discover/grub2: Allow to separate the --id argument using a space char The GRUB menuentry command allows to separate the arguments for options using either a '=' or a ' '. The latter is the convention used when the menu entries are defined in the GRUB config file, but this is currently not supported by Petitboot. Add tests to cover both using '--id=foo' and '--id foo' as options. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub2: Allow using title for default even if id was defined A default menu entry can be chosen using any of the following attributes: index, title or id (if the entry was defined with the --id option). But Petitboot doesn't honor this correctly and only compares the default with the menu entry title if the entry doesn't have an id defined. This is wrong since an index or title can be used even if an id was defined. This issue wasn't covered by the test that sets a default using a title because the menu entries didn't have an id defined. Add an id to them. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub2: Add support for initrd16 builtin This commit adds support for the initrd16 builtin which compliments the existing linux16 support and improves usability on x86 platforms. Signed-off-by: Shawn Anastasio <shawn@anastas.io> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Improve BLS grub environment variables expansion The fields from a BootLoaderSpec file can contain environment variables, in GRUB 2 these are show verbatim and are evaluated later when an entry is selected. But on Petitboot these have to be expanded before creating the GRUB 2 resources and show in the UI the values after the evaluation. The current blscfg handler had a very limited support for variables, it only had support for the options field and also didn't take into account that variables could be mixed with literal values. So for example the following fields were not expanded correctly: linux $bootprefix/vmlinuz options $kernelopts foo=bar options foo=bar $kernelopts options $kernelopts $debugopts Also change some of the tests to cover mixing variables and literals. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Use different paths to search for the BLS directory Currenlty the BLS fragments are only searched in the /loader/entries directory, but this assumes that there is a boot partition mounted in /boot. This may not always be the case, /boot may not be a mount point and just a directory inside the root partition. To cover this case, Petitboot tries to find a GRUB 2 config file in different paths. So let's do the same for the BLS files directory. Also change some of the unit tests to use /boot/loader/entries as a BLS directory instead of /loader/entries. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Allow to set a default index for BLS entries When the BLS support was added, the conclusion was that default indexes didn't apply for BLS snippets. But for GRUB 2 the indexes refers to the boot menu entries in memory, regardless of how these were generated. Since in GRUB 2 is valid to set a default index even for menu entries generated from BLS fragments, allow this to also be done in Petitboot. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Don't add discover context boot options in blscfg handler Instead of adding a boot option explicitly, just add it to the grub script boot option list and increment the number of options. That way BLS entries will be known by the grub script handler and can check if is a valid index. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Reverse BLS entries sorting to match Petitboot's boot order The BLS entries were sorted so that the latest entry was at the top in the Petitboot UI, since it matches how menu entries are sorted in GRUB2 config and the GRUB2 UI. But in the Petitboot's UI, the latest entry is expected to be at the bottom and the older one at the top. Sort the BLS entries to match what's expected. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Allow to choose a different BLS directory The default path to search for BootLoaderSpec configuration files is /loader/entries but in some setups a different directory may be used. So allow this to be chosen by using a blsdir GRUB environment variable. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Add blscfg command support to parse BootLoaderSpec files The BootLoaderSpec (BLS) defines a file format for boot configurations, so bootloaders can parse these files and create their boot menu entries by using the information provided by them [0]. This allow to configure the boot items as drop-in files in a directory instead of having to parse and modify a bootloader configuration file. The GRUB 2 bootloader provides a blscfg command that parses these files and creates menu entries using this information. Add support for it. [0]: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/ Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
grub2/grub2-parser: accept no whitespace in grub menuentry The Yocto wic grub support will generate a grub.cfg with no whitespace between the ending quote of the menuentry label and the opening bracket. There doesn't seem to be anything in the specification that this is illegal so accept it here. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Add support for GPG signature enforcement on booted kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
discover/grub2: Do not set $0 in functions GRUB2 does not set $0 in functions, so don't set it in our GRUB2 script parser. (As it doesn't have a value in GRUB2 scripts, probably no GRUB2 script depends on the value of $0.) Additionally, dash and bash set environment variable 0 to the name of the script (even in functions), so the current behavior of $0 doesn't really match shell scripts either. Tested: Existing tests pass. Signed-off-by: Alan Dunn <amdunn@google.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Allow evaluation of arbitrarily-positioned arguments in GRUB2 parser GRUB2 allows essentially arbitrary numbers of positional arguments, so ensure that they can be evaluated within scripts. GRUB2 also appears to support arbitrary numbers of leading 0's in positional parameters (i.e., $01 should evalute the same as $1), but this doesn't seem like a particularly important case to support. Tested: Modified test-grub2-pos-param to cover higher-numbered positional arguments. Signed-off-by: Alan Dunn <amdunn@google.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub2: Fix handling of positional parameters Positional parameters are set in the environment with '$' prepended to the name. This causes lookups to fail because parameter lookups don't include the '$'. TESTED: Added a test that covers positional parameters in GRUB2 parser. Build succeeds, tests pass. Bootstrapped-by: Nancy Yuen <yuenn@google.com> Signed-off-by: Alan Dunn <amdunn@google.com> Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>