| ## @file | |
| # Execute a script to recover the SEV supplied secret and use it to | |
| # decrypt a luks volume. For security, the kernel must be on an encrypted | |
| # volume so reboot if none are found. | |
| # | |
| # Copyright (C) 2020 James Bottomley, IBM Corporation. | |
| # | |
| # SPDX-License-Identifier: BSD-2-Clause-Patent | |
| # | |
| ## | |
| echo "Entering grub config" | |
| sevsecret | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to locate anything in the SEV secret area, prompting for password" | |
| cryptomount -a | |
| else | |
| cryptomount -s | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to mount root securely, retrying with password prompt" | |
| cryptomount -a | |
| fi | |
| fi | |
| set root= | |
| for f in (crypto*); do | |
| if [ -e $f/boot/grub/grub.cfg ]; then | |
| set root=$f | |
| set prefix=($root)/boot/grub | |
| break; | |
| fi | |
| done | |
| if [ x$root = x ]; then | |
| echo "Failed to find any grub configuration on the encrypted volume" | |
| sleep 5 | |
| reboot | |
| fi | |
| # rest of modules to get boot to work | |
| set modules=" | |
| boot | |
| loadenv | |
| " | |
| for f in $modules; do | |
| insmod $f | |
| done | |
| echo "Transferring to ${prefix}/grub.cfg" | |
| source $prefix/grub.cfg |