forked from calliecameron/mint-encrypted-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
update-bootloader
executable file
·226 lines (186 loc) · 5.58 KB
/
update-bootloader
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
#!/bin/bash
SETTINGS_DIR="${HOME}/.mint-encrypted-install"
function load-setting() {
# Returns empty string if file does not exist
cat "${SETTINGS_DIR}/${1}" 2>/dev/null
}
function save-setting() {
# shellcheck disable=SC2015
mkdir -p "${SETTINGS_DIR}" &&
echo "${2}" > "${SETTINGS_DIR}/${1}" || fail
}
function enter-to-continue() {
echo &&
read -r -p "Press ENTER to continue..." &&
echo &&
echo
}
function yn-y() {
# Y is the default
local REPLY
read -p "${1} [Y/n] " -r
if [[ $REPLY =~ ^[Nn]$ ]]; then
return 1
else
return 0
fi
}
function yn-n() {
# N is the default
local REPLY
read -p "${1} [y/N] " -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
return 0
else
return 1
fi
}
function read-existing-path() {
read -r -p "${1}: " name || fail
if [ -z "${name}" ] || [ ! -e "${name}" ]; then
echo "That file doesn't exist!" 1>&2
exit 1
else
echo "${name}"
fi
}
function fail() {
echo -e "\e[31mSomething went wrong!\e[0m"
exit 1
}
cat <<EOF
This script will update the initramfs and bootloader, from inside a
running Mint installation previously set up using
mint-encrypted-install.
EOF
if ! yn-n "Continue?"; then
exit 0
fi
# Not completely foolproof, but should do the job...
if ! lsb_release -a 2>/dev/null | grep 'sarah\|serena\|sonya' &>/dev/null || type ubiquity &>/dev/null; then
cat <<EOF
You are not running on an installed Linux Mint 18, 18.1 or 18.2 system.
Cannot go any further.
EOF
exit 1
fi
# Convenient place to get the sudo password, before asking for settings
sudo true || fail
echo
if [ -e '/sys/firmware/efi' ]; then
FIRMWARE='uefi'
else
FIRMWARE='bios'
fi
# Load settings
BOOT_DEVICE="$(load-setting boot-device)"
if [ "${FIRMWARE}" = 'uefi' ]; then
UEFI_PARTITION_NUM="$(load-setting uefi-partition-num)"
UEFI_BOOT_ENTRY="$(load-setting uefi-boot-entry)"
fi
# Check settings
if [ ! -z "${BOOT_DEVICE}" ]; then
echo 'Block devices:'
lsblk
cat <<EOF
Settings saved from last run:
Bootloader device: ${BOOT_DEVICE}
EOF
if ! yn-y ' Is this correct?'; then
BOOT_DEVICE=''
fi
echo
fi
if [ "${FIRMWARE}" = 'uefi' ]; then
if [ ! -z "${UEFI_PARTITION_NUM}" ]; then
cat <<EOF
UEFI partition number on boot device: ${UEFI_PARTITION_NUM}
EOF
if ! yn-y ' Is this correct?'; then
UEFI_PARTITION_NUM=''
fi
echo
fi
if [ ! -z "${UEFI_BOOT_ENTRY}" ]; then
cat <<EOF
Valid options for UEFI boot entry are any of the four-digit hex
numbers listed below:
EOF
sudo efibootmgr
echo
cat <<EOF
UEFI boot entry: ${UEFI_BOOT_ENTRY}
EOF
if ! yn-n ' Is this correct?'; then
UEFI_BOOT_ENTRY=''
fi
echo
fi
fi
# Get any missing settings
if [ -z "${BOOT_DEVICE}" ]; then
echo 'Block devices:'
lsblk
echo
BOOT_DEVICE="$(read-existing-path "Enter the device on which the bootloader is installed; typically something like /dev/sda or /dev/sdb for hard drives, or /dev/nvme0n1 or /dev/nvme0n2 for NVME SSDs")"
if [ -z "${BOOT_DEVICE}" ]; then
fail
fi
save-setting boot-device "${BOOT_DEVICE}"
echo
fi
if [ "${FIRMWARE}" = 'uefi' ]; then
if [ -z "${UEFI_PARTITION_NUM}" ]; then
echo 'Block devices:'
lsblk
echo
read -r -p "Enter the number of the UEFI boot partition, e.g. if the partition is /dev/sda1 on a hard drive, enter 1, or /dev/nvme0n1p2 on an NVME SSD, enter 2: " UEFI_PARTITION_NUM || fail
if [ -z "${UEFI_PARTITION_NUM}" ]; then
echo 'Invalid partition number'
fail
fi
save-setting uefi-partition-num "${UEFI_PARTITION_NUM}"
echo
fi
if [ -z "${UEFI_BOOT_ENTRY}" ]; then
echo "Existing boot entries are:"
echo
sudo efibootmgr
echo
read -r -p "Enter the four-digit hex number of an existing boot entry to update it, or leave this blank to create a new one: " UEFI_BOOT_ENTRY || fail
save-setting uefi-boot-entry "${UEFI_BOOT_ENTRY}"
echo
fi
fi
# Now actually start the update
sudo locale-gen --purge --no-archive &&
# shellcheck disable=SC2015
sudo update-initramfs -u || fail
if [ "${FIRMWARE}" = 'bios' ]; then
sudo update-grub &&
sudo grub-mkconfig -o /boot/grub/grub.cfg &&
# shellcheck disable=SC2015
sudo grub-install "${BOOT_DEVICE}" || fail
elif [ "${FIRMWARE}" = 'uefi' ]; then
sudo update-grub &&
sudo mkdir -p /boot/efi/EFI/mint &&
sudo grub-mkconfig -o /boot/efi/EFI/mint/grub.cfg &&
echo "configfile \${cmdpath}/grub.cfg" | sudo tee /tmp/grub.cfg &>/dev/null &&
# shellcheck disable=SC2015
sudo grub-mkstandalone -d /usr/lib/grub/x86_64-efi/ -O x86_64-efi --compress="xz" --modules="part_gpt part_msdos crypto cryptodisk luks disk diskfilter lvm" --fonts="unicode" -o "/boot/efi/EFI/mint/grubx64.efi" "boot/grub/grub.cfg=/tmp/grub.cfg" -v || fail
echo
if [ -z "${UEFI_BOOT_ENTRY}" ]; then
# Create a new boot entry
sudo efibootmgr -c -d "${BOOT_DEVICE}" -p "${UEFI_PARTITION_NUM}" -L "Mint" -l "\EFI\mint\grubx64.efi" || fail
else
# Update an existing boot entry
sudo efibootmgr -b "${UEFI_BOOT_ENTRY}" -d "${BOOT_DEVICE}" -p "${UEFI_PARTITION_NUM}" -L "Mint" -l "\EFI\mint\grubx64.efi" || fail
fi
else
# Should never get here
fail
fi
cat <<EOF
Finished - you may want to change the boot order using 'efibootmgr -o',
and remember to run this script again if you update grub or the kernel.
EOF