Hi,
Sorry if the info I gave is vague, I am trying to learn how would Secure Boot work with GRUB2. I am not sure how much information is appropriate, but here goes:
On my EFI installed system, grub is built with embedded load.cfg, load.cfg has the following content:
search.fs_uuid 123f09d21237f123 root
set prefix=($root)/boot/grub/efi
From what I read in the manual, this will set up the root and prefix during booting.
So for Secure Boot, I need to make a signed GRUB2. The signed GRUB2 needs to be generic because it is only signed once in production. So this means I cannot embed a configuration file with UUID number as the UUID changes per system installation.
You mention "unique name". Is there anyway I can create the name myself? Is there anyway I can use uuid with "hint"?
How to hardcode partition number?
Thanks,
Mat
On Thursday, December 3, 2015, Andrei Borzenkov <
address@hidden> wrote:
On Fri, Dec 4, 2015 at 7:27 AM, Mat Troi <address@hidden> wrote:
> I am building the signed grub myself. I guess the question is how to search
> for the root device without using uuid? I tried search.fs_label grub root
> and the system returns error: no such device: grub.
>
Well, you can find only what is available. As you do not provide any
information about your environment and configuration I can only guess
that no filesystem accessible to GRUB has label "grub".
If not UUID, you can search by label or can search for specific file
name. That is what grub-install does anyway if UUIDs are not reliable
- it creates file with unique name and searches for it.
Or you can simply hardcode partition number.
But I guess all above was already known, in which case you are better
ask real question you want to know :)
>
> On Thursday, December 3, 2015, Andrei Borzenkov <address@hidden> wrote:
>>
>> 03.12.2015 22:59, Mat Troi пишет:
>> > Hi,
>> >
>> > If using sign grub for Secure Boot, I cannot use search_fsuuid in the
>> > configuration for grub as the uuid is different. Is there a way to
>> > write a
>> > configuration that will let me find the current UEFI boot and set that
>> > as
>> > root? Or is there a way to set root not using search_fsuuid?
>> >
>>
>> It is really the question to your distribution - what it put into signed
>> GRUB image. But those distributions I am aware of include `search'
>> command ...