rpms
/
grub2
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: rpms:48cf39de05df77b18f86a307f3c821e4f41e472f
Branches Tags
rpms:master
rpms:f40-riscv64
rpms:f38-riscv64
rpms:master-riscv64
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f25-bls3
rpms:f24
rpms:f25-bls
rpms:splitarch4
rpms:f23
rpms:f22
rpms:f19
rpms:f20
rpms:f21
rpms:f17
rpms:f18
rpms:f16
rpms:f15
rpms:f11
rpms:el6
rpms:f14
rpms:f9
rpms:el5
rpms:f10
rpms:f12
rpms:f13
rpms:grub2-1_98-3_el6
rpms:grub2-1_98-3_fc14
rpms:grub2-1_98-2_fc12
rpms:grub2-1_98-2_fc13
rpms:grub2-1_98-2_fc14
rpms:grub2-1_97_1-3_el6
rpms:grub2-1_97_2-1_fc13
rpms:F-13-split
rpms:F-13-start
rpms:grub2-1_97_1-5_fc13
rpms:grub2-1_97_1-4_fc13
rpms:EL-6-split
rpms:EL-6-start
rpms:grub2-1_97_1-3_fc13
rpms:grub2-1_97_1-3_fc12
rpms:grub2-1_97_1-2_fc12
rpms:grub2-1_97_1-2_fc13
rpms:grub2-1_97_1-1_fc13
rpms:grub2-1_98-0_6_20090911svn_fc13
rpms:grub2-1_98-0_6_20090911svn_fc12
rpms:F-12-split
rpms:F-12-start
rpms:grub2-1_98-0_6_20080827svn_fc12
rpms:grub2-1_98-0_5_20080827svn_fc11
rpms:F-11-split
rpms:F-11-start
rpms:grub2-1_98-0_4_20080827svn_fc11
rpms:grub2-1_98-0_3_20080827svn_fc10
rpms:F-10-split
rpms:F-10-start
rpms:grub2-1_98-0_2_20080807svn_fc10
rpms:EL-5-split
rpms:EL-5-start
rpms:F-9-split
rpms:F-9-start
...
compare: rpms:f91c3afb4b271e3c533d0b9b84224154c0583184
Branches Tags
rpms:f40-riscv64
rpms:f38-riscv64
rpms:master-riscv64
rpms:master
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f25-bls3
rpms:f24
rpms:f25-bls
rpms:splitarch4
rpms:f23
rpms:f22
rpms:f19
rpms:f20
rpms:f21
rpms:f17
rpms:f18
rpms:f16
rpms:f15
rpms:f11
rpms:el6
rpms:f14
rpms:f9
rpms:el5
rpms:f10
rpms:f12
rpms:f13
rpms:grub2-1_98-3_el6
rpms:grub2-1_98-3_fc14
rpms:grub2-1_98-2_fc12
rpms:grub2-1_98-2_fc13
rpms:grub2-1_98-2_fc14
rpms:grub2-1_97_1-3_el6
rpms:grub2-1_97_2-1_fc13
rpms:F-13-split
rpms:F-13-start
rpms:grub2-1_97_1-5_fc13
rpms:grub2-1_97_1-4_fc13
rpms:EL-6-split
rpms:EL-6-start
rpms:grub2-1_97_1-3_fc13
rpms:grub2-1_97_1-3_fc12
rpms:grub2-1_97_1-2_fc12
rpms:grub2-1_97_1-2_fc13
rpms:grub2-1_97_1-1_fc13
rpms:grub2-1_98-0_6_20090911svn_fc13
rpms:grub2-1_98-0_6_20090911svn_fc12
rpms:F-12-split
rpms:F-12-start
rpms:grub2-1_98-0_6_20080827svn_fc12
rpms:grub2-1_98-0_5_20080827svn_fc11
rpms:F-11-split
rpms:F-11-start
rpms:grub2-1_98-0_4_20080827svn_fc11
rpms:grub2-1_98-0_3_20080827svn_fc10
rpms:F-10-split
rpms:F-10-start
rpms:grub2-1_98-0_2_20080807svn_fc10
rpms:EL-5-split
rpms:EL-5-start
rpms:F-9-split
rpms:F-9-start

10 Commits
48cf39de05 ... f91c3afb4b

Author SHA1 Message Date
David Abdurachmanov f91c3afb4b
Backport R_RISCV_CALL_PLT reloc patch for riscv64 
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
 2023-08-30 17:17:38 +03:00
Nicolas Frayer 6d1f9f4a80 efi/http: change uint32_t to uintn_t 
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-08-22 14:25:39 +02:00
Nicolas Frayer 5184f7bcf1 util: Enable default kernel for updates 
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-08-22 14:14:44 +02:00
Robbie Harwood dc5c4e3f52 Add switch-root support to grub-emu 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-04-12 15:23:39 +00:00
Robbie Harwood e6b8f35a69 Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-04-10 16:44:09 +00:00
Robbie Harwood ab62564e2f tmp 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-03-31 17:47:53 -04:00
Chris Adams 9d4d1e919c Provide a legacy PXE boot core.0 
This enables PXE booting with grub2 rather than syslinux.

Signed-off-by: Chris Adams <linux@cmadams.net>
[rharwood: bump spec, fix commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-03-31 15:59:22 -04:00
Robbie Harwood dc0bc06560 Disable the tpm verifier if the TPM device is not present 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-03-30 12:47:20 +00:00
Robbie Harwood ecd22580ae ppc64le: more cas vec5 shenanigans 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-03-30 12:31:37 +00:00
Robbie Harwood 6a9365c88d emu: work around systemctl bad behavior 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-03-22 18:39:56 +00:00
15 changed files with 1126 additions and 2 deletions
Show Stats Expand all files Collapse all files

56
0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch Normal file
View File

@ -0,0 +1,56 @@
From 403d6540cd608b2706cfa0cb4713f7e4b490ff45 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Thu, 23 Feb 2023 13:15:08 -0800
Subject: [PATCH] RISC-V: Handle R_RISCV_CALL_PLT reloc
GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT
reloc for call in assembler [1], similarly LLVM does not make
distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2].
Fixes "grub-mkimage: error: relocation 0x13 is not implemented yet.".
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c
[2] https://reviews.llvm.org/D132530
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/riscv/dl.c | 1 +
util/grub-mkimagexx.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c
index f26b12aaa..896653bb4 100644
--- a/grub-core/kern/riscv/dl.c
+++ b/grub-core/kern/riscv/dl.c
@@ -188,6 +188,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
break;
case R_RISCV_CALL:
+ case R_RISCV_CALL_PLT:
{
grub_uint32_t *abs_place = place;
grub_ssize_t off = sym_addr - (grub_addr_t) place;
diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
index a1927e786..c5fb336e9 100644
--- a/util/grub-mkimagexx.c
+++ b/util/grub-mkimagexx.c
@@ -1294,6 +1294,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
}
break;
case R_RISCV_CALL:
+ case R_RISCV_CALL_PLT:
{
grub_uint32_t hi20, lo12;
@@ -1726,6 +1727,7 @@ translate_relocation_pe (struct translate_context *ctx,
case R_RISCV_BRANCH:
case R_RISCV_JAL:
case R_RISCV_CALL:
+ case R_RISCV_CALL_PLT:
case R_RISCV_PCREL_HI20:
case R_RISCV_PCREL_LO12_I:
case R_RISCV_PCREL_LO12_S:
--
2.41.0

41
0325-emu-linux-work-around-systemctl-kexec-returning.patch Normal file
View File

@ -0,0 +1,41 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 22 Mar 2023 14:19:43 -0400
Subject: [PATCH] emu/linux: work around systemctl kexec returning
Per systemctl(1), it "is asynchronous; it will return after the reboot
operation is enqueued, without waiting for it to complete". This
differs from kexec(8), which calls reboot(2) and therefore does not
return.
When not using fallback, this results in the confusing-but-harmless:
error trying to perform 'systemctl kexec': 0
Aborted. Press any key to exit.
on screen for a bit, followed by successful kexec.
To reduce the liklihood of hitting this case, add a delay on succesful
return. Ultimately, the systemd interface is racy: we can't avoid it
entirely unless we never fallback on success.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/loader/emu/linux.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
index 0cf378a376..7de3f7f861 100644
--- a/grub-core/loader/emu/linux.c
+++ b/grub-core/loader/emu/linux.c
@@ -74,6 +74,10 @@ grub_linux_boot (void)
(kexecute==1) ? "do-or-die" : "just-in-case");
rc = grub_util_exec (systemctl);
+ /* `systemctl kexec` is "asynchronous" and will return even on success. */
+ if (rc == 0)
+ grub_sleep (10);
+
if (kexecute == 1)
grub_fatal (N_("error trying to perform 'systemctl kexec': %d"), rc);

48
0326-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch Normal file
View File

@ -0,0 +1,48 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
Date: Mon, 27 Mar 2023 12:25:39 +0530
Subject: [PATCH] kern/ieee1275/init: Convert plain numbers to constants in
Vec5
This patch converts the plain numbers used in Vec5 properties to constants.
1. LPAR: Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR: Client program supports the Shared
Processor LPAR Option.
3. CMO: Enables the Cooperative Memory Over-commitment Option.
4. MAX_CPU: Defines maximum number of CPUs supported.
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit 8406cfe4774eb2da3db4bf0bc2b2ff6592ecbdaf)
---
grub-core/kern/ieee1275/init.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 72d4fed312..5d79580341 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -72,6 +72,12 @@ extern char _end[];
grub_addr_t grub_ieee1275_original_stack;
#endif
+#define LPAR 0x80
+#define SPLPAR 0x40
+#define BYTE2 (LPAR | SPLPAR)
+#define CMO 0x80
+#define MAX_CPU 256
+
void
grub_exit (int rc __attribute__((unused)))
{
@@ -575,7 +581,7 @@ grub_ieee1275_ibm_cas (void)
.vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
.vec5_size = 1 + sizeof (struct option_vector5) - 2,
.vec5 = {
- 0, 192, 0, 128, 0, 0, 0, 0, 256
+ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
}
};

127
0327-kern-ieee1275-init-Extended-support-in-Vec5.patch Normal file
View File

@ -0,0 +1,127 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
Date: Mon, 27 Mar 2023 12:25:40 +0530
Subject: [PATCH] kern/ieee1275/init: Extended support in Vec5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch enables multiple options in Vec5 which are required and
solves the boot issues seen on some machines which are looking for
these specific options.
1. LPAR: Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR: Client program supports the Shared
Processor LPAR Option.
3. DYN_RCON_MEM: Client program supports the
“ibm,dynamic-reconfiguration-memory” property and it may be
presented in the device tree.
4. LARGE_PAGES: Client supports pages larger than 4 KB.
5. DONATE_DCPU_CLS: Client supports donating dedicated processor cycles.
6. PCI_EXP: Client supports PCI Express implementations
utilizing Message Signaled Interrupts (MSIs).
7. CMOC: Enables the Cooperative Memory Over-commitment Option.
8. EXT_CMO: Enables the Extended Cooperative Memory Over-commit Option.
9. ASSOC_REF: Enables “ibm,associativity” and
“ibm,associativity-reference-points” properties.
10. AFFINITY: Enables Platform Resource Reassignment Notification.
11. NUMA: Supports NUMA Distance Lookup Table Option.
12. HOTPLUG_INTRPT: Supports Hotplug Interrupts.
13. HPT_RESIZE: Enable Hash Page Table Resize Option.
14. MAX_CPU: Defines maximum number of CPUs supported.
15. PFO_HWRNG: Supports Random Number Generator.
16. PFO_HW_COMP: Supports Compression Engine.
17. PFO_ENCRYPT: Supports Encryption Engine.
18. SUB_PROCESSORS: Supports Sub-Processors.
19. DY_MEM_V2: Client program supports the “ibm,dynamic-memory-v2” property in the
“ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree.
20. DRC_INFO: Client program supports the “ibm,drc-info” property definition and it may be
presented in the device tree.
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit 98d0df0351fbff7a4acc64c7594d538889a43e2d)
---
grub-core/kern/ieee1275/init.c | 47 ++++++++++++++++++++++++++++++++++++------
1 file changed, 41 insertions(+), 6 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 5d79580341..3d4ad9d1f1 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -72,11 +72,41 @@ extern char _end[];
grub_addr_t grub_ieee1275_original_stack;
#endif
-#define LPAR 0x80
-#define SPLPAR 0x40
-#define BYTE2 (LPAR | SPLPAR)
-#define CMO 0x80
-#define MAX_CPU 256
+/* Options vector5 properties. */
+
+#define LPAR 0x80
+#define SPLPAR 0x40
+#define DYN_RCON_MEM 0x20
+#define LARGE_PAGES 0x10
+#define DONATE_DCPU_CLS 0x02
+#define PCI_EXP 0x01
+#define BYTE2 (LPAR | SPLPAR | DYN_RCON_MEM | LARGE_PAGES | DONATE_DCPU_CLS | PCI_EXP)
+
+#define CMOC 0x80
+#define EXT_CMO 0x40
+#define CMO (CMOC | EXT_CMO)
+
+#define ASSOC_REF 0x80
+#define AFFINITY 0x40
+#define NUMA 0x20
+#define ASSOCIATIVITY (ASSOC_REF | AFFINITY | NUMA)
+
+#define HOTPLUG_INTRPT 0x04
+#define HPT_RESIZE 0x01
+#define BIN_OPTS (HOTPLUG_INTRPT | HPT_RESIZE)
+
+#define MAX_CPU 256
+
+#define PFO_HWRNG 0x80000000
+#define PFO_HW_COMP 0x40000000
+#define PFO_ENCRYPT 0x20000000
+#define PLATFORM_FACILITIES (PFO_HWRNG | PFO_HW_COMP | PFO_ENCRYPT)
+
+#define SUB_PROCESSORS 1
+
+#define DY_MEM_V2 0x80
+#define DRC_INFO 0x40
+#define BYTE22 (DY_MEM_V2 | DRC_INFO)
void
grub_exit (int rc __attribute__((unused)))
@@ -519,6 +549,11 @@ struct option_vector5
grub_uint8_t micro_checkpoint;
grub_uint8_t reserved0;
grub_uint32_t max_cpus;
+ grub_uint16_t base_papr;
+ grub_uint16_t mem_reference;
+ grub_uint32_t platform_facilities;
+ grub_uint8_t sub_processors;
+ grub_uint8_t byte22;
} GRUB_PACKED;
struct pvr_entry
@@ -581,7 +616,7 @@ grub_ieee1275_ibm_cas (void)
.vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
.vec5_size = 1 + sizeof (struct option_vector5) - 2,
.vec5 = {
- 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
+ 0, BYTE2, 0, CMO, ASSOCIATIVITY, BIN_OPTS, 0, 0, MAX_CPU, 0, 0, PLATFORM_FACILITIES, SUB_PROCESSORS, BYTE22
}
};

156
0328-tpm-Disable-the-tpm-verifier-if-the-TPM-device-is-no.patch Normal file
View File

@ -0,0 +1,156 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 22 Mar 2023 12:25:43 +0800
Subject: [PATCH] tpm: Disable the tpm verifier if the TPM device is not
present
When the tpm module is loaded, the verifier reads entire file into
memory, measures it and uses verified content as a backing buffer for
file accesses. However, this process may result in high memory
utilization for file operations, sometimes causing a system to run out
of memory which may finally lead to boot failure. To address this issue,
among others, the commit 887f98f0d (mm: Allow dynamically requesting
additional memory regions) have optimized memory management by
dynamically allocating heap space to maximize memory usage and reduce
threat of memory exhaustion. But in some cases problems may still arise,
e.g., when large ISO images are mounted using loopback or when dealing
with embedded systems with limited memory resources.
Unfortunately current implementation of the tpm module doesn't allow
elimination of the back buffer once it is loaded. Even if the TPM device
is not present or it has been explicitly disabled. This may unnecessary
allocate a lot memory. To solve this issue, a patch has been developed
to detect the TPM status at module load and skip verifier registration
if the device is missing or deactivated. This prevents allocation of
memory for the back buffer, avoiding wasting memory when no real measure
boot functionality is performed. Disabling the TPM device in the system
can reduce memory usage in the GRUB. It is useful in scenarios where
high memory utilization is a concern and measurements of loaded
artifacts are not necessary.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit 30708dfe3bebd62a5487437554da8a24253f519f)
---
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++
grub-core/commands/ieee1275/ibmvtpm.c | 20 +++++++++----------
grub-core/commands/tpm.c | 10 ++++++++++
include/grub/tpm.h | 1 +
4 files changed, 58 insertions(+), 10 deletions(-)
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index ae09c1bf8b..e1f343fea3 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
else
return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
}
+
+int
+grub_tpm_present (void)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+
+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1)
+ {
+ grub_efi_tpm_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm1_present (tpm);
+ }
+ else
+ {
+ grub_efi_tpm2_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm2_present (tpm);
+ }
+}
diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c
index 239942d27e..a6fee5c516 100644
--- a/grub-core/commands/ieee1275/ibmvtpm.c
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
@@ -135,16 +135,6 @@ grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
- /*
- * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
- * can be found.
- */
- grub_err_t err = tpm_init ();
-
- /* Absence of a TPM isn't a failure. */
- if (err != GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
-
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
pcr, size, description);
@@ -153,3 +143,13 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
return GRUB_ERR_NONE;
}
+
+int
+grub_tpm_present (void)
+{
+ /*
+ * Call tpm_init() "late" rather than from GRUB_MOD_INIT() so that device nodes
+ * can be found.
+ */
+ return tpm_init() == GRUB_ERR_NONE;
+}
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index e287d042e6..5839053d3d 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -86,10 +86,20 @@ struct grub_file_verifier grub_tpm_verifier = {
GRUB_MOD_INIT (tpm)
{
+ /*
+ * Even though this now calls ibmvtpm's grub_tpm_present() from GRUB_MOD_INIT(),
+ * it does seem to call it late enough in the initialization sequence so
+ * that whatever discovered "device nodes" before this GRUB_MOD_INIT() is
+ * called, enables the ibmvtpm driver to see the device nodes.
+ */
+ if (!grub_tpm_present())
+ return;
grub_verifier_register (&grub_tpm_verifier);
}
GRUB_MOD_FINI (tpm)
{
+ if (!grub_tpm_present())
+ return;
grub_verifier_unregister (&grub_tpm_verifier);
}
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 5c285cbc52..c19fcbd0a6 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -36,4 +36,5 @@
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *description);
+int grub_tpm_present (void);
#endif

38
0329-grub_dl_set_mem_attrs-fix-format-string.patch Normal file
View File

@ -0,0 +1,38 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 7 Apr 2023 14:54:35 +0200
Subject: [PATCH] grub_dl_set_mem_attrs(): fix format string
The grub_dprintf() call for printing the message
updating attributes for GOT and trampolines
passes the argument "mod->name", but the format string doesn't accept that
argument.
Print the module name too.
Example output:
> kern/dl.c:736: updating attributes for GOT and trampolines ("video_fb")
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
grub-core/kern/dl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index ab9101a5ad..a97f4a8b13 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -733,7 +733,8 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
{
tgsz = ALIGN_UP(tgsz, arch_addralign);
- grub_dprintf ("modules", "updating attributes for GOT and trampolines\n",
+ grub_dprintf ("modules",
+ "updating attributes for GOT and trampolines (\"%s\")\n",
mod->name);
grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
GRUB_MEM_ATTR_W);

140
0330-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch Normal file
View File

@ -0,0 +1,140 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 7 Apr 2023 16:21:54 +0200
Subject: [PATCH] grub_dl_set_mem_attrs(): add self-check for the tramp/GOT
sizes
On aarch64 UEFI, we currently have a crasher:
grub_dl_load_core()
grub_dl_load_core_noinit()
/* independent allocation: must remain writable */
mod = grub_zalloc();
/* allocates module image with incorrect tail alignment */
grub_dl_load_segments()
/* write-protecting the module image makes "mod" read-only! */
grub_dl_set_mem_attrs()
grub_update_mem_attrs()
grub_dl_init()
/* page fault, crash */
mod->next = ...;
- Commit 887f1d8fa976 ("modules: load module sections at page-aligned
addresses", 2023-02-08) forgot to page-align the allocation of the
trampolines and GOT areas of grub2 modules, in grub_dl_load_segments().
- Commit ad1b904d325b ("nx: set page permissions for loaded modules.",
2023-02-08) calculated a common bounding box for the trampolines and GOT
areas in grub_dl_set_mem_attrs(), rounded the box size up to a whole
multiple of EFI page size ("arch_addralign"), and write-protected the
resultant page range.
Consequently, grub_dl_load_segments() places the module image in memory
such that its tail -- the end of the trampolines and GOT areas -- lands at
the head of a page whose tail in turn contains independent memory
allocations, such as "mod". grub_dl_set_mem_attrs() will then unwittingly
write-protect these other allocations too.
But "mod" must remain writable: we assign "mod->next" in grub_dl_init()
subsequently. Currently we crash there with a page fault / permission
fault.
(The crash is not trivial to hit: the tramp/GOT areas are irrelevant on
x86_64, plus the page protection depends on the UEFI platform firmware
providing EFI_MEMORY_ATTRIBUTE_PROTOCOL. In practice, the crash is
restricted to aarch64 edk2 (ArmVirtQemu) builds containing commit
1c4dfadb4611, "ArmPkg/CpuDxe: Implement EFI memory attributes protocol",
2023-03-16.)
Example log before the patch:
> kern/dl.c:736: updating attributes for GOT and trampolines ("video_fb")
> kern/efi/mm.c:927: set +rx -w on 0x13b88b000-0x13b88bfff before:rwx after:r-x
> kern/dl.c:744: done updating module memory attributes for "video_fb"
> kern/dl.c:639: flushing 0xe4f0 bytes at 0x13b87d000
> kern/arm64/cache.c:42: D$ line size: 64
> kern/arm64/cache.c:43: I$ line size: 64
> kern/dl.c:839: module name: video_fb
> kern/dl.c:840: init function: 0x0
> kern/dl.c:865: Initing module video_fb
>
> Synchronous Exception at 0x000000013B8A76EC
> PC 0x00013B8A76EC
>
> X0 0x000000013B88B960 X1 0x0000000000000000 X2 0x000000013F93587C X3 0x0000000000000075
>
> SP 0x00000000470745C0 ELR 0x000000013B8A76EC SPSR 0x60000205 FPSR 0x00000000
> ESR 0x9600004F FAR 0x000000013B88B9D0
>
> ESR : EC 0x25 IL 0x1 ISS 0x0000004F
>
> Data abort: Permission fault, third level
Note the following:
- The whole 4K page at 0x1_3B88_B000 is write-protected.
- The "video_fb" module actually lives at [0x1_3B87_D000, 0x1_3B88_B4F0)
-- left-inclusive, right-exclusive --; that is, in the last page (at
0x1_3B88_B000), it only occupies the first 0x4F0 bytes.
- The instruction at 0x1_3B8A_76EC faults. Not shown here, but it is a
store instruction, which writes to the field at offset 0x70 of the
structure pointed-to by the X0 register. This is the "mod->next"
assignment from grub_dl_init().
- The faulting address is therefore (X0 + 0x70), i.e., 0x1_3B88_B9D0. This
is indeed the value held in the FAR register.
- The faulting address 0x1_3B88_B9D0 falls in the above-noted page (at
0x1_3B88_B000), namely at offset 0x9D0. This is *beyond* the first 0x4F0
bytes that the very tail of the "video_fb" module occupies at the front
of that page.
For now, add a self-check that reports this bug (and prevents the crash by
skipping the write protection).
Example log after the patch:
> kern/dl.c:742:BUG: trying to protect pages outside of module allocation
> ("video_fb"): module base 0x13b87d000, size 0xe4f0; tramp/GOT base
> 0x13b88b000, size 0x1000
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
grub-core/kern/dl.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index a97f4a8b13..3b66fa410e 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -682,7 +682,7 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
grub_size_t arch_addralign = grub_arch_dl_min_alignment ();
grub_addr_t tgaddr;
- grub_uint64_t tgsz;
+ grub_size_t tgsz;
#endif
grub_dprintf ("modules", "updating memory attributes for \"%s\"\n",
@@ -736,6 +736,15 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
grub_dprintf ("modules",
"updating attributes for GOT and trampolines (\"%s\")\n",
mod->name);
+ if (tgaddr < (grub_addr_t)mod->base ||
+ tgsz > (grub_addr_t)-1 - tgaddr ||
+ tgaddr + tgsz > (grub_addr_t)mod->base + mod->sz)
+ return grub_error (GRUB_ERR_BUG,
+ "BUG: trying to protect pages outside of module "
+ "allocation (\"%s\"): module base %p, size 0x%"
+ PRIxGRUB_SIZE "; tramp/GOT base 0x%" PRIxGRUB_ADDR
+ ", size 0x%" PRIxGRUB_SIZE,
+ mod->name, mod->base, mod->sz, tgaddr, tgsz);
grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
GRUB_MEM_ATTR_W);
}

70
0331-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch Normal file
View File

@ -0,0 +1,70 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 7 Apr 2023 16:56:09 +0200
Subject: [PATCH] grub_dl_load_segments(): page-align the tramp/GOT areas too
The tramp/GOT write-protection in grub_dl_set_mem_attrs() requires that
the tramp/GOT areas of the module image *not* share a page with any other
memory allocations. Page-align the tramp/GOT areas, while satisfying their
intrinsic alignment requirements too.
Fixes: 887f1d8fa976 (modules: load module sections at page-aligned addresses)
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
grub-core/kern/dl.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 3b66fa410e..f3cdb9e0ba 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -280,7 +280,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
grub_size_t tsize = 0, talign = 1, arch_addralign = 1;
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
grub_size_t tramp;
+ grub_size_t tramp_align;
grub_size_t got;
+ grub_size_t got_align;
grub_err_t err;
#endif
char *ptr;
@@ -311,12 +313,18 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
err = grub_arch_dl_get_tramp_got_size (e, &tramp, &got);
if (err)
return err;
- tsize += ALIGN_UP (tramp, GRUB_ARCH_DL_TRAMP_ALIGN);
- if (talign < GRUB_ARCH_DL_TRAMP_ALIGN)
- talign = GRUB_ARCH_DL_TRAMP_ALIGN;
- tsize += ALIGN_UP (got, GRUB_ARCH_DL_GOT_ALIGN);
- if (talign < GRUB_ARCH_DL_GOT_ALIGN)
- talign = GRUB_ARCH_DL_GOT_ALIGN;
+ tramp_align = GRUB_ARCH_DL_TRAMP_ALIGN;
+ if (tramp_align < arch_addralign)
+ tramp_align = arch_addralign;
+ tsize += ALIGN_UP (tramp, tramp_align);
+ if (talign < tramp_align)
+ talign = tramp_align;
+ got_align = GRUB_ARCH_DL_GOT_ALIGN;
+ if (got_align < arch_addralign)
+ got_align = arch_addralign;
+ tsize += ALIGN_UP (got, got_align);
+ if (talign < got_align)
+ talign = got_align;
#endif
#ifdef GRUB_MACHINE_EMU
@@ -376,11 +384,11 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
}
}
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_TRAMP_ALIGN);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, tramp_align);
mod->tramp = ptr;
mod->trampptr = ptr;
ptr += tramp;
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_GOT_ALIGN);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, got_align);
mod->got = ptr;
mod->gotptr = ptr;
ptr += got;

330
0332-emu-Add-switch-root-to-grub-emu.patch Normal file
View File

@ -0,0 +1,330 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Fri, 31 Mar 2023 20:47:58 +0200
Subject: [PATCH] emu: Add switch-root to grub-emu
If the kernel running grub emu is the same as the one we want to
boot, it makes sense that we just switch-root instead of kexec
the same kernel again by doing grub2-emu --switch-root
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
grub-core/kern/emu/main.c | 5 +-
grub-core/kern/emu/misc.c | 13 +++
grub-core/loader/emu/linux.c | 209 +++++++++++++++++++++++++++++++++++++++++--
include/grub/emu/exec.h | 2 +-
include/grub/emu/misc.h | 2 +
5 files changed, 223 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
index 68e2b283bb..ccb2863f5b 100644
--- a/grub-core/kern/emu/main.c
+++ b/grub-core/kern/emu/main.c
@@ -108,6 +108,7 @@ static struct argp_option options[] = {
{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0},
{"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
+ {"switch-root", 'W', 0, 0, N_("use switch-root to only switch root filesystem without restarting the kernel."), 0},
{ 0, 0, 0, 0, 0, 0 }
};
@@ -168,7 +169,9 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 'X':
grub_util_set_kexecute ();
break;
-
+ case 'W':
+ grub_util_set_switch_root ();
+ break;
case ARGP_KEY_ARG:
{
/* Too many arguments. */
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index 02d27c3440..4b5123ef96 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -40,6 +40,7 @@
int verbosity;
int kexecute;
+int switchroot = 0;
void
grub_util_warn (const char *fmt, ...)
@@ -231,3 +232,15 @@ grub_util_get_kexecute (void)
{
return kexecute;
}
+
+void
+grub_util_set_switch_root (void)
+{
+ switchroot = 1;
+}
+
+int
+grub_util_get_switch_root (void)
+{
+ return switchroot;
+}
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
index 7de3f7f861..6feb0412c5 100644
--- a/grub-core/loader/emu/linux.c
+++ b/grub-core/loader/emu/linux.c
@@ -15,7 +15,6 @@
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
-
#include <grub/loader.h>
#include <grub/dl.h>
#include <grub/command.h>
@@ -33,6 +32,196 @@ static char *kernel_path;
static char *initrd_path;
static char *boot_cmdline;
+static grub_err_t
+grub_switch_root (void)
+{
+ char *tmp = NULL;
+ char *options_cmd = NULL;
+ char *options = NULL;
+ char *subvol = NULL;
+ char *root_uuid = NULL;
+ char *kernel_release = NULL;
+ grub_err_t rc = GRUB_ERR_NONE;
+ const char *subvol_param = "subvol=";
+ const char *kernel_release_prefix = "/boot/vmlinuz-";
+ const char *root_prefix = "root=";
+ const char *systemctl[] = {"systemctl", "--force", "switch-root", "/sysroot", NULL};
+ const char *mountrootfs[] = {"mount", root_uuid, "/sysroot", options_cmd, options, NULL};
+ const char *unamer[] = {"uname", "-r", NULL};
+ char *uname_buf = NULL;
+ int i = 0;
+
+ /* Extract the kernel release tag from kernel_path */
+ if (!kernel_path)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ grub_dprintf ("linux", "switch_root: No kernel_path found\n");
+ goto out;
+ }
+
+ if ((kernel_release = grub_xasprintf ("%s", (kernel_path + grub_strlen (kernel_release_prefix)))) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ goto out;
+ }
+
+
+ /* Check for kernel mismatch */
+ /* Retrieve the current kernel relase tag */
+ grub_util_exec_redirect (unamer, NULL, "/tmp/version");
+
+ grub_file_t f = grub_file_open ("/tmp/version", GRUB_FILE_TYPE_FS_SEARCH);
+
+ if (f == NULL)
+ {
+ grub_dprintf ("linux", "failed opening file.\n");
+ rc = GRUB_ERR_FILE_NOT_FOUND;
+ goto out;
+ }
+
+ if ((uname_buf = grub_malloc (f->size)) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ if (grub_file_read (f, uname_buf, f->size) < 0)
+ {
+ grub_dprintf ("linux", "switch_root: failed to read from file\n");
+ rc = GRUB_ERR_FILE_READ_ERROR;
+ goto out;
+ }
+
+ grub_file_close (f);
+
+ if (grub_strstr (uname_buf, kernel_release) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: kernel mismatch, not performing switch-root ...\n");
+ rc = GRUB_ERR_NO_KERNEL;
+ goto out;
+ }
+
+ /* Extract the root partition from boot_cmdline */
+ if (!boot_cmdline)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ goto out;
+ }
+
+ tmp = grub_strdup (boot_cmdline);
+
+ if (tmp == NULL)
+ {
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ if ((root_uuid = grub_strstr (tmp, root_prefix)) == NULL)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ grub_dprintf ("linux", "switch_root: Can't find rootfs\n");
+ goto out;
+ }
+
+ root_uuid += grub_strlen (root_prefix);
+
+ while (root_uuid[i] != ' ' && root_uuid[i] != '\0')
+ i++;
+
+ root_uuid[i] = '\0';
+
+ /* Allocate a new buffer holding root_uuid */
+ root_uuid = grub_xasprintf ("%s", root_uuid);
+
+ if (root_uuid == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ /* Check for subvol parameter */
+ grub_strcpy (tmp, boot_cmdline);
+
+ if ((subvol = grub_strstr(tmp, subvol_param)) != NULL)
+ {
+ i = 0;
+
+ while (subvol[i] != ' ' && subvol[i] != '\0')
+ i++;
+
+ subvol[i] = '\0';
+
+ /* Allocate a new buffer holding subvol */
+ subvol = grub_xasprintf("%s", subvol);
+
+ if (subvol == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ options_cmd = grub_xasprintf("%s", "-o");
+ options = grub_xasprintf("%s", subvol);
+ }
+
+ if (options == NULL)
+ {
+ mountrootfs[3] = NULL;
+ }
+ else
+ {
+ mountrootfs[3] = options_cmd;
+ mountrootfs[4] = options;
+ }
+
+ mountrootfs[1] = root_uuid;
+
+ grub_dprintf ("linux", "Executing:\n");
+ grub_dprintf ("linux", "%s %s %s %s %s\n", mountrootfs[0], mountrootfs[1],
+ mountrootfs[2], mountrootfs[3], mountrootfs[4]);
+
+ /* Mount the rootfs */
+ rc = grub_util_exec (mountrootfs);
+
+ if (rc != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("linux", "switch_root: Failed.\n");
+ rc = GRUB_ERR_INVALID_COMMAND;
+ goto out;
+ }
+
+ grub_dprintf ("linux", "Done.\n");
+
+ grub_dprintf ("linux", "%s %s %s %s\n", systemctl[0], systemctl[1],
+ systemctl[2], systemctl[3]);
+
+ /* Switch root */
+ rc = grub_util_exec (systemctl);
+
+ if (rc != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("linux", "switch_root: Failed.\n");
+ rc = GRUB_ERR_INVALID_COMMAND;
+ goto out;
+ }
+
+ grub_dprintf ("linux", "Done.\n");
+
+out:
+ grub_free (tmp);
+ grub_free (options_cmd);
+ grub_free (options);
+ grub_free (subvol);
+ grub_free (root_uuid);
+ grub_free (uname_buf);
+ grub_free (kernel_release);
+ return rc;
+}
+
static grub_err_t
grub_linux_boot (void)
{
@@ -51,12 +240,20 @@ grub_linux_boot (void)
else
initrd_param = grub_xasprintf ("%s", "");
- grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
- (kexecute) ? "P" : "Not p",
- kernel_path, initrd_param, boot_cmdline);
+ if (grub_util_get_switch_root() == 1)
+ {
+ rc = grub_switch_root();
+ if (rc != GRUB_ERR_NONE)
+ grub_fatal (N_("Failed to execute switch_root\n"));
+ }
+ else if (kexecute)
+ {
+ grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
+ (kexecute) ? "P" : "Not p",
+ kernel_path, initrd_param, boot_cmdline);
- if (kexecute)
- rc = grub_util_exec (kexec);
+ rc = grub_util_exec (kexec);
+ }
grub_free (initrd_param);
diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h
index 1b61b4a2e5..e82f13215e 100644
--- a/include/grub/emu/exec.h
+++ b/include/grub/emu/exec.h
@@ -36,7 +36,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file,
int
EXPORT_FUNC(grub_util_exec) (const char *const *argv);
int
-grub_util_exec_redirect (const char *const *argv, const char *stdin_file,
+EXPORT_FUNC(grub_util_exec_redirect) (const char *const *argv, const char *stdin_file,
const char *stdout_file);
int
grub_util_exec_redirect_null (const char *const *argv);
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
index 01056954b9..f3a712a8b2 100644
--- a/include/grub/emu/misc.h
+++ b/include/grub/emu/misc.h
@@ -59,6 +59,8 @@ void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format
void EXPORT_FUNC(grub_util_set_kexecute) (void);
int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT;
+void EXPORT_FUNC(grub_util_set_switch_root) (void);
+int EXPORT_FUNC(grub_util_get_switch_root) (void);
grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void);

34
0333-util-Enable-default-kernel-for-updates.patch Normal file
View File

@ -0,0 +1,34 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Wed, 24 May 2023 11:22:47 +0200
Subject: [PATCH] util: Enable default kernel for updates
Several kernel variants can be installed on a system in parallel.
In order to allow the user to choose which kernel will be set to
default after an update, re-enable grub's usage of DEFAULTKERNEL as
set in /etc/sysconfig/kernel
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
util/grub-get-kernel-settings.in | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
index 7e87dfccc0e4..f71bc64360b0 100644
--- a/util/grub-get-kernel-settings.in
+++ b/util/grub-get-kernel-settings.in
@@ -68,6 +68,14 @@ if test -f /etc/sysconfig/kernel ; then
. /etc/sysconfig/kernel
fi
+GRUB_DEFAULT_KERNEL_TYPE=${DEFAULTKERNEL/-core/}
+if [ "$GRUB_DEFAULT_KERNEL_TYPE" != "kernel" ]; then
+ echo GRUB_NON_STANDARD_KERNEL=true
+ echo export GRUB_NON_STANDARD_KERNEL
+ GRUB_DEFAULT_KERNEL_TYPE=${GRUB_DEFAULT_KERNEL_TYPE/kernel-/}
+fi
+echo GRUB_DEFAULT_KERNEL_TYPE=$GRUB_DEFAULT_KERNEL_TYPE
+echo export GRUB_DEFAULT_KERNEL_TYPE
if [ "$MAKEDEBUG" = "yes" ]; then
echo GRUB_LINUX_MAKE_DEBUG=true
echo export GRUB_LINUX_MAKE_DEBUG

30
0334-efi-http-change-uint32_t-to-uintn_t.patch Normal file
View File

@ -0,0 +1,30 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Keng-Yu Lin <kengyu@hpe.com>
Date: Wed, 26 Apr 2023 01:43:16 -0400
Subject: [PATCH] efi/http: change uint32_t to uintn_t
Modify UINT32 to UINTN in EFI_HTTP_MESSAGE to
be UEFI 2.9 compliant.
Signed-off-by: Keng-Yu Lin <kengyu@hpe.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
include/grub/efi/http.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h
index c5e9a89f5050..ad164ba1913d 100644
--- a/include/grub/efi/http.h
+++ b/include/grub/efi/http.h
@@ -171,9 +171,9 @@ typedef struct {
grub_efi_http_request_data_t *request;
grub_efi_http_response_data_t *response;
} data;
- grub_efi_uint32_t header_count;
+ grub_efi_uintn_t header_count;
grub_efi_http_header_t *headers;
- grub_efi_uint32_t body_length;
+ grub_efi_uintn_t body_length;
void *body;
} grub_efi_http_message_t;

6
20-grub.install
View File

@ -139,7 +139,11 @@ case "$COMMAND" in
sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}"
fi
if [[ "$KERNEL_VERSION" == *\+debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ]; then
if ( [[ "$KERNEL_VERSION" != *${GRUB_DEFAULT_KERNEL_TYPE}* ]] && \
[ "x$GRUB_NON_STANDARD_KERNEL" == "xtrue" ] ) || \
( echo "$KERNEL_VERSION" | grep -E -q "64k|auto|rt|uki" && \
[ "x$GRUB_NON_STANDARD_KERNEL" != "xtrue" ] ) || \
( [[ "$KERNEL_VERSION" == *debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ] ); then
GRUB_UPDATE_DEFAULT_KERNEL=false
fi

12
grub.macros
View File

@ -623,6 +623,18 @@ if [ %{3} -eq 0 ]; then \
${RPM_BUILD_ROOT}/%{_bindir}/grub2-editenv \\\
${RPM_BUILD_ROOT}/boot/grub2/grubenv create \
fi \
%{expand:%ifnarch ppc64le \
mkdir pxe \
./grub-mknetdir \\\
--directory ./grub-core \\\
--fonts="" \\\
--locales="" \\\
--themes="" \\\
--modules="configfile gzio linux reboot test" \\\
--net-directory=pxe \\\
--subdir . \
mv pxe/*/core.0 $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/ \
%endif} \
%{expand:%%do_install_protected_file grub2-%{legacy_package_arch}} \
cd .. \
%{nil}

11
grub.patches
View File

@ -322,3 +322,14 @@ Patch0321: 0321-mm-Preallocate-some-space-when-adding-new-regions.patch
Patch0322: 0322-mm-Avoid-complex-heap-growth-math-in-hot-path.patch
Patch0323: 0323-hostdisk-work-around-proc-not-reporting-size.patch
Patch0324: 0324-blscfg-check-for-mounted-boot-in-emu.patch
Patch0325: 0325-emu-linux-work-around-systemctl-kexec-returning.patch
Patch0326: 0326-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
Patch0327: 0327-kern-ieee1275-init-Extended-support-in-Vec5.patch
Patch0328: 0328-tpm-Disable-the-tpm-verifier-if-the-TPM-device-is-no.patch
Patch0329: 0329-grub_dl_set_mem_attrs-fix-format-string.patch
Patch0330: 0330-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch
Patch0331: 0331-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch
Patch0332: 0332-emu-Add-switch-root-to-grub-emu.patch
Patch0333: 0333-util-Enable-default-kernel-for-updates.patch
Patch0334: 0334-efi-http-change-uint32_t-to-uintn_t.patch
Patch0335: 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch

29
grub2.spec
View File

@ -17,7 +17,7 @@
Name: grub2
Epoch: 1
Version: 2.06
Release: 89%{?dist}
Release: 97.0.riscv64%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -544,6 +544,33 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
%endif
%changelog
* Wed Aug 30 2023 David Abdurachmanov <davidlt@rivosinc.com> - 2.06-97.0.riscv64
- Backport riscv64 R_RISCV_CALL_PLT reloc patch
* Tue Aug 22 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-97
- efi/http: change uint32_t to uintn_t
* Tue Aug 22 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-96
- util: Enable default kernel for updates
* Wed Apr 12 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-95
- Add switch-root support to grub-emu
* Mon Apr 10 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-94
- Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
* Fri Mar 31 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-93
- Add legacy pxe core.0 (cmadams)
* Thu Mar 30 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-92
- Disable the tpm verifier if the TPM device is not present
* Thu Mar 30 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-91
- ppc64le: more cas vec5 shenanigans
* Wed Mar 22 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-90
- emu: work around systemctl bad behavior
* Thu Mar 09 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-89
- emu: handle BLS /boot weirdness