Comment 12 for bug 1903289

------- Comment From <email address hidden> 2022-02-07 19:02 EDT-------
Hi,

Apologies for the delay and thanks for your patience.

I haven't been able to properly test it yet, but some backports that at least compile and pass the relevant parts of the test suite can now be found at https://git.launchpad.net/~daxtens/ubuntu/+source/grub2/log/?h=ubuntu-appendedsig-2.11

Hopefully - hopefully! - I will be able to test it more this week.

If it's helpful to the team I'm happy to make that fit the Ubuntu packaging system a bit more closely - I know the basic principles (debian/patches, debian/patches/series, etc) but I'm not very good with the git-buildpackage tools just yet.

One thing that we've hit in other contexts is that this complicates the grub 'prefix'/search path: that is, how grub finds the grub.cfg file. Previously, this was determined by grub-install and encoded in the elf file, but that doesn't work for us because the whole elf file has to be signed at build time, so it can't have system-specific info embedded. [On UEFI, this problem doesn't arise because the Efi System Partition has a fat filesystem so it's easy to dump system-specific paths into a file on the ESP.]

Currently the backports do a search, which does work but is potentially a bit slow and error-prone. You simply build grub with a prefix representing just the path, and it goes and looks for the relevant partition. So if you have /boot/grub/grub.cfg and /boot is its own partition, you would build with "-p /grub"

Another external team is working on a way to put a grub-env block at the end of the PReP partition which could be a more elegant solution. I will let you know how everyone gets on there. In the mean time, if you have any input please let me know.

Kind regards, and once again my sincere apologies for the massive delays,
Daniel

Kind regards,
Daniel