Hi, Sorry if the info I gave is vague, I am trying to learn how would Secure Boot work with GRUB2. I am not sure how much information is appropriate, but here goes:
On my EFI installed system, grub is built with embedded load.cfg, load.cfg has the following content: search.fs_uuid 123f09d21237f123 root set prefix=($root)/boot/grub/efi >From what I read in the manual, this will set up the root and prefix during booting. So for Secure Boot, I need to make a signed GRUB2. The signed GRUB2 needs to be generic because it is only signed once in production. So this means I cannot embed a configuration file with UUID number as the UUID changes per system installation. You mention "unique name". Is there anyway I can create the name myself? Is there anyway I can use uuid with "hint"? How to hardcode partition number? Thanks, Mat On Thursday, December 3, 2015, Andrei Borzenkov <[email protected]> wrote: > On Fri, Dec 4, 2015 at 7:27 AM, Mat Troi <[email protected]> wrote: > > I am building the signed grub myself. I guess the question is how to > search > > for the root device without using uuid? I tried search.fs_label grub > root > > and the system returns error: no such device: grub. > > > > Well, you can find only what is available. As you do not provide any > information about your environment and configuration I can only guess > that no filesystem accessible to GRUB has label "grub". > > If not UUID, you can search by label or can search for specific file > name. That is what grub-install does anyway if UUIDs are not reliable > - it creates file with unique name and searches for it. > > Or you can simply hardcode partition number. > > But I guess all above was already known, in which case you are better > ask real question you want to know :) > > > > > On Thursday, December 3, 2015, Andrei Borzenkov <[email protected]> > wrote: > >> > >> 03.12.2015 22:59, Mat Troi пишет: > >> > Hi, > >> > > >> > If using sign grub for Secure Boot, I cannot use search_fsuuid in the > >> > configuration for grub as the uuid is different. Is there a way to > >> > write a > >> > configuration that will let me find the current UEFI boot and set that > >> > as > >> > root? Or is there a way to set root not using search_fsuuid? > >> > > >> > >> It is really the question to your distribution - what it put into signed > >> GRUB image. But those distributions I am aware of include `search' > >> command ... >
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
