grub: only enable nvme if needed on a board

remove nvme support from the "default" grub tree

now there are three trees:

* default: no xhci or nvme patches
* nvme: contains nvme support
* xhci: contains xhci and nvme support

this is in case a bug like lbmk issue #216 ever occurs
again, as referenced before during lbmk audit 5

there is no indication that the nvme patch causes any
issues, but after previous experience i want to be sure

Signed-off-by: Leah Rowe <leah@libreboot.org>

config/coreboot/g43t_am3/target.cfg

@@ -3,3 +3,4 @@ xarch="i386-elf"
 payload_seabios="y"
 payload_memtest="y"
 grub_timeout=10
+grubtree="nvme"

config/coreboot/g43t_am3_16mb/target.cfg

@@ -4,3 +4,4 @@ payload_seabios="y"
 payload_memtest="y"
 grub_timeout=10
 release="n"
+grubtree="nvme"

config/coreboot/ga_g41m_es2l/target.cfg

@@ -3,3 +3,4 @@ xarch="i386-elf"
 payload_seabios="y"
 payload_memtest="y"
 grub_timeout=10
+grubtree="nvme"

config/coreboot/kcma_d8-udimm_16mb/target.cfg

@@ -7,3 +7,4 @@ payload_memtest="y"
 xlang="c"
 grub_timout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kcma_d8_rdimm_16mb/target.cfg

@@ -6,3 +6,4 @@ payload_memtest="y"
 xlang="c"
 grub_timeout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kcma_d8_rdimm_2mb/target.cfg

@@ -5,3 +5,4 @@ payload_seabios_withgrub="y"
 payload_memtest="y"
 xlang="c"
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kcma_d8_udimm_2mb/target.cfg

@@ -7,3 +7,4 @@ payload_memtest="y"
 xlang="c"
 grub_timeout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kgpe_d16_rdimm_16mb/target.cfg

@@ -6,3 +6,4 @@ payload_memtest="y"
 xlang="c"
 grub_timeout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kgpe_d16_rdimm_2mb/target.cfg

@@ -6,3 +6,4 @@ payload_memtest="y"
 xlang="c"
 grub_timeout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kgpe_d16_udimm_16mb/target.cfg

@@ -7,3 +7,4 @@ payload_memtest="y"
 xlang="c"
 grub_timeout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/coreboot/kgpe_d16_udimm_2mb/target.cfg

@@ -7,3 +7,4 @@ payload_memtest="y"
 xlang="c"
 grub_timeout=10
 grub_scan_disk="nvme ahci"
+grubtree="nvme"

config/data/grub/module/default

@@ -103,7 +103,6 @@ multiboot2 \
 nativedisk \
 normal \
 ntfs \
-nvme \
 ohci \
 part_bsd \
 part_dfly \

config/data/grub/module/nvme

@@ -0,0 +1,156 @@
+# Install modules (installed, but not automatically loaded)
+grub_install_modules=" \
+hexdump \
+newc \
+odc \
+usbserial_common \
+usbserial_ftdi \
+usbserial_pl2303 \
+usbserial_usbdebug \
+video_colors \
+"
+# Modules (and always loaded)
+grub_modules=" \
+acpi \
+ahci \
+at_keyboard \
+all_video \
+ata \
+bitmap \
+bitmap_scale \
+boot \
+bsd \
+btrfs \
+cat \
+cbfs \
+cbls \
+cbmemc \
+cbtime \
+chain \
+configfile \
+cpio \
+cpio_be \
+crc64 \
+crypto \
+cryptodisk \
+diskfilter \
+echo \
+ehci \
+eval \
+exfat \
+elf \
+ext2 \
+fat \
+f2fs \
+gcry_arcfour \
+gcry_blowfish \
+gcry_camellia \
+gcry_cast5 \
+gcry_crc \
+gcry_des \
+gcry_dsa \
+gcry_idea \
+gcry_md4 \
+gcry_md5 \
+gcry_rfc2268 \
+gcry_rijndael \
+gcry_rmd160 \
+gcry_rsa \
+gcry_seed \
+gcry_serpent \
+gcry_sha1 \
+gcry_sha256 \
+gcry_sha512 \
+gcry_tiger \
+gcry_twofish \
+gcry_whirlpool \
+geli \
+gfxmenu \
+gfxterm_background \
+gfxterm_menu \
+gzio \
+hashsum \
+halt \
+help \
+iorw \
+iso9660 \
+jpeg \
+json \
+keylayouts \
+keystatus \
+linux \
+linux16 \
+loadenv \
+loopback \
+ls \
+lsacpi \
+lsmmap \
+lspci \
+luks \
+luks2 \
+argon2 \
+lvm \
+lzopio \
+mdraid09 \
+mdraid09_be \
+mdraid1x \
+memdisk \
+memrw \
+minicmd \
+mmap \
+multiboot \
+multiboot2 \
+nativedisk \
+normal \
+ntfs \
+nvme \
+ohci \
+part_bsd \
+part_dfly \
+part_gpt \
+part_msdos \
+password \
+password_pbkdf2 \
+pata \
+pbkdf2 \
+pcidump \
+pgp \
+play \
+png \
+procfs \
+raid5rec \
+raid6rec \
+read \
+reboot \
+regexp \
+romfs \
+scsi \
+search \
+search_fs_file \
+search_fs_uuid \
+search_label \
+serial \
+syslinuxcfg \
+setjmp \
+setpci \
+spkmodem \
+squash4 \
+sleep \
+tar \
+test \
+true \
+uhci \
+udf \
+ufs1 \
+ufs1_be \
+ufs2 \
+usb \
+usb_keyboard \
+usbms \
+xfs \
+xzio \
+zfs \
+zfscrypt \
+zfsinfo \
+zstd \
+"

config/grub/default/config/payload

@@ -54,7 +54,7 @@ if [ -f (cbfsdisk)/timeout.cfg ]; then
 else	
 	set timeout=5
 fi
-set grub_scan_disk="nvme ahci ata"
+set grub_scan_disk="ahci ata"
 if [ -f (cbfsdisk)/scan.cfg ]; then
 	source (cbfsdisk)/scan.cfg
 fi
@@ -87,17 +87,11 @@ function search_grub {
 		for part in 1 2 3 4 5 6 7 8 9 10 11 12; do
 			if [ "${1}" != "nvme" ]; then
 				try_user_config "(${1}${i},${part})"
-			else
-				# TODO: do we care about other namesapces
-				try_user_config "(nvme${i}n1,${part})"
 			fi
 		done
 		if [ "${1}" != "nvme" ]; then
 			# raw devices e.g. (ahci0) instead of (ahci0,1)
 			try_user_config "(${1}${i})"
-		else
-			# TODO: do we care about other namesapces
-			try_user_config "(nvme${i}n1)"
 		fi
 	done
 	echo # Insert newline
@@ -123,17 +117,11 @@ function search_isolinux {
 		for part in 1 2 3 4 5 6 7 8 9 10 11 12; do
 			if [ "${1}" != "nvme" ]; then
 				try_isolinux_config "(${1}${i},${part})"
-			else
-				# TODO: see above
-				try_isolinux_config "(nvme${i}n1,${part})"
 			fi
 		done
 		if [ "${1}" != "nvme" ]; then
 			# raw devices e.g. (usb0) instead of (usb0,1)
 			try_isolinux_config "(${1}${i})"
-		else
-			# TODO: do we care about other namesapces
-			try_isolinux_config "(nvme${i}n1)"
 		fi
 	done
 	echo # Insert newline
@@ -175,9 +163,6 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 					bootdev="${bootdev} (ahci${i},${part})"
 				elif [ "${grub_disk}" = "ata" ]; then
 					bootdev="${bootdev} (ata${i},${part})"
-				elif [ "${grub_disk}" = "nvme" ]; then
-					# TODO: do we care about other namesapces
-					bootdev="${bootdev} (nvme${i}n1,${part})"
 				fi
 			done
 		done
@@ -214,9 +199,6 @@ menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on AHCI  [a]' --hotkey='a'
 menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on ATA/IDE  [d]' --hotkey='d' {
 	search_bootcfg ata
 }
-menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on NVMe  [e]' --hotkey='e' {
-	search_bootcfg nvme
-}
 if [ -f (cbfsdisk)/grub.cfg ]; then
 menuentry 'Load configuration (grub.cfg) in CBFS  [t]' --hotkey='t' {
 	set root='(cbfsdisk)'

config/grub/nvme/config/payload

@@ -0,0 +1,289 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# Copyright (C) 2014-2016,2020-2021,2023-2024 Leah Rowe <leah@libreboot.org>
+# Copyright (C) 2015 Klemens Nanni <contact@autoboot.org>
+
+set prefix=(memdisk)/boot/grub
+
+insmod at_keyboard
+insmod usb_keyboard
+insmod nativedisk
+insmod ehci
+insmod ohci
+insmod uhci
+insmod usb
+insmod usbms
+insmod regexp
+
+terminal_input --append at_keyboard
+terminal_input --append usb_keyboard
+terminal_output --append cbmemc
+
+# User interface overrides wherever "keystatus" is supported
+# Keep SHIFT key pressed before powering on to disable graphics
+if keystatus --shift; then
+	terminal_output --append vga_text
+else
+	gfxpayload=keep
+	terminal_output --append gfxterm
+
+	if [ -f (cbfsdisk)/background.png ]; then
+		insmod png
+		background_image (cbfsdisk)/background.png
+	elif [ -f (cbfsdisk)/background.jpg ]; then
+		insmod jpeg
+		background_image (cbfsdisk)/background.jpg
+	fi
+fi
+
+# Keep CTRL pressed to enable default serial terminal (COM1 or the like)
+if keystatus --ctrl; then
+	serial
+	terminal_input --append serial
+	terminal_output --append serial
+fi
+
+# Keep ALT pressed to enable spkmodem
+if keystatus --alt; then
+	terminal_output --append spkmodem
+fi
+
+
+set default="0"
+if [ -f (cbfsdisk)/timeout.cfg ]; then
+	source (cbfsdisk)/timeout.cfg
+else	
+	set timeout=5
+fi
+set grub_scan_disk="nvme ahci ata"
+if [ -f (cbfsdisk)/scan.cfg ]; then
+	source (cbfsdisk)/scan.cfg
+fi
+
+if [ -f (cbfsdisk)/keymap.gkb ]; then
+	keymap (cbfsdisk)/keymap.gkb
+fi
+
+function really_try_user_config {
+	set root="${1}"
+
+	if [ -f /"${2}"/grub.cfg ]; then
+		unset superusers
+		configfile /"${2}"/grub.cfg
+	fi
+}
+
+function try_user_config {
+	# The @/... entries are for cases where the BTRFS filesystem is being used
+	for dir in grub boot/grub @/grub @/boot/grub grub2 boot/grub2 @/grub2 @/boot/grub2 boot @/boot; do
+		really_try_user_config "${1}" "${dir}"
+	done
+	for dir in ubuntu debian redhat; do
+		really_try_user_config "${1}" "EFI/${dir}"
+	done
+}
+function search_grub {
+	echo -n "Attempting to load grub.cfg from '${1}' devices"
+	for i in 0 1 2 3 4 5 6 7 8; do
+		for part in 1 2 3 4 5 6 7 8 9 10 11 12; do
+			if [ "${1}" != "nvme" ]; then
+				try_user_config "(${1}${i},${part})"
+			else
+				# TODO: do we care about other namesapces
+				try_user_config "(nvme${i}n1,${part})"
+			fi
+		done
+		if [ "${1}" != "nvme" ]; then
+			# raw devices e.g. (ahci0) instead of (ahci0,1)
+			try_user_config "(${1}${i})"
+		else
+			# TODO: do we care about other namesapces
+			try_user_config "(nvme${i}n1)"
+		fi
+	done
+	echo # Insert newline
+}
+
+function try_isolinux_config {
+	set root="${1}"
+	for dir in '' /boot /EFI /@ /@/boot; do
+		if [ -f "${dir}"/isolinux/isolinux.cfg ]; then
+			syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg
+		elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then
+			syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg
+		elif [ -f "${dir}"/syslinux/extlinux.conf ]; then
+			syslinux_configfile -s "${dir}"/syslinux/extlinux.conf
+		elif [ -f "${dir}"/extlinux/extlinux.conf ]; then
+			syslinux_configfile -s "${dir}"/extlinux/extlinux.conf
+		fi
+	done
+}
+function search_isolinux {
+	echo "\nAttempting to parse iso/sys/extlinux config from '${1}' devices"
+	for i in 0 1 2 3 4 5 6 7 8; do
+		for part in 1 2 3 4 5 6 7 8 9 10 11 12; do
+			if [ "${1}" != "nvme" ]; then
+				try_isolinux_config "(${1}${i},${part})"
+			else
+				# TODO: see above
+				try_isolinux_config "(nvme${i}n1,${part})"
+			fi
+		done
+		if [ "${1}" != "nvme" ]; then
+			# raw devices e.g. (usb0) instead of (usb0,1)
+			try_isolinux_config "(${1}${i})"
+		else
+			# TODO: do we care about other namesapces
+			try_isolinux_config "(nvme${i}n1)"
+		fi
+	done
+	echo # Insert newline
+}
+function try_bootcfg {
+	try_user_config "${1}"
+	try_isolinux_config "${1}"
+}
+function search_bootcfg {
+	search_grub "${1}"
+	search_isolinux "${1}"
+}
+menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o' {
+
+	for grub_disk in ${grub_scan_disk}; do
+		search_bootcfg ${grub_disk}
+	done
+
+	# grub device enumeration is very slow, so checks are hardcoded
+
+	# TODO: add more strings, based on what distros set up when
+	# the user select auto-partitioning on those installers
+	lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol"
+
+	raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9"
+
+	# in practise, doing multiple redundant checks is perfectly fast and
+	# TODO: optimize grub itself, and use */? here for everything
+
+	for vol in ${lvmvol} ${raidvol} ; do
+		try_bootcfg "${vol}"
+	done
+
+	unset bootdev
+	for grub_disk in ${grub_scan_disk}; do
+		for i in 0 1 2 3 4 5 6 7 8; do
+			for part in 1 2 3 4 5 6 7 8 9 10 11 12; do
+				if [ "${grub_disk}" = "ahci" ]; then
+					bootdev="${bootdev} (ahci${i},${part})"
+				elif [ "${grub_disk}" = "ata" ]; then
+					bootdev="${bootdev} (ata${i},${part})"
+				elif [ "${grub_disk}" = "nvme" ]; then
+					# TODO: do we care about other namesapces
+					bootdev="${bootdev} (nvme${i}n1,${part})"
+				fi
+			done
+		done
+	done
+
+	set pager=0
+	echo -n "Attempting to unlock encrypted volumes"
+	for dev in ${bootdev} ${lvmvol} ${raidvol}; do
+		if cryptomount "${dev}" ; then break ; fi
+	done
+	set pager=1
+	echo
+
+	# after cryptomount, lvm volumes might be available
+	for vol in ${lvmvol}; do
+		try_bootcfg "${vol}"
+	done
+
+	search_bootcfg crypto
+
+	for vol in lvm/* ; do
+		try_bootcfg "${vol}"
+	done
+
+	true # Prevent pager requiring to accept each line instead of whole screen
+}
+
+menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on USB  [s]' --hotkey='s' {
+	search_bootcfg usb
+}
+menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on AHCI  [a]' --hotkey='a' {
+	search_bootcfg ahci
+}
+menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on ATA/IDE  [d]' --hotkey='d' {
+	search_bootcfg ata
+}
+menuentry 'Search for GRUB/SYSLINUX/EXTLINUX/ISOLINUX on NVMe  [e]' --hotkey='e' {
+	search_bootcfg nvme
+}
+if [ -f (cbfsdisk)/grub.cfg ]; then
+menuentry 'Load configuration (grub.cfg) in CBFS  [t]' --hotkey='t' {
+	set root='(cbfsdisk)'
+	if [ -f /grub.cfg ]; then
+		configfile /grub.cfg
+	fi
+}
+fi
+if [ -f (cbfsdisk)/grubtest.cfg ]; then
+menuentry 'Load test configuration (grubtest.cfg) inside of CBFS  [t]' --hotkey='t' {
+	set root='(cbfsdisk)'
+	if [ -f /grubtest.cfg ]; then
+		configfile /grubtest.cfg
+	fi
+}
+fi
+if [ -f (cbfsdisk)/seabios.elf ]; then
+menuentry 'Load SeaBIOS (payload) [b]' --hotkey='b' {
+	set root='cbfsdisk'
+	chainloader /seabios.elf
+}
+fi
+if [ -f (cbfsdisk)/img/grub2 ]; then
+menuentry 'Return to SeaBIOS [b]' --hotkey='b' {
+	set root='cbfsdisk'
+	chainloader /fallback/payload
+}
+fi
+menuentry 'Poweroff  [p]' --hotkey='p' {
+	halt
+}
+menuentry 'Reboot  [r]' --hotkey='r' {
+	reboot
+}
+if [ -f (cbfsdisk)/img/memtest ]; then
+menuentry 'Load MemTest86+  [m]' --hotkey='m' {
+	set root='cbfsdisk'
+	chainloader /img/memtest
+}
+fi
+
+submenu 'Other  [z]' --hotkey='z' {
+	menuentry 'Enable default serial terminal  [s]' --hotkey='s'  {
+		serial
+		terminal_input --append serial
+		terminal_output --append serial
+	}
+
+	menuentry 'Disable default serial terminal' {
+		terminal_input --remove serial
+		terminal_output --remove serial
+	}
+
+	menuentry 'Enable gfxterm' {
+		terminal_output --append gfxterm
+		terminal_output --remove vga_text
+	}
+	menuentry 'Disable gfxterm  [g]' --hotkey='g'  {
+		terminal_output --remove gfxterm
+		terminal_output --append vga_text
+	}
+
+	menuentry 'Enable spkmodem  [a]' --hotkey='a' {
+		terminal_output --append spkmodem
+	}
+
+	menuentry 'Disable spkmodem  [z]' --hotkey='z' {
+		terminal_output --remove spkmodem
+	}
+}

config/grub/nvme/patches/0001-borderfix/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch

@@ -0,0 +1,90 @@
+From ce13539fe2103abbd991814d995e06cf96e485f7 Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Sun, 31 Oct 2021 03:47:05 +0000
+Subject: [PATCH 1/3] mitigate grub's missing characters for borders/arrow
+ characters
+
+This cleans up the display on the main screen in GRUB.
+
+Just don't draw a border, at all.
+---
+ grub-core/normal/menu_text.c | 49 ++----------------------------------
+ 1 file changed, 2 insertions(+), 47 deletions(-)
+
+diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c
+index b1321eb26..e76094dfd 100644
+--- a/grub-core/normal/menu_text.c
++++ b/grub-core/normal/menu_text.c
+@@ -108,47 +108,6 @@ grub_print_message_indented (const char *msg, int margin_left, int margin_right,
+   grub_print_message_indented_real (msg, margin_left, margin_right, term, 0);
+ }
+ 
+-static void
+-draw_border (struct grub_term_output *term, const struct grub_term_screen_geometry *geo)
+-{
+-  int i;
+-
+-  grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL);
+-
+-  grub_term_gotoxy (term, (struct grub_term_coordinate) { geo->first_entry_x - 1,
+-	geo->first_entry_y - 1 });
+-  grub_putcode (GRUB_UNICODE_CORNER_UL, term);
+-  for (i = 0; i < geo->entry_width + 1; i++)
+-    grub_putcode (GRUB_UNICODE_HLINE, term);
+-  grub_putcode (GRUB_UNICODE_CORNER_UR, term);
+-
+-  for (i = 0; i < geo->num_entries; i++)
+-    {
+-      grub_term_gotoxy (term, (struct grub_term_coordinate) { geo->first_entry_x - 1,
+-	    geo->first_entry_y + i });
+-      grub_putcode (GRUB_UNICODE_VLINE, term);
+-      grub_term_gotoxy (term,
+-			(struct grub_term_coordinate) { geo->first_entry_x + geo->entry_width + 1,
+-			    geo->first_entry_y + i });
+-      grub_putcode (GRUB_UNICODE_VLINE, term);
+-    }
+-
+-  grub_term_gotoxy (term,
+-		    (struct grub_term_coordinate) { geo->first_entry_x - 1,
+-			geo->first_entry_y - 1 + geo->num_entries + 1 });
+-  grub_putcode (GRUB_UNICODE_CORNER_LL, term);
+-  for (i = 0; i < geo->entry_width + 1; i++)
+-    grub_putcode (GRUB_UNICODE_HLINE, term);
+-  grub_putcode (GRUB_UNICODE_CORNER_LR, term);
+-
+-  grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL);
+-
+-  grub_term_gotoxy (term,
+-		    (struct grub_term_coordinate) { geo->first_entry_x - 1,
+-			(geo->first_entry_y - 1 + geo->num_entries
+-			 + GRUB_TERM_MARGIN + 1) });
+-}
+-
+ static int
+ print_message (int nested, int edit, struct grub_term_output *term, int dry_run)
+ {
+@@ -167,10 +126,8 @@ command-line or ESC to discard edits and return to the GRUB menu."),
+     {
+       char *msg_translated;
+ 
+-      msg_translated = grub_xasprintf (_("Use the %C and %C keys to select which "
+-					 "entry is highlighted."),
+-				       GRUB_UNICODE_UPARROW,
+-				       GRUB_UNICODE_DOWNARROW);
++      msg_translated = grub_xasprintf (_("Use the arrow keys to select which "
++					 "entry is highlighted."));
+       if (!msg_translated)
+ 	return 0;
+       ret += grub_print_message_indented_real (msg_translated, STANDARD_MARGIN,
+@@ -410,8 +367,6 @@ grub_menu_init_page (int nested, int edit,
+ 
+   grub_term_normal_color = grub_color_menu_normal;
+   grub_term_highlight_color = grub_color_menu_highlight;
+-  if (geo->border)
+-    draw_border (term, geo);
+   grub_term_normal_color = old_color_normal;
+   grub_term_highlight_color = old_color_highlight;
+   geo->timeout_y = geo->first_entry_y + geo->num_entries
+-- 
+2.25.1
+

config/grub/nvme/patches/0001-borderfix/0002-say-the-name-libreboot-in-the-grub-menu.patch

@@ -0,0 +1,25 @@
+From 70f9e72c3ff6381fe3519612de3b649c0cf26b9a Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Sat, 19 Nov 2022 16:30:24 +0000
+Subject: [PATCH 2/3] say the name libreboot, in the grub menu
+
+---
+ grub-core/normal/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index bd4431000..31308e16a 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term,
+ 
+   grub_term_cls (term);
+ 
+-  msg_formatted = grub_xasprintf (_("GNU GRUB  version %s"), PACKAGE_VERSION);
++  msg_formatted = grub_xasprintf (_("Libreboot 20240504 release, based on coreboot.    https://libreboot.org/"));
+   if (!msg_formatted)
+     return;
+ 
+-- 
+2.25.1
+

config/grub/nvme/patches/0002-luks2/0003-Add-CC0-license.patch

@@ -0,0 +1,42 @@
+From de6e7cc62522ce1be21bd2f06e7c15cd234b5426 Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 1/6] Add CC0 license
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ grub-core/kern/dl.c           | 3 ++-
+ util/grub-module-verifierXX.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
+index 0bf40caa6..4011e2d15 100644
+--- a/grub-core/kern/dl.c
++++ b/grub-core/kern/dl.c
+@@ -470,7 +470,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
+ 
+   if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
+       || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
+-      || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0)
++      || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0
++      || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=CC0") == 0)
+     return GRUB_ERR_NONE;
+ 
+   return grub_error (GRUB_ERR_BAD_MODULE,
+diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
+index a42c20bd1..7157a30aa 100644
+--- a/util/grub-module-verifierXX.c
++++ b/util/grub-module-verifierXX.c
+@@ -236,7 +236,8 @@ check_license (const char * const filename,
+   Elf_Shdr *s = find_section (arch, e, ".module_license", module_size);
+   if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0
+ 	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0
+-	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0))
++	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0
++	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=CC0") == 0))
+     return;
+   grub_util_error ("%s: incompatible license", filename);
+ }
+-- 
+2.39.2
+

config/grub/nvme/patches/0002-luks2/0004-Define-GRUB_UINT32_MAX.patch

@@ -0,0 +1,39 @@
+From 9edaaffac91d593a439e44bac3b6f5558f5a8245 Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 2/6] Define GRUB_UINT32_MAX
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ include/grub/types.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/include/grub/types.h b/include/grub/types.h
+index 0d96006fe..a13f3a60b 100644
+--- a/include/grub/types.h
++++ b/include/grub/types.h
+@@ -156,6 +156,7 @@ typedef grub_int32_t	grub_ssize_t;
+ #define GRUB_SHRT_MAX 0x7fff
+ #define GRUB_SHRT_MIN (-GRUB_SHRT_MAX - 1)
+ #define GRUB_UINT_MAX 4294967295U
++#define GRUB_UINT32_MAX 4294967295U
+ #define GRUB_INT_MAX 0x7fffffff
+ #define GRUB_INT_MIN (-GRUB_INT_MAX - 1)
+ #define GRUB_INT32_MAX 2147483647
+@@ -177,6 +178,13 @@ typedef grub_int32_t	grub_ssize_t;
+ #define GRUB_TYPE_U_MAX(type) ((unsigned long long)((typeof (type))(~0)))
+ #define GRUB_TYPE_U_MIN(type) 0ULL
+ 
++# define GRUB_UINT32_C(x) x ## U
++# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1
++#  define GRUB_UINT64_C(x) x##UL
++# elif 1
++#  define GRUB_UINT64_C(x) x##ULL
++# endif
++
+ typedef grub_uint64_t grub_properly_aligned_t;
+ 
+ #define GRUB_PROPERLY_ALIGNED_ARRAY(name, size) grub_properly_aligned_t name[((size) + sizeof (grub_properly_aligned_t) - 1) / sizeof (grub_properly_aligned_t)]
+-- 
+2.39.2
+

config/grub/nvme/patches/0002-luks2/0006-Error-on-missing-Argon2id-parameters.patch

@@ -0,0 +1,58 @@
+From 0044d32121bf52c4547c6b3c78f12d7305f57e6b Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 4/6] Error on missing Argon2id parameters
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ grub-core/disk/luks2.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index d5106402f..bc818ea69 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -38,6 +38,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ enum grub_luks2_kdf_type
+ {
+   LUKS2_KDF_TYPE_ARGON2I,
++  LUKS2_KDF_TYPE_ARGON2ID,
+   LUKS2_KDF_TYPE_PBKDF2
+ };
+ typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
+@@ -90,7 +91,7 @@ struct grub_luks2_keyslot
+ 	grub_int64_t time;
+ 	grub_int64_t memory;
+ 	grub_int64_t cpus;
+-      } argon2i;
++      } argon2;
+       struct
+       {
+ 	const char   *hash;
+@@ -160,10 +161,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
+   else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
+     {
+-      out->kdf.type = LUKS2_KDF_TYPE_ARGON2I;
+-      if (grub_json_getint64 (&out->kdf.u.argon2i.time, &kdf, "time") ||
+-	  grub_json_getint64 (&out->kdf.u.argon2i.memory, &kdf, "memory") ||
+-	  grub_json_getint64 (&out->kdf.u.argon2i.cpus, &kdf, "cpus"))
++      out->kdf.type = !grub_strcmp (type, "argon2i")
++		      ? LUKS2_KDF_TYPE_ARGON2I : LUKS2_KDF_TYPE_ARGON2ID;
++      if (grub_json_getint64 (&out->kdf.u.argon2.time, &kdf, "time") ||
++	  grub_json_getint64 (&out->kdf.u.argon2.memory, &kdf, "memory") ||
++	  grub_json_getint64 (&out->kdf.u.argon2.cpus, &kdf, "cpus"))
+ 	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
+     }
+   else if (!grub_strcmp (type, "pbkdf2"))
+@@ -459,6 +461,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+   switch (k->kdf.type)
+     {
+       case LUKS2_KDF_TYPE_ARGON2I:
++      case LUKS2_KDF_TYPE_ARGON2ID:
+ 	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+ 	goto err;
+       case LUKS2_KDF_TYPE_PBKDF2:
+-- 
+2.39.2
+

config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch

@@ -0,0 +1,83 @@
+From 0a21695c55f76f1c958bb633481d55b3168562f7 Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 5/6] Compile with Argon2id support
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ Makefile.util.def           |  6 +++++-
+ grub-core/Makefile.core.def |  2 +-
+ grub-core/disk/luks2.c      | 13 +++++++++++--
+ 3 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index 1e9a13d3e..a167825c3 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
+ library = {
+   name = libgrubkern.a;
+   cflags = '$(CFLAGS_GNULIB)';
+-  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
++  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';
+ 
+   common = util/misc.c;
+   common = grub-core/kern/command.c;
+@@ -36,6 +36,10 @@ library = {
+   common = grub-core/kern/misc.c;
+   common = grub-core/kern/partition.c;
+   common = grub-core/lib/crypto.c;
++  common = grub-core/lib/argon2/argon2.c;
++  common = grub-core/lib/argon2/core.c;
++  common = grub-core/lib/argon2/ref.c;
++  common = grub-core/lib/argon2/blake2/blake2b.c;
+   common = grub-core/lib/json/json.c;
+   common = grub-core/disk/luks.c;
+   common = grub-core/disk/luks2.c;
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 4a06789e5..e939dcc99 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -1238,7 +1238,7 @@ module = {
+   common = disk/luks2.c;
+   common = lib/gnulib/base64.c;
+   cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
+-  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
++  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
+ };
+ 
+ module = {
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index bc818ea69..5b9eaa599 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -27,6 +27,7 @@
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+ 
++#include <argon2.h>
+ #include <base64.h>
+ #include <json.h>
+ 
+@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+     {
+       case LUKS2_KDF_TYPE_ARGON2I:
+       case LUKS2_KDF_TYPE_ARGON2ID:
+-	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+-	goto err;
++	ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
++			   passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
++			   k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
++			   ARGON2_VERSION_NUMBER);
++        if (ret)
++	  {
++	    grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
++	    goto err;
++	  }
++        break;
+       case LUKS2_KDF_TYPE_PBKDF2:
+ 	hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
+ 	if (!hash)
+-- 
+2.39.2
+

config/grub/nvme/patches/0002-luks2/0008-Make-grub-install-work-with-Argon2.patch

@@ -0,0 +1,26 @@
+From 6c9a6625c0dc038d1bdbdc13665f40e269e86496 Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 6/6] Make grub-install work with Argon2
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ util/grub-install.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util/grub-install.c b/util/grub-install.c
+index 1ad04db36..a8a3330b8 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk)
+     {
+       grub_util_cryptodisk_get_abstraction (disk,
+ 					    push_cryptodisk_module, NULL);
++      /* HACK: always push argon2 */
++      grub_install_push_module ("argon2");
+       have_abstractions = 1;
+       have_cryptodisk = 1;
+     }
+-- 
+2.39.2
+

config/grub/nvme/patches/0003-keyboardfix/0001-at_keyboard-coreboot-force-scancodes2-translate.patch

@@ -0,0 +1,107 @@
+From 96c0bbe5d406b616360a7fce7cee67d7692c0d6d Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Mon, 30 Oct 2023 22:19:21 +0000
+Subject: [PATCH 1/1] at_keyboard coreboot: force scancodes2+translate
+
+Scan code set 2 with translation should be assumed in
+every case, as the default starting position.
+
+However, GRUB is trying to detect and use other modes
+such as set 2 without translation, or set 1 without
+translation from set 2; it also detects no-mode and
+assumes mode 1, on really old keyboards.
+
+The current behaviour has been retained, for everything
+except GRUB_MACHINE_COREBOOT; for the latter, scan code
+set 2 with translation is hardcoded, and forced in code.
+
+This is required to make keyboard initialisation work on
+the MEC5035 EC used by the Dell Latitude E6400, when
+running GRUB as a coreboot payload on that laptop. The
+EC reports scancode set 2 with translation when probed,
+but actually only outputs scancode set 1.
+
+Since GRUB is attempting to use it without translation,
+and since the machine reports set 2 with translation,
+but only ever outputs set 1 scancodes, this results in
+wrong keypresses for every key.
+
+This fix fixed that, by forcing set 2 with translation,
+treating it as set 1, but only on coreboot. This is the
+same behaviour used in GNU+Linux systems and SeaBIOS.
+With this change, GRUB keyboard initialisation now works
+just fine on those machines.
+
+This has *also* been tested on other coreboot machines
+running GRUB; several HP EliteBooks, ThinkPads and
+Dell Precision T1650. All seems to work just fine.
+
+Signed-off-by: Leah Rowe <leah@libreboot.org>
+---
+ grub-core/term/at_keyboard.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c
+index f8a129eb7..8207225c2 100644
+--- a/grub-core/term/at_keyboard.c
++++ b/grub-core/term/at_keyboard.c
+@@ -138,6 +138,7 @@ write_mode (int mode)
+   return (i != GRUB_AT_TRIES);
+ }
+ 
++#if !defined (GRUB_MACHINE_COREBOOT)
+ static int
+ query_mode (void)
+ {
+@@ -161,10 +162,12 @@ query_mode (void)
+     return 3;
+   return 0;
+ }
++#endif
+ 
+ static void
+ set_scancodes (void)
+ {
++#if !defined (GRUB_MACHINE_COREBOOT)
+   /* You must have visited computer museum. Keyboard without scancode set
+      knowledge. Assume XT. */
+   if (!grub_keyboard_orig_set)
+@@ -173,20 +176,33 @@ set_scancodes (void)
+       ps2_state.current_set = 1;
+       return;
+     }
++#endif
+ 
+ #if !USE_SCANCODE_SET
+   ps2_state.current_set = 1;
+   return;
+-#else
++#endif
+ 
++#if defined (GRUB_MACHINE_COREBOOT)
++  /* enable translation */
++  grub_keyboard_controller_write (grub_keyboard_controller_orig
++				  & ~KEYBOARD_AT_DISABLE);
++#else
++  /* if not coreboot, disable translation and try mode 2 first, before 1 */
+   grub_keyboard_controller_write (grub_keyboard_controller_orig
+ 				  & ~KEYBOARD_AT_TRANSLATE
+ 				  & ~KEYBOARD_AT_DISABLE);
++#endif
+ 
+   keyboard_controller_wait_until_ready ();
+   grub_outb (KEYBOARD_COMMAND_ENABLE, KEYBOARD_REG_DATA);
+-
+   write_mode (2);
++
++#if defined (GRUB_MACHINE_COREBOOT)
++  /* mode 2 with translation, so make grub treat as set 1 */
++  ps2_state.current_set = 1;
++#else
++  /* if not coreboot, translation isn't set; test 2 and fall back to 1 */
+   ps2_state.current_set = query_mode ();
+   grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set);
+   if (ps2_state.current_set == 2)
+-- 
+2.39.2
+

config/grub/nvme/patches/0003-keyboardfix/0002-keylayouts-don-t-print-Unknown-key-message.patch

@@ -0,0 +1,38 @@
+From 0a6abeb40ac4284fbff6ef5958989d561b6290a7 Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Tue, 31 Oct 2023 10:33:28 +0000
+Subject: [PATCH 1/1] keylayouts: don't print "Unknown key" message
+
+on keyboards with stuck keys, this results in GRUB just
+spewing it repeatedly, preventing use of GRUB.
+
+in such cases, it's still possible to use the keyboard,
+and we should let the user at least boot.
+
+it often appears when people plug in faulty usb keyboards,
+but can appear for laptop keyboards too; one of my e6400
+has stuck keys.
+
+with this patch, grub should be a bit more reliable in
+terms of user experience, when the keyboard is faulty.
+
+Signed-off-by: Leah Rowe <leah@libreboot.org>
+---
+ grub-core/commands/keylayouts.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/grub-core/commands/keylayouts.c b/grub-core/commands/keylayouts.c
+index aa3ba34f2..445fa0601 100644
+--- a/grub-core/commands/keylayouts.c
++++ b/grub-core/commands/keylayouts.c
+@@ -174,7 +174,6 @@ grub_term_map_key (grub_keyboard_key_t code, int status)
+   key = map_key_core (code, status, &alt_gr_consumed);
+ 
+   if (key == 0 || key == GRUB_TERM_SHIFT) {
+-    grub_printf ("Unknown key 0x%x detected\n", code);
+     return GRUB_TERM_NO_KEY;
+   }
+ 
+-- 
+2.39.2
+

config/grub/nvme/patches/0004-prefix/0001-don-t-print-missing-prefix-errors-on-the-screen.patch

@@ -0,0 +1,102 @@
+From 9e7a651a0f15f2e9dec65a77765c3c4fd97b4165 Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Sun, 5 Nov 2023 16:14:58 +0000
+Subject: [PATCH 1/1] don't print missing prefix errors on the screen
+
+we do actually set the prefix. this patch modifies
+grub to still set grub_errno and return accordingly,
+so the behaviour is otherwise identical, but it will
+no longer print a warning message on the screen.
+
+Signed-off-by: Leah Rowe <leah@libreboot.org>
+---
+ grub-core/commands/keylayouts.c | 2 +-
+ grub-core/commands/loadenv.c    | 2 +-
+ grub-core/commands/nativedisk.c | 2 +-
+ grub-core/efiemu/main.c         | 3 +--
+ grub-core/font/font.c           | 2 +-
+ grub-core/kern/dl.c             | 2 +-
+ 6 files changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/commands/keylayouts.c b/grub-core/commands/keylayouts.c
+index 445fa0601..00bcf7025 100644
+--- a/grub-core/commands/keylayouts.c
++++ b/grub-core/commands/keylayouts.c
+@@ -211,7 +211,7 @@ grub_cmd_keymap (struct grub_command *cmd __attribute__ ((unused)),
+     {
+       const char *prefix = grub_env_get ("prefix");
+       if (!prefix)
+-	return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("variable `%s' isn't set"), "prefix");
++	return (grub_errno = GRUB_ERR_BAD_ARGUMENT);
+       filename = grub_xasprintf ("%s/layouts/%s.gkb", prefix, argv[0]);
+       if (!filename)
+ 	return grub_errno;
+diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c
+index 166445849..699b39bfa 100644
+--- a/grub-core/commands/loadenv.c
++++ b/grub-core/commands/loadenv.c
+@@ -58,7 +58,7 @@ open_envblk_file (char *filename,
+       prefix = grub_env_get ("prefix");
+       if (! prefix)
+         {
+-          grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "prefix");
++          grub_errno = GRUB_ERR_FILE_NOT_FOUND;
+           return 0;
+         }
+ 
+diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
+index 580c8d3b0..6806bff9c 100644
+--- a/grub-core/commands/nativedisk.c
++++ b/grub-core/commands/nativedisk.c
+@@ -186,7 +186,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)),
+   prefix = grub_env_get ("prefix");
+ 
+   if (! prefix)
+-    return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "prefix");
++    return (grub_errno = GRUB_ERR_FILE_NOT_FOUND);
+ 
+   if (prefix)
+     path_prefix = (prefix[0] == '(') ? grub_strchr (prefix, ')') : NULL;
+diff --git a/grub-core/efiemu/main.c b/grub-core/efiemu/main.c
+index e7037f4ed..e5d4dbff1 100644
+--- a/grub-core/efiemu/main.c
++++ b/grub-core/efiemu/main.c
+@@ -231,8 +231,7 @@ grub_efiemu_autocore (void)
+   prefix = grub_env_get ("prefix");
+ 
+   if (! prefix)
+-    return grub_error (GRUB_ERR_FILE_NOT_FOUND,
+-		       N_("variable `%s' isn't set"), "prefix");
++    return (grub_errno = GRUB_ERR_FILE_NOT_FOUND);
+ 
+   suffix = grub_efiemu_get_default_core_name ();
+ 
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 18de52562..2a0fea6c8 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -461,7 +461,7 @@ grub_font_load (const char *filename)
+ 
+ 	  if (!prefix)
+ 	    {
+-	      grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "prefix");
++              grub_errno = GRUB_ERR_FILE_NOT_FOUND;
+ 	      goto fail;
+ 	    }
+ 	  file = try_open_from_prefix (prefix, filename);
+diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
+index 4011e2d15..af3bd00d0 100644
+--- a/grub-core/kern/dl.c
++++ b/grub-core/kern/dl.c
+@@ -758,7 +758,7 @@ grub_dl_load (const char *name)
+     return 0;
+ 
+   if (! grub_dl_dir) {
+-    grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "prefix");
++    grub_errno = GRUB_ERR_FILE_NOT_FOUND;
+     return 0;
+   }
+ 
+-- 
+2.39.2
+

config/grub/nvme/patches/0004-prefix/0002-don-t-print-error-if-module-not-found.patch

@@ -0,0 +1,34 @@
+From 6237c5762edccc1e1fa4746b1d4aa5e8d81e4883 Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Sun, 5 Nov 2023 16:36:22 +0000
+Subject: [PATCH 1/1] don't print error if module not found
+
+still set grub_errno accordingly, and otherwise
+behave the same. in libreboot, we remove a lot of
+modules but then rely on loading a grub.cfg
+provided by a distro; in almost all cases that works,
+but also in almost all cases, that will try to load
+a module we don't actually need, but then it prints
+a message. this can annoy some users, so silence it.
+
+Signed-off-by: Leah Rowe <leah@libreboot.org>
+---
+ grub-core/kern/dl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
+index af3bd00d0..21d0cedb1 100644
+--- a/grub-core/kern/dl.c
++++ b/grub-core/kern/dl.c
+@@ -486,7 +486,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
+ 
+   s = grub_dl_find_section (e, ".modname");
+   if (!s)
+-    return grub_error (GRUB_ERR_BAD_MODULE, "no module name found");
++    return (grub_errno = GRUB_ERR_BAD_MODULE);
+ 
+   mod->name = grub_strdup ((char *) e + s->sh_offset);
+   if (! mod->name)
+-- 
+2.39.2
+

config/grub/nvme/patches/0004-prefix/0003-don-t-print-empty-error-messages.patch

@@ -0,0 +1,31 @@
+From e5b7ec81421487e71bcaf8b6b5a27f3649a62753 Mon Sep 17 00:00:00 2001
+From: Leah Rowe <leah@libreboot.org>
+Date: Sun, 5 Nov 2023 17:25:20 +0000
+Subject: [PATCH 1/1] don't print empty error messages
+
+this is part two of the quest to kill the prefix
+error message. after i disabled prefix-related
+messages, it still printed "error: ." on screen.
+
+Signed-off-by: Leah Rowe <leah@libreboot.org>
+---
+ grub-core/kern/err.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c
+index 53c734de7..7cac53983 100644
+--- a/grub-core/kern/err.c
++++ b/grub-core/kern/err.c
+@@ -107,7 +107,8 @@ grub_print_error (void)
+     {
+       if (grub_errno != GRUB_ERR_NONE)
+ 	{
+-	  grub_err_printf (_("error: %s.\n"), grub_errmsg);
++          if (grub_strlen(grub_errmsg) > 0)
++	    grub_err_printf (_("error: %s.\n"), grub_errmsg);
+ 	  grub_err_printed_errors++;
+ 	}
+     }
+-- 
+2.39.2
+

config/grub/nvme/target.cfg

@@ -0,0 +1,5 @@
+tree="nvme"
+rev="8719cc2040368d43ab2de0b6e1b850b2c9cfc5b7"
+bootstrapargs="--gnulib-srcdir=gnulib/ --no-git"
+autoconfargs="--with-platform=coreboot --disable-werror"
+makeargs="FS_PAYLOAD_MODULES=\"\""

config/submodule/grub/nvme/gnulib/module.cfg

@@ -0,0 +1,3 @@
+subrepo="git://git.sv.gnu.org/gnulib"
+subrepo_bkup="https://codeberg.org/libreboot/gnulib"
+subhash="9f48fb992a3d7e96610c4ce8be969cff2d61a01b"

config/submodule/grub/nvme/module.list

@@ -0,0 +1 @@
+gnulib