diff options
| author | Leah Rowe <leah@libreboot.org> | 2023-12-18 02:55:25 +0000 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2023-12-18 02:55:25 +0000 |
| commit | 20389655e42e62ebf6d96dd106c91fbe74282557 (patch) | |
| tree | d1e202befe33d096b85b6c609a259e93a7dbd857 | |
| parent | 3a36c8277e7793acb4ee20878595b221aed2c024 (diff) | |
grub.cfg: try luks2/crypto-lvm before non-crypto
when the user sets up an encrypted machine, grub.cfg
defaults to non-encrypted setups if found, first
this patch reverses the order, deferring to
non-encrypted installations only when encrypted ones
are unavailable
Signed-off-by: Leah Rowe <leah@libreboot.org>
| -rw-r--r-- | config/grub/config/grub.cfg | 32 |
1 files changed, 11 insertions, 21 deletions
diff --git a/config/grub/config/grub.cfg b/config/grub/config/grub.cfg index 9439778a..e10cebd7 100644 --- a/config/grub/config/grub.cfg +++ b/config/grub/config/grub.cfg @@ -92,28 +92,10 @@ function search_isolinux { } menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o' { - if [ "${grub_scan_disk}" != "ata" ]; then - search_grub ahci - fi - if [ "${grub_scan_disk}" != "ahci" ]; then - search_grub ata - fi - - # grub device enumeration is very slow, so checks are hardcoded - - # TODO: add more strings, based on what distros set up when - # the user select auto-partitioning on those installers lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol" raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9" - # in practise, doing multiple redundant checks is perfectly fast and - # TODO: optimize grub itself, and use */? here for everything - - for vol in ${lvmvol} ${raidvol} ; do - try_user_config "${vol}" - done - unset ahcidev unset atadev for i in 11 10 9 8 7 6 5 4 3 2 1 0; do @@ -135,12 +117,20 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o set pager=1 echo - # after cryptomount, lvm volumes might be available - for vol in ${lvmvol}; do + # prefer crypto first (lvm before raid, because lvm + # volumes might exist inside luks/luks2) + search_grub crypto + for vol in ${lvmvol} ${raidvol}; do try_user_config "${vol}" done - search_grub crypto + # non-encrypted next, if crypto wasn't available + if [ "${grub_scan_disk}" != "ata" ]; then + search_grub ahci + fi + if [ "${grub_scan_disk}" != "ahci" ]; then + search_grub ata + fi if [ "${grub_scan_disk}" != "ata" ]; then # Last resort, if all else fails |