starlingx
/
metal
Code Issues Proposed changes

Remove Extended Security Profile selections 

Remove 'Extended Security Profile' from the BIOS and UEFI installer
menus.

Closes-Bug: 1839134

Change-Id: Iaf2b97c9772e010f3f32e35e1b13a47059ae07e8
Signed-off-by: Kristine Bujold <kristine.bujold@windriver.com>
This commit is contained in:
Kristine Bujold 2019-08-19 10:53:34 -04:00
parent 848c5adaea
commit 5072a6a870
4 changed files with 55 additions and 366 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
bsp-files/centos.syslinux.cfg
View File

@ -29,53 +29,20 @@ menu background #ff555555
# Standard Controller menu
menu begin
menu title Standard Controller Configuration
# Serial Console submenu
menu begin
menu title Serial Console
label 0
menu label STANDARD Security Boot Profile
text help
Standard Controller, console=ttyS0
Standard Security Profile Enabled (default setting)
endtext
label 0
menu label Serial Console
kernel vmlinuz
initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S0
menu label EXTENDED Security Boot Profile
text help
Standard Controller, console=ttyS0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end
# Graphical Console submenu
menu begin
menu title Graphical Console
label 1
menu label STANDARD Security Boot Profile
text help
Standard Controller, console=tty0
Standard Security Profile Enabled (default setting)
endtext
label 1
menu label Graphical Console
kernel vmlinuz
initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S1
menu label EXTENDED Security Boot Profile
text help
Standard Controller, console=tty0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end
menu end
menu SEPARATOR
@ -83,54 +50,20 @@ menu SEPARATOR
# AIO Controller menu
menu begin
menu title All-in-one Controller Configuration
# Serial Console submenu
menu begin
menu title Serial Console
label 2
menu label STANDARD Security Boot Profile
text help
All-in-one Controller, console=ttyS0
Standard Security Profile Enabled (default setting)
endtext
label 2
menu label Serial Console
kernel vmlinuz
initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S2
menu label EXTENDED Security Boot Profile
text help
All-in-one Controller, console=ttyS0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
initrd initrd.img
# Security profile option
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end
# Graphical Console submenu
menu begin
menu title Graphical Console
label 3
menu label STANDARD Security Boot Profile
text help
All-in-one Controller, console=tty0
Standard Security Profile Enabled (default setting)
endtext
label 3
menu label Graphical Console
kernel vmlinuz
initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S3
menu label EXTENDED Security Boot Profile
text help
All-in-one Controller, console=tty0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end
menu end
menu SEPARATOR
@ -138,51 +71,18 @@ menu SEPARATOR
# AIO (Low Latency) Controller menu
menu begin
menu title All-in-one (lowlatency) Controller Configuration
# Serial Console submenu
menu begin
menu title Serial Console
label 4
menu label STANDARD Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=ttyS0
Standard Security Profile Enabled (default setting)
endtext
label 4
menu label Serial Console
kernel vmlinuz
initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S4
menu label EXTENDED Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=ttyS0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end
# Graphical Console submenu
menu begin
menu title Graphical Console
label 5
menu label STANDARD Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=tty0
Standard Security Profile Enabled (default setting)
endtext
label 5
menu label Graphical Console
kernel vmlinuz
initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S5
menu label EXTENDED Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=tty0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end
menu end

110
bsp-files/grub.cfg
View File

@ -35,38 +35,13 @@ menuentry ' ' {
# Standard Controller menu
submenu 'UEFI Standard Controller Configuration' --id=standard {
submenu 'Serial Console' --id=serial {
menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img
}
menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img
}
}
menuentry 'Serial Console' --id=serial {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'Graphical Console' --id=graphical {
menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img
}
menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img
}
}
menuentry 'Graphical Console' --id=graphical {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
}
@ -77,38 +52,13 @@ menuentry ' '{
# AIO Controller menu
submenu 'UEFI All-in-one Controller Configuration' --id=aio {
submenu 'Serial Console' --id=serial {
menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img
}
menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img
}
}
menuentry 'Serial Console' --id=serial {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'Graphical Console' --id=graphical {
menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img
}
menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img
}
}
menuentry 'Graphical Console' --id=graphical {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
}
@ -119,37 +69,13 @@ menuentry ' '{
# AIO (lowlatency) Controller menu
submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat {
submenu 'Serial Console' --id=serial {
menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img
}
menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img
}
}
menuentry 'Serial Console' --id=serial {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'Graphical Console' --id=graphical {
menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img
}
menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img
}
}
menuentry 'Graphical Console' --id=graphical {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img
}
}

130
bsp-files/pxeboot.cfg
View File

@ -26,155 +26,57 @@ label 0
# Standard Controller menu
menu begin
menu title Standard Controller Configuration
# Serial Console submenu
menu begin
menu title Serial Console
label 1
menu label STANDARD Security Boot Profile
text help
Standard Controller, console=ttyS0
Standard Security Profile Enabled (default setting)
endtext
label 1
menu label Serial Console
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2
label S1
menu label EXTENDED Security Boot Profile
text help
Standard Controller, console=ttyS0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2
menu end
# Graphical Console submenu
menu begin
menu title Graphical Console
label 2
menu label STANDARD Security Boot Profile
text help
Standard Controller, console=tty0
Standard Security Profile Enabled (default setting)
endtext
label 2
menu label Graphical Console
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2
label S2
menu label EXTENDED Security Boot Profile
text help
Standard Controller, console=tty0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2
menu end
menu end
# AIO Controller menu
menu begin
menu title All-in-one Controller Configuration
# Serial Console submenu
menu begin
menu title Serial Console
label 3
menu label STANDARD Security Boot Profile
text help
All-in-one Controller, console=ttyS0
Standard Security Profile Enabled (default setting)
endtext
label 3
menu label Serial Console
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2
label S3
menu label EXTENDED Security Boot Profile
text help
All-in-one Controller, console=ttyS0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2
menu end
# Graphical Console submenu
menu begin
menu title Graphical Console
label 4
menu label STANDARD Security Boot Profile
text help
All-in-one Controller, console=tty0
Standard Security Profile Enabled (default setting)
endtext
label 4
menu label Graphical Console
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2
label S4
menu label EXTENDED Security Boot Profile
text help
All-in-one Controller, console=tty0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2
menu end
menu end
# AIO (Low Latency) Controller menu
menu begin
menu title All-in-one (lowlatency) Controller Configuration
# Serial Console submenu
menu begin
menu title Serial Console
label 5
menu label STANDARD Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=ttyS0
Standard Security Profile Enabled (default setting)
endtext
label 5
menu label Serial Console
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2
label S5
menu label EXTENDED Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=ttyS0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2
menu end
# Graphical Console submenu
menu begin
menu title Graphical Console
label 6
menu label STANDARD Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=tty0
Standard Security Profile Enabled (default setting)
endtext
label 6
menu label Graphical Console
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2
label S6
menu label EXTENDED Security Boot Profile
text help
All-in-one (lowlatency) Controller, console=tty0
Extended Security Profile Enabled (will impact performance)
endtext
kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2
menu end
menu end

51
bsp-files/pxeboot_grub.cfg
View File

@ -16,75 +16,36 @@ submenu 'UEFI Boot from hard drive' {
# Standard Controller menu
submenu 'UEFI Standard Controller' {
submenu 'Serial Console' {
menuentry 'STANDARD Security Boot Profile' {
menuentry 'Serial Console' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img
}
menuentry 'EXTENDED Security Boot Profile' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img
}
}
submenu 'Graphical Console' {
menuentry 'STANDARD Security Boot Profile' {
menuentry 'Graphical Console' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img
}
menuentry 'EXTENDED Security Boot Profile' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img
}
}
}
# AIO Controller menu
submenu 'UEFI All-in-one Controller' {
submenu 'Serial Console' {
menuentry 'STANDARD Security Boot Profile' {
menuentry 'Serial Console' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img
}
menuentry 'EXTENDED Security Boot Profile' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img
}
}
submenu 'Graphical Console' {
menuentry 'STANDARD Security Boot Profile' {
menuentry 'Graphical Console' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img
}
menuentry 'EXTENDED Security Boot Profile' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img
}
}
}
# AIO (lowlatency) Controller menu
submenu 'UEFI All-in-one (lowlatency) Controller' {
submenu 'Serial Console' {
menuentry 'STANDARD Security Boot Profile' {
menuentry 'Serial Console' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img
}
menuentry 'EXTENDED Security Boot Profile' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img
}
}
submenu 'Graphical Console' {
menuentry 'STANDARD Security Boot Profile' {
menuentry 'Graphical Console' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img
}
menuentry 'EXTENDED Security Boot Profile' {
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img
}
}
}