From 88459565eca04a2f0ebfb31fb820b06f0d68a111 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Tue, 26 Mar 2019 17:15:15 +0100 Subject: [PATCH] A set of EFI fixes to support arm64 QCom UEFI firmwares Signed-off-by: Javier Martinez Canillas --- ...2_HEADER_SIZE-define-in-arm-efi-case.patch | 35 +++++++++ ...ge-Align-efi-sections-on-4k-boundary.patch | 55 ++++++++++++++ ...e-Clarify-file-alignment-in-efi-case.patch | 71 +++++++++++++++++++ grub.patches | 3 + grub2.spec | 5 +- 5 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 0289-mkimage-Use-EFI32_HEADER_SIZE-define-in-arm-efi-case.patch create mode 100644 0290-mkimage-Align-efi-sections-on-4k-boundary.patch create mode 100644 0291-mkimage-Clarify-file-alignment-in-efi-case.patch diff --git a/0289-mkimage-Use-EFI32_HEADER_SIZE-define-in-arm-efi-case.patch b/0289-mkimage-Use-EFI32_HEADER_SIZE-define-in-arm-efi-case.patch new file mode 100644 index 0000000..34575e9 --- /dev/null +++ b/0289-mkimage-Use-EFI32_HEADER_SIZE-define-in-arm-efi-case.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Mon, 28 Jan 2019 14:35:27 +0100 +Subject: [PATCH] mkimage: Use EFI32_HEADER_SIZE define in arm-efi case + +The efi-arm case was defining its own header size calculation, even though it's +100% identical to the common EFI32_HEADER_SIZE definition. + +So let's clean it up to use the common define. + +Signed-off-by: Alexander Graf +Reviewed-by: Daniel Kiper +Tested-by: Julien ROBIN +--- + util/mkimage.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index e22d82afa61..d18ce87a55d 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -584,12 +584,7 @@ static const struct grub_install_image_target_desc image_targets[] = + .decompressor_uncompressed_size = TARGET_NO_FIELD, + .decompressor_uncompressed_addr = TARGET_NO_FIELD, + .section_align = GRUB_PE32_SECTION_ALIGNMENT, +- .vaddr_offset = ALIGN_UP (GRUB_PE32_MSDOS_STUB_SIZE +- + GRUB_PE32_SIGNATURE_SIZE +- + sizeof (struct grub_pe32_coff_header) +- + sizeof (struct grub_pe32_optional_header) +- + 4 * sizeof (struct grub_pe32_section_table), +- GRUB_PE32_SECTION_ALIGNMENT), ++ .vaddr_offset = EFI32_HEADER_SIZE, + .pe_target = GRUB_PE32_MACHINE_ARMTHUMB_MIXED, + .elf_target = EM_ARM, + }, diff --git a/0290-mkimage-Align-efi-sections-on-4k-boundary.patch b/0290-mkimage-Align-efi-sections-on-4k-boundary.patch new file mode 100644 index 0000000..1f2d082 --- /dev/null +++ b/0290-mkimage-Align-efi-sections-on-4k-boundary.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Mon, 28 Jan 2019 14:35:28 +0100 +Subject: [PATCH] mkimage: Align efi sections on 4k boundary + +There is UEFI firmware popping up in the wild now that implements stricter +permission checks using NX and write protect page table entry bits. + +This means that firmware now may fail to load binaries if its individual +sections are not page aligned, as otherwise it can not ensure permission +boundaries. + +So let's bump all efi section alignments up to 4k (EFI page size). That way +we will stay compatible going forward. + +Unfortunately our internals can't deal very well with a mismatch of alignment +between the virtual and file offsets, so we have to also pad our target +binary a bit. + +Signed-off-by: Alexander Graf +Reviewed-by: Daniel Kiper +Tested-by: Julien ROBIN +--- + include/grub/efi/pe32.h | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index c03cc599f63..f71da19f2f5 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -20,6 +20,7 @@ + #define GRUB_EFI_PE32_HEADER 1 + + #include ++#include + + /* The MSDOS compatibility stub. This was copied from the output of + objcopy, and it is not necessary to care about what this means. */ +@@ -50,8 +51,14 @@ + /* According to the spec, the minimal alignment is 512 bytes... + But some examples (such as EFI drivers in the Intel + Sample Implementation) use 32 bytes (0x20) instead, and it seems +- to be working. For now, GRUB uses 512 bytes for safety. */ +-#define GRUB_PE32_SECTION_ALIGNMENT 0x200 ++ to be working. ++ ++ However, there is firmware showing up in the field now with ++ page alignment constraints to guarantee that page protection ++ bits take effect. Because currently existing GRUB code can not ++ properly distinguish between in-memory and in-file layout, let's ++ bump all alignment to GRUB_EFI_PAGE_SIZE. */ ++#define GRUB_PE32_SECTION_ALIGNMENT GRUB_EFI_PAGE_SIZE + #define GRUB_PE32_FILE_ALIGNMENT GRUB_PE32_SECTION_ALIGNMENT + + struct grub_pe32_coff_header diff --git a/0291-mkimage-Clarify-file-alignment-in-efi-case.patch b/0291-mkimage-Clarify-file-alignment-in-efi-case.patch new file mode 100644 index 0000000..373b5ce --- /dev/null +++ b/0291-mkimage-Clarify-file-alignment-in-efi-case.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Mon, 28 Jan 2019 14:35:29 +0100 +Subject: [PATCH] mkimage: Clarify file alignment in efi case + +There are a few spots in the PE generation code for EFI binaries that uses +the section alignment rather than file alignment, even though the alignment +is really only file bound. + +Replace those cases with the file alignment constant instead. + +Reported-by: Daniel Kiper +Signed-off-by: Alexander Graf +Reviewed-by: Daniel Kiper +Tested-by: Julien ROBIN +--- + util/mkimage.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index d18ce87a55d..b5272bc1b01 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -66,14 +66,14 @@ + + sizeof (struct grub_pe32_coff_header) \ + + sizeof (struct grub_pe32_optional_header) \ + + 4 * sizeof (struct grub_pe32_section_table), \ +- GRUB_PE32_SECTION_ALIGNMENT) ++ GRUB_PE32_FILE_ALIGNMENT) + + #define EFI64_HEADER_SIZE ALIGN_UP (GRUB_PE32_MSDOS_STUB_SIZE \ + + GRUB_PE32_SIGNATURE_SIZE \ + + sizeof (struct grub_pe32_coff_header) \ + + sizeof (struct grub_pe64_optional_header) \ + + 4 * sizeof (struct grub_pe32_section_table), \ +- GRUB_PE32_SECTION_ALIGNMENT) ++ GRUB_PE32_FILE_ALIGNMENT) + + static const struct grub_install_image_target_desc image_targets[] = + { +@@ -1207,10 +1207,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + header_size = EFI64_HEADER_SIZE; + + reloc_addr = ALIGN_UP (header_size + core_size, +- image_target->section_align); ++ GRUB_PE32_FILE_ALIGNMENT); + + pe_size = ALIGN_UP (reloc_addr + layout.reloc_size, +- image_target->section_align); ++ GRUB_PE32_FILE_ALIGNMENT); + pe_img = xmalloc (reloc_addr + layout.reloc_size); + memset (pe_img, 0, header_size); + memcpy ((char *) pe_img + header_size, core_img, core_size); +@@ -1260,7 +1260,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + + o->image_base = 0; + o->section_alignment = grub_host_to_target32 (image_target->section_align); +- o->file_alignment = grub_host_to_target32 (image_target->section_align); ++ o->file_alignment = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); + o->image_size = grub_host_to_target32 (pe_size); + o->header_size = grub_host_to_target32 (header_size); + o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); +@@ -1295,7 +1295,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + o->code_base = grub_cpu_to_le32 (header_size); + o->image_base = 0; + o->section_alignment = grub_host_to_target32 (image_target->section_align); +- o->file_alignment = grub_host_to_target32 (image_target->section_align); ++ o->file_alignment = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); + o->image_size = grub_host_to_target32 (pe_size); + o->header_size = grub_host_to_target32 (header_size); + o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); diff --git a/grub.patches b/grub.patches index c80c2b5..beb67c2 100644 --- a/grub.patches +++ b/grub.patches @@ -286,3 +286,6 @@ Patch0285: 0285-grub-switch-to-blscfg-copy-increment.mod-for-legacy-.patch Patch0286: 0286-Only-set-blsdir-if-boot-loader-entries-is-in-a-btrfs.patch Patch0287: 0287-Fix-the-type-of-grub_efi_status_t.patch Patch0288: 0288-blscfg-don-t-use-grub_list_t-and-the-GRUB_AS_LIST-ma.patch +Patch0289: 0289-mkimage-Use-EFI32_HEADER_SIZE-define-in-arm-efi-case.patch +Patch0290: 0290-mkimage-Align-efi-sections-on-4k-boundary.patch +Patch0291: 0291-mkimage-Clarify-file-alignment-in-efi-case.patch diff --git a/grub2.spec b/grub2.spec index 584ce09..6f47388 100644 --- a/grub2.spec +++ b/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 74%{?dist} +Release: 75%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -480,6 +480,9 @@ rm -r /boot/grub2.tmp/ || : %endif %changelog +* Tue Mar 26 2019 Javier Martinez Canillas - 1:2.02-75 +- A set of EFI fixes to support arm64 QCom UEFI firmwares (pbrobinson) + * Fri Mar 22 2019 Javier Martinez Canillas - 2.02-74 - Fix some BLS snippets not being displayed in the GRUB menu Resolves: rhbz#1691232