lp:ubuntu/quantal/grub2

Created by James Westby on 2012-04-26 and last modified on 2012-10-14
Get this branch:
bzr branch lp:ubuntu/quantal/grub2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

160. By Colin Watson on 2012-10-14

* Fix incorrect initrd minimum address calculation (LP: #1055686).
* Add keystatus and loadenv to signed image (LP: #1066399).

159. By Colin Watson on 2012-10-12

Ignore symlink traversal failures in grub-mount readdir (LP: #1051306).

158. By Colin Watson on 2012-10-12

Fix patch to forbid insmod on UEFI secure boot to also forbid other
methods of loading modules (LP: #1065621).

157. By Colin Watson on 2012-10-11

Add some extra debugging to signed/unsigned kernel logic, to make it
easier to work out why it fails for some people.

156. By Colin Watson on 2012-10-10

Make embedded FAT filesystem a multiple of 32 blocks so that mtools is
happy with it.

155. By Colin Watson on 2012-10-10

GRUB's rescue parser doesn't understand 'if', so the embedded
configuration file in gcdx64.efi emitted errors. Add the memdisk
module, embed a tiny FAT filesystem containing the grub.cfg with the
search-and-chain logic, and embed a bootstrap configuration file that
loads that using 'normal'.

154. By Colin Watson on 2012-10-09

Embed a configuration file in gcdx64.efi which looks for a real boot
disk containing /.disk/info or /.disk/mini-info and chains to
/boot/grub/$platform/grub.cfg there.

153. By Colin Watson on 2012-10-08

[ Colin Watson ]
* Install signed images if UEFI Secure Boot is enabled (LP: #1063602).

[ Steve Langasek ]
* debian/patches/ubuntu_uefi_firmware_setup.patch: Output a menu entry
  for firmware setup on UEFI FastBoot systems.

152. By Colin Watson on 2012-10-07

* If the postinst is running in a container, skip grub-install and all its
  associated questions (LP: #1060404).
* Merge UEFI secure boot tweaks from Fedora:
  - Don't error on insmod on UEFI/SB, but also don't do any insmodding.
  - Add sleep to the list of modules in the signed image.
* Move Ubuntu modifications to the Fedora linuxefi patch into separate
  patches, to ease maintenance.
* Implement secure boot handling policy as outlined by Steve Langasek:
  - Make the linux module call linuxefi when necessary, simplifying
    configuration. Add the linux module to the signed image.
  - If secure boot is enabled and the kernel is signed, linux will call
    linuxefi to hand over to it without calling ExitBootServices.
  - Otherwise, linux will fall through to previous code, call
    ExitBootServices itself, and boot the kernel normally.
  - Change linuxefi to return GRUB_ERR_ACCESS_DENIED rather than
    GRUB_ERR_INVALID_COMMAND in the case of an invalid signature, to make
    it easier to implement different handling of unsigned kernels in
    future if necessary.
* Build two images for signing: one with prefix /EFI/BOOT for use on
  removable media, and one with prefix /EFI/ubuntu (and with the lvm,
  mdraid09, and mdraid1x modules added) for use on fixed disks. Setup
  mostly borrowed from Fedora.
* Generate configuration for signed UEFI kernels if available.

151. By Colin Watson on 2012-10-04

For now, stop using the /usr/share/images/desktop-base/desktop-grub.png
alternative as the fallback background. We should ultimately have some
Ubuntu branding here, but at the moment it just confuses people who
accidentally install desktop-base.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers