diff -ur grub-2.04.orig/util/grub.d/10_linux.in grub-2.04/util/grub.d/10_linux.in --- grub-2.04.orig/util/grub.d/10_linux.in 2019-08-18 15:58:15.105000000 +0200 +++ grub-2.04/util/grub.d/10_linux.in 2019-08-18 15:58:28.665000000 +0200 @@ -28,6 +28,12 @@ CLASS="--class gnu-linux --class gnu --class os" +if [ "x${GRUB_RESTRICTED}" = "xtrue" ] ; then + GRUB_UNRESTRICTED_OPTION="" +else + GRUB_UNRESTRICTED_OPTION="--unrestricted" +fi + if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then OS="$(. /etc/os-release ; echo "$NAME $VERSION")" else @@ -102,9 +108,9 @@ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" fi - echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" else - echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" fi if [ x$type != xrecovery ] ; then save_default_entry | grub_add_tab diff -ur grub-2.04.orig/util/grub.d/30_os-prober.in grub-2.04/util/grub.d/30_os-prober.in --- grub-2.04.orig/util/grub.d/30_os-prober.in 2019-08-18 15:58:15.105000000 +0200 +++ grub-2.04/util/grub.d/30_os-prober.in 2019-08-18 15:58:28.665000000 +0200 @@ -30,6 +30,12 @@ exit 0 fi +if [ "x${GRUB_RESTRICTED}" = "xtrue" ] ; then + GRUB_UNRESTRICTED_OPTION="" +else + GRUB_UNRESTRICTED_OPTION="--unrestricted" +fi + if [ -z "`which os-prober 2> /dev/null`" ] || [ -z "`which linux-boot-prober 2> /dev/null`" ] ; then # missing os-prober and/or linux-boot-prober exit 0 @@ -52,7 +58,7 @@ # TRANSLATORS: it refers on the OS residing on device %s onstr="$(gettext_printf "(on %s)" "${DEVICE}")" cat << EOF -menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { +menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { EOF save_default_entry | grub_add_tab prepare_grub_to_access_device ${DEVICE} | grub_add_tab @@ -148,7 +154,7 @@ onstr="$(gettext_printf "(on %s)" "${DEVICE}")" cat << EOF -menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os \$menuentry_id_option 'osprober-chain-$(grub_get_device_id "${DEVICE}")' { +menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'osprober-chain-$(grub_get_device_id "${DEVICE}")' { EOF save_default_entry | grub_add_tab prepare_grub_to_access_device ${DEVICE} | grub_add_tab @@ -180,7 +186,7 @@ DEVICE=${DEVICE%@*} onstr="$(gettext_printf "(on %s)" "${DEVICE}")" cat << EOF -menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os \$menuentry_id_option 'osprober-efi-$(grub_get_device_id "${DEVICE}")' { +menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'osprober-efi-$(grub_get_device_id "${DEVICE}")' { EOF save_default_entry | sed -e "s/^/\t/" prepare_grub_to_access_device ${DEVICE} | sed -e "s/^/\t/" @@ -236,7 +242,7 @@ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then cat << EOF -menuentry '$(echo "$OS $onstr" | grub_quote)' $CLASS --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-simple-$boot_device_id' { +menuentry '$(echo "$OS $onstr" | grub_quote)' $CLASS --class gnu-linux --class gnu --class os ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'osprober-gnulinux-simple-$boot_device_id' { EOF save_default_entry | grub_add_tab printf '%s\n' "${prepare_boot_cache}" @@ -256,7 +262,7 @@ fi title="${LLABEL} $onstr" cat << EOF - menuentry '$(echo "$title" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-$LKERNEL-${recovery_params}-$boot_device_id' { + menuentry '$(echo "$title" | grub_quote)' --class gnu-linux --class gnu --class os ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'osprober-gnulinux-$LKERNEL-${recovery_params}-$boot_device_id' { EOF save_default_entry | sed -e "s/^/$grub_tab$grub_tab/" printf '%s\n' "${prepare_boot_cache}" | grub_add_tab @@ -293,7 +299,7 @@ hurd) onstr="$(gettext_printf "(on %s)" "${DEVICE}")" cat << EOF -menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' { +menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os ${GRUB_UNRESTRICTED_OPTION} \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' { EOF save_default_entry | grub_add_tab prepare_grub_to_access_device ${DEVICE} | grub_add_tab diff -ur grub-2.04.orig/util/grub-mkconfig.in grub-2.04/util/grub-mkconfig.in --- grub-2.04.orig/util/grub-mkconfig.in 2019-08-18 15:58:15.106000000 +0200 +++ grub-2.04/util/grub-mkconfig.in 2019-08-18 15:58:28.666000000 +0200 @@ -254,7 +254,8 @@ GRUB_ENABLE_CRYPTODISK \ GRUB_BADRAM \ GRUB_OS_PROBER_SKIP_LIST \ - GRUB_DISABLE_SUBMENU + GRUB_DISABLE_SUBMENU \ + GRUB_RESTRICTED if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new"