Greetings,
I’m a happy user that is currently using a rebuild of coreboot from https://source.puri.sm/coreboot/coreboot.git (branch purism, tag 4.8.1-Purism-2).
While SeaBIOS does its work for most of use cases, I would really like to kick the security up a notch by using GRUB2 instead (which allows for full disk encryption setups) like I’m already doing on my other corebooted machines.
I could not find any information on either search engines or the support forums, as far as I know I’m the first one trying this in practice - the only other occurrence I could find being this: Building coreboot from source (official script) - #57 by CommodoreCrunch even though mention is just speculative.
Fearing that I could brick my laptop by just changing the payload, I went a different path: I rebuilt coreboot with grub on a separate tree, nabbed default_payload.elf from that and added it as a payload to my current rom with cbfstool add-payload. I then rebooted to seabios and chainloaded grub.
GRUB loads and finds all the modules that I bundled, but ls on the prompt gives no disks at all.
I suspect that this may be due to being chainloaded rather than booted directly by coreboot, but I’m too afraid to test: if my only available payload was unable to boot my operating system I would be marooned.
So here are my questions:
- has anyone ever tried or even managed to use grub instead of seabios?
- Is there anything in seabios that could explain this behaviour?
- would it be possible for someone who has easier access to an external flasher to try and see if the problem is reproducible, and if so, if it disappears when not passing through seabios?
Thank you!
PS: in my .config I have:
CONFIG_GRUB2_EXTRA_MODULES="acpi adler32 ahci all_video archelp ata at_keyboard backtrace bfs bitmap bitmap_scale boot bsd cat cbfs cbls cbmemc cbtime chain cmosdump cmostest cmp configfile cpio cpio_be cpuid crc64 crypto cryptodisk cs5536 date datehook datetime disk diskfilter div_test echo efiemu ehci elf eval exfat ext2 extcmd fat file fshelp geli gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool gfxmenu gfxterm_background gfxterm_menu gptsync gzio halt hashsum hdparm help hexdump iorw iso9660 jpeg keystatus linux loadenv loopback ls lsacpi lsmmap lspci luks lvm lzopio mda_text mdraid09 mdraid09_be mdraid1x memdisk memrw minicmd mmap mpi msdospart multiboot multiboot2 nativedisk newc nilfs2 normal ntfs ntfscomp odc offsetio ohci part_bsd part_gpt part_msdos parttool password password_pbkdf2 pbkdf2 pci pcidump png priority_queue probe progress raid5rec raid6rec read reboot regexp relocator romfs scsi search search_fs_file search_fs_uuid search_label serial setjmp setpci sfs sleep squash4 syslinuxcfg tar terminal terminfo test testload testspeed tga time tr trig true uhci usb usb_keyboard usbms usbserial_common usbserial_ftdi usbserial_pl2303 usbserial_usbdebug usbtest video_colors videoinfo videotest videotest_checksum xfs xzio"
) feedback from those who already tried this combination on Librems.