-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GRUB2 payload #1
Comments
I could very well ship a locked descriptor but the issue here is that you can't perform any subsequent flashes of the read only segments internally so updates become an issue. The Linux kernel already prevents internal write access unless iomem=relaxed in your kernel cmd. Could very well do seabios versions. A little annoyed that Tianocore can't load secondaries. I believe I saw somewhere that you can build tianocore with seabios CSM which would be ideal for my purposes. I'd need a grub config file to boot from if you have one handy or I could borrow libreboot's config file. I am not sure if the grub payload will work with this laptop but I have an external flashing hole drilled so can test. |
Well, "no software flashes possible" is kind of a point of this exercise... However, upon second thought, user is likely to configure grub.conf / etc. and then re-flash once satisfied with the result.
Would be grand. Happy to assist with testing if needs be.
Here is what I use as the default entry: set prefix=(memdisk)/boot/grub
insmod nativedisk
insmod ehci
insmod ohci
insmod uhci
# Serial and keyboard configuration, very important.
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input --append serial
terminal_output --append serial
terminal_input --append at_keyboard
terminal_output --append cbmemc
gfxpayload=keep
terminal_output --append gfxterm
# Default to first option, automatically boot after 1 second
set default="0"
set timeout=3
set pager=1
keymap usqwerty
color_normal=light-gray/black
menu_color_normal=light-gray/dark-gray
menu_color_highlight=white/dark-gray
set superusers="MY_USER"
password_pbkdf2 MY_USER grub.pbkdf2.sha512.90000.LONG_HASH
menuentry 'Normal' {
cryptomount -u MY_DRIVE_UUID
set root='lvm/ssd-rootvol'
linux /vmlinuz root=/dev/mapper/ssd-rootvol cryptdevice=/dev/mapper/ssd-rootvol:root
initrd /initrd.img
}
# If things went terribly wrong...
menuentry 'Backup' {
set root='(cbfsdisk)'
configfile /grubtest.cfg
}
|
Thank you for publishing this. Do you think it would be possible to build Coreboot for 8770w with the GRUB2 payload (alternatively, SeaBios → GRUB2) and use the latter as the replacement for UEFI Secure Boot?
General idea:
I have similar setup on the "librebooted" x200, the only difference being that Seabios is not required.
The text was updated successfully, but these errors were encountered: