summaryrefslogtreecommitdiffstats
path: root/debian/patches/uefi-secure-boot-cryptomount.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/uefi-secure-boot-cryptomount.patch48
1 files changed, 48 insertions, 0 deletions
diff --git a/debian/patches/uefi-secure-boot-cryptomount.patch b/debian/patches/uefi-secure-boot-cryptomount.patch
new file mode 100644
index 0000000..cbef39c
--- /dev/null
+++ b/debian/patches/uefi-secure-boot-cryptomount.patch
@@ -0,0 +1,48 @@
+From 7fd79864c87c57d586989d12c3d4a7e432b3d73a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Herv=C3=A9=20Werner?= <dud225@hotmail.com>
+Date: Mon, 28 Jan 2019 17:24:23 +0100
+Subject: Fix setup on Secure Boot systems where cryptodisk is in use
+
+On full-encrypted systems, including /boot, the current code omits
+cryptodisk commands needed to open the drives if Secure Boot is enabled.
+This prevents grub2 from reading any further configuration residing on
+the encrypted disk.
+This patch fixes this issue by adding the needed "cryptomount" commands in
+the load.cfg file that is then copied in the EFI partition.
+
+Bug-Debian: https://bugs.debian.org/917117
+Last-Update: 2019-02-10
+
+Patch-Name: uefi-secure-boot-cryptomount.patch
+---
+ util/grub-install.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/util/grub-install.c b/util/grub-install.c
+index b51fe4710..58f1453ba 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -1531,6 +1531,23 @@ main (int argc, char *argv[])
+ || uefi_secure_boot)
+ {
+ char *uuid = NULL;
++
++ if (uefi_secure_boot && config.is_cryptodisk_enabled)
++ {
++ if (grub_dev->disk)
++ probe_cryptodisk_uuid (grub_dev->disk);
++
++ for (curdrive = grub_drives + 1; *curdrive; curdrive++)
++ {
++ grub_device_t dev = grub_device_open (*curdrive);
++ if (!dev)
++ continue;
++ if (dev->disk)
++ probe_cryptodisk_uuid (dev->disk);
++ grub_device_close (dev);
++ }
++ }
++
+ /* generic method (used on coreboot and ata mod). */
+ if (!force_file_id
+ && grub_fs->fs_uuid && grub_fs->fs_uuid (grub_dev, &uuid))