diff --git a/installer/default_platform.conf b/installer/default_platform.conf index 4081dc27dbaf..03d941ba97d2 100755 --- a/installer/default_platform.conf +++ b/installer/default_platform.conf @@ -405,21 +405,11 @@ demo_install_uefi_shim() exit 1 fi - if [ ! -f $demo_mnt/$image_dir/boot/grub.cfg ]; then - echo "ERROR: cp $demo_mnt/$image_dir/boot/grub.cfg file does not exist" - exit 1 - fi - echo "copying signed shim, mm, grub, grub.cfg from $demo_mnt/$image_dir/boot/ to /boot/efi/EFI/$demo_volume_label directory" cp $demo_mnt/$image_dir/boot/mmx64.efi /boot/efi/EFI/$demo_volume_label/mmx64.efi cp $demo_mnt/$image_dir/boot/shimx64.efi /boot/efi/EFI/$demo_volume_label/shimx64.efi cp $demo_mnt/$image_dir/boot/grubx64.efi /boot/efi/EFI/$demo_volume_label/grubx64.efi - # cp first grub.cfg as entrypoint to call real grub.cfg in nvos label - mkdir -p /boot/efi/EFI/debian/ - echo "cp $demo_mnt/$image_dir/boot/grub.cfg /boot/efi/EFI/debian/" - cp $demo_mnt/$image_dir/boot/grub.cfg /boot/efi/EFI/debian/ - # Configure EFI NVRAM Boot variables. --create also sets the # new boot number as active. efibootmgr --quiet --create \ @@ -550,6 +540,20 @@ EOF fi fi +# Make a first grub config file that located in default debian path:/boot/efi/EFI/debian/ +# this first grub.cfg will call the complete grub.cfg created below with sonic configuration +tmp_config=$(mktemp) +cat < $tmp_config +search --no-floppy --label --set=root $demo_volume_label +set prefix=(\$root)'/grub' +configfile \$prefix/grub.cfg +EOF + +# Copy first grub.cfg as entrypoint to default debian path where grubx64.efi expected it. +mkdir -p /boot/efi/EFI/debian/ +echo "cp $tmp_config /boot/efi/EFI/debian/grub.cfg" +cp $tmp_config /boot/efi/EFI/debian/grub.cfg + # Add extra linux command line echo "EXTRA_CMDLINE_LINUX=$extra_cmdline_linux" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX $extra_cmdline_linux" @@ -602,17 +606,6 @@ EOF cp $grub_cfg $onie_initrd_tmp/$demo_mnt/grub/grub.cfg fi - if [ "$secure_boot_state" = "SecureBoot enabled" ]; then - # Secure Boot grub.cfg support - # Saving grub_cfg in the same place where is grubx64.efi, - # this grub_cfg file will be called by first grub.cfg file from: /boot/efi/EFI/debian/grub.cfg - if [ -f $NVOS_BOOT_DIR/grub.cfg ]; then - rm $NVOS_BOOT_DIR/grub.cfg - fi - - cp $grub_cfg $NVOS_BOOT_DIR/grub.cfg - fi - cd / echo "Installed SONiC base image $demo_volume_label successfully" diff --git a/scripts/signing_secure_boot_dev.sh b/scripts/signing_secure_boot_dev.sh index 061e5af595a3..c8702f79b8b3 100755 --- a/scripts/signing_secure_boot_dev.sh +++ b/scripts/signing_secure_boot_dev.sh @@ -105,20 +105,10 @@ sudo bash scripts/secure_boot_signature_verification.sh -c $PEM_CERT -e $FS_ROOT ## grub signing ###################### -# Make a config grub file that reads a grub.cfg from the EFI directory -# where the final grub binary is running. -tmp_config=$(mktemp) -cat < $tmp_config -configfile \$cmdpath/grub.cfg -EOF - # clean old files -clean_file $FS_ROOT/boot/grub.cfg clean_file ${GRUB_EFI_SRC}-signed clean_file $FS_ROOT/boot/grub${EFI_ARCH}.efi -sudo cp $tmp_config $FS_ROOT/boot/grub.cfg - GRUB_DIR_SRC=$FS_ROOT/usr/lib/grub/x86_64-efi/monolithic/ GRUB_EFI_SRC=$GRUB_DIR_SRC/grub${EFI_ARCH}.efi