From f87a43cf567ea666d31b43171c8ce7a8cf805dcd Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Sat, 17 Jun 2023 16:10:18 -0400
Subject: "fix" efi booting with disgusting hack and out-of-repo binary

it turns out all that we need to do to make EFI booting
work is to replace the BOOTX64.EFI file that is produced
by GRUB's "grub-install" command with the version of that
file from Ventoy's upstream source of the same file:
<https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk/>.

Ventoy claims that to be their source here:
<https://github.com/ventoy/Ventoy/blob/master/DOC/BuildVentoyFromSource.txt>
"""
 5.10 UEFIinSecureBoot
 https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk/releases
 Super-UEFIinSecureBoot-Disk_minimal_v3.zip
 unzip it and get Super-UEFIinSecureBoot-Disk_minimal.img, extract the img by 7zip.
 INSTALL/EFI/BOOT/BOOTX64.EFI --> EFI/BOOT/BOOTX64.EFI SHA-256:
 475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34
"""

That SHA-256 matches what we have downloaded and are using.

I have created a separate repo containing the code that pulls down the
.zip file and extract the BOOTX64.EFI file from it.  That code verifies
the SHA-256 hash.  It can be added as a sami.git submodule.

This code is not usable without that file generated by that code.  This
commit should be amended with a git submodule added with that code too.
---
 src/partvi | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/partvi b/src/partvi
index a303b4f..edf219a 100755
--- a/src/partvi
+++ b/src/partvi
@@ -302,6 +302,7 @@ copy_data_to_mounted_target_filesystems()
             ;;
         efi-system-partition)
             EFI_DIR=$mnt
+            $sudo mkdir "$EFI_DIR"/EFI "$EFI_DIR"/EFI/BOOT
             ;;
     esac
 }
@@ -386,3 +387,32 @@ iterate_partitions copy_data_to_mounted_target_filesystems
 
 time loudly $sudo eatmydata -- grub-install --boot-directory="$BOOT_DIR" "$whole" --target=i386-pc
 time loudly $sudo eatmydata -- grub-install --boot-directory="$BOOT_DIR" "$whole" --target=x86_64-efi --removable --efi-directory="$EFI_DIR" || true
+
+ventoy_efi_dir=../ventoy-EFI-BOOT
+valdik_efi_dir=../import-grub-bootx64-efi/3
+if false
+then
+    # Ugly Ventoy hack.  Finally got EFI boot working!!
+    $sudo mv -v "$EFI_DIR"/EFI/BOOT/grubx64.efi "$EFI_DIR"/EFI/BOOT/grub.efi
+    # Ventoy BOOTX64.EFI boots grub.efi
+    $sudo cp -v --preserve=timestamps -t "$EFI_DIR"/EFI/BOOT/ -- $ventoy_efi_dir/BOOTX64.EFI
+elif true
+then
+    # Same ugly hack but w/ Ventoy's upstream <https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk>
+    # Valdik BOOTX64.EFI boots grubx64.efi
+    $sudo cp -v --preserve=timestamps -t "$EFI_DIR"/EFI/BOOT/ -- $valdik_efi_dir/BOOTX64.EFI
+elif false
+then
+    # Same ugly hack but using Ventoy's upstream, valdik. We chain-load valdik's
+    # second stage with Ventoy's BOOTX64.EFI because valdik's first stage
+    # doesn't work in versions marked "3-" (older version "3" works).
+    $sudo cp -v --preserve=timestamps -t "$EFI_DIR"/EFI/BOOT/ -- $ventoy_efi_dir/BOOTX64.EFI
+    $sudo cp -v --preserve=timestamps -- $valdik_efi_dir/grubx64.efi "$EFI_DIR"/EFI/BOOT/grub.efi
+    $sudo mv -v "$EFI_DIR"/EFI/BOOT/grubx64.efi "$EFI_DIR"/EFI/BOOT/grubx64_real.efi
+elif false
+then
+    # Here is valdik's version 3 working, with its own second stage, and the
+    # third stage replaced with our grub:
+    $sudo mv -v "$EFI_DIR"/EFI/BOOT/grubx64.efi "$EFI_DIR"/EFI/BOOT/grubx64_real.efi
+    $sudo cp -v --preserve=timestamps -t "$EFI_DIR"/EFI/BOOT/ -- $valdik_efi_dir/BOOTX64.EFI $valdik_efi_dir/grubx64.efi
+fi
-- 
cgit v1.2.3