## @file | |
# Execute a script to recover the SEV supplied secret and use it to | |
# decrypt a luks volume. For security, the kernel must be on an encrypted | |
# volume so reboot if none are found. | |
# | |
# Copyright (C) 2020 James Bottomley, IBM Corporation. | |
# | |
# SPDX-License-Identifier: BSD-2-Clause-Patent | |
# | |
## | |
echo "Entering grub config" | |
sevsecret | |
if [ $? -ne 0 ]; then | |
echo "Failed to locate anything in the SEV secret area, prompting for password" | |
cryptomount -a | |
else | |
cryptomount -s | |
if [ $? -ne 0 ]; then | |
echo "Failed to mount root securely, retrying with password prompt" | |
cryptomount -a | |
fi | |
fi | |
set root= | |
for f in (crypto*); do | |
if [ -e $f/boot/grub/grub.cfg ]; then | |
set root=$f | |
set prefix=($root)/boot/grub | |
break; | |
fi | |
done | |
if [ x$root = x ]; then | |
echo "Failed to find any grub configuration on the encrypted volume" | |
sleep 5 | |
reboot | |
fi | |
# rest of modules to get boot to work | |
set modules=" | |
boot | |
loadenv | |
" | |
for f in $modules; do | |
insmod $f | |
done | |
echo "Transferring to ${prefix}/grub.cfg" | |
source $prefix/grub.cfg |