OvmfPkg/AmdSev/Grub/grub.sh - edk2 - Git at Google

 ##  @file
 #  Build a version of grub capable of decrypting a luks volume with a SEV
 #  Supplied secret
 #
 #  Copyright (C) 2020 James Bottomley, IBM Corporation.
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##

 set -e
 remove_efi=1

 cleanup()  {
     # remove the intermediates
     for f in disk.fat grub-bootstrap.cfg; do
         rm -f -- "${basedir}/$f"
     done
     if [ $remove_efi -eq 1 ]; then
         rm -f -- "${basedir}/grub.efi"
     fi
 }

 trap cleanup EXIT

 GRUB_MODULES="
             part_msdos
             part_gpt
             cryptodisk
             luks
             gcry_rijndael
             gcry_sha256
             ext2
             btrfs
             xfs
             fat
             configfile
             memdisk
             sleep
             normal
             echo
             test
             regexp
             linux
             linuxefi
             reboot
             sevsecret
             "
 basedir=$(dirname -- "$0")

 # don't run a build if grub.efi exists and is newer than the config files
 if [ -e "${basedir}/grub.efi" ] && \
      [ "${basedir}/grub.efi" -nt "${basedir}/grub.cfg" ] && \
      [ "${basedir}/grub.efi" -nt "${basedir}/grub.sh" ]; then
     remove_efi=0
     echo "preserving existing grub.efi" >&2
     exit 0
 fi

 ##
 # different distributions have different names for grub-mkimage, so
 # search all the known ones
 ##
 mkimage=
 for b in grub2-mkimage grub-mkimage; do
     if which "$b" > /dev/null 2>&1; then
         mkimage="$b"
         break
     fi
 done
 if [ -z "$mkimage" ]; then
     echo "Can't find grub mkimage" >&2
     exit 1
 fi

 # GRUB's rescue parser doesn't understand 'if'.
 echo 'normal (memdisk)/grub.cfg' > "${basedir}/grub-bootstrap.cfg"

 # Now build a memdisk with the correct grub.cfg
 rm -f -- "${basedir}/disk.fat"
 mkfs.msdos -C -- "${basedir}/disk.fat" 64
 mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg


 ${mkimage} -O x86_64-efi \
            -p '(crypto0)' \
            -c "${basedir}/grub-bootstrap.cfg" \
            -m "${basedir}/disk.fat" \
            -o "${basedir}/grub.efi" \
            ${GRUB_MODULES}

 remove_efi=0
 echo "grub.efi generated in ${basedir}"
	## @file
	# Build a version of grub capable of decrypting a luks volume with a SEV
	# Supplied secret
	#
	# Copyright (C) 2020 James Bottomley, IBM Corporation.
	#
	# SPDX-License-Identifier: BSD-2-Clause-Patent
	#
	##

	set -e
	remove_efi=1

	cleanup() {
	# remove the intermediates
	for f in disk.fat grub-bootstrap.cfg; do
	rm -f -- "${basedir}/$f"
	done
	if [ $remove_efi -eq 1 ]; then
	rm -f -- "${basedir}/grub.efi"
	fi
	}

	trap cleanup EXIT

	GRUB_MODULES="
	part_msdos
	part_gpt
	cryptodisk
	luks
	gcry_rijndael
	gcry_sha256
	ext2
	btrfs
	xfs
	fat
	configfile
	memdisk
	sleep
	normal
	echo
	test
	regexp
	linux
	linuxefi
	reboot
	sevsecret
	"
	basedir=$(dirname -- "$0")

	# don't run a build if grub.efi exists and is newer than the config files
	if [ -e "${basedir}/grub.efi" ] && \
	[ "${basedir}/grub.efi" -nt "${basedir}/grub.cfg" ] && \
	[ "${basedir}/grub.efi" -nt "${basedir}/grub.sh" ]; then
	remove_efi=0
	echo "preserving existing grub.efi" >&2
	exit 0
	fi

	##
	# different distributions have different names for grub-mkimage, so
	# search all the known ones
	##
	mkimage=
	for b in grub2-mkimage grub-mkimage; do
	if which "$b" > /dev/null 2>&1; then
	mkimage="$b"
	break
	fi
	done
	if [ -z "$mkimage" ]; then
	echo "Can't find grub mkimage" >&2
	exit 1
	fi

	# GRUB's rescue parser doesn't understand 'if'.
	echo 'normal (memdisk)/grub.cfg' > "${basedir}/grub-bootstrap.cfg"

	# Now build a memdisk with the correct grub.cfg
	rm -f -- "${basedir}/disk.fat"
	mkfs.msdos -C -- "${basedir}/disk.fat" 64
	mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg


	${mkimage} -O x86_64-efi \
	-p '(crypto0)' \
	-c "${basedir}/grub-bootstrap.cfg" \
	-m "${basedir}/disk.fat" \
	-o "${basedir}/grub.efi" \
	${GRUB_MODULES}

	remove_efi=0
	echo "grub.efi generated in ${basedir}"