aboutsummaryrefslogtreecommitdiff
path: root/templates/grub.cfg
blob: 938be46fcec499a5172609de05659200f86d40eb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#
# Bootless: evil-maid mitigator.
#

#
# Load environment
#
if [ -s $prefix/grubenv ]; then
  load_env
fi

#
# Basic config
#
set default="0"
set timeout=60

#
# Menu appearance
#
set menu_color_normal=white/blue
set menu_color_highlight=yellow/red

#
# Handles boot from fully encrypted /boot volumes.
# Usage: bootfde <volume> <kernel-version> [source] [target]
#
function bootfde {
  # Loads raid, lvm and luks modules you can access kernel and initrd from
  # the inside your encrypted OS!
  insmod mdraid1x
  insmod lvm
  insmod luks

  set volume=${1}

  if [ "${2}" ]; then
    set version=${2}
  else
    set version=3.16.0-4-amd64
  fi

  if [ "${3}" ]; then
    set source=${3}
  else
    set source=/dev/mapper/${1}
  fi

  if [ "${4}" ]; then
    set target=${4}
  else
    set target=root
  fi

  if [ "${version}" = 'default' ]; then
    set kernel="/vmlinuz"
    set initrd="/initrd.img"
  else
    set kernel="/boot/vmlinuz-${version}"
    set initrd="/boot/initrd.img-${version}"
  fi

  cryptomount lvm/${volume}
  set         root=(crypto0)

  # Load the LVM module again after loading the encrypted volume
  # so Grub can detect LVM volumes inside crypto0.
  rmmod  lvm
  insmod lvm

  # Complete kernel params available at
  # https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
  echo        "Loading ${volume}..."
  linux       ${kernel} root=/dev/mapper/${target} cryptopts=target=${target},source=${source} ro quiet rootdelay=5 apparmor=1 security=apparmor
  echo        'Loading initial ramdisk ...'
  initrd      ${initrd}
}

#
# Handles boot from images stored in the USB stick.
# Usage: bootfde <volume> <kernel-version> [target] [rootfs] [distro]
#
function bootimg {
  set volume=${1}

  if [ "${2}" ]; then
    set version=${2}
  else
    set version=3.16.0-4-amd64
  fi

  if [ "${3}" ]; then
    set target=${3}
  else
    set target=root
  fi

  if [ "${4}" ]; then
    set rootfs=${4}
  else
    set rootfs=${target}
  fi

  if [ "${5}" ]; then
    set distro=${5}
  else
    set distro=debian
  fi

  if [ "${version}" = default ]; then
    set kernel="/vmlinuz"
    set initrd="/initrd.img"
  else
    set kernel="/boot/custom/${distro}/vmlinuz-${version}"
    set initrd="/boot/custom/${distro}initrd.img-${version}"
  fi

  # Complete kernel params available at
  # https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
  echo   "Loading ${1}..."
  linux  ${kernel} root=/dev/mapper/${rootfs} cryptopts=target=${target},source=${volume} ro quiet rootdelay=5 apparmor=1 security=apparmor
  echo   'Loading initial ramdisk ...'
  initrd ${initrd}
}

#
# Default menu entry
#
menuentry "Memtest86+" {
  linux16 /boot/default/memtest/memtest86+.bin
}

#
# Custom menu entries
#
if [ -e "/boot/custom/custom.cfg" ]; then
  menuentry "Custom configurations" {
    configfile /boot/custom/custom.cfg
  }
fi