Bug#925309: Wrong prefix directory hardcoded in signed GRUB image

[Colin Watson]

On Fri, Mar 22, 2019 at 08:47:37PM +0100, Pascal Hambourg wrote:
> From grub2 changelog :
>   - Unconditionally create grub.cfg on our EFI boot partition in Secure
>     Boot mode; GRUB always needs some configuration in this case to find
>     /boot/grub, since we can't modify the signed image at install time
> 
> grub-install installs this initial grub.cfg in the same location as the
> signed image, i.e.
> - /EFI/BOOT if the option --removable is present
> - the directory derived from the --bootloader-id option if present
> - the directory derived from $GRUB_DISTRIBUTOR defined in /etc/default/grub
> 
> The default value of $GRUB_DISTRIBUTOR is "Debian", so the default install
> location is (EFI_PARTITION)/EFI/debian.
> 
> However when the signed image is installed in a different location, it still
> looks for grub.cfg in (EFI_PARTITION)/EFI/debian instead of $cmdpath and
> spawns the grub> shell unless grub.cfg is present in this location. In the
> shell, $prefix is set to (EFI_PARTITION)/EFI/debian.
> 
> Shouldn't the prefix be initialized with $cmdpath instead of the hardcoded
> path /EFI/debian ?

Possibly.  The prefix parameter given to grub-mkimage's -p option has to
be an actual path, not a variable reference.  In order to make it use
$cmdpath, we'd need another one of the arrangements we use for some of
the other pre-built images to use a config file embedded in a memdisk.
Fiddly, but should be possible.

Which different location are you installing the signed image in?  Just
/EFI/BOOT, or something more exotic?

Thanks,

-- 
Colin Watson                                       [cjwatson at debian.org]