Skip to content

Commit

Permalink
Fixes #37653 - Always load local disk's GRUB2 configuration
Browse files Browse the repository at this point in the history
... instead of using chainloading when SecureBoot is disabled. This
standardizes the procedure under UEFI for both cases.

This also allows us to boot systems with host and vendor specific GRUB2
binaries which do not support the `connectefi` command (EL GRUB2 only).
The `connectefi` command is required for a successful `chainloader`
command usage.
  • Loading branch information
Jan Löser authored and goarsna committed Jul 25, 2024
1 parent 7ce3336 commit 6a2aa4a
Show file tree
Hide file tree
Showing 5 changed files with 5 additions and 543 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,26 +4,12 @@ name: pxegrub2_chainload
model: ProvisioningTemplate
snippet: true
description: |
In Foreman's typical PXE workflow, managed hosts are configured to always boot from network and inventory build flag dictates if they should boot into installer (build is on) or boot from local drive (build is off). This template is used to chainload from EFI ESP for systems which booted from network. It is not as straightforward as in BIOS and EFI boot file must be found on an ESP partition.
In Foreman's typical PXE workflow, managed hosts are configured to always boot from network and inventory build flag dictates if they should boot into installer (build is on) or boot from local drive (build is off). This template is used to load the GRUB2 configuration file or chainload from local EFI ESP for systems which booted from network.
This will only be needed when provisioned hosts are set to boot from network, typically EFI firmware implementations overrides boot order after new OS installation. This behavior can be set in EFI, or "efi_bootentry" host parameter can be set to "previous" to override boot order back to previous (network) setting. See efibootmgr_netboot snippet for more info.
-%>
<%
paths = [
'/EFI/fedora/shim.efi',
'/EFI/fedora/grubx64.efi',
'/EFI/redhat/shim.efi',
'/EFI/redhat/grubx64.efi',
'/EFI/centos/shim.efi',
'/EFI/centos/grubx64.efi',
'/EFI/rocky/shim.efi',
'/EFI/rocky/grubx64.efi',
'/EFI/almalinux/shim.efi',
'/EFI/almalinux/grubx64.efi',
'/EFI/debian/grubx64.efi',
'/EFI/ubuntu/grubx64.efi',
'/EFI/sles/grubx64.efi',
'/EFI/opensuse/grubx64.efi',
'/EFI/Microsoft/boot/bootmgfw.efi'
]
config_paths = [
Expand Down Expand Up @@ -67,12 +53,7 @@ echo
"connectefi #{connectefi_option}" if connectefi_option
%>

if [ "${lockdown}" == "y" ]; then
if [ "${default}" == "local" ]; then
set default="grub_config"
fi

menuentry 'Loading GRUB2 config from ESP' --id grub_config {
menuentry 'Loading GRUB2 from ESP' --id local {
<%
config_paths.each do |config_path|
-%>
Expand All @@ -85,14 +66,6 @@ if [ "${lockdown}" == "y" ]; then
fi
<%
end
-%>
}
fi

menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
ls
<%
paths.each do |path|
-%>
echo "Trying <%= path %> "
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,7 @@ echo "(*) grub2-efi-x64-2.02-122.el8 (upstream doesn't have the patches yet)"
echo
connectefi scsi

if [ "${lockdown}" == "y" ]; then
if [ "${default}" == "local" ]; then
set default="grub_config"
fi

menuentry 'Loading GRUB2 config from ESP' --id grub_config {
menuentry 'Loading GRUB2 from ESP' --id local {
echo "Trying /EFI/fedora/grub.cfg"
unset chroot
# add --efidisk-only when using Software RAID
Expand Down Expand Up @@ -95,152 +90,6 @@ if [ "${lockdown}" == "y" ]; then
if [ -f ($chroot)/EFI/opensuse/grub.cfg ]; then
configfile ($chroot)/EFI/opensuse/grub.cfg
fi
}
fi

menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
ls
echo "Trying /EFI/fedora/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/fedora/shim.efi
if [ -f ($chroot)/EFI/fedora/shim.efi ]; then
chainloader ($chroot)/EFI/fedora/shim.efi
echo "Found /EFI/fedora/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/fedora/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/fedora/grubx64.efi
if [ -f ($chroot)/EFI/fedora/grubx64.efi ]; then
chainloader ($chroot)/EFI/fedora/grubx64.efi
echo "Found /EFI/fedora/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/redhat/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/redhat/shim.efi
if [ -f ($chroot)/EFI/redhat/shim.efi ]; then
chainloader ($chroot)/EFI/redhat/shim.efi
echo "Found /EFI/redhat/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/redhat/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/redhat/grubx64.efi
if [ -f ($chroot)/EFI/redhat/grubx64.efi ]; then
chainloader ($chroot)/EFI/redhat/grubx64.efi
echo "Found /EFI/redhat/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/centos/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/centos/shim.efi
if [ -f ($chroot)/EFI/centos/shim.efi ]; then
chainloader ($chroot)/EFI/centos/shim.efi
echo "Found /EFI/centos/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/centos/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/centos/grubx64.efi
if [ -f ($chroot)/EFI/centos/grubx64.efi ]; then
chainloader ($chroot)/EFI/centos/grubx64.efi
echo "Found /EFI/centos/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/rocky/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/rocky/shim.efi
if [ -f ($chroot)/EFI/rocky/shim.efi ]; then
chainloader ($chroot)/EFI/rocky/shim.efi
echo "Found /EFI/rocky/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/rocky/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/rocky/grubx64.efi
if [ -f ($chroot)/EFI/rocky/grubx64.efi ]; then
chainloader ($chroot)/EFI/rocky/grubx64.efi
echo "Found /EFI/rocky/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/almalinux/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/almalinux/shim.efi
if [ -f ($chroot)/EFI/almalinux/shim.efi ]; then
chainloader ($chroot)/EFI/almalinux/shim.efi
echo "Found /EFI/almalinux/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/almalinux/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/almalinux/grubx64.efi
if [ -f ($chroot)/EFI/almalinux/grubx64.efi ]; then
chainloader ($chroot)/EFI/almalinux/grubx64.efi
echo "Found /EFI/almalinux/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/debian/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/debian/grubx64.efi
if [ -f ($chroot)/EFI/debian/grubx64.efi ]; then
chainloader ($chroot)/EFI/debian/grubx64.efi
echo "Found /EFI/debian/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/ubuntu/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/ubuntu/grubx64.efi
if [ -f ($chroot)/EFI/ubuntu/grubx64.efi ]; then
chainloader ($chroot)/EFI/ubuntu/grubx64.efi
echo "Found /EFI/ubuntu/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/sles/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/sles/grubx64.efi
if [ -f ($chroot)/EFI/sles/grubx64.efi ]; then
chainloader ($chroot)/EFI/sles/grubx64.efi
echo "Found /EFI/sles/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/opensuse/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/opensuse/grubx64.efi
if [ -f ($chroot)/EFI/opensuse/grubx64.efi ]; then
chainloader ($chroot)/EFI/opensuse/grubx64.efi
echo "Found /EFI/opensuse/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/Microsoft/boot/bootmgfw.efi "
unset chroot
# add --efidisk-only when using Software RAID
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,7 @@ echo "(*) grub2-efi-x64-2.02-122.el8 (upstream doesn't have the patches yet)"
echo
connectefi scsi

if [ "${lockdown}" == "y" ]; then
if [ "${default}" == "local" ]; then
set default="grub_config"
fi

menuentry 'Loading GRUB2 config from ESP' --id grub_config {
menuentry 'Loading GRUB2 from ESP' --id local {
echo "Trying /EFI/fedora/grub.cfg"
unset chroot
# add --efidisk-only when using Software RAID
Expand Down Expand Up @@ -111,152 +106,6 @@ if [ "${lockdown}" == "y" ]; then
if [ -f ($chroot)/EFI/opensuse/grub.cfg ]; then
configfile ($chroot)/EFI/opensuse/grub.cfg
fi
}
fi

menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
ls
echo "Trying /EFI/fedora/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/fedora/shim.efi
if [ -f ($chroot)/EFI/fedora/shim.efi ]; then
chainloader ($chroot)/EFI/fedora/shim.efi
echo "Found /EFI/fedora/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/fedora/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/fedora/grubx64.efi
if [ -f ($chroot)/EFI/fedora/grubx64.efi ]; then
chainloader ($chroot)/EFI/fedora/grubx64.efi
echo "Found /EFI/fedora/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/redhat/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/redhat/shim.efi
if [ -f ($chroot)/EFI/redhat/shim.efi ]; then
chainloader ($chroot)/EFI/redhat/shim.efi
echo "Found /EFI/redhat/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/redhat/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/redhat/grubx64.efi
if [ -f ($chroot)/EFI/redhat/grubx64.efi ]; then
chainloader ($chroot)/EFI/redhat/grubx64.efi
echo "Found /EFI/redhat/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/centos/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/centos/shim.efi
if [ -f ($chroot)/EFI/centos/shim.efi ]; then
chainloader ($chroot)/EFI/centos/shim.efi
echo "Found /EFI/centos/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/centos/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/centos/grubx64.efi
if [ -f ($chroot)/EFI/centos/grubx64.efi ]; then
chainloader ($chroot)/EFI/centos/grubx64.efi
echo "Found /EFI/centos/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/rocky/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/rocky/shim.efi
if [ -f ($chroot)/EFI/rocky/shim.efi ]; then
chainloader ($chroot)/EFI/rocky/shim.efi
echo "Found /EFI/rocky/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/rocky/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/rocky/grubx64.efi
if [ -f ($chroot)/EFI/rocky/grubx64.efi ]; then
chainloader ($chroot)/EFI/rocky/grubx64.efi
echo "Found /EFI/rocky/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/almalinux/shim.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/almalinux/shim.efi
if [ -f ($chroot)/EFI/almalinux/shim.efi ]; then
chainloader ($chroot)/EFI/almalinux/shim.efi
echo "Found /EFI/almalinux/shim.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/almalinux/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/almalinux/grubx64.efi
if [ -f ($chroot)/EFI/almalinux/grubx64.efi ]; then
chainloader ($chroot)/EFI/almalinux/grubx64.efi
echo "Found /EFI/almalinux/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/debian/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/debian/grubx64.efi
if [ -f ($chroot)/EFI/debian/grubx64.efi ]; then
chainloader ($chroot)/EFI/debian/grubx64.efi
echo "Found /EFI/debian/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/ubuntu/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/ubuntu/grubx64.efi
if [ -f ($chroot)/EFI/ubuntu/grubx64.efi ]; then
chainloader ($chroot)/EFI/ubuntu/grubx64.efi
echo "Found /EFI/ubuntu/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/sles/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/sles/grubx64.efi
if [ -f ($chroot)/EFI/sles/grubx64.efi ]; then
chainloader ($chroot)/EFI/sles/grubx64.efi
echo "Found /EFI/sles/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/opensuse/grubx64.efi "
unset chroot
# add --efidisk-only when using Software RAID
search --file --no-floppy --set=chroot /EFI/opensuse/grubx64.efi
if [ -f ($chroot)/EFI/opensuse/grubx64.efi ]; then
chainloader ($chroot)/EFI/opensuse/grubx64.efi
echo "Found /EFI/opensuse/grubx64.efi at $chroot, attempting to chainboot it..."
sleep 2
boot
fi
echo "Trying /EFI/Microsoft/boot/bootmgfw.efi "
unset chroot
# add --efidisk-only when using Software RAID
Expand Down
Loading

0 comments on commit 6a2aa4a

Please sign in to comment.