
+ and then chainload). If you reject this option, the NVRAM will be left
+ untouched.
+
# still unused
Template: grub2/kfreebsd_cmdline
Type: string
--
2.1.4
