grub config

# Start of ---------- 00_mender_grubenv_defines_grub.cfg ----------
mender_rootfsa_part=2
mender_rootfsb_part=3
mender_kernel_root_base=/dev/nvme0n1pp
kernel_imagetype=bzImage
# End of ---------- 00_mender_grubenv_defines_grub.cfg ----------
# Start of ---------- 01_mender_console_bootargs_grub.cfg ----------
set console_bootargs="console=tty0,115200n8 console=ttyS0,115200n8 console=ttyO0,115200n8 console=ttyAMA0,115200n8"
# End of ---------- 01_mender_console_bootargs_grub.cfg ----------
# Start of ---------- 02_mender_root_bootargs_grub.cfg ----------
set rootargs="rootwait"
# End of ---------- 02_mender_root_bootargs_grub.cfg ----------
# Start of ---------- 04_mender_setup_env_functions_grub.cfg ----------
# See the grub-mender-grubenv-print script for how this works.

# In this file we are skipping signature checking in most places. This is
# because Mender's environment is by nature dynamic, and cannot have a static
# signature. Instead, we make sure the content is valid.

# Free form variables can not be supported when signatures are
# enforced. "mender_systemd_machine_id" is such a variable, so it is not
# supported when signatures are on.

# Note that Secure Boot and GRUB signatures are two different things, and here
# we are talking about the latter.

function mender_setup_env_location {
    MENDER_ENV1=(${root})/grub-mender-grubenv/mender_grubenv1/env
    MENDER_LOCK1=(${root})/grub-mender-grubenv/mender_grubenv1/lock
    MENDER_ENV2=(${root})/grub-mender-grubenv/mender_grubenv2/env
    MENDER_LOCK2=(${root})/grub-mender-grubenv/mender_grubenv2/lock

    if [ ! -f ${MENDER_ENV1} -o ! -f ${MENDER_LOCK1} -o ! -f ${MENDER_ENV2} -o ! -f ${MENDER_LOCK2} ]; then
        if [ "${check_signatures}" = "enforce" ]; then
            echo "Signatures are enabled and the environment could not be found. Rebooting in 10 seconds..."
            sleep 10
            reboot
        else
            echo "The environment was not found. Tried to access ${MENDER_ENV1}. Continuing in 10 seconds..."
            sleep 10
            # Fallthrough and continue. Will most likely hit the "Environment is
            # corrupt" section below.
        fi
    fi
}

function mender_check_and_restore_env {
    mender_setup_env_location
    editing=invalid
    load_env --skip-sig --file ${MENDER_LOCK2} editing
    if [ "${editing}" != 0 ]; then
        # See comment about "free form" variables near the top.
        if [ "$check_signatures" = "enforce" ]; then
            load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
            save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
        else
            load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
            save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
        fi
        editing=0
        save_env --file ${MENDER_LOCK2} editing
    else
        editing=invalid
        load_env --skip-sig --file ${MENDER_LOCK1} editing
        if [ "${editing}" != 0 ]; then
            # See comment about "free form" variables near the top.
            if [ "$check_signatures" = "enforce" ]; then
                load_env --skip-sig --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
                save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
            else
                load_env --skip-sig --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
                save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
            fi
            editing=0
            save_env --file ${MENDER_LOCK1} editing
        fi
    fi
}

function mender_save_env {
    # Save redundant environment.
    mender_setup_env_location
    editing=1
    save_env --file ${MENDER_LOCK2} editing
    # See comment about "free form" variables near the top.
    if [ "$check_signatures" = "enforce" ]; then
        save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
    else
        save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
    fi
    editing=0
    save_env --file ${MENDER_LOCK2} editing

    editing=1
    save_env --file ${MENDER_LOCK1} editing
    # See comment about "free form" variables near the top.
    if [ "$check_signatures" = "enforce" ]; then
        save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
    else
        save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
    fi
    editing=0
    save_env --file ${MENDER_LOCK1} editing
}

function mender_check_grubenv_valid {
    if [ "${mender_boot_part}" != "${mender_rootfsa_part}" -a "${mender_boot_part}" != "${mender_rootfsb_part}" ]; then
        return 1
    fi

    if [ "${bootcount}" != "0" -a "${bootcount}" != "1" ]; then
        return 1
    fi

    if [ "${upgrade_available}" != "0" -a "${upgrade_available}" != "1" ]; then
        return 1
    fi

    return 0
}

function mender_load_env {
    mender_setup_env_location

    # See comment about "free form" variables near the top.
    if [ "$check_signatures" = "enforce" ]; then
        load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
    else
        load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
        export mender_systemd_machine_id
    fi
    export bootcount
    export mender_boot_part
    export upgrade_available

    if ! mender_check_grubenv_valid; then
        if [ "${check_signatures}" = "enforce" ]; then
            echo "Signatures are enabled and the environment is unverified. Rebooting in 10 seconds..."
            sleep 10
            reboot
        else
            if [ "${mender_boot_part}" != "${mender_rootfsb_part}" ]; then
                mender_boot_part="${mender_rootfsa_part}"
            fi
            echo "The environment is corrupt. Trying to boot from ${mender_kernel_root_base}${mender_boot_part} in 10 seconds, but this is not guaranteed to be a valid partition..."
            sleep 10
            # Fallthrough and continue.
        fi
    fi
}

function mender_load_env_with_rollback {
    mender_load_env

    if [ "${upgrade_available}" = "1" ]; then
        if [ "${bootcount}" != "0" ]; then
            echo "Rolling back..."
            if [ "${mender_boot_part}" = "${mender_rootfsa_part}" ]; then
                mender_boot_part="${mender_rootfsb_part}"
            else
                mender_boot_part="${mender_rootfsa_part}"
            fi
            upgrade_available=0
            bootcount=0
        else
            echo "Booting new update..."
            bootcount=1
        fi

        mender_save_env
    fi
}
# End of ---------- 04_mender_setup_env_functions_grub.cfg ----------
# Start of ---------- 05_mender_setup_env_grub.cfg ----------
mender_check_and_restore_env
mender_load_env_with_rollback
regexp (.*),(.*) $root -s mender_grub_storage_device
# End of ---------- 05_mender_setup_env_grub.cfg ----------
# Start of ---------- 05_mender_setup_grub.cfg ----------
function maybe_pause {
    # By default we do nothing. debug-pause PACKAGECONFIG replaces this so we
    # can pause at strategic places.
    echo
}

drop_to_grub_prompt="no"
function maybe_drop_to_grub_prompt {
    # By default we do nothing. force-grub-prompt PACKAGECONFIG replaces this so we
    # can bypass boot and stop at the grub prompt.
    echo
}
# End of ---------- 05_mender_setup_grub.cfg ----------
# Start of ---------- 06_mender_systemd_machine_id_grub.cfg ----------
if test -n "${mender_systemd_machine_id}"; then
   systemd_bootargs="systemd.machine_id=${mender_systemd_machine_id}"
fi
# End of ---------- 06_mender_systemd_machine_id_grub.cfg ----------
# Start of ---------- 10_mender_bootargs_grub.cfg ----------
set bootargs="${bootargs} ${console_bootargs} ${rootargs} ${systemd_bootargs}"
# End of ---------- 10_mender_bootargs_grub.cfg ----------
# Start of ---------- 80_mender_choose_partitions_grub.cfg ----------
# Historical note: The "mender_boot_part" variable means "partition to use as
# root filesystem while booting", not "the boot partition". So it would be
# better if it was named "mender_rootfs_part", but we can't rename it for
# compatibility reasons. The rest of the variable names follow the latter
# logic.

if [ "${mender_boot_part}" = "${mender_rootfsa_part}" -a test -n "${mender_kernela_part}" ]; then
    mender_ptable_part=${mender_kernela_part}
    mender_kernel_path=""
elif [ "${mender_boot_part}" = "${mender_rootfsb_part}" -a test -n "${mender_kernelb_part}" ]; then
    mender_ptable_part=${mender_kernelb_part}
    mender_kernel_path=""
else
    mender_ptable_part=${mender_boot_part}
    mender_kernel_path="/boot"
fi

if test -e (${mender_grub_storage_device},gpt${mender_ptable_part})/; then
    root="${mender_grub_storage_device},gpt${mender_ptable_part}"
else
    root="${mender_grub_storage_device},msdos${mender_ptable_part}"
fi

if test -n "${mender_rootfsa_uuid}" -a test -n  "${mender_rootfsb_uuid}"; then
    if [ "${mender_boot_part}" = "${mender_rootfsa_part}" ]; then
        mender_kernel_root="PARTUUID=${mender_rootfsa_uuid}"
    elif [ "${mender_boot_part}" = "${mender_rootfsb_part}" ]; then
        mender_kernel_root="PARTUUID=${mender_rootfsb_uuid}"
    fi
else
    mender_kernel_root="${mender_kernel_root_base}${mender_boot_part}"
fi
# End of ---------- 80_mender_choose_partitions_grub.cfg ----------
# Start of ---------- 90_mender_boot_grub.cfg ----------
maybe_drop_to_grub_prompt

if [ "${drop_to_grub_prompt}" = "no" ]; then
    if linux "${mender_kernel_path}/${kernel_imagetype}" root="${mender_kernel_root}" ${bootargs}; then
        if test -n "${initrd_imagetype}" -a test -e "${mender_kernel_path}/${initrd_imagetype}"; then
            initrd "${mender_kernel_path}/${initrd_imagetype}"
        fi
        maybe_pause "Pausing before booting."
        boot
    fi
    maybe_pause "Pausing after failed boot."
fi
# End of ---------- 90_mender_boot_grub.cfg ----------
# Start of ---------- 95_mender_try_to_recover_grub.cfg ----------
if [ "${drop_to_grub_prompt}" != "yes" ]; then
    if [ "${upgrade_available}" = "1" ]; then
        reboot
    fi
fi
# End of ---------- 95_mender_try_to_recover_grub.cfg ----------
# Start of ---------- 99_mender_end_of_grub.cfg ----------
if [ "${drop_to_grub_prompt}" = "yes" ]; then
    echo "Dropping to grub prompt intentionally."
    sleep --interruptible 10 --verbose
else
    echo "Dropping to grub prompt for unknown reason. Should never get here."
    sleep --interruptible 10 --verbose
fi
menuentry 'Dummy Entry for Debug.' 'Wait' {
   echo Menu Entry for debug/command prompt access
}
# End of ---------- 99_mender_end_of_grub.cfg ----------