If set, it will keep the menu from appearing until the sesame-phrase
has been typed. The intended usage is so that you can have two devices
both running grub/Linux, each device with a single serial port.
Connect both serial ports against each other, and the two devices will
not accidentally trigger grub to do anything, unless the sesame-phrase
will have been entered.
---
debian/changelog | 6 ++++++
docs/grub.texi | 7 +++++++
grub-core/normal/menu.c | 35 +++++++++++++++++++++++++++++++----
util/grub-mkconfig.in | 1 +
util/grub.d/00_header.in | 5 +++++
5 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 0d25df0fe..f8fee9919 100644
diff --git a/docs/grub.texi b/docs/grub.texi
index f1216d19d..d9283c5b1 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1315,6 +1315,13 @@ If the timeout expires before either of these happens,
it will boot the
default entry. In the @samp{countdown} case, it will show a one-line
indication of the remaining time.
+@item GRUB_SESAME
+Assigning a phrase to this option will only have effect if
+@samp{GRUB_TIMEOUT_STYLE} is set to either @samp{countdown} or @samp{hidden}.
+If set, it will keep the menu from appearing until the sesame-phrase
+has been typed. Entering the phrase needs to have been completed before
+@samp{GRUB_TIMEOUT} expires.
+
@item GRUB_DEFAULT_BUTTON
@itemx GRUB_TIMEOUT_BUTTON
@itemx GRUB_TIMEOUT_STYLE_BUTTON
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index 906a480a2..17087e1e2 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -580,6 +580,9 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
int default_entry, current_entry;
int timeout;
enum timeout_style timeout_style;
+ const char *sesameword;
+ char *sesamebuf = 0;
+ unsigned sesamelen;
default_entry = get_entry_number (menu, "default");
@@ -597,6 +600,17 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
grub_env_unset ("timeout_style");
timeout_style = get_timeout_style ();
+ sesameword = grub_env_get ("sesame");
+
+ if (sesameword) {
+ if (!*sesameword)
+ sesameword = 0;
+ else
+ {
+ sesamelen = grub_strlen (sesameword);
+ sesamebuf = grub_zalloc (sesamelen-- + 1);
+ }
+ }
if (timeout_style == TIMEOUT_STYLE_COUNTDOWN
|| timeout_style == TIMEOUT_STYLE_HIDDEN)
@@ -652,7 +666,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
mods |= term->getkeystatus (term);
}
- if (mods >= 0 &&
+ if (mods >= 0 && !sesameword &&
(mods & (GRUB_TERM_STATUS_LSHIFT
| GRUB_TERM_STATUS_RSHIFT)) != 0)
{
@@ -663,9 +677,19 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
key = grub_getkey_noblock ();
if (key != GRUB_TERM_NO_KEY)
{
- entry = get_entry_index_by_hotkey (menu, key);
- if (entry >= 0)
- break;
+ if (sesameword)
+ {
+ grub_memmove (sesamebuf, sesamebuf+1, sesamelen);
+ sesamebuf[sesamelen] = key;
+ key = grub_strcmp (sesamebuf, sesameword)
+ ? GRUB_TERM_NO_KEY : GRUB_TERM_ESC;
+ }
+ else
+ {
+ entry = get_entry_index_by_hotkey (menu, key);
+ if (entry >= 0)
+ break;
+ }
}
if (key == GRUB_TERM_ESC)
{
@@ -685,8 +709,11 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
break;
}
+ if (sesamebuf)
+ grub_free (sesamebuf);
grub_env_unset ("timeout");
grub_env_unset ("timeout_style");
+ grub_env_unset ("sesame");
if (entry >= 0)
{
*auto_boot = 0;
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index ad716384b..7e29680c4 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -211,6 +211,7 @@ export GRUB_DEFAULT \
GRUB_HIDDEN_TIMEOUT_QUIET \
GRUB_TIMEOUT \
GRUB_TIMEOUT_STYLE \
+ GRUB_SESAME \
GRUB_DEFAULT_BUTTON \
GRUB_HIDDEN_TIMEOUT_BUTTON \
GRUB_TIMEOUT_BUTTON \
diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in
index 674a76140..d8ec4bb77 100644
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -328,6 +328,11 @@ fi
make_timeout ()
{
+ if [ "x${GRUB_SESAME}" != "x" ] ; then
+ cat << EOF
+set sesame="${GRUB_SESAME}"
+EOF
+ fi
cat << EOF
if [ "\${recordfail}" = 1 ] ; then
set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30}
--
2.20.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
