libreboot/resources/grub/config/menuentries/common.cfg

menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o' {

# GRUB handles (almost) every possible disk setup, but only the location of /boot is actually important,
# since GRUB only loads the user's config. As soon as the kernel takes over, libreboot's done.

# LVM, RAID, filesystems and encryption on both raw devices and partitions in all various combinations
# need to be supported. Since full disk encryption is possible with GRUB as payload and probably desired/used
# by most users, libreboot GRUB config tries to load the operating system (kernel) in the following way:

	# 1. Try to decrypt raw devices first. This <your disk setup> inside a LUKS container is pretty common
	#	a) Try LVM and RAID first, they might be used (accross multiple (raw) devices)
	#	b) Always try LVM before RAID (LVM on (raw) RAID)
	#	c) Try MBR/GPT partitions at last, one might still conviniently uses a single partition

	for d in (lvm/*) md/0 (md/0,*) ahci0 ahci1 (ahci0,*) (ahci1,*); do
		# prompt user for passphrase if LUKS header is found
		cryptomount ${d}
	done

	#   (This way, we only need to scan for encrypted data once while covering every possible disk setup,
	#    be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT

	# 2. Look for user config. If the above routine successfully decrypted a LUKS container, its content
	#    will be searched before everything else for obvious reasons. Regardless of this, the devices'
	#    hirachy stays the same.
	for d in crypto0 (crypt0,*) (lvm/*) md/0 (md0/,*) ahci0 ahci1 (ahci0,*) (ahci1,*); do
		set root=${d}
	#	a) Check possible file locations...
		for p in boot/grub/libreboot_ grub/libreboot_ boot/grub/ grub/ boot/grub2 grub2/; do
			if [ -f "/${p}grub.cfg" ]; then
	#	b) And eventually try to load the config. Using ESC one can still exit and revert back to
	#	   libreboot's menu.
				configfile /${p}grub.cfg
			fi
		done
	done
	# prompt user for passphrase if LUKS header is found but try using external keyfiles first
	search -n -f /keyfile --set=kf --hint usb0, --hint usb1,
	if [ $? = 0 ]; then
		kf="-k (${kf})/keyfile ${d}"
	fi
	#   (This way, we only need to scan for encrypted data once while covering every possible disk setup,
	#    be it LVM/BTRFS/ZFS/ext4/etc. (on LUKS) (on RAID) on/across raw devices/MBR/GPT
	for d in ${devs}; do
		cryptomount ${kf} ${d}
	done
	# 3. Do the same routine again, but for possibly decrypted data this time. There might be an LVM
	#    inside the LUKS container, but check crypto0 first since lvm/* also covers already existing (and
	#    therefore already scanned volumes as well)
	for d in crypto0 (crypt0,*) (lvm/*); do
		set root=${d}
		for p in boot/grub/libreboot_ grub/libreboot_ boot/grub/ grub/ boot/grub2 grub2/; do
			if [ -f "/${p}grub.cfg" ]; then
				configfile /${p}grub.cfg
			fi
		done
	done

	# 3. Last resort, if none of the above succeeds, all you have is GRUB's shell
	set root=ahci0,1
	for p in / /boot/; do
		if [ -f "${p}vmlinuz" ]; then
			linux ${p}vmlinuz root=/dev/sda1 rw
			if [ -f "${p}initrd.img" ]; then
				initrd ${p}initrd.img
			fi
		fi
	done
}
menuentry 'Parse ISOLINUX menu (AHCI)  [a]' --hotkey='a' {
	for i in 0 1; do
		# Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS
		set root=ahci${i}
		for p in /isolinux /syslinux; do
			if [ -f "${p}${p}.cfg" ]; then
				syslinux_configfile -i ${p}${p}.cfg
			elif [ -f "/boot${p}${p}.cfg" ]; then
				syslinux_configfile -i /boot${p}${p}.cfg
			fi
		done
		# Look for partitions
		# GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible
		for j in 0 1 2 3 4 5 6 7 8 9; do
			set root="ahci${i},${j}"
			for p in /isolinux /syslinux; do
				if [ -f "${p}${p}.cfg" ]; then
					syslinux_configfile -i ${p}${p}.cfg
				elif [ -f "/boot${p}${p}.cfg" ]; then
					syslinux_configfile -i /boot${p}${p}.cfg
				fi
			done
		done
	done
}
menuentry 'Parse ISOLINUX menu (USB)  [u]' --hotkey='u' {
	for i in 0 1; do
		# Check for filesystem on raw device without partition table (MBR/GPT), e.g. BTRFS or ZFS
		set root=usb${i}
		for p in /isolinux /syslinux; do
			if [ -f "${p}${p}.cfg" ]; then
				syslinux_configfile -i ${p}${p}.cfg
			elif [ -f "/boot${p}${p}.cfg" ]; then
				syslinux_configfile -i /boot${p}${p}.cfg
			fi
		done
		# Look for partitions
		# GPT allows more than 4 partitions, /boot on /dev/sda7 is quite unlikely but still possible
		for j in 0 1 2 3 4 5 6 7 8 9; do
			set root=usb${i},${j}
			for p in "/isolinux" "/syslinux"; do
				if [ -f "${p}${p}.cfg" ]; then
					syslinux_configfile -i ${p}${p}.cfg
				elif [ -f "/boot${p}${p}.cfg" ]; then
					syslinux_configfile -i /boot${p}${p}.cfg
				fi
			done
		done
	done
}
menuentry 'Parse ISOLINUX menu (CD/DVD)  [d]' --hotkey='d' {
	insmod ata
	for x in ata0 ahci1; do
		set root=${x}
		for p in "/isolinux" "/syslinux"; do
			if [ -f "${p}${p}.cfg" ]; then
				syslinux_configfile -i ${p}${p}.cfg
			elif [ -f "/boot${p}${p}.cfg" ]; then
				syslinux_configfile -i /boot${p}${p}.cfg
			fi
		done
	done
}
menuentry 'Switch to grubtest.cfg  [t]' --hotkey='t' {
	set root=cbfsdisk
	configfile /grubtest.cfg
}
menuentry 'Search for GRUB configuration (grub.cfg) outside of CBFS  [s]' --hotkey='s' {
	for i in usb0 usb1 ahci0 ahci1; do
		for j in 1 2 3 4 5 6 7 8 9; do
			x=${i},${j}
			for p in "grub" "boot/grub" "grub2" "boot/grub2"; do
				if [ -f "${x}/${p}/grub.cfg" ]; then
					submenu "Load Config from ${x}" ${x} {
						root=$2
						source /${p}/grub.cfg
						unset superusers
					}
				fi
			done
		done
	done
}
menuentry 'Poweroff  [p]' --hotkey='p' {
	halt
}
menuentry 'Reboot  [r]' --hotkey='r' {
	reboot
}
menuentry 'Load SeaBIOS' {
	set root='cbfsdisk'
	chainloader /bios.bin.elf
}