Hi there, I just want to first apologize for such a long email, I try to be overly-detailed to give as much information as possible.
I’m currently developing a secure boot chain for my work. I’d like to utilize GRUB to boot into Linux where integrity checks will be performed, then if the filesystem is verified, change a custom GRUB environment variable flag which will allow the user to continue our boot into Windows. My initial idea was led a bit astray as the emedded configuration<https://www.gnu.org/software/grub/manual/grub/html_node/Embedded-configuration.html> doc is wrong<https://lists.gnu.org/archive/html/help-grub/2013-08/msg00023.html>, but I’ve been trying to persevere nonetheless. I found this StackOverflow thread<https://stackoverflow.com/questions/18212050/using-grub-is-it-possible-to-use-if-while-during-booting-before-loading-nor> suggesting a workaround is to embed a cfg file that uses `configfile` to call the “actual” file which contains the scripting and whatever else that I need. This is my process: 1. Create a grub image: $GRUBDIR/grub-mkimage \ -O i386-pc -d $CORE -v \ -p $CORE \ -m $HOME/memdisk/memdisk.tar \ # Memdisk has multiple cfgs dedicated -c $HOME/memdisk/embedded.cfg \ # to each boot entry (Windows and Linux) -o $CORE/core.img \ part_gpt biosdisk ext2 memdisk ntfs tar echo sleep configfile search_fs_uuid loadenv search normal saveenv 1. Install using that image: $GRUBDIR/grub-install $DRIVE \ --boot-directory=$MNTDIR/boot/ \ -d $CORE 1. Using Dracut, create the initramfs Embedded.cfg: insmod normal load_env configfile (memdisk)/grub.cfg Grub.cfg: search.fs_uuid <uuid> root set prefix=($root)/boot/grub GRUB_PRELOAD_MODULES=insmod load_env save_env insmod normal load_env if [ CLEAN == FALSE ]; then configfile /boot/grub/windows.cfg else configfile /boot/grub/linux.cfg fi For some reason, GRUB is showing Linux.cfg even though CLEAN is set to FALSE. When I load GRUB and go into the command line, I try to echo $CLEAN and it just returns blank. Only after load_env can I echo $CLEAN (and it return FALSE). My menu entry is still Linux.cfg, even after load_env. I thoroughly feel like I’m missing one small detail for everything to fall into place, so if anyone has any advice, it would be greatly appreciated. Thanks so much, Sean ________________________________ IMPORTANT CONFIDENTIALITY NOTICE: This e-mail (including any documents referred to in, or attached to, this e-mail) may contain information that is personal, confidential or the subject of copyright, privilege or other proprietary rights in favour of Aristocrat, its affiliates or third parties. This e-mail is intended only for the named addressee. Any privacy, confidentiality, legal professional privilege, copyright or other proprietary rights in favour of Aristocrat, its affiliates or third parties, is not lost nor waived if this e-mail has been sent to you in error. If you have received this e-mail in error you should: (i) not copy, disclose, distribute or otherwise use it or its contents without the consent of Aristocrat or the owner of the relevant rights; (ii) let us know of the mistake by reply e-mail or by telephone (AUS +61 2 9013 6000 or USA +1-877-274-9661); and (iii) delete it from your system and destroy all copies. Any personal information contained in this e-mail must be handled in accordance with applicable privacy laws. Electronic and internet communications can be interfered with or affected by viruses and other defects. As a result, such communications may not be successfully received or, if received, may cause interference with the integrity of receiving, processing or related systems (including hardware, software and data or information on, or using, that hardware or software). Aristocrat gives no assurances and accepts no liability in relation to these matters. If you have any doubts about the veracity or integrity of any electronic communication we appear to have sent you, please call (AUS +61 2 9013 6000 or USA +1-877-274-9661) for clarification.
