From 20389655e42e62ebf6d96dd106c91fbe74282557 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Mon, 18 Dec 2023 02:55:25 +0000 Subject: [PATCH] grub.cfg: try luks2/crypto-lvm before non-crypto when the user sets up an encrypted machine, grub.cfg defaults to non-encrypted setups if found, first this patch reverses the order, deferring to non-encrypted installations only when encrypted ones are unavailable Signed-off-by: Leah Rowe --- config/grub/config/grub.cfg | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/config/grub/config/grub.cfg b/config/grub/config/grub.cfg index 9439778a..e10cebd7 100644 --- a/config/grub/config/grub.cfg +++ b/config/grub/config/grub.cfg @@ -92,28 +92,10 @@ function search_isolinux { } menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o' { - if [ "${grub_scan_disk}" != "ata" ]; then - search_grub ahci - fi - if [ "${grub_scan_disk}" != "ahci" ]; then - search_grub ata - fi - - # grub device enumeration is very slow, so checks are hardcoded - - # TODO: add more strings, based on what distros set up when - # the user select auto-partitioning on those installers lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol" raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9" - # in practise, doing multiple redundant checks is perfectly fast and - # TODO: optimize grub itself, and use */? here for everything - - for vol in ${lvmvol} ${raidvol} ; do - try_user_config "${vol}" - done - unset ahcidev unset atadev for i in 11 10 9 8 7 6 5 4 3 2 1 0; do @@ -135,12 +117,20 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o set pager=1 echo - # after cryptomount, lvm volumes might be available - for vol in ${lvmvol}; do + # prefer crypto first (lvm before raid, because lvm + # volumes might exist inside luks/luks2) + search_grub crypto + for vol in ${lvmvol} ${raidvol}; do try_user_config "${vol}" done - search_grub crypto + # non-encrypted next, if crypto wasn't available + if [ "${grub_scan_disk}" != "ata" ]; then + search_grub ahci + fi + if [ "${grub_scan_disk}" != "ahci" ]; then + search_grub ata + fi if [ "${grub_scan_disk}" != "ata" ]; then # Last resort, if all else fails