GRUB Not Loading Env Variables

[Gribbin, Sean]

Hi there,

I just want to first apologize for such a long email, I try to be 
overly-detailed to give as much information as possible.

I’m currently developing a secure boot chain for my work. I’d like to utilize 
GRUB to boot into Linux where integrity checks will be performed, then if the 
filesystem is verified, change a custom GRUB environment variable flag which 
will allow the user to continue our boot into Windows.

My initial idea was led a bit astray as the emedded 
configuration<https://www.gnu.org/software/grub/manual/grub/html_node/Embedded-configuration.html>
 doc is 
wrong<https://lists.gnu.org/archive/html/help-grub/2013-08/msg00023.html>, but 
I’ve been trying to persevere nonetheless. I found this StackOverflow 
thread<https://stackoverflow.com/questions/18212050/using-grub-is-it-possible-to-use-if-while-during-booting-before-loading-nor>
 suggesting a workaround is to embed a cfg file that uses `configfile` to call 
the “actual” file which contains the scripting and whatever else that I need.

This is my process:

  1.  Create a grub image:
$GRUBDIR/grub-mkimage               \
            -O i386-pc -d $CORE -v       \
            -p $CORE                      \
            -m $HOME/memdisk/memdisk.tar  \ # Memdisk has multiple cfgs 
dedicated
            -c $HOME/memdisk/embedded.cfg \ # to each boot entry (Windows and 
Linux)
            -o $CORE/core.img             \
part_gpt biosdisk ext2 memdisk ntfs tar echo sleep configfile search_fs_uuid 
loadenv search normal saveenv

  1.  Install using that image:

$GRUBDIR/grub-install $DRIVE                    \

            --boot-directory=$MNTDIR/boot/      \

            -d $CORE

  1.  Using Dracut, create the initramfs

Embedded.cfg:
insmod normal
load_env
configfile (memdisk)/grub.cfg

Grub.cfg:
                search.fs_uuid <uuid> root
set prefix=($root)/boot/grub
GRUB_PRELOAD_MODULES=insmod load_env save_env
insmod normal
load_env

if [ CLEAN == FALSE ]; then
                                configfile /boot/grub/windows.cfg
else
                                configfile /boot/grub/linux.cfg
fi

For some reason, GRUB is showing Linux.cfg even though CLEAN is set to FALSE.
When I load GRUB and go into the command line, I try to echo $CLEAN and it just 
returns blank. Only after load_env can I echo $CLEAN (and it return FALSE). My 
menu entry is still Linux.cfg, even after load_env.

I thoroughly feel like I’m missing one small detail for everything to fall into 
place, so if anyone has any advice, it would be greatly appreciated.

Thanks so much,
Sean


________________________________

IMPORTANT CONFIDENTIALITY NOTICE:

This e-mail (including any documents referred to in, or attached to, this 
e-mail) may contain information that is personal, confidential or the subject 
of copyright, privilege or other proprietary rights in favour of Aristocrat, 
its affiliates or third parties. This e-mail is intended only for the named 
addressee. Any privacy, confidentiality, legal professional privilege, 
copyright or other proprietary rights in favour of Aristocrat, its affiliates 
or third parties, is not lost nor waived if this e-mail has been sent to you in 
error.

If you have received this e-mail in error you should: (i) not copy, disclose, 
distribute or otherwise use it or its contents without the consent of 
Aristocrat or the owner of the relevant rights; (ii) let us know of the mistake 
by reply e-mail or by telephone (AUS +61 2 9013 6000 or USA +1-877-274-9661); 
and (iii) delete it from your system and destroy all copies.

Any personal information contained in this e-mail must be handled in accordance 
with applicable privacy laws.

Electronic and internet communications can be interfered with or affected by 
viruses and other defects. As a result, such communications may not be 
successfully received or, if received, may cause interference with the 
integrity of receiving, processing or related systems (including hardware, 
software and data or information on, or using, that hardware or software). 
Aristocrat gives no assurances and accepts no liability in relation to these 
matters.

If you have any doubts about the veracity or integrity of any electronic 
communication we appear to have sent you, please call (AUS +61 2 9013 6000 or 
USA +1-877-274-9661) for clarification.