Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/quantal-proposed/grub2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

160. By Colin Watson

* Fix incorrect initrd minimum address calculation (LP: #1055686).
* Add keystatus and loadenv to signed image (LP: #1066399).

159. By Colin Watson

Ignore symlink traversal failures in grub-mount readdir (LP: #1051306).

158. By Colin Watson

Fix patch to forbid insmod on UEFI secure boot to also forbid other
methods of loading modules (LP: #1065621).

157. By Colin Watson

Add some extra debugging to signed/unsigned kernel logic, to make it
easier to work out why it fails for some people.

156. By Colin Watson

Make embedded FAT filesystem a multiple of 32 blocks so that mtools is
happy with it.

155. By Colin Watson

GRUB's rescue parser doesn't understand 'if', so the embedded
configuration file in gcdx64.efi emitted errors. Add the memdisk
module, embed a tiny FAT filesystem containing the grub.cfg with the
search-and-chain logic, and embed a bootstrap configuration file that
loads that using 'normal'.

154. By Colin Watson

Embed a configuration file in gcdx64.efi which looks for a real boot
disk containing /.disk/info or /.disk/mini-info and chains to
/boot/grub/$platform/grub.cfg there.

153. By Colin Watson

[ Colin Watson ]
* Install signed images if UEFI Secure Boot is enabled (LP: #1063602).

[ Steve Langasek ]
* debian/patches/ubuntu_uefi_firmware_setup.patch: Output a menu entry
  for firmware setup on UEFI FastBoot systems.

152. By Colin Watson

* If the postinst is running in a container, skip grub-install and all its
  associated questions (LP: #1060404).
* Merge UEFI secure boot tweaks from Fedora:
  - Don't error on insmod on UEFI/SB, but also don't do any insmodding.
  - Add sleep to the list of modules in the signed image.
* Move Ubuntu modifications to the Fedora linuxefi patch into separate
  patches, to ease maintenance.
* Implement secure boot handling policy as outlined by Steve Langasek:
  - Make the linux module call linuxefi when necessary, simplifying
    configuration. Add the linux module to the signed image.
  - If secure boot is enabled and the kernel is signed, linux will call
    linuxefi to hand over to it without calling ExitBootServices.
  - Otherwise, linux will fall through to previous code, call
    ExitBootServices itself, and boot the kernel normally.
  - Change linuxefi to return GRUB_ERR_ACCESS_DENIED rather than
    GRUB_ERR_INVALID_COMMAND in the case of an invalid signature, to make
    it easier to implement different handling of unsigned kernels in
    future if necessary.
* Build two images for signing: one with prefix /EFI/BOOT for use on
  removable media, and one with prefix /EFI/ubuntu (and with the lvm,
  mdraid09, and mdraid1x modules added) for use on fixed disks. Setup
  mostly borrowed from Fedora.
* Generate configuration for signed UEFI kernels if available.

151. By Colin Watson

For now, stop using the /usr/share/images/desktop-base/desktop-grub.png
alternative as the fallback background. We should ultimately have some
Ubuntu branding here, but at the moment it just confuses people who
accidentally install desktop-base.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.