15 files changed, 59 insertions, 46 deletions

diff --git a/config/grub/default/config/payload b/config/grub/default/config/payload
index 05e64bbd..3f134f1d 100644
--- a/config/grub/default/config/payload
+++ b/config/grub/default/config/payload
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
-# Copyright (C) 2014-2016,2020-2021,2023-2024 Leah Rowe <leah@libreboot.org>
+# Copyright (C) 2014-2016,2020-2021,2023-2025 Leah Rowe <leah@libreboot.org>
 # Copyright (C) 2015 Klemens Nanni <contact@autoboot.org>
 
 set prefix=(memdisk)/boot/grub
@@ -143,16 +143,12 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 
 	# grub device enumeration is very slow, so checks are hardcoded
 
-	# TODO: add more strings, based on what distros set up when
-	# the user select auto-partitioning on those installers
-	lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol"
-
 	raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9"
 
-	# in practise, doing multiple redundant checks is perfectly fast and
+	# in practise, doing multiple redundant checks is perfectly fast
 	# TODO: optimize grub itself, and use */? here for everything
 
-	for vol in ${lvmvol} ${raidvol} ; do
+	for vol in ${raidvol} ; do
 		try_bootcfg "${vol}"
 	done
 
@@ -164,6 +160,9 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 					bootdev="${bootdev} (ahci${i},${part})"
 				elif [ "${grub_disk}" = "ata" ]; then
 					bootdev="${bootdev} (ata${i},${part})"
+				elif [ "${grub_disk}" = "nvme" ]; then
+					# TODO: do we care about other namesapces
+					bootdev="${bootdev} (nvme${i}n1,${part})"
 				fi
 			done
 		done
@@ -171,23 +170,37 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 
 	set pager=0
 	echo -n "Attempting to unlock encrypted volumes"
-	for dev in ${bootdev} ${lvmvol} ${raidvol}; do
+	for dev in ${bootdev} ${raidvol}; do
 		if cryptomount "${dev}" ; then break ; fi
 	done
 	set pager=1
 	echo
 
+	search_bootcfg crypto
+
+	lvmvol=""
+
 	# after cryptomount, lvm volumes might be available
+	# using * is slow on some machines, but we use it here,
+	# just once. in so doing, we find every lvm volume
+	for vol in (*); do
+		if regexp ^lvm/ $vol; then
+			lvmvol="${lvmvol} ${vol}"
+			try_bootcfg "${vol}"
+		fi
+	done
+
+	# user might have put luks inside lvm
+	set pager=0
+	echo "Attempting to unlock encrypted LVMs"
 	for vol in ${lvmvol}; do
-		try_bootcfg "${vol}"
+		cryptomount "$vol"
 	done
+	set pager=1
+	echo
 
 	search_bootcfg crypto
 
-	for vol in lvm/* ; do
-		try_bootcfg "${vol}"
-	done
-
 	true # Prevent pager requiring to accept each line instead of whole screen
 }
 
diff --git a/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch b/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
index e5d24e7e..ffd2c537 100644
--- a/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
+++ b/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
@@ -1,4 +1,4 @@
-From 26b89e90c8d6d89f2e52b00ad15ba58fd2e1fbfb Mon Sep 17 00:00:00 2001
+From 8ccafb60665bba3759248b13d2d1683818aaf4ee Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 31 Oct 2021 03:47:05 +0000
 Subject: [PATCH 01/13] mitigate grub's missing characters for borders/arrow
diff --git a/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch b/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
index 6b0665db..933e7dfa 100644
--- a/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
+++ b/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
@@ -1,4 +1,4 @@
-From 10d264bdfde24fcf78da6f641898eb267f83066f Mon Sep 17 00:00:00 2001
+From 3fb09986e62a9945862456d5f1d63a6ccba2c861 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sat, 19 Nov 2022 16:30:24 +0000
 Subject: [PATCH 02/13] say the name libreboot, in the grub menu
@@ -8,7 +8,7 @@ Subject: [PATCH 02/13] say the name libreboot, in the grub menu
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
-index bd4431000..ff16e0f2e 100644
+index 04d058f55..b1cc8f236 100644
 --- a/grub-core/normal/main.c
 +++ b/grub-core/normal/main.c
 @@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term,
@@ -16,7 +16,7 @@ index bd4431000..ff16e0f2e 100644
    grub_term_cls (term);
  
 -  msg_formatted = grub_xasprintf (_("GNU GRUB  version %s"), PACKAGE_VERSION);
-+  msg_formatted = grub_xasprintf (_("Libreboot 20241206 release, based on coreboot.    https://libreboot.org/"));
++  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 8th revision (GRUB menu): https://libreboot.org/"));
    if (!msg_formatted)
      return;
  
diff --git a/config/grub/default/patches/0003-Add-CC0-license.patch b/config/grub/default/patches/0003-Add-CC0-license.patch
index a5f75eb4..c074099a 100644
--- a/config/grub/default/patches/0003-Add-CC0-license.patch
+++ b/config/grub/default/patches/0003-Add-CC0-license.patch
@@ -1,4 +1,4 @@
-From 689c09a6b675ba52318cd879b289ac3d67073cd4 Mon Sep 17 00:00:00 2001
+From dc790ff2ba2702ee863c9d16e05cf843a152f3d4 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 03/13] Add CC0 license
@@ -10,10 +10,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
  2 files changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 8ad015b07..9980bae90 100644
+index de8c3aa8d..4a3be8568 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -494,7 +494,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
+@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
  
    if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
        || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
diff --git a/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch b/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch
index 9550110e..af617683 100644
--- a/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch
+++ b/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch
@@ -1,4 +1,4 @@
-From 63dc3c9ca6e5635b5c7e7ba24c996b23e79a92e3 Mon Sep 17 00:00:00 2001
+From 298eaaca770545e19dfacd47511c2081c1fece08 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 04/13] Define GRUB_UINT32_MAX
diff --git a/config/grub/default/patches/0005-Add-Argon2-algorithm.patch b/config/grub/default/patches/0005-Add-Argon2-algorithm.patch
index fef68ee3..dacd83ee 100644
--- a/config/grub/default/patches/0005-Add-Argon2-algorithm.patch
+++ b/config/grub/default/patches/0005-Add-Argon2-algorithm.patch
@@ -1,4 +1,4 @@
-From be6452a88ff3cbe033d37b739829e41798682510 Mon Sep 17 00:00:00 2001
+From 378aa081ac1211d0bf4043eeb0bb7d4aa534043f Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 05/13] Add Argon2 algorithm
@@ -30,7 +30,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
  create mode 100644 grub-core/lib/argon2/ref.c
 
 diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
-index 3ad8e3efa..d7c6232af 100644
+index f4367f895..9d96cedf9 100644
 --- a/docs/grub-dev.texi
 +++ b/docs/grub-dev.texi
 @@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary
diff --git a/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch b/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch
index 8abe7669..f1ea10c2 100644
--- a/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch
+++ b/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch
@@ -1,4 +1,4 @@
-From 39f620fbe7c4a791062b59d4a8d26c35408aca45 Mon Sep 17 00:00:00 2001
+From febaf431d235f07b97f07f935611dc168b0b35bb Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 06/13] Error on missing Argon2id parameters
@@ -9,10 +9,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
  1 file changed, 8 insertions(+), 5 deletions(-)
 
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index d5106402f..bc818ea69 100644
+index 8036d76ff..efae8ac65 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -38,6 +38,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
  enum grub_luks2_kdf_type
  {
    LUKS2_KDF_TYPE_ARGON2I,
@@ -20,7 +20,7 @@ index d5106402f..bc818ea69 100644
    LUKS2_KDF_TYPE_PBKDF2
  };
  typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
-@@ -90,7 +91,7 @@ struct grub_luks2_keyslot
+@@ -91,7 +92,7 @@ struct grub_luks2_keyslot
  	grub_int64_t time;
  	grub_int64_t memory;
  	grub_int64_t cpus;
@@ -29,7 +29,7 @@ index d5106402f..bc818ea69 100644
        struct
        {
  	const char   *hash;
-@@ -160,10 +161,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
      return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
    else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
      {
@@ -45,7 +45,7 @@ index d5106402f..bc818ea69 100644
  	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
      }
    else if (!grub_strcmp (type, "pbkdf2"))
-@@ -459,6 +461,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
    switch (k->kdf.type)
      {
        case LUKS2_KDF_TYPE_ARGON2I:
diff --git a/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch b/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch
index 19da5e51..c0a8fffb 100644
--- a/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch
+++ b/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch
@@ -1,4 +1,4 @@
-From c192948ea0329d06cf4706667305b473b48c15f5 Mon Sep 17 00:00:00 2001
+From 12d3e4dfff3f92daf2f3f73cc0797425f7bb9df6 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 07/13] Compile with Argon2id support
@@ -48,18 +48,18 @@ index f5f9b040c..f1f38d8d3 100644
  
  module = {
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index bc818ea69..5b9eaa599 100644
+index efae8ac65..2e742f5be 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -27,6 +27,7 @@
- #include <grub/partition.h>
+@@ -28,6 +28,7 @@
  #include <grub/i18n.h>
+ #include <grub/safemath.h>
  
 +#include <argon2.h>
  #include <base64.h>
  #include <json.h>
  
-@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
      {
        case LUKS2_KDF_TYPE_ARGON2I:
        case LUKS2_KDF_TYPE_ARGON2ID:
diff --git a/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch b/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch
index cb954976..12e78752 100644
--- a/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch
+++ b/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch
@@ -1,4 +1,4 @@
-From 2887e35e882a86e474052112a23608570b3f41b2 Mon Sep 17 00:00:00 2001
+From 8e639e9558c98019566743cc5723e641b1726d15 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 08/13] Make grub-install work with Argon2
@@ -9,7 +9,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
  1 file changed, 2 insertions(+)
 
 diff --git a/util/grub-install.c b/util/grub-install.c
-index 7dc5657bb..cf7315891 100644
+index 060246589..059036d3c 100644
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
 @@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk)
diff --git a/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch b/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
index 763fea91..50195201 100644
--- a/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
+++ b/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
@@ -1,4 +1,4 @@
-From 548c5b227718783776b81d1e074b1982e76f2327 Mon Sep 17 00:00:00 2001
+From 8a098ee241040ccfdf03636f558ef6a3b431bb90 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Mon, 30 Oct 2023 22:19:21 +0000
 Subject: [PATCH 09/13] at_keyboard coreboot: force scancodes2+translate
diff --git a/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch b/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
index a0eff28d..685e21c4 100644
--- a/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
+++ b/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
@@ -1,4 +1,4 @@
-From 89764949b2bcfaad122800f336aa205fea4a1fed Mon Sep 17 00:00:00 2001
+From d86b69fa2c0d73440e5b990d8ab4b66c5c23fa46 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Tue, 31 Oct 2023 10:33:28 +0000
 Subject: [PATCH 10/13] keylayouts: don't print "Unknown key" message
diff --git a/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch b/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
index d2ed0055..f15d78e1 100644
--- a/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
+++ b/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
@@ -1,4 +1,4 @@
-From c6de75a3369aebb51df1659d89a6d7024c84d85e Mon Sep 17 00:00:00 2001
+From 3726c1e12b8896e4a77cc7a2b490e933dc2c08da Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:14:58 +0000
 Subject: [PATCH 11/13] don't print missing prefix errors on the screen
@@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644
  	    }
  	  file = try_open_from_prefix (prefix, filename);
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 9980bae90..4457cad7c 100644
+index 4a3be8568..6ae3d73f8 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -871,7 +871,7 @@ grub_dl_load (const char *name)
+@@ -881,7 +881,7 @@ grub_dl_load (const char *name)
      return 0;
  
    if (! grub_dl_dir) {
diff --git a/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch b/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch
index 85cde7a7..713f1244 100644
--- a/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch
+++ b/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch
@@ -1,4 +1,4 @@
-From e8e419fe16843e7b7d8c614531df9447db689d28 Mon Sep 17 00:00:00 2001
+From c86a635609a4623baa9312f5c1bebfd51f5883a1 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:36:22 +0000
 Subject: [PATCH 12/13] don't print error if module not found
@@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 4457cad7c..ea9fe8019 100644
+index 6ae3d73f8..4c15027fe 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
+@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
  
    s = grub_dl_find_section (e, ".modname");
    if (!s)
diff --git a/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch b/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch
index 70ce3059..d23ea109 100644
--- a/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch
+++ b/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch
@@ -1,4 +1,4 @@
-From 6eb22aa4110b99245fd31dcaad979d5049d398d6 Mon Sep 17 00:00:00 2001
+From 715ba566042aa140cbeb06836c558460ef6f446f Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 17:25:20 +0000
 Subject: [PATCH 13/13] don't print empty error messages
diff --git a/config/grub/default/target.cfg b/config/grub/default/target.cfg
index 300fdd7e..a9dab736 100644
--- a/config/grub/default/target.cfg
+++ b/config/grub/default/target.cfg
@@ -1,4 +1,4 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 tree="default"
-rev="6811f6f09d61996a3acbc4fc0414e45964f0e2d9"
+rev="a4da71dafeea519b034beb159dfe80c486c2107c"