rpms
/
grub2
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: rpms:master
Branches Tags
rpms:master
rpms:f40-riscv64
rpms:f38-riscv64
rpms:master-riscv64
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f25-bls3
rpms:f24
rpms:f25-bls
rpms:splitarch4
rpms:f23
rpms:f22
rpms:f19
rpms:f20
rpms:f21
rpms:f17
rpms:f18
rpms:f16
rpms:f15
rpms:f11
rpms:el6
rpms:f14
rpms:f9
rpms:el5
rpms:f10
rpms:f12
rpms:f13
rpms:grub2-1_98-3_el6
rpms:grub2-1_98-3_fc14
rpms:grub2-1_98-2_fc12
rpms:grub2-1_98-2_fc13
rpms:grub2-1_98-2_fc14
rpms:grub2-1_97_1-3_el6
rpms:grub2-1_97_2-1_fc13
rpms:F-13-split
rpms:F-13-start
rpms:grub2-1_97_1-5_fc13
rpms:grub2-1_97_1-4_fc13
rpms:EL-6-split
rpms:EL-6-start
rpms:grub2-1_97_1-3_fc13
rpms:grub2-1_97_1-3_fc12
rpms:grub2-1_97_1-2_fc12
rpms:grub2-1_97_1-2_fc13
rpms:grub2-1_97_1-1_fc13
rpms:grub2-1_98-0_6_20090911svn_fc13
rpms:grub2-1_98-0_6_20090911svn_fc12
rpms:F-12-split
rpms:F-12-start
rpms:grub2-1_98-0_6_20080827svn_fc12
rpms:grub2-1_98-0_5_20080827svn_fc11
rpms:F-11-split
rpms:F-11-start
rpms:grub2-1_98-0_4_20080827svn_fc11
rpms:grub2-1_98-0_3_20080827svn_fc10
rpms:F-10-split
rpms:F-10-start
rpms:grub2-1_98-0_2_20080807svn_fc10
rpms:EL-5-split
rpms:EL-5-start
rpms:F-9-split
rpms:F-9-start
...
pull from: rpms:f25-bls
Branches Tags
rpms:f40-riscv64
rpms:f38-riscv64
rpms:master-riscv64
rpms:master
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f25-bls3
rpms:f24
rpms:f25-bls
rpms:splitarch4
rpms:f23
rpms:f22
rpms:f19
rpms:f20
rpms:f21
rpms:f17
rpms:f18
rpms:f16
rpms:f15
rpms:f11
rpms:el6
rpms:f14
rpms:f9
rpms:el5
rpms:f10
rpms:f12
rpms:f13
rpms:grub2-1_98-3_el6
rpms:grub2-1_98-3_fc14
rpms:grub2-1_98-2_fc12
rpms:grub2-1_98-2_fc13
rpms:grub2-1_98-2_fc14
rpms:grub2-1_97_1-3_el6
rpms:grub2-1_97_2-1_fc13
rpms:F-13-split
rpms:F-13-start
rpms:grub2-1_97_1-5_fc13
rpms:grub2-1_97_1-4_fc13
rpms:EL-6-split
rpms:EL-6-start
rpms:grub2-1_97_1-3_fc13
rpms:grub2-1_97_1-3_fc12
rpms:grub2-1_97_1-2_fc12
rpms:grub2-1_97_1-2_fc13
rpms:grub2-1_97_1-1_fc13
rpms:grub2-1_98-0_6_20090911svn_fc13
rpms:grub2-1_98-0_6_20090911svn_fc12
rpms:F-12-split
rpms:F-12-start
rpms:grub2-1_98-0_6_20080827svn_fc12
rpms:grub2-1_98-0_5_20080827svn_fc11
rpms:F-11-split
rpms:F-11-start
rpms:grub2-1_98-0_4_20080827svn_fc11
rpms:grub2-1_98-0_3_20080827svn_fc10
rpms:F-10-split
rpms:F-10-start
rpms:grub2-1_98-0_2_20080807svn_fc10
rpms:EL-5-split
rpms:EL-5-start
rpms:F-9-split
rpms:F-9-start

3 Commits
master ... f25-bls

Author SHA1 Message Date
Peter Jones ad67a3cbbf Update blscfg bits 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2016-10-28 11:04:51 -04:00
Peter Jones f50976357c add bls stuff 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2016-10-28 10:58:29 -04:00
Peter Jones 1d9771ad64 Update to be newer than f24's branch. 
- Add grub2-get-kernel-settings
  Related: rhbz#1226325

Signed-off-by: Peter Jones <pjones@redhat.com>
 2016-08-25 15:35:55 -04:00
104 changed files with 2677 additions and 2030 deletions
Show Stats Expand all files Collapse all files

6
0001-IBM-client-architecture-CAS-reboot-support.patch
View File

@ -1,7 +1,7 @@
From ea9eb6e9fb40a19264fc453778087e7e5fec24fa Mon Sep 17 00:00:00 2001
From e32c57d2abd034cbdea24a8f51de8dbef453bd96 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Thu, 20 Sep 2012 18:07:39 -0300
Subject: [PATCH 01/89] IBM client architecture (CAS) reboot support
Subject: [PATCH 01/87] IBM client architecture (CAS) reboot support
This is an implementation of IBM client architecture (CAS) reboot for GRUB.
@ -170,5 +170,5 @@ index 8e42513..9f26c69 100644
#define FOR_IEEE1275_DEVALIASES(alias) for (grub_ieee1275_devalias_init_iterator (&(alias)); grub_ieee1275_devalias_next (&(alias));)
--
2.5.5
2.7.4

6
0002-for-ppc-reset-console-display-attr-when-clear-screen.patch
View File

@ -1,7 +1,7 @@
From 6c2b5d14fe79a8e0eefabef4b711133b5ce02c94 Mon Sep 17 00:00:00 2001
From 4f82466e3b1fcf3370d82432e406f51906e1fa46 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Wed, 24 Apr 2013 10:51:48 -0300
Subject: [PATCH 02/89] for ppc, reset console display attr when clear screen
Subject: [PATCH 02/87] for ppc, reset console display attr when clear screen
v2: Also use \x0c instead of a literal ^L to make future patches less
awkward.
@ -28,5 +28,5 @@ index f0d3e3d..9bb75c1 100644
data->reverse_video_off = grub_strdup ("\e[m");
if (grub_strcmp ("ieee1275", str) == 0)
--
2.5.5
2.7.4

6
0003-Disable-GRUB-video-support-for-IBM-power-machines.patch
View File

@ -1,7 +1,7 @@
From 4b4bbc963438157b29fec6b38b6567e16d1e2e56 Mon Sep 17 00:00:00 2001
From 9cff6efa3a7e15a6968fed29a29f38713da864fd Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 11 Jun 2013 15:14:05 -0300
Subject: [PATCH 03/89] Disable GRUB video support for IBM power machines
Subject: [PATCH 03/87] Disable GRUB video support for IBM power machines
Should fix the problem in bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=973205
@ -61,5 +61,5 @@ index 9f26c69..ab4f284 100644
extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum grub_ieee1275_flag flag);
--
2.5.5
2.7.4

6
0004-Fix-bzr-s-ignore-artificats-in-.gitignore.patch
View File

@ -1,7 +1,7 @@
From 668d1227194fc45d19dec7c90b4d004378c822af Mon Sep 17 00:00:00 2001
From 512fe6865738286c94f87da64ca6b475bc3e2f38 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 7 Jul 2015 10:13:14 -0400
Subject: [PATCH 04/89] Fix bzr's ignore artificats in .gitignore
Subject: [PATCH 04/87] Fix bzr's ignore artificats in .gitignore
We lost a man page because of incompatibilities between bzr's ignore
system and .gitignore, so solve that slightly better.
@ -367,5 +367,5 @@ index 18ab8e8..06c9f3a 100644
-/grub-fs-tester
+xzcompress_test
--
2.5.5
2.7.4

6
0005-Honor-a-symlink-when-generating-configuration-by-gru.patch
View File

@ -1,7 +1,7 @@
From 3be0a8cb87161ffb64ef9e94cf893e228a84f630 Mon Sep 17 00:00:00 2001
From 7f1ea377390345b8ef7609ad0fa2952708b17e19 Mon Sep 17 00:00:00 2001
From: Marcel Kolaja <mkolaja@redhat.com>
Date: Tue, 21 Jan 2014 10:57:08 -0500
Subject: [PATCH 05/89] Honor a symlink when generating configuration by
Subject: [PATCH 05/87] Honor a symlink when generating configuration by
grub2-mkconfig
Honor a symlink when generating configuration by grub2-mkconfig, so that
@ -25,5 +25,5 @@ index f8496d2..3b070fd 100644
fi
--
2.5.5
2.7.4

10
0006-Move-bash-completion-script-922997.patch
View File

@ -1,7 +1,7 @@
From 3dca3dbb01a52fdc90f548a2461c8fc8e04336ab Mon Sep 17 00:00:00 2001
From 5b77e510eb6e4b649c53ab0790cdc9fdf0c85be9 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 3 Apr 2013 14:35:34 -0400
Subject: [PATCH 06/89] Move bash completion script (#922997)
Subject: [PATCH 06/87] Move bash completion script (#922997)
Apparently these go in a new place now.
---
@ -10,7 +10,7 @@ Apparently these go in a new place now.
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 57e1713..21023ae 100644
index 9ddfc53..ab9134c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -287,6 +287,14 @@ AC_SUBST(grubdirname)
@ -28,7 +28,7 @@ index 57e1713..21023ae 100644
#
# Checks for build programs.
#
@@ -475,6 +483,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags"
@@ -476,6 +484,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags"
# Check for target programs.
#
@ -51,5 +51,5 @@ index 136287c..61108f0 100644
$(bash_completion_script): $(bash_completion_source) $(top_builddir)/config.status
--
2.5.5
2.7.4

6
0007-Update-to-minilzo-2.08.patch
View File

@ -1,7 +1,7 @@
From fcbba25979fc9e26ab8e6eed5c84668a5f134b12 Mon Sep 17 00:00:00 2001
From 579ecb682efc5221b4a13b8009af1731f5349912 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Dec 2014 15:36:09 -0500
Subject: [PATCH 07/89] Update to minilzo-2.08
Subject: [PATCH 07/87] Update to minilzo-2.08
This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow
@ -8786,5 +8786,5 @@ index 74fefa9..7937454 100644
--
2.5.5
2.7.4

6
0008-Add-vlan-tag-support-on-IBM-PPC-machines.patch
View File

@ -1,7 +1,7 @@
From 99745ca3450dbbd364569a13b61fbf2a36cb3a88 Mon Sep 17 00:00:00 2001
From de423b22780b0fd225a1ee476166777af29d53d0 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 30 Oct 2012 15:19:39 -0200
Subject: [PATCH 08/89] Add vlan-tag support on IBM PPC machines
Subject: [PATCH 08/87] Add vlan-tag support on IBM PPC machines
This patch adds support for virtual LAN (VLAN) tagging. VLAN tagging allows
multiple VLANs in a bridged network to share the same physical network link but
@ -182,5 +182,5 @@ index 2192fa1..6ac9d72 100644
+
#endif /* ! GRUB_NET_HEADER */
--
2.5.5
2.7.4

6
0009-Allow-fallback-to-include-entries-by-title-not-just-.patch
View File

@ -1,7 +1,7 @@
From 10da6e0e6bf723e99332fb1c34e6355a98bbb83f Mon Sep 17 00:00:00 2001
From 196ae5abd961cd64b60d9ab41bfc02d340e8bb6f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 5 Sep 2014 10:07:04 -0400
Subject: [PATCH 09/89] Allow "fallback" to include entries by title, not just
Subject: [PATCH 09/87] Allow "fallback" to include entries by title, not just
number.
Resolves: rhbz#1026084
@ -140,5 +140,5 @@ index 719e2fb..2e8a7bd 100644
static int
get_entry_number (grub_menu_t menu, const char *name)
--
2.5.5
2.7.4

6
0010-Add-GRUB_DISABLE_UUID.patch
View File

@ -1,7 +1,7 @@
From c13e60be8ff3c4b1c2ba0a1aebd4b09f8ec7dbc0 Mon Sep 17 00:00:00 2001
From 8f405e93871ad51cd9ab4dfdea844042a33fa7f0 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 16:49:25 -0400
Subject: [PATCH 10/89] Add GRUB_DISABLE_UUID.
Subject: [PATCH 10/87] Add GRUB_DISABLE_UUID.
This will cause "search --fs-uuid --set=root ..." not to be generated by
grub2-mkconfig, and instead simply attempt to use the grub device name
@ -95,5 +95,5 @@ index 60b31ca..cf35e41 100644
else
echo $device |sed 's, ,_,g'
--
2.5.5
2.7.4

6
0011-Make-exit-take-a-return-code.patch
View File

@ -1,7 +1,7 @@
From 898b245564f15fbbe02692423d40e1dad08f60ad Mon Sep 17 00:00:00 2001
From 6879936079d17ace35cebcab787f7fb9f8cd205e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 26 Feb 2014 21:49:12 -0500
Subject: [PATCH 11/89] Make "exit" take a return code.
Subject: [PATCH 11/87] Make "exit" take a return code.
This adds "exit" with a return code. With this patch, any "exit"
command /may/ include a return code, and on platforms that support
@ -255,5 +255,5 @@ index 2a9f87c..0620814 100644
grub_uint64_t d,
grub_uint64_t *r);
--
2.5.5
2.7.4

6
0012-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch
View File

@ -1,7 +1,7 @@
From db6df67d0aca17b1ebf6a73dc21cc09ec44c2187 Mon Sep 17 00:00:00 2001
From ef756db92dd4f47ed4bb4aede86d33326b0b9188 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 22 Jul 2015 11:21:01 -0400
Subject: [PATCH 12/89] Mark po/exclude.pot as binary so git won't try to diff
Subject: [PATCH 12/87] Mark po/exclude.pot as binary so git won't try to diff
nonprintables.
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -18,5 +18,5 @@ index 0000000..33ffaa4
@@ -0,0 +1 @@
+po/exclude.pot binary
--
2.5.5
2.7.4

6
0013-Make-efi-machines-load-an-env-block-from-a-variable.patch
View File

@ -1,7 +1,7 @@
From 09d7e9f1a0bfbbdcf816c0165a95b2fee6a0297e Mon Sep 17 00:00:00 2001
From e14c5369fea76d1e067ca9f7e5e55bfe615cb639 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 7 Dec 2015 14:20:49 -0500
Subject: [PATCH 13/89] Make efi machines load an env block from a variable
Subject: [PATCH 13/87] Make efi machines load an env block from a variable
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -80,5 +80,5 @@ index e9c85de..a5b6c1d 100644
char **path);
--
2.5.5
2.7.4

6
0014-DHCP-client-ID-and-UUID-options-added.patch
View File

@ -1,7 +1,7 @@
From 9a13b0203bf45cdc961bbc6bdcce763aec289038 Mon Sep 17 00:00:00 2001
From 12fb24b4d8a8f0fd7f79bc224157c290ebab31f4 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 27 Nov 2012 17:18:53 -0200
Subject: [PATCH 14/89] DHCP client ID and UUID options added.
Subject: [PATCH 14/87] DHCP client ID and UUID options added.
---
grub-core/net/bootp.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++-----
@ -141,5 +141,5 @@ index 6ac9d72..96aa9fa 100644
};
--
2.5.5
2.7.4

6
0015-trim-arp-packets-with-abnormal-size.patch
View File

@ -1,7 +1,7 @@
From 03011792061af809b53023bb4458627af80f0b8f Mon Sep 17 00:00:00 2001
From a6f4624278357f853e3e8888e538eb0ef3654556 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Wed, 5 Feb 2014 09:42:42 -0200
Subject: [PATCH 15/89] trim arp packets with abnormal size
Subject: [PATCH 15/87] trim arp packets with abnormal size
GRUB uses arp request to create the arp response. If the incoming packet
is foobared, GRUB needs to trim the arp response packet before sending it.
@ -27,5 +27,5 @@ index 4b68c41..f7c59d3 100644
struct grub_net_buff nb_reply;
struct arppkt *arp_reply;
--
2.5.5
2.7.4

6
0016-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch
View File

@ -1,7 +1,7 @@
From ff07352c36d9d307428f55881d951f0513af40fa Mon Sep 17 00:00:00 2001
From c22139b340f1a306ad718646a4cd4bc1d4039d7b Mon Sep 17 00:00:00 2001
From: Prarit Bhargava <prarit@redhat.com>
Date: Wed, 12 Mar 2014 10:58:16 -0400
Subject: [PATCH 16/89] Fix bad test on GRUB_DISABLE_SUBMENU.
Subject: [PATCH 16/87] Fix bad test on GRUB_DISABLE_SUBMENU.
The file /etc/grub.d/10_linux does
@ -37,5 +37,5 @@ index de9044c..cf6331f 100644
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
--
2.5.5
2.7.4

50
0017-Add-support-for-UEFI-operating-systems-returned-by-o.patch Normal file
View File

@ -0,0 +1,50 @@
From f0daa044a90c508f8f60d23e5ef39597ec80c2cc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Wed, 12 Jun 2013 11:51:49 -0400
Subject: [PATCH 17/87] Add support for UEFI operating systems returned by
os-prober
os-prober returns UEFI operating systems in the form:
path:long-name:name
where path is the path under the EFI directory on the ESP. This is in
contrast to legacy OSes, where path is the device string. Handle this case.
---
util/grub.d/30_os-prober.in | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 515a68c..9b8f596 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -328,8 +328,23 @@ EOF
EOF
;;
*)
- # TRANSLATORS: %s is replaced by OS name.
- gettext_printf "%s is not yet supported by grub-mkconfig.\n" " ${LONGNAME}" >&2
- ;;
+ case ${DEVICE} in
+ *.efi)
+ cat << EOF
+menuentry '$(echo "${LONGNAME}" | grub_quote)' {
+EOF
+ save_default_entry | grub_add_tab
+ cat << EOF
+ chainloader /EFI/${DEVICE}
+ boot
+}
+EOF
+ ;;
+ *)
+ echo -n " "
+ # TRANSLATORS: %s is replaced by OS name.
+ gettext_printf "%s is not yet supported by grub-mkconfig.\n" "${LONGNAME}" >&2
+ ;;
+ esac
esac
done
--
2.7.4

6
0017-Migrate-PPC-from-Yaboot-to-Grub2.patch → 0018-Migrate-PPC-from-Yaboot-to-Grub2.patch
View File

@ -1,7 +1,7 @@
From 672a3f12ad7f52da6e03e2dc361cfe6ef1b4e52b Mon Sep 17 00:00:00 2001
From 0e433858169473aa7a042c28dd6f0d4e1adab8d7 Mon Sep 17 00:00:00 2001
From: Mark Hamzy <hamzy@us.ibm.com>
Date: Wed, 28 Mar 2012 14:46:41 -0500
Subject: [PATCH 17/89] Migrate PPC from Yaboot to Grub2
Subject: [PATCH 18/87] Migrate PPC from Yaboot to Grub2
Add configuration support for serial terminal consoles. This will set the
maximum screen size so that text is not overwritten.
@ -150,5 +150,5 @@ index 0000000..10d6658
+ terminfo -g ${X}x${Y} ${TERMINAL}
+EOF
--
2.5.5
2.7.4

6
0018-Add-fw_path-variable-revised.patch → 0019-Add-fw_path-variable-revised.patch
View File

@ -1,7 +1,7 @@
From 88c7ba4163340b2652f9009b65d850625588b6a9 Mon Sep 17 00:00:00 2001
From fdc52554d998170f56ed45856082f4a3bfeb3e2a Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Wed, 19 Sep 2012 21:22:55 -0300
Subject: [PATCH 18/89] Add fw_path variable (revised)
Subject: [PATCH 19/87] Add fw_path variable (revised)
This patch makes grub look for its config file on efi where the app was
found. It was originally written by Matthew Garrett, and adapted to fix the
@ -77,5 +77,5 @@ index 249e19b..759c475 100644
prefix = grub_env_get ("prefix");
if (prefix)
--
2.5.5
2.7.4

6
0019-Add-support-for-linuxefi.patch → 0020-Add-support-for-linuxefi.patch
View File

@ -1,7 +1,7 @@
From b1ce49059c27b9d2f35ced805acd09d867954a5e Mon Sep 17 00:00:00 2001
From a64179016df64b72cc956fd6085ca3ed1a41baac Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Tue, 10 Jul 2012 11:58:52 -0400
Subject: [PATCH 19/89] Add support for linuxefi
Subject: [PATCH 20/87] Add support for linuxefi
---
grub-core/Makefile.core.def | 8 +
@ -478,5 +478,5 @@ index da0ca3b..fc36bda 100644
/* Boot parameters for Linux based on 2.6.12. This is used by the setup
--
2.5.5
2.7.4

6
0020-Use-linuxefi-and-initrdefi-where-appropriate.patch → 0021-Use-linuxefi-and-initrdefi-where-appropriate.patch
View File

@ -1,7 +1,7 @@
From fa62e2f81abb3a06357cc48a1f983bd2579b7a28 Mon Sep 17 00:00:00 2001
From 5894e3bfaf055554c786b4c1a9452d4e3bb9f568 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 16 Jul 2012 18:57:11 -0400
Subject: [PATCH 20/89] Use "linuxefi" and "initrdefi" where appropriate.
Subject: [PATCH 21/87] Use "linuxefi" and "initrdefi" where appropriate.
---
util/grub.d/10_linux.in | 18 ++++++++++++++++--
@ -46,5 +46,5 @@ index cf6331f..8ccf012 100644
sed "s/^/$submenu_indentation/" << EOF
}
--
2.5.5
2.7.4

23
0021-Don-t-allow-insmod-when-secure-boot-is-enabled.patch → 0022-Don-t-allow-insmod-when-secure-boot-is-enabled.patch
View File

@ -1,7 +1,7 @@
From ad7ed5502c54e6979dbc77604e14afc637c34abe Mon Sep 17 00:00:00 2001
From 9d70f7f9a356d965ed48963e2ead12af8de97615 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@ubuntu.com>
Date: Tue, 23 Oct 2012 10:40:49 -0400
Subject: [PATCH 21/89] Don't allow insmod when secure boot is enabled.
Subject: [PATCH 22/87] Don't allow insmod when secure boot is enabled.
Hi,
@ -17,16 +17,23 @@ I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It
moves the check into grub_dl_load_file.
---
grub-core/kern/dl.c | 21 +++++++++++++++++++++
grub-core/kern/dl.c | 22 ++++++++++++++++++++++
grub-core/kern/efi/efi.c | 28 ++++++++++++++++++++++++++++
include/grub/efi/efi.h | 1 +
3 files changed, 50 insertions(+)
3 files changed, 51 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index e394cd9..04e804d 100644
index e394cd9..6210709 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -38,6 +38,14 @@
@@ -32,12 +32,21 @@
#include <grub/env.h>
#include <grub/cache.h>
#include <grub/i18n.h>
+#include <grub/efi/sb.h>
/* Platforms where modules are in a readonly area of memory. */
#if defined(GRUB_MACHINE_QEMU)
#define GRUB_MODULES_MACHINE_READONLY
#endif
@ -41,7 +48,7 @@ index e394cd9..04e804d 100644
#pragma GCC diagnostic ignored "-Wcast-align"
@@ -686,6 +694,19 @@ grub_dl_load_file (const char *filename)
@@ -686,6 +695,19 @@ grub_dl_load_file (const char *filename)
void *core = 0;
grub_dl_t mod = 0;
@ -113,5 +120,5 @@ index 9a2da0e..2245632 100644
EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
const grub_efi_device_path_t *dp2);
--
2.5.5
2.7.4

6
0022-Pass-x-hex-hex-straight-through-unmolested.patch → 0023-Pass-x-hex-hex-straight-through-unmolested.patch
View File

@ -1,7 +1,7 @@
From 5645686a740bfa3689a139bf1131e0330054d09f Mon Sep 17 00:00:00 2001
From c2a19ee447623af8765254b87ff83cbb5b8253bc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 1 Oct 2012 13:24:37 -0400
Subject: [PATCH 22/89] Pass "\x[[:hex:]][[:hex:]]" straight through
Subject: [PATCH 23/87] Pass "\x[[:hex:]][[:hex:]]" straight through
unmolested.
---
@ -179,5 +179,5 @@ index ab78ca8..cf6cd66 100644
case '$':
if (escaped)
--
2.5.5
2.7.4

6
0023-Add-X-option-to-printf-functions.patch → 0024-Add-X-option-to-printf-functions.patch
View File

@ -1,7 +1,7 @@
From 4cf5e2dd84a0842bf20d5371ec8b9f6b38562458 Mon Sep 17 00:00:00 2001
From c482ec700b2ba4b1fabccaa5848cccae466d3a12 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 27 Nov 2012 16:58:39 -0200
Subject: [PATCH 23/89] Add %X option to printf functions.
Subject: [PATCH 24/87] Add %X option to printf functions.
---
grub-core/kern/misc.c | 7 +++++--
@ -54,5 +54,5 @@ index 6bb0351..81be344 100644
case 'd':
{
--
2.5.5
2.7.4

10
0024-Search-for-specific-config-file-for-netboot.patch → 0025-Search-for-specific-config-file-for-netboot.patch
View File

@ -1,7 +1,7 @@
From 48251724559eba74c10106007edb373a9a9261e5 Mon Sep 17 00:00:00 2001
From 70a8c5e075d59ec13fdee4c3868b3862a8cd8aa4 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 27 Nov 2012 17:22:07 -0200
Subject: [PATCH 24/89] Search for specific config file for netboot
Subject: [PATCH 25/87] Search for specific config file for netboot
This patch implements a search for a specific configuration when the config
file is on a remoteserver. It uses the following order:
@ -22,10 +22,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=873406
3 files changed, 135 insertions(+), 4 deletions(-)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 9424595..e53d9a0 100644
index 10773fc..0769bf8 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -1725,6 +1725,124 @@ grub_net_restore_hw (void)
@@ -1735,6 +1735,124 @@ grub_net_restore_hw (void)
return GRUB_ERR_NONE;
}
@ -199,5 +199,5 @@ index 96aa9fa..e13ae1e 100644
+
#endif /* ! GRUB_NET_HEADER */
--
2.5.5
2.7.4

6
0025-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch → 0026-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
View File

@ -1,7 +1,7 @@
From fbc0fcdfd649c1c053be735311ca15deea7a40ff Mon Sep 17 00:00:00 2001
From 8992c2812e1e914e803429314b9164a19af4398b Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Tue, 22 Jan 2013 06:31:38 +0100
Subject: [PATCH 25/89] blscfg: add blscfg module to parse Boot Loader
Subject: [PATCH 26/87] blscfg: add blscfg module to parse Boot Loader
Specification snippets
http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
@ -247,5 +247,5 @@ index 0000000..4274aca
+ grub_unregister_extcmd (cmd);
+}
--
2.5.5
2.7.4

6
0026-Don-t-write-messages-to-the-screen.patch → 0027-Don-t-write-messages-to-the-screen.patch
View File

@ -1,7 +1,7 @@
From 0b4548eb7f9c6f9d5b2ca5650f404a55bc3c0e9b Mon Sep 17 00:00:00 2001
From 3e83ff704af9a967fa55d60cc3917bc4ccd85f32 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 13:30:20 -0400
Subject: [PATCH 26/89] Don't write messages to the screen
Subject: [PATCH 27/87] Don't write messages to the screen
Writing messages to the screen before the menus or boot splash
happens so quickly it looks like something is wrong and isn't
@ -177,5 +177,5 @@ index 8ccf012..a3d9711 100644
EOF
fi
--
2.5.5
2.7.4

6
0027-Don-t-print-GNU-GRUB-header.patch → 0028-Don-t-print-GNU-GRUB-header.patch
View File

@ -1,7 +1,7 @@
From 2f50942631fb6cc004ee527831eaab37803e379e Mon Sep 17 00:00:00 2001
From 9bd3d2fb49a6b8e3807ce7275876fd4b416545c9 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 13:53:48 -0400
Subject: [PATCH 27/89] Don't print GNU GRUB header
Subject: [PATCH 28/87] Don't print GNU GRUB header
No one cares.
---
@ -41,5 +41,5 @@ index b2654ef..f57b750 100644
static void
--
2.5.5
2.7.4

6
0028-Don-t-add-to-highlighted-row.patch → 0029-Don-t-add-to-highlighted-row.patch
View File

@ -1,7 +1,7 @@
From fc2611a52df05b340939f26787a2a2357b9e233f Mon Sep 17 00:00:00 2001
From dd2c80ddd0e5e57b33a9d06894225e629b1b8b5e Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 17:49:45 -0400
Subject: [PATCH 28/89] Don't add '*' to highlighted row
Subject: [PATCH 29/87] Don't add '*' to highlighted row
It is already highlighted.
---
@ -22,5 +22,5 @@ index e22bb91..a3d1f23 100644
grub_print_ucs4_menu (unicode_title,
unicode_title + len,
--
2.5.5
2.7.4

6
0029-Message-string-cleanups.patch → 0030-Message-string-cleanups.patch
View File

@ -1,7 +1,7 @@
From 960e7ed921ae6ce005d621fa251a77c2d1fc799d Mon Sep 17 00:00:00 2001
From 4cc90ad7d495b896e0b6b2677285ced8ce70cee1 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 11:09:04 -0400
Subject: [PATCH 29/89] Message string cleanups
Subject: [PATCH 30/87] Message string cleanups
Make use of terminology consistent. Remove jargon.
---
@ -67,5 +67,5 @@ index a3d1f23..64a8386 100644
{
grub_print_error ();
--
2.5.5
2.7.4

6
0030-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch → 0031-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch
View File

@ -1,7 +1,7 @@
From 469c9b26660bf04751c0d53c302fb43693399447 Mon Sep 17 00:00:00 2001
From ee01481e906071d01649b61925eaac0348f9a9a7 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:08:23 -0400
Subject: [PATCH 30/89] Fix border spacing now that we aren't displaying it
Subject: [PATCH 31/87] Fix border spacing now that we aren't displaying it
---
grub-core/normal/menu_text.c | 6 +++---
@ -28,5 +28,5 @@ index 64a8386..1062d64 100644
geo->timeout_lines = 2;
--
2.5.5
2.7.4

6
0031-Use-the-correct-indentation-for-the-term-help-text.patch → 0032-Use-the-correct-indentation-for-the-term-help-text.patch
View File

@ -1,7 +1,7 @@
From bc50b0f8f8e15860ba13c71d373f7456993832fe Mon Sep 17 00:00:00 2001
From 748c629f47f4191c66011646e010cdf5ab506b90 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:08:49 -0400
Subject: [PATCH 31/89] Use the correct indentation for the term help text
Subject: [PATCH 32/87] Use the correct indentation for the term help text
That is consistent with the menu help text
---
@ -24,5 +24,5 @@ index f57b750..0ce59fd 100644
grub_print_message_indented (msg_formatted, 0, 0, term);
grub_putcode ('\n', term);
--
2.5.5
2.7.4

6
0032-Indent-menu-entries.patch → 0033-Indent-menu-entries.patch
View File

@ -1,7 +1,7 @@
From e7da891c287928fec2e88db06073485ce84b39ef Mon Sep 17 00:00:00 2001
From 93092c8a33db0cb36392c9684a60c12fbc823554 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:30:55 -0400
Subject: [PATCH 32/89] Indent menu entries
Subject: [PATCH 33/87] Indent menu entries
---
grub-core/normal/menu_text.c | 3 ++-
@ -22,5 +22,5 @@ index 1062d64..ecc60f9 100644
grub_print_ucs4_menu (unicode_title,
unicode_title + len,
--
2.5.5
2.7.4

6
0033-Fix-margins.patch → 0034-Fix-margins.patch
View File

@ -1,7 +1,7 @@
From 40b049c635b0ebd9d98010facbbeb668e8cb90a7 Mon Sep 17 00:00:00 2001
From ee7064d8667cf51d12f2cc5ead9b428446c563ad Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:59:36 -0400
Subject: [PATCH 33/89] Fix margins
Subject: [PATCH 34/87] Fix margins
---
grub-core/normal/menu_text.c | 8 +++-----
@ -33,5 +33,5 @@ index ecc60f9..0e43f2c 100644
- geo->timeout_lines /* timeout */
- 1 /* empty final line */;
--
2.5.5
2.7.4

6
0034-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch → 0035-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch
View File

@ -1,7 +1,7 @@
From a7358954fc6bbcadadc3c6421bed25eb10c53815 Mon Sep 17 00:00:00 2001
From 712f456d542ec913c4a5bc13f86443f79912cbf3 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 21 Jun 2013 14:44:08 -0400
Subject: [PATCH 34/89] Use -2 instead of -1 for our right-hand margin, so
Subject: [PATCH 35/87] Use -2 instead of -1 for our right-hand margin, so
linewrapping works (#976643).
Signed-off-by: Peter Jones <grub2-owner@fedoraproject.org>
@ -23,5 +23,5 @@ index 0e43f2c..537d4bf 100644
geo->first_entry_y = 3; /* three empty lines*/
--
2.5.5
2.7.4

6
0035-Use-linux16-when-appropriate-880840.patch → 0036-Use-linux16-when-appropriate-880840.patch
View File

@ -1,7 +1,7 @@
From 6de3939ead9a9d895f708bf445b36ddf4eef67f4 Mon Sep 17 00:00:00 2001
From aedb9655a10717fe3678a9e2fc720b55f5b0ffbc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:05:07 -0400
Subject: [PATCH 35/89] Use linux16 when appropriate (#880840)
Subject: [PATCH 36/87] Use linux16 when appropriate (#880840)
The kernel group really would prefer that we use the 16 bit entry point
on x86 bios machines.
@ -48,5 +48,5 @@ index a3d9711..f3bf6ac 100644
fi
fi
--
2.5.5
2.7.4

6
0036-Enable-pager-by-default.-985860.patch → 0037-Enable-pager-by-default.-985860.patch
View File

@ -1,7 +1,7 @@
From c821c54717446a38213d4c440207728877e06758 Mon Sep 17 00:00:00 2001
From 0b72348759eaec7d1d488e9788e724a2d48ce3f7 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:09:27 -0400
Subject: [PATCH 36/89] Enable pager by default. (#985860)
Subject: [PATCH 37/87] Enable pager by default. (#985860)
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -22,5 +22,5 @@ index 93a9023..858b526 100644
load_env
fi
--
2.5.5
2.7.4

6
0037-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch → 0038-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch
View File

@ -1,7 +1,7 @@
From 0108e8e1d09affa11f7b365be1499bfb25ff50c1 Mon Sep 17 00:00:00 2001
From 55d0f5f5fdecfab6c8439520491e08a0178bd5dc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:13:27 -0400
Subject: [PATCH 37/89] F10 doesn't work on serial, so don't tell the user to
Subject: [PATCH 38/87] F10 doesn't work on serial, so don't tell the user to
hit it (#987443)
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -23,5 +23,5 @@ index 537d4bf..452d55b 100644
STANDARD_MARGIN, STANDARD_MARGIN,
term, dry_run);
--
2.5.5
2.7.4

6
0038-Don-t-say-GNU-Linux-in-generated-menus.patch → 0039-Don-t-say-GNU-Linux-in-generated-menus.patch
View File

@ -1,7 +1,7 @@
From 801b0d582436988fd2806b919a095f2987fc3ef5 Mon Sep 17 00:00:00 2001
From d110064c73c1604b07cdaa3d41751074b2701142 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 14 Mar 2011 14:27:42 -0400
Subject: [PATCH 38/89] Don't say "GNU/Linux" in generated menus.
Subject: [PATCH 39/87] Don't say "GNU/Linux" in generated menus.
---
util/grub.d/10_linux.in | 4 ++--
@ -41,5 +41,5 @@ index c48af94..25e3c41 100644
fi
--
2.5.5
2.7.4

6
0039-Don-t-draw-a-border-around-the-menu.patch → 0040-Don-t-draw-a-border-around-the-menu.patch
View File

@ -1,7 +1,7 @@
From 3cb9a57c4bd888c7513700deb4026c86080778ff Mon Sep 17 00:00:00 2001
From fbd9d8969c059d6e5572b1acfa42ba48bc4299e2 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 16:47:33 -0400
Subject: [PATCH 39/89] Don't draw a border around the menu
Subject: [PATCH 40/87] Don't draw a border around the menu
It looks cleaner without it.
---
@ -70,5 +70,5 @@ index 452d55b..1ed2bd9 100644
grub_term_highlight_color = old_color_highlight;
geo->timeout_y = geo->first_entry_y + geo->num_entries
--
2.5.5
2.7.4

6
0040-Use-the-standard-margin-for-the-timeout-string.patch → 0041-Use-the-standard-margin-for-the-timeout-string.patch
View File

@ -1,7 +1,7 @@
From 06c049445cc4fd428072e849c3098796dc9becd7 Mon Sep 17 00:00:00 2001
From 3aeba4760755b9b263ed4ba60dc0431352b63fe7 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 10:52:32 -0400
Subject: [PATCH 40/89] Use the standard margin for the timeout string
Subject: [PATCH 41/87] Use the standard margin for the timeout string
So that it aligns with the other messages
---
@ -39,5 +39,5 @@ index 1ed2bd9..7681f7d 100644
}
--
2.5.5
2.7.4

6
0041-Add-.eh_frame-to-list-of-relocations-stripped.patch → 0042-Add-.eh_frame-to-list-of-relocations-stripped.patch
View File

@ -1,7 +1,7 @@
From 0b6d27b7407be21d753a66c09444ed8c19815854 Mon Sep 17 00:00:00 2001
From 333159a74035a726841c6c888f43d983a40ed959 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Mon, 13 Jan 2014 21:50:59 -0500
Subject: [PATCH 41/89] Add .eh_frame to list of relocations stripped
Subject: [PATCH 42/87] Add .eh_frame to list of relocations stripped
---
conf/Makefile.common | 2 +-
@ -21,5 +21,5 @@ index 11296b5..a476ab5 100644
CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
--
2.5.5
2.7.4

6
0042-Make-10_linux-work-with-our-changes-for-linux16-and-.patch → 0043-Make-10_linux-work-with-our-changes-for-linux16-and-.patch
View File

@ -1,7 +1,7 @@
From 48e48d6b9b6f75bf01a080272f260df7132ab9c7 Mon Sep 17 00:00:00 2001
From 5fa65416bae89efb88015e72cb21c28fe3833fc8 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Jan 2014 13:12:23 -0500
Subject: [PATCH 42/89] Make 10_linux work with our changes for linux16 and
Subject: [PATCH 43/87] Make 10_linux work with our changes for linux16 and
linuxefi on aarch64
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -81,5 +81,5 @@ index ef52cf3..191aebe 100644
for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
if test -e "${i}" ; then
--
2.5.5
2.7.4

6
0043-Don-t-print-during-fdt-loading-method.patch → 0044-Don-t-print-during-fdt-loading-method.patch
View File

@ -1,7 +1,7 @@
From 6b35fd42bdd803b1b38fd3b04eb642ff822b700f Mon Sep 17 00:00:00 2001
From e89fd78bb3f62064d930c82ad14cd490166d1a2c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Jan 2014 16:15:46 -0500
Subject: [PATCH 43/89] Don't print during fdt loading method.
Subject: [PATCH 44/87] Don't print during fdt loading method.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -23,5 +23,5 @@ index 191aebe..452a9f6 100644
EOF
fi
--
2.5.5
2.7.4

6
0044-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch → 0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch
View File

@ -1,7 +1,7 @@
From dd7c64ce04e1e95265b85163427bb8ff570c12f0 Mon Sep 17 00:00:00 2001
From 7683e149c587abf2d35de11c39ddb0810572b2e4 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 30 Jun 2014 14:16:46 -0400
Subject: [PATCH 44/89] Don't munge raw spaces when we're doing our cmdline
Subject: [PATCH 45/87] Don't munge raw spaces when we're doing our cmdline
escaping (#923374)
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -32,5 +32,5 @@ index 0a5b2af..970ea86 100644
{
*buf++ = *c++;
--
2.5.5
2.7.4

6
0045-Don-t-require-a-password-to-boot-entries-generated-b.patch → 0046-Don-t-require-a-password-to-boot-entries-generated-b.patch
View File

@ -1,7 +1,7 @@
From 84d97657cf6af3929cf8ff3c9faea002ac6d77c3 Mon Sep 17 00:00:00 2001
From 8a11a21d904e7e823ee6f17faedbf45a8e28044a Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 11 Feb 2014 11:14:50 -0500
Subject: [PATCH 45/89] Don't require a password to boot entries generated by
Subject: [PATCH 46/87] Don't require a password to boot entries generated by
grub-mkconfig.
When we set a password, we just want that to mean you can't /edit/ an entry.
@ -27,5 +27,5 @@ index 452a9f6..79a747e 100644
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS="$(sed 's, release .*$,,g' /etc/system-release)"
--
2.5.5
2.7.4

6
0046-Don-t-emit-Booting-.-message.patch → 0047-Don-t-emit-Booting-.-message.patch
View File

@ -1,7 +1,7 @@
From 72d44b7bd5aa2bff64d8a6e40d086dc51aab5684 Mon Sep 17 00:00:00 2001
From 5468ac6eef409220e59741ccf1073d92916cdddf Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 18 Feb 2014 09:37:49 -0500
Subject: [PATCH 46/89] Don't emit "Booting ..." message.
Subject: [PATCH 47/87] Don't emit "Booting ..." message.
UI team still hates this stuff, so we're disabling it for RHEL 7.
@ -48,5 +48,5 @@ index eeeee55..8349049 100644
errs_before = grub_err_printed_errors;
--
2.5.5
2.7.4

9
0047-May-as-well-try-it.patch → 0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch
View File

@ -1,8 +1,9 @@
From 1f68f3b40b8b476e95f29eac40c76dbba892cd17 Mon Sep 17 00:00:00 2001
From cce065ff19272aa908a293632a265211201d7237 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 4 Mar 2014 11:00:23 -0500
Subject: [PATCH 47/89] May as well try it.
Subject: [PATCH 48/87] Replace a lot of man pages with slightly nicer ones.
Replace a bunch of machine generated ones with ones that look nicer.
---
conf/Makefile.extra-dist | 1 -
configure.ac | 23 ++++++
@ -133,7 +134,7 @@ index b16bd92..39eb94b 100644
EXTRA_DIST += docs/grub.cfg
EXTRA_DIST += docs/osdetect.cfg
diff --git a/configure.ac b/configure.ac
index 21023ae..e976e85 100644
index ab9134c..9937a82 100644
--- a/configure.ac
+++ b/configure.ac
@@ -70,6 +70,29 @@ grub_TRANSFORM([grub-set-default])
@ -1958,5 +1959,5 @@ index 0000000..37ea2dd
+.SH SEE ALSO
+.BR "info grub"
--
2.5.5
2.7.4

6
0048-use-fw_path-prefix-when-fallback-searching-for-grub-.patch → 0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
View File

@ -1,7 +1,7 @@
From 4fd04da5eded81f854dd058f6435c4aef4f31f2d Mon Sep 17 00:00:00 2001
From c28ddef07d11d790d89ee6ec8e3a8cc7e1aace0d Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Wed, 19 Feb 2014 15:58:43 -0500
Subject: [PATCH 48/89] use fw_path prefix when fallback searching for grub
Subject: [PATCH 49/87] use fw_path prefix when fallback searching for grub
config
When PXE booting via UEFI firmware, grub was searching for grub.cfg
@ -41,5 +41,5 @@ index 0ce59fd..a3713ef 100644
{
grub_size_t config_len;
--
2.5.5
2.7.4

6
0049-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch → 0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
View File

@ -1,7 +1,7 @@
From f0925300caaea3344007689452e24a543fd6cf8a Mon Sep 17 00:00:00 2001
From 82812e4ade82c9aa4f2e8f091b60b714ecfd82e5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 6 Mar 2014 11:51:33 -0500
Subject: [PATCH 49/89] Try mac/guid/etc before grub.cfg on tftp config files.
Subject: [PATCH 50/87] Try mac/guid/etc before grub.cfg on tftp config files.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -110,5 +110,5 @@ index a3713ef..7d9c4f0 100644
else
grub_enter_normal_mode (argv[0]);
--
2.5.5
2.7.4

6
0050-Fix-convert-function-to-support-NVMe-devices.patch → 0051-Fix-convert-function-to-support-NVMe-devices.patch
View File

@ -1,7 +1,7 @@
From 31bfe8719af1e91099d8b56793ad175e3f4bd335 Mon Sep 17 00:00:00 2001
From b954efc0812579f973031b24c68a2f593bd89ba1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 18 Feb 2014 11:34:00 -0500
Subject: [PATCH 50/89] Fix convert function to support NVMe devices
Subject: [PATCH 51/87] Fix convert function to support NVMe devices
This is adapted from the patch at
https://bugzilla.redhat.com/show_bug.cgi?id=1019660 , which is against
@ -55,5 +55,5 @@ index 92c0d70..bf317a2 100644
return grub_util_devmapper_part_to_disk (&st, is_part, os_dev);
--
2.5.5
2.7.4

6
0051-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch → 0052-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch
View File

@ -1,7 +1,7 @@
From b6f8f9ef2dcde4ad9db1a270740ed60705c31e7b Mon Sep 17 00:00:00 2001
From 6900527741a21097f57a72854944f3e078a0ee42 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Mon, 10 Feb 2014 16:13:10 -0500
Subject: [PATCH 51/89] Switch to use APM Mustang device tree, for hardware
Subject: [PATCH 52/87] Switch to use APM Mustang device tree, for hardware
testing.
Signed-off-by: David A. Marlin <d.marlin@redhat.com>
@ -25,5 +25,5 @@ index 79a747e..462b461 100644
fi
done
--
2.5.5
2.7.4

6
0052-Use-the-default-device-tree-from-the-grub-default-fi.patch → 0053-Use-the-default-device-tree-from-the-grub-default-fi.patch
View File

@ -1,7 +1,7 @@
From 8b7bd5624770ad0aeef2c2f21d4e667bcef77e74 Mon Sep 17 00:00:00 2001
From 823290f622902f1ae06efa29efbe4ca15af1aafe Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Wed, 12 Feb 2014 14:54:04 -0500
Subject: [PATCH 52/89] Use the default device tree from the grub default file
Subject: [PATCH 53/87] Use the default device tree from the grub default file
instead of hardcoding a value.
@ -41,5 +41,5 @@ index 462b461..a9692a0 100644
fi
done
--
2.5.5
2.7.4

6
0053-reopen-SNP-protocol-for-exclusive-use-by-grub.patch → 0054-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
View File

@ -1,7 +1,7 @@
From 27e661936f8f001100c143036749a0e620d63cbf Mon Sep 17 00:00:00 2001
From e119353dad1eadc771a011f82bf90bd04fc00f9a Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Sat, 15 Feb 2014 15:10:22 -0500
Subject: [PATCH 53/89] reopen SNP protocol for exclusive use by grub
Subject: [PATCH 54/87] reopen SNP protocol for exclusive use by grub
---
grub-core/net/drivers/efi/efinet.c | 16 ++++++++++++++++
@ -42,5 +42,5 @@ index 5388f95..ea0e0ca 100644
}
}
--
2.5.5
2.7.4

18
0054-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch → 0055-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
View File

@ -1,14 +1,16 @@
From a78e0a65325ad61e378acbf8facc94497c519787 Mon Sep 17 00:00:00 2001
From 5d47b56198754190c62179ae10ef175c00d1474d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 7 Apr 2016 10:58:06 -0400
Subject: [PATCH 54/89] Revert "reopen SNP protocol for exclusive use by grub"
Date: Fri, 4 Mar 2016 15:13:59 -0500
Subject: [PATCH 55/87] Revert "reopen SNP protocol for exclusive use by grub"
I *think* this should have been replaced by upstream's
49426e9fd2e562c73a4f1206f32eff9e424a1a73, so I'm reverting for now.
This reverts commit a3f2c756ce34c9666bddef35e3b3b85ccecdcffc , which is
obsoleted by these:
May resolve rhbz#1251600 .
49426e9 efinet: open Simple Network Protocol exclusively
f348aee efinet: enable hardware filters when opening interface
c52ae40 efinet: skip virtual IPv4 and IPv6 devices when enumerating cards
This reverts commit 27e661936f8f001100c143036749a0e620d63cbf.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/net/drivers/efi/efinet.c | 16 ----------------
1 file changed, 16 deletions(-)
@ -48,5 +50,5 @@ index ea0e0ca..5388f95 100644
}
}
--
2.5.5
2.7.4

6
0055-Add-grub_util_readlink.patch → 0056-Add-grub_util_readlink.patch
View File

@ -1,7 +1,7 @@
From 2cca74e577dc886b099ba66b6ebb2d320587d1e3 Mon Sep 17 00:00:00 2001
From 5a69c7fbfff14bcea80e781fcd6acad07c904e22 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 3 Sep 2014 10:01:03 -0400
Subject: [PATCH 55/89] Add grub_util_readlink()
Subject: [PATCH 56/87] Add grub_util_readlink()
Add grub_util_readlink(). This requires pulling in stat and readlink from
gnulib, which pulls in stat and related headers, but after that the
@ -3730,5 +3730,5 @@ index 0000000..9852778
+ REPLACE_LOCALTIME=0; AC_SUBST([REPLACE_LOCALTIME])
+])
--
2.5.5
2.7.4

6
0056-Make-editenv-chase-symlinks-including-those-across-d.patch → 0057-Make-editenv-chase-symlinks-including-those-across-d.patch
View File

@ -1,7 +1,7 @@
From 265457ae86fae6837b05b7790ea734680434f13f Mon Sep 17 00:00:00 2001
From a867dc42c711385634d86f04176cf3193d548f1d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 3 Sep 2014 10:38:00 -0400
Subject: [PATCH 56/89] Make editenv chase symlinks including those across
Subject: [PATCH 57/87] Make editenv chase symlinks including those across
devices.
This lets us make /boot/grub2/grubenv a symlink to
@ -102,5 +102,5 @@ index c6f8d22..d8d1dad 100644
+ free (rename_target);
}
--
2.5.5
2.7.4

6
0057-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch → 0058-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
View File

@ -1,7 +1,7 @@
From e0e8ef8a46fbc9009129e5598fb977f08260e250 Mon Sep 17 00:00:00 2001
From 14b8db374bfc41fffa278ec33084324008384417 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 14:23:23 -0400
Subject: [PATCH 57/89] Generate OS and CLASS in 10_linux from /etc/os-release
Subject: [PATCH 58/87] Generate OS and CLASS in 10_linux from /etc/os-release
This makes us use pretty names in the titles we generate in
grub2-mkconfig when GRUB_DISTRIBUTOR isn't set.
@ -28,5 +28,5 @@ index a9692a0..c662726 100644
OS="${GRUB_DISTRIBUTOR}"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
--
2.5.5
2.7.4

24
0058-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch → 0059-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch
View File

@ -1,7 +1,7 @@
From ef7d69e6362a0204349c4097913d8cff1c944b44 Mon Sep 17 00:00:00 2001
From 700c631b4c887778951503346afe5b7ee70bf7dd Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 15:52:08 -0400
Subject: [PATCH 58/89] Minimize the sort ordering for .debug and -rescue-
Subject: [PATCH 59/87] Minimize the sort ordering for .debug and -rescue-
kernels.
Resolves: rhbz#1065360
@ -11,24 +11,24 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 8 insertions(+)
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index cf35e41..38dbcee 100644
index cf35e41..10fabee 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -248,6 +248,14 @@ version_test_gt ()
*.old:*.old) ;;
*.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;;
*:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;;
+ *-rescue-*:*-rescue-*) ;;
+ *.debug:*.debug) ;;
+ *-rescue-*:*.debug) return 1 ;;
+ *.debug:*-rescue-*) return 0 ;;
+ *-rescue-*:*) return 1 ;;
+ *:*-rescue-*) return 0 ;;
+ *.debug:*) return 1 ;;
+ *:*.debug) return 0 ;;
+ *-rescue*:*-rescue*) ;;
+ *?debug:*?debug) ;;
+ *-rescue*:*?debug) return 1 ;;
+ *?debug:*-rescue*) return 0 ;;
+ *-rescue*:*) return 1 ;;
+ *:*-rescue*) return 0 ;;
+ *?debug:*) return 1 ;;
+ *:*?debug) return 0 ;;
esac
version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b"
return "$?"
--
2.5.5
2.7.4

15
0059-Load-arm-with-SB-enabled.patch → 0060-Load-arm-with-SB-enabled.patch
View File

@ -1,7 +1,7 @@
From 9450fbbbb6ac6a9973a3e6d85477afe0ded656c8 Mon Sep 17 00:00:00 2001
From cae0d2cdb28017df75358e0839c60a9c2521cb82 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 18 Sep 2014 11:26:14 -0400
Subject: [PATCH 59/89] Load arm with SB enabled.
Subject: [PATCH 60/87] Load arm with SB enabled.
Make sure we actually try to validate secure boot on this platform (even
though we're not shipping it enabled by default.)
@ -12,11 +12,11 @@ is enabled.
---
grub-core/Makefile.core.def | 3 +
grub-core/loader/arm64/linux.c | 117 ++++++++++++++++++++------------------
grub-core/loader/efi/linux.c | 66 +++++++++++++++++++++
grub-core/loader/efi/linux.c | 65 +++++++++++++++++++++
grub-core/loader/i386/efi/linux.c | 39 +------------
include/grub/arm64/linux.h | 7 +++
include/grub/efi/linux.h | 31 ++++++++++
6 files changed, 172 insertions(+), 91 deletions(-)
6 files changed, 171 insertions(+), 91 deletions(-)
create mode 100644 grub-core/loader/efi/linux.c
create mode 100644 include/grub/efi/linux.h
@ -226,10 +226,10 @@ index 9519d2e..4756ef7 100644
if (!linux_args)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
new file mode 100644
index 0000000..8634578
index 0000000..aea378a
--- /dev/null
+++ b/grub-core/loader/efi/linux.c
@@ -0,0 +1,66 @@
@@ -0,0 +1,65 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2014 Free Software Foundation, Inc.
@ -295,7 +295,6 @@ index 0000000..8634578
+
+ return GRUB_ERR_BUG;
+}
+
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index b79e632..e5b7785 100644
--- a/grub-core/loader/i386/efi/linux.c
@ -425,5 +424,5 @@ index 0000000..d9ede36
+
+#endif /* ! GRUB_EFI_LINUX_HEADER */
--
2.5.5
2.7.4

10
0060-Try-prefix-if-fw_path-doesn-t-work.patch → 0061-Try-prefix-if-fw_path-doesn-t-work.patch
View File

@ -1,7 +1,7 @@
From 2218efcd483112983b1bff2a3c7f232a2279a00f Mon Sep 17 00:00:00 2001
From d255a98813193eb2c23f9217106b121278843023 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 3 Oct 2014 11:08:03 -0400
Subject: [PATCH 60/89] Try $prefix if $fw_path doesn't work.
Subject: [PATCH 61/87] Try $prefix if $fw_path doesn't work.
Related: rhbz#1148652
@ -57,10 +57,10 @@ index 8a3ecd5..8efa1a6 100644
}
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index e53d9a0..9af9a1f 100644
index 0769bf8..16d2ce0 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -1840,7 +1840,7 @@ grub_net_search_configfile (char *config)
@@ -1850,7 +1850,7 @@ grub_net_search_configfile (char *config)
/* Remove the remaining minus sign at the end. */
config[config_len] = '\0';
@ -207,5 +207,5 @@ index 7d9c4f0..b69f9e7 100644
}
--
2.5.5
2.7.4

8
0061-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch → 0062-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch
View File

@ -1,7 +1,7 @@
From adafd393d61acdfdda0217740748233318b6a0e8 Mon Sep 17 00:00:00 2001
From 8e6fc0ea14aa01817cc9103ffd5e328a78e56857 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 27 Oct 2014 09:22:55 -0400
Subject: [PATCH 61/89] Try to emit linux16/initrd16 and linuxefi/initrdefi in
Subject: [PATCH 62/87] Try to emit linux16/initrd16 and linuxefi/initrdefi in
30-os_prober.
Resolves: rhbz#1108296
@ -12,7 +12,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 515a68c..9d9b9de 100644
index 9b8f596..dc98eac 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -141,6 +141,28 @@ for OS in ${OSPROBED} ; do
@ -73,5 +73,5 @@ index 515a68c..9d9b9de 100644
fi
cat << EOF
--
2.5.5
2.7.4

6
0062-Make-grub2-mkconfig-construct-titles-that-look-like-.patch → 0063-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
View File

@ -1,7 +1,7 @@
From 3c30052fb24e5f4cd4d9e1ab86ec107f90e54cc6 Mon Sep 17 00:00:00 2001
From b6e3ffe7ae7e4222cc15876cb72c691112f3c4b0 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 28 Apr 2015 11:15:03 -0400
Subject: [PATCH 62/89] Make grub2-mkconfig construct titles that look like the
Subject: [PATCH 63/87] Make grub2-mkconfig construct titles that look like the
ones we want elsewhere.
Resolves: rhbz#1215839
@ -50,5 +50,5 @@ index c662726..1215241 100644
echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
else
--
2.5.5
2.7.4

43
0063-Make-rescue-and-debug-entries-sort-right-again-in-gr.patch
View File

@ -1,43 +0,0 @@
From 3debfb747ba8b289514dd399a0af6f47897c1913 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 28 Apr 2015 11:17:02 -0400
Subject: [PATCH 63/89] Make rescue and debug entries sort right /again/ in
grub2-mkconfig.
Related: rhbz#12145839
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub-mkconfig_lib.in | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 38dbcee..10fabee 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -248,14 +248,14 @@ version_test_gt ()
*.old:*.old) ;;
*.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;;
*:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;;
- *-rescue-*:*-rescue-*) ;;
- *.debug:*.debug) ;;
- *-rescue-*:*.debug) return 1 ;;
- *.debug:*-rescue-*) return 0 ;;
- *-rescue-*:*) return 1 ;;
- *:*-rescue-*) return 0 ;;
- *.debug:*) return 1 ;;
- *:*.debug) return 0 ;;
+ *-rescue*:*-rescue*) ;;
+ *?debug:*?debug) ;;
+ *-rescue*:*?debug) return 1 ;;
+ *?debug:*-rescue*) return 0 ;;
+ *-rescue*:*) return 1 ;;
+ *:*-rescue*) return 0 ;;
+ *?debug:*) return 1 ;;
+ *:*?debug) return 0 ;;
esac
version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b"
return "$?"
--
2.5.5

6
0064-Update-info-with-grub.cfg-netboot-selection-order-11.patch
View File

@ -1,7 +1,7 @@
From 06b2144858484c69f77387211ffeac90b590c409 Mon Sep 17 00:00:00 2001
From c4be6106eae8c1b479c325f531a1f81188f400e8 Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Mon, 16 Mar 2015 16:34:51 -0400
Subject: [PATCH 64/89] Update info with grub.cfg netboot selection order
Subject: [PATCH 64/87] Update info with grub.cfg netboot selection order
(#1148650)
Added documentation to the grub info page that specifies the order
@ -66,5 +66,5 @@ index 98d4d0d..4c6323b 100644
@samp{(tftp)} device.
--
2.5.5
2.7.4

10
0065-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch
View File

@ -1,7 +1,7 @@
From c448414b19a09f4f2815e8a65de4e3d1a8e65330 Mon Sep 17 00:00:00 2001
From 11abe391636d0819902357591aebf0ea01b88130 Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Mon, 16 Mar 2015 14:14:19 -0400
Subject: [PATCH 65/89] Use Distribution Package Sort for grub2-mkconfig
Subject: [PATCH 65/87] Use Distribution Package Sort for grub2-mkconfig
(#1124074)
Users reported that newly installed kernels on their systems installed
@ -61,7 +61,7 @@ index 2061104..d846b81 100644
name = grub-mkconfig;
common = util/grub-mkconfig.in;
diff --git a/configure.ac b/configure.ac
index e976e85..ad2cff3 100644
index 9937a82..d5e8d90 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath])
@ -80,7 +80,7 @@ index e976e85..ad2cff3 100644
grub_TRANSFORM([grub-reboot.3])
grub_TRANSFORM([grub-render-label.3])
grub_TRANSFORM([grub-script-check.3])
@@ -1742,6 +1744,33 @@ fi
@@ -1743,6 +1745,33 @@ fi
AC_SUBST([LIBDEVMAPPER])
@ -456,5 +456,5 @@ index 0000000..f33bd1e
+ return 0;
+}
--
2.5.5
2.7.4

16
0066-Add-friendly-grub2-password-config-tool-985962.patch
View File

@ -1,7 +1,7 @@
From 0a0766bc5edf53ea319126c8582b2568303c4c8d Mon Sep 17 00:00:00 2001
From f7574b40f89ded29d82e5cfdb7494f8884bc1cdb Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Thu, 25 Jun 2015 11:13:11 -0400
Subject: [PATCH 66/89] Add friendly grub2 password config tool (#985962)
Subject: [PATCH 66/87] Add friendly grub2 password config tool (#985962)
Provided a tool for users to reset the grub2 root user password
without having to alter the grub.cfg. The hashed password now
@ -65,7 +65,7 @@ index d846b81..226c46b 100644
common = util/grub-mkconfig_lib.in;
installdir = noinst;
diff --git a/configure.ac b/configure.ac
index ad2cff3..627c146 100644
index d5e8d90..67ff20c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath])
@ -91,7 +91,7 @@ index 9d595ac..fb87247 100644
echo
diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
new file mode 100644
index 0000000..5973abe
index 0000000..49200a8
--- /dev/null
+++ b/util/grub-setpassword.8
@@ -0,0 +1,28 @@
@ -106,7 +106,7 @@ index 0000000..5973abe
+\fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user.
+
+The file has the format:
+GRUB_2PASSWORD=<\fIhashed password\fR>.
+GRUB2_PASSWORD=<\fIhashed password\fR>.
+
+.SH OPTIONS
+.TP
@ -254,7 +254,7 @@ index 0000000..dd76f00
+echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg"
diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in
new file mode 100644
index 0000000..facd409
index 0000000..db2f44b
--- /dev/null
+++ b/util/grub.d/01_users.in
@@ -0,0 +1,11 @@
@ -262,7 +262,7 @@ index 0000000..facd409
+cat << EOF
+if [ -f \${prefix}/user.cfg ]; then
+ source \${prefix}/user.cfg
+ if [ -n \${GRUB2_PASSWORD} ]; then
+ if [ -n "\${GRUB2_PASSWORD}" ]; then
+ set superusers="root"
+ export superusers
+ password_pbkdf2 root \${GRUB2_PASSWORD}
@ -270,5 +270,5 @@ index 0000000..facd409
+fi
+EOF
--
2.5.5
2.7.4

6
0067-Fix-race-in-EFI-validation.patch
View File

@ -1,7 +1,7 @@
From 8c9e77f5664df793aa6e38a04d0be519d8061ebf Mon Sep 17 00:00:00 2001
From a605e7af01dc697021b96fe6fbaf92ef3fca017c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 14 Jul 2015 16:58:51 -0700
Subject: [PATCH 67/89] Fix race in EFI validation
Subject: [PATCH 67/87] Fix race in EFI validation
---
grub-core/loader/i386/efi/linux.c | 44 ++++++++++-----------------------------
@ -93,5 +93,5 @@ index e5b7785..7ccf32d 100644
{
grub_dl_unref (my_mod);
--
2.5.5
2.7.4

6
0068-ppc64le-sync-mkconfig-to-disk-1212114.patch
View File

@ -1,7 +1,7 @@
From 1ef61c2257c1fc19d35346f6c47c0c4d8b184783 Mon Sep 17 00:00:00 2001
From 63efe6a207f59ffa9e55cc10a0aed272f3571227 Mon Sep 17 00:00:00 2001
From: Don Zickus <dzickus@redhat.com>
Date: Wed, 22 Jul 2015 13:59:55 -0400
Subject: [PATCH 68/89] ppc64le sync mkconfig to disk (#1212114)
Subject: [PATCH 68/87] ppc64le sync mkconfig to disk (#1212114)
If creating a new grub2 entry using grub2-mkconfig, the entry is not
immediately sync'd to disk. If a crash happens before the writeback,
@ -38,5 +38,5 @@ index fb87247..73a18f7 100644
+ sync && mountpoint -q /boot &&fsfreeze -f /boot && fsfreeze -u /boot
+fi
--
2.5.5
2.7.4

6
0069-Use-device-part-of-chainloader-target-if-present.patch
View File

@ -1,7 +1,7 @@
From 8c140c6ed73af6c0a39619dab7f50a4c1bc6ac66 Mon Sep 17 00:00:00 2001
From 9d47b2c482b6db238c99fe106f4b2e3c612f3a91 Mon Sep 17 00:00:00 2001
From: Raymund Will <rw@suse.com>
Date: Fri, 10 Apr 2015 01:45:02 -0400
Subject: [PATCH 69/89] Use device part of chainloader target, if present.
Subject: [PATCH 69/87] Use device part of chainloader target, if present.
Otherwise chainloading is restricted to '$root', which might not even
be readable by EFI!
@ -33,5 +33,5 @@ index 522a716..6b47497 100644
goto fail;
--
2.5.5
2.7.4

6
0070-Add-secureboot-support-on-efi-chainloader.patch
View File

@ -1,7 +1,7 @@
From abaf10c18b70eede23dd6fcc7398835fac9cd2ce Mon Sep 17 00:00:00 2001
From 9cbf35d19f4ffafdf2683acf7b6a320b55bbdfca Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 6 Oct 2015 13:04:37 -0400
Subject: [PATCH 70/89] Add secureboot support on efi chainloader
Subject: [PATCH 70/87] Add secureboot support on efi chainloader
Expand the chainloader to be able to verify the image by means of shim
lock protocol. The PE/COFF image is loaded and relocated by the
@ -796,5 +796,5 @@ index f79c36c..f79782e 100644
{
grub_uint32_t page_rva;
--
2.5.5
2.7.4

53
0071-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch
View File

@ -1,7 +1,7 @@
From 50f24247c94609c146042aa1a260267b2abba412 Mon Sep 17 00:00:00 2001
From c1d31b6a26e5542142d569c94a70f1dc8e07afd6 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 6 Oct 2015 16:09:25 -0400
Subject: [PATCH 71/89] Make any of the loaders that link in efi mode honor
Subject: [PATCH 71/87] Make any of the loaders that link in efi mode honor
secure boot.
And in this case "honor" means "even if somebody does link this in, they
@ -24,11 +24,17 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
grub-core/loader/xnu.c | 7 +++++
include/grub/efi/efi.h | 1 -
include/grub/efi/sb.h | 29 +++++++++++++++++++
include/grub/powerpc/linux.h | 23 +++++++++++++++
16 files changed, 169 insertions(+), 29 deletions(-)
include/grub/ia64/linux.h | 0
include/grub/mips/linux.h | 0
include/grub/powerpc/linux.h | 0
include/grub/sparc64/linux.h | 0
19 files changed, 146 insertions(+), 29 deletions(-)
create mode 100644 grub-core/kern/efi/sb.c
create mode 100644 include/grub/efi/sb.h
create mode 100644 include/grub/ia64/linux.h
create mode 100644 include/grub/mips/linux.h
create mode 100644 include/grub/powerpc/linux.h
create mode 100644 include/grub/sparc64/linux.h
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index 04e9395..fd715a8 100644
@ -471,35 +477,18 @@ index 0000000..9629fbb
+int EXPORT_FUNC (grub_efi_secure_boot) (void);
+
+#endif /* ! GRUB_EFI_SB_HEADER */
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
new file mode 100644
index 0000000..e69de29
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
new file mode 100644
index 0000000..e69de29
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
new file mode 100644
index 0000000..6cecb2e
--- /dev/null
+++ b/include/grub/powerpc/linux.h
@@ -0,0 +1,23 @@
+/* linux.h - PowerPC linux specific definitions */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2013 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_LINUX_CPU_HEADER
+#define GRUB_LINUX_CPU_HEADER 1
+
+#endif /* ! GRUB_LINUX_CPU_HEADER */
index 0000000..e69de29
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
new file mode 100644
index 0000000..e69de29
--
2.5.5
2.7.4

6
0072-Fix-security-issue-when-reading-username-and-passwor.patch
View File

@ -1,7 +1,7 @@
From 6c7c6069398cc5e1affa51f4f2ccf515c5f9908f Mon Sep 17 00:00:00 2001
From 5a0d703884a73f93a68753c6ed64bdf08797c82a Mon Sep 17 00:00:00 2001
From: Hector Marco-Gisbert <hecmargi@upv.es>
Date: Fri, 13 Nov 2015 16:21:09 +0100
Subject: [PATCH 72/89] Fix security issue when reading username and password
Subject: [PATCH 72/87] Fix security issue when reading username and password
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
@ -43,5 +43,5 @@ index 7338f82..6d6dc7d 100644
if (cur_len)
{
--
2.5.5
2.7.4

44
0073-01_users-Handle-GRUB_PASSWORD-better.patch
View File

@ -1,44 +0,0 @@
From 59e628d70d795e2cc7aafad78aba4ef5d5006160 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 4 Dec 2015 09:28:38 -0500
Subject: [PATCH 73/89] 01_users: Handle GRUB_PASSWORD better.
Only handle GRUB2_PASSWORD not GRUB_PASSWORD.
Related: rhbz#1284370
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub-setpassword.8 | 2 +-
util/grub.d/01_users.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
index 5973abe..49200a8 100644
--- a/util/grub-setpassword.8
+++ b/util/grub-setpassword.8
@@ -9,7 +9,7 @@
\fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user.
The file has the format:
-GRUB_2PASSWORD=<\fIhashed password\fR>.
+GRUB2_PASSWORD=<\fIhashed password\fR>.
.SH OPTIONS
.TP
diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in
index facd409..db2f44b 100644
--- a/util/grub.d/01_users.in
+++ b/util/grub.d/01_users.in
@@ -2,7 +2,7 @@
cat << EOF
if [ -f \${prefix}/user.cfg ]; then
source \${prefix}/user.cfg
- if [ -n \${GRUB2_PASSWORD} ]; then
+ if [ -n "\${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root \${GRUB2_PASSWORD}
--
2.5.5

175
0073-Make-grub_fatal-also-backtrace.patch Normal file
View File

@ -0,0 +1,175 @@
From c37a4f02e5fd0c3aa5f54baaeaf32eed0e3c110b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 27 Jan 2016 09:22:42 -0500
Subject: [PATCH 73/87] Make grub_fatal() also backtrace.
---
grub-core/Makefile.core.def | 3 ++
grub-core/kern/misc.c | 8 +++++-
grub-core/lib/arm64/backtrace.c | 62 +++++++++++++++++++++++++++++++++++++++++
grub-core/lib/backtrace.c | 2 ++
grub-core/lib/i386/backtrace.c | 14 +++++++++-
5 files changed, 87 insertions(+), 2 deletions(-)
create mode 100644 grub-core/lib/arm64/backtrace.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index ac195d1..990e41b 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -157,6 +157,9 @@ kernel = {
softdiv = lib/division.c;
+ x86 = lib/i386/backtrace.c;
+ x86 = lib/backtrace.c;
+
i386 = kern/i386/dl.c;
i386_xen = kern/i386/dl.c;
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 81be344..d7dcd97 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -24,6 +24,7 @@
#include <grub/term.h>
#include <grub/env.h>
#include <grub/i18n.h>
+#include <grub/backtrace.h>
union printf_arg
{
@@ -1087,8 +1088,13 @@ grub_xasprintf (const char *fmt, ...)
static void __attribute__ ((noreturn))
grub_abort (void)
{
+#ifndef GRUB_UTIL
+#if defined(__i386__) || defined(__x86_64__)
+ grub_backtrace();
+#endif
+#endif
grub_printf ("\nAborted.");
-
+
#ifndef GRUB_UTIL
if (grub_term_inputs)
#endif
diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c
new file mode 100644
index 0000000..1079b53
--- /dev/null
+++ b/grub-core/lib/arm64/backtrace.c
@@ -0,0 +1,62 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/misc.h>
+#include <grub/command.h>
+#include <grub/err.h>
+#include <grub/dl.h>
+#include <grub/mm.h>
+#include <grub/term.h>
+#include <grub/backtrace.h>
+
+#define MAX_STACK_FRAME 102400
+
+void
+grub_backtrace_pointer (int frame)
+{
+ while (1)
+ {
+ void *lp = __builtin_return_address (frame);
+ if (!lp)
+ break;
+
+ lp = __builtin_extract_return_addr (lp);
+
+ grub_printf ("%p: ", lp);
+ grub_backtrace_print_address (lp);
+ grub_printf (" (");
+ for (i = 0; i < 2; i++)
+ grub_printf ("%p,", ((void **)ptr) [i + 2]);
+ grub_printf ("%p)\n", ((void **)ptr) [i + 2]);
+ nptr = *(void **)ptr;
+ if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME
+ || nptr == ptr)
+ {
+ grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr);
+ break;
+ }
+ ptr = nptr;
+ }
+}
+
+void
+grub_backtrace (void)
+{
+ grub_backtrace_pointer (1);
+}
+
diff --git a/grub-core/lib/backtrace.c b/grub-core/lib/backtrace.c
index 825a880..c0ad6ab 100644
--- a/grub-core/lib/backtrace.c
+++ b/grub-core/lib/backtrace.c
@@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
void
grub_backtrace_print_address (void *addr)
{
+#ifndef GRUB_UTIL
grub_dl_t mod;
FOR_DL_MODULES (mod)
@@ -44,6 +45,7 @@ grub_backtrace_print_address (void *addr)
}
}
+#endif
grub_printf ("%p", addr);
}
diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c
index c3e03c7..c67273d 100644
--- a/grub-core/lib/i386/backtrace.c
+++ b/grub-core/lib/i386/backtrace.c
@@ -15,11 +15,23 @@
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <config.h>
+#ifdef GRUB_UTIL
+#define REALLY_GRUB_UTIL GRUB_UTIL
+#undef GRUB_UTIL
+#endif
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+#ifdef REALLY_GRUB_UTIL
+#define GRUB_UTIL REALLY_GRUB_UTIL
+#undef REALLY_GRUB_UTIL
+#endif
#include <grub/misc.h>
#include <grub/command.h>
#include <grub/err.h>
-#include <grub/dl.h>
#include <grub/mm.h>
#include <grub/term.h>
#include <grub/backtrace.h>
--
2.7.4

789
0074-Core-TPM-support.patch
View File

@ -1,789 +0,0 @@
From 41608d2581dda4672d6a41c931d0b08fefe6308b Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 14 Jul 2015 17:06:35 -0700
Subject: [PATCH 74/89] Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 3 +
grub-core/kern/dl.c | 3 +
grub-core/kern/efi/tpm.c | 282 +++++++++++++++++++++++++++++++++++++++++++
grub-core/kern/i386/pc/tpm.c | 132 ++++++++++++++++++++
grub-core/kern/tpm.c | 13 ++
include/grub/efi/tpm.h | 153 +++++++++++++++++++++++
include/grub/tpm.h | 91 ++++++++++++++
8 files changed, 678 insertions(+)
create mode 100644 grub-core/kern/efi/tpm.c
create mode 100644 grub-core/kern/i386/pc/tpm.c
create mode 100644 grub-core/kern/tpm.c
create mode 100644 include/grub/efi/tpm.h
create mode 100644 include/grub/tpm.h
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index fd715a8..d082933 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -93,6 +93,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/tpm.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h
if COND_i386_pc
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index ac195d1..9af5479 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -126,6 +126,7 @@ kernel = {
common = kern/rescue_parser.c;
common = kern/rescue_reader.c;
common = kern/term.c;
+ common = kern/tpm.c;
noemu = kern/compiler-rt.c;
noemu = kern/mm.c;
@@ -174,6 +175,7 @@ kernel = {
efi = kern/acpi.c;
efi = kern/efi/acpi.c;
efi = lib/envblk.c;
+ efi = kern/efi/tpm.c;
i386_coreboot = kern/i386/pc/acpi.c;
i386_multiboot = kern/i386/pc/acpi.c;
i386_coreboot = kern/acpi.c;
@@ -219,6 +221,7 @@ kernel = {
i386_pc = kern/i386/pc/init.c;
i386_pc = kern/i386/pc/mmap.c;
+ i386_pc = kern/i386/pc/tpm.c;
i386_pc = term/i386/pc/console.c;
i386_qemu = bus/pci.c;
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 04e804d..247cd0a 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -32,6 +32,7 @@
#include <grub/env.h>
#include <grub/cache.h>
#include <grub/i18n.h>
+#include <grub/tpm.h>
/* Platforms where modules are in a readonly area of memory. */
#if defined(GRUB_MACHINE_QEMU)
@@ -733,6 +734,8 @@ grub_dl_load_file (const char *filename)
opens of the same device. */
grub_file_close (file);
+ grub_tpm_measure(core, size, GRUB_TPM_PCR, filename);
+
mod = grub_dl_load_core (core, size);
grub_free (core);
if (! mod)
diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
new file mode 100644
index 0000000..c9fb3c1
--- /dev/null
+++ b/grub-core/kern/efi/tpm.c
@@ -0,0 +1,282 @@
+#include <grub/err.h>
+#include <grub/i18n.h>
+#include <grub/efi/api.h>
+#include <grub/efi/efi.h>
+#include <grub/efi/tpm.h>
+#include <grub/mm.h>
+#include <grub/tpm.h>
+#include <grub/term.h>
+
+static grub_efi_guid_t tpm_guid = EFI_TPM_GUID;
+static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID;
+
+static grub_efi_boolean_t grub_tpm_present(grub_efi_tpm_protocol_t *tpm)
+{
+ grub_efi_status_t status;
+ TCG_EFI_BOOT_SERVICE_CAPABILITY caps;
+ grub_uint32_t flags;
+ grub_efi_physical_address_t eventlog, lastevent;
+
+ caps.Size = (grub_uint8_t)sizeof(caps);
+
+ status = efi_call_5(tpm->status_check, tpm, &caps, &flags, &eventlog,
+ &lastevent);
+
+ if (status != GRUB_EFI_SUCCESS || caps.TPMDeactivatedFlag
+ || !caps.TPMPresentFlag)
+ return 0;
+
+ return 1;
+}
+
+static grub_efi_boolean_t grub_tpm2_present(grub_efi_tpm2_protocol_t *tpm)
+{
+ grub_efi_status_t status;
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
+
+ caps.Size = (grub_uint8_t)sizeof(caps);
+
+ status = efi_call_2(tpm->get_capability, tpm, &caps);
+
+ if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
+ return 0;
+
+ return 1;
+}
+
+static grub_efi_boolean_t grub_tpm_handle_find(grub_efi_handle_t *tpm_handle,
+ grub_efi_uint8_t *protocol_version)
+{
+ grub_efi_handle_t *handles;
+ grub_efi_uintn_t num_handles;
+
+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm_guid, NULL,
+ &num_handles);
+ if (handles && num_handles > 0) {
+ *tpm_handle = handles[0];
+ *protocol_version = 1;
+ return 1;
+ }
+
+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL,
+ &num_handles);
+ if (handles && num_handles > 0) {
+ *tpm_handle = handles[0];
+ *protocol_version = 2;
+ return 1;
+ }
+
+ return 0;
+}
+
+static grub_err_t
+grub_tpm1_execute(grub_efi_handle_t tpm_handle,
+ PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ grub_efi_status_t status;
+ grub_efi_tpm_protocol_t *tpm;
+ grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn);
+ grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut);
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm_present(tpm))
+ return 0;
+
+ /* UEFI TPM protocol takes the raw operand block, no param block header */
+ status = efi_call_5 (tpm->pass_through_to_tpm, tpm,
+ inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn,
+ outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+static grub_err_t
+grub_tpm2_execute(grub_efi_handle_t tpm_handle,
+ PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ grub_efi_status_t status;
+ grub_efi_tpm2_protocol_t *tpm;
+ grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn);
+ grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut);
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm2_present(tpm))
+ return 0;
+
+ /* UEFI TPM protocol takes the raw operand block, no param block header */
+ status = efi_call_5 (tpm->submit_command, tpm,
+ inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn,
+ outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+grub_err_t
+grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_uint8_t protocol_version;
+
+ /* It's not a hard failure for there to be no TPM */
+ if (!grub_tpm_handle_find(&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1) {
+ return grub_tpm1_execute(tpm_handle, inbuf, outbuf);
+ } else {
+ return grub_tpm2_execute(tpm_handle, inbuf, outbuf);
+ }
+}
+
+typedef struct {
+ grub_uint32_t pcrindex;
+ grub_uint32_t eventtype;
+ grub_uint8_t digest[20];
+ grub_uint32_t eventsize;
+ grub_uint8_t event[1];
+} Event;
+
+
+static grub_err_t
+grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ Event *event;
+ grub_efi_status_t status;
+ grub_efi_tpm_protocol_t *tpm;
+ grub_efi_physical_address_t lastevent;
+ grub_uint32_t algorithm;
+ grub_uint32_t eventnum = 0;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm_present(tpm))
+ return 0;
+
+ event = grub_zalloc(sizeof (Event) + grub_strlen(description) + 1);
+ if (!event)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate TPM event buffer"));
+
+ event->pcrindex = pcr;
+ event->eventtype = EV_IPL;
+ event->eventsize = grub_strlen(description) + 1;
+ grub_memcpy(event->event, description, event->eventsize);
+
+ algorithm = TCG_ALG_SHA;
+ status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
+ algorithm, event, &eventnum, &lastevent);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+static grub_err_t
+grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ EFI_TCG2_EVENT *event;
+ grub_efi_status_t status;
+ grub_efi_tpm2_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm2_present(tpm))
+ return 0;
+
+ event = grub_zalloc(sizeof (EFI_TCG2_EVENT) + grub_strlen(description) + 1);
+ if (!event)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate TPM event buffer"));
+
+ event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
+ event->Header.HeaderVersion = 1;
+ event->Header.PCRIndex = pcr;
+ event->Header.EventType = EV_IPL;
+ event->Size = sizeof(*event) - sizeof(event->Event) + grub_strlen(description) + 1;
+ grub_memcpy(event->Event, description, grub_strlen(description) + 1);
+
+ status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
+ (grub_uint64_t) size, event);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+grub_err_t
+grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+
+ if (!grub_tpm_handle_find(&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1) {
+ return grub_tpm1_log_event(tpm_handle, buf, size, pcr, description);
+ } else {
+ return grub_tpm2_log_event(tpm_handle, buf, size, pcr, description);
+ }
+}
diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
new file mode 100644
index 0000000..8c6c1e6
--- /dev/null
+++ b/grub-core/kern/i386/pc/tpm.c
@@ -0,0 +1,132 @@
+#include <grub/err.h>
+#include <grub/i18n.h>
+#include <grub/mm.h>
+#include <grub/tpm.h>
+#include <grub/misc.h>
+#include <grub/i386/pc/int.h>
+
+#define TCPA_MAGIC 0x41504354
+
+int tpm_present(void);
+
+int tpm_present(void)
+{
+ struct grub_bios_int_registers regs;
+
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ regs.eax = 0xbb00;
+ regs.ebx = TCPA_MAGIC;
+ grub_bios_interrupt (0x1a, &regs);
+
+ if (regs.eax == 0)
+ return 1;
+
+ return 0;
+}
+
+grub_err_t
+grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ struct grub_bios_int_registers regs;
+ grub_addr_t inaddr, outaddr;
+
+ if (!tpm_present())
+ return 0;
+
+ inaddr = (grub_addr_t) inbuf;
+ outaddr = (grub_addr_t) outbuf;
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ regs.eax = 0xbb02;
+ regs.ebx = TCPA_MAGIC;
+ regs.ecx = 0;
+ regs.edx = 0;
+ regs.es = (inaddr & 0xffff0000) >> 4;
+ regs.edi = inaddr & 0xffff;
+ regs.ds = outaddr >> 4;
+ regs.esi = outaddr & 0xf;
+
+ grub_bios_interrupt (0x1a, &regs);
+
+ if (regs.eax)
+ return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
+
+ return 0;
+}
+
+typedef struct {
+ grub_uint32_t pcrindex;
+ grub_uint32_t eventtype;
+ grub_uint8_t digest[20];
+ grub_uint32_t eventdatasize;
+ grub_uint8_t event[0];
+} GRUB_PACKED Event;
+
+typedef struct {
+ grub_uint16_t ipblength;
+ grub_uint16_t reserved;
+ grub_uint32_t hashdataptr;
+ grub_uint32_t hashdatalen;
+ grub_uint32_t pcr;
+ grub_uint32_t reserved2;
+ grub_uint32_t logdataptr;
+ grub_uint32_t logdatalen;
+} GRUB_PACKED EventIncoming;
+
+typedef struct {
+ grub_uint16_t opblength;
+ grub_uint16_t reserved;
+ grub_uint32_t eventnum;
+ grub_uint8_t hashvalue[20];
+} GRUB_PACKED EventOutgoing;
+
+grub_err_t
+grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ struct grub_bios_int_registers regs;
+ EventIncoming incoming;
+ EventOutgoing outgoing;
+ Event *event;
+ grub_uint32_t datalength;
+
+ if (!tpm_present())
+ return 0;
+
+ datalength = grub_strlen(description);
+ event = grub_zalloc(datalength + sizeof(Event));
+ if (!event)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate TPM event buffer"));
+
+ event->pcrindex = pcr;
+ event->eventtype = 0x0d;
+ event->eventdatasize = grub_strlen(description);
+ grub_memcpy(event->event, description, datalength);
+
+ incoming.ipblength = sizeof(incoming);
+ incoming.hashdataptr = (grub_uint32_t)buf;
+ incoming.hashdatalen = size;
+ incoming.pcr = pcr;
+ incoming.logdataptr = (grub_uint32_t)event;
+ incoming.logdatalen = datalength + sizeof(Event);
+
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ regs.eax = 0xbb01;
+ regs.ebx = TCPA_MAGIC;
+ regs.ecx = 0;
+ regs.edx = 0;
+ regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4;
+ regs.edi = ((grub_addr_t) &incoming) & 0xffff;
+ regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4;
+ regs.esi = ((grub_addr_t) &outgoing) & 0xffff;
+
+ grub_bios_interrupt (0x1a, &regs);
+
+ grub_free(event);
+
+ if (regs.eax)
+ return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
+
+ return 0;
+}
diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
new file mode 100644
index 0000000..1a99187
--- /dev/null
+++ b/grub-core/kern/tpm.c
@@ -0,0 +1,13 @@
+#include <grub/err.h>
+#include <grub/i18n.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/tpm.h>
+#include <grub/term.h>
+
+grub_err_t
+grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ return grub_tpm_log_event(buf, size, pcr, description);
+}
diff --git a/include/grub/efi/tpm.h b/include/grub/efi/tpm.h
new file mode 100644
index 0000000..e2aff4a
--- /dev/null
+++ b/include/grub/efi/tpm.h
@@ -0,0 +1,153 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2015 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_EFI_TPM_HEADER
+#define GRUB_EFI_TPM_HEADER 1
+
+#define EFI_TPM_GUID {0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd }};
+#define EFI_TPM2_GUID {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }};
+
+typedef struct {
+ grub_efi_uint8_t Major;
+ grub_efi_uint8_t Minor;
+ grub_efi_uint8_t RevMajor;
+ grub_efi_uint8_t RevMinor;
+} TCG_VERSION;
+
+typedef struct _TCG_EFI_BOOT_SERVICE_CAPABILITY {
+ grub_efi_uint8_t Size; /// Size of this structure.
+ TCG_VERSION StructureVersion;
+ TCG_VERSION ProtocolSpecVersion;
+ grub_efi_uint8_t HashAlgorithmBitmap; /// Hash algorithms .
+ char TPMPresentFlag; /// 00h = TPM not present.
+ char TPMDeactivatedFlag; /// 01h = TPM currently deactivated.
+} TCG_EFI_BOOT_SERVICE_CAPABILITY;
+
+typedef struct {
+ grub_efi_uint32_t PCRIndex;
+ grub_efi_uint32_t EventType;
+ grub_efi_uint8_t digest[20];
+ grub_efi_uint32_t EventSize;
+ grub_efi_uint8_t Event[1];
+} TCG_PCR_EVENT;
+
+struct grub_efi_tpm_protocol
+{
+ grub_efi_status_t (*status_check) (struct grub_efi_tpm_protocol *this,
+ TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
+ grub_efi_uint32_t *TCGFeatureFlags,
+ grub_efi_physical_address_t *EventLogLocation,
+ grub_efi_physical_address_t *EventLogLastEntry);
+ grub_efi_status_t (*hash_all) (struct grub_efi_tpm_protocol *this,
+ grub_efi_uint8_t *HashData,
+ grub_efi_uint64_t HashLen,
+ grub_efi_uint32_t AlgorithmId,
+ grub_efi_uint64_t *HashedDataLen,
+ grub_efi_uint8_t **HashedDataResult);
+ grub_efi_status_t (*log_event) (struct grub_efi_tpm_protocol *this,
+ TCG_PCR_EVENT *TCGLogData,
+ grub_efi_uint32_t *EventNumber,
+ grub_efi_uint32_t Flags);
+ grub_efi_status_t (*pass_through_to_tpm) (struct grub_efi_tpm_protocol *this,
+ grub_efi_uint32_t TpmInputParameterBlockSize,
+ grub_efi_uint8_t *TpmInputParameterBlock,
+ grub_efi_uint32_t TpmOutputParameterBlockSize,
+ grub_efi_uint8_t *TpmOutputParameterBlock);
+ grub_efi_status_t (*log_extend_event) (struct grub_efi_tpm_protocol *this,
+ grub_efi_physical_address_t HashData,
+ grub_efi_uint64_t HashDataLen,
+ grub_efi_uint32_t AlgorithmId,
+ TCG_PCR_EVENT *TCGLogData,
+ grub_efi_uint32_t *EventNumber,
+ grub_efi_physical_address_t *EventLogLastEntry);
+};
+
+typedef struct grub_efi_tpm_protocol grub_efi_tpm_protocol_t;
+
+typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_BITMAP;
+typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_FORMAT;
+typedef grub_efi_uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP;
+
+typedef struct tdEFI_TCG2_VERSION {
+ grub_efi_uint8_t Major;
+ grub_efi_uint8_t Minor;
+} GRUB_PACKED EFI_TCG2_VERSION;
+
+typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
+ grub_efi_uint8_t Size;
+ EFI_TCG2_VERSION StructureVersion;
+ EFI_TCG2_VERSION ProtocolVersion;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
+ EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
+ grub_efi_boolean_t TPMPresentFlag;
+ grub_efi_uint16_t MaxCommandSize;
+ grub_efi_uint16_t MaxResponseSize;
+ grub_efi_uint32_t ManufacturerID;
+ grub_efi_uint32_t NumberOfPcrBanks;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
+} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
+
+typedef grub_efi_uint32_t TCG_PCRINDEX;
+typedef grub_efi_uint32_t TCG_EVENTTYPE;
+
+typedef struct tdEFI_TCG2_EVENT_HEADER {
+ grub_efi_uint32_t HeaderSize;
+ grub_efi_uint16_t HeaderVersion;
+ TCG_PCRINDEX PCRIndex;
+ TCG_EVENTTYPE EventType;
+} GRUB_PACKED EFI_TCG2_EVENT_HEADER;
+
+typedef struct tdEFI_TCG2_EVENT {
+ grub_efi_uint32_t Size;
+ EFI_TCG2_EVENT_HEADER Header;
+ grub_efi_uint8_t Event[1];
+} GRUB_PACKED EFI_TCG2_EVENT;
+
+struct grub_efi_tpm2_protocol
+{
+ grub_efi_status_t (*get_capability) (struct grub_efi_tpm2_protocol *this,
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
+ grub_efi_status_t (*get_event_log) (struct grub_efi_tpm2_protocol *this,
+ EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
+ grub_efi_physical_address_t *EventLogLocation,
+ grub_efi_physical_address_t *EventLogLastEntry,
+ grub_efi_boolean_t *EventLogTruncated);
+ grub_efi_status_t (*hash_log_extend_event) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint64_t Flags,
+ grub_efi_physical_address_t *DataToHash,
+ grub_efi_uint64_t DataToHashLen,
+ EFI_TCG2_EVENT *EfiTcgEvent);
+ grub_efi_status_t (*submit_command) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t InputParameterBlockSize,
+ grub_efi_uint8_t *InputParameterBlock,
+ grub_efi_uint32_t OutputParameterBlockSize,
+ grub_efi_uint8_t *OutputParameterBlock);
+ grub_efi_status_t (*get_active_pcr_blanks) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t *ActivePcrBanks);
+ grub_efi_status_t (*set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t ActivePcrBanks);
+ grub_efi_status_t (*get_result_of_set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t *OperationPresent,
+ grub_efi_uint32_t *Response);
+};
+
+typedef struct grub_efi_tpm2_protocol grub_efi_tpm2_protocol_t;
+
+#define TCG_ALG_SHA 0x00000004
+
+#endif
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
new file mode 100644
index 0000000..40d3cf6
--- /dev/null
+++ b/include/grub/tpm.h
@@ -0,0 +1,91 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2015 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_TPM_HEADER
+#define GRUB_TPM_HEADER 1
+
+#define SHA1_DIGEST_SIZE 20
+
+#define TPM_BASE 0x0
+#define TPM_SUCCESS TPM_BASE
+#define TPM_AUTHFAIL (TPM_BASE + 0x1)
+#define TPM_BADINDEX (TPM_BASE + 0x2)
+
+#define GRUB_TPM_PCR 9
+#define GRUB_KERNEL_PCR 10
+#define GRUB_INITRD_PCR 11
+#define GRUB_CMDLINE_PCR 12
+
+#define TPM_TAG_RQU_COMMAND 0x00C1
+#define TPM_ORD_Extend 0x14
+
+#define EV_IPL 0x0d
+
+/* TCG_PassThroughToTPM Input Parameter Block */
+typedef struct {
+ grub_uint16_t IPBLength;
+ grub_uint16_t Reserved1;
+ grub_uint16_t OPBLength;
+ grub_uint16_t Reserved2;
+ grub_uint8_t TPMOperandIn[1];
+} GRUB_PACKED PassThroughToTPM_InputParamBlock;
+
+/* TCG_PassThroughToTPM Output Parameter Block */
+typedef struct {
+ grub_uint16_t OPBLength;
+ grub_uint16_t Reserved;
+ grub_uint8_t TPMOperandOut[1];
+} GRUB_PACKED PassThroughToTPM_OutputParamBlock;
+
+typedef struct {
+ grub_uint16_t tag;
+ grub_uint32_t paramSize;
+ grub_uint32_t ordinal;
+ grub_uint32_t pcrNum;
+ grub_uint8_t inDigest[SHA1_DIGEST_SIZE]; /* The 160 bit value representing the event to be recorded. */
+} GRUB_PACKED ExtendIncoming;
+
+/* TPM_Extend Outgoing Operand */
+typedef struct {
+ grub_uint16_t tag;
+ grub_uint32_t paramSize;
+ grub_uint32_t returnCode;
+ grub_uint8_t outDigest[SHA1_DIGEST_SIZE]; /* The PCR value after execution of the command. */
+} GRUB_PACKED ExtendOutgoing;
+
+grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
+ grub_uint8_t pcr,
+ const char *description);
+#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
+grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf);
+grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size,
+ grub_uint8_t pcr, const char *description);
+#else
+static inline grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf) { return 0; };
+static inline grub_err_t grub_tpm_log_event(unsigned char *buf,
+ grub_size_t size,
+ grub_uint8_t pcr,
+ const char *description)
+{
+ return 0;
+};
+#endif
+
+#endif
--
2.5.5

6
0077-Rework-linux-command.patch → 0074-Rework-linux-command.patch
View File

@ -1,7 +1,7 @@
From b8f66041637fd7a2f131f6239e693c26c7c5b7d9 Mon Sep 17 00:00:00 2001
From 33d11870bbc2fa554fa9344c3c180279c258736a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:12:39 -0700
Subject: [PATCH 77/89] Rework linux command
Subject: [PATCH 74/87] Rework linux command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
@ -103,5 +103,5 @@ index b0afcca..5eb7d17 100644
grub_file_close (file);
--
2.5.5
2.7.4

42
0075-Measure-kernel-initrd.patch
View File

@ -1,42 +0,0 @@
From 400fcf2edf17eb587f0ac084af59c073d117fedc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Thu, 16 Jul 2015 15:22:34 -0700
Subject: [PATCH 75/89] Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
---
grub-core/loader/i386/efi/linux.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 7ccf32d..4ee45e9 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -27,6 +27,7 @@
#include <grub/lib/cmdline.h>
#include <grub/efi/efi.h>
#include <grub/efi/linux.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -129,6 +130,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
argv[i]);
goto fail;
}
+ grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd");
ptr += cursize;
grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
ptr += ALIGN_UP_OVERHEAD (cursize, 4);
@@ -184,6 +186,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel");
+
if (! grub_linuxefi_secure_validate (kernel, filelen))
{
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
--
2.5.5

6
0078-Rework-linux16-command.patch → 0075-Rework-linux16-command.patch
View File

@ -1,7 +1,7 @@
From 90a9b1d29e8e65cfa9567fbb5be57e705ad05db0 Mon Sep 17 00:00:00 2001
From 0b86b309de12b4f3ea920124faa60841ffedf472 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:20:58 -0700
Subject: [PATCH 78/89] Rework linux16 command
Subject: [PATCH 75/87] Rework linux16 command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
@ -97,5 +97,5 @@ index 9128315..b864e54 100644
grub_file_close (file);
--
2.5.5
2.7.4

179
0076-Add-BIOS-boot-measurement.patch
View File

@ -1,179 +0,0 @@
From 004209cacbcae811af6399439da98be452322f63 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 15:48:51 -0700
Subject: [PATCH 76/89] Add BIOS boot measurement
Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware
can't do this stage for us.
---
grub-core/boot/i386/pc/boot.S | 30 +++++++++++++++++++++++++-
grub-core/boot/i386/pc/diskboot.S | 44 +++++++++++++++++++++++++++++++++++++++
2 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
index ea167fe..c1df86d 100644
--- a/grub-core/boot/i386/pc/boot.S
+++ b/grub-core/boot/i386/pc/boot.S
@@ -24,11 +24,14 @@
* defines for the code go here
*/
+#define TPM 1
+
/* Print message string */
#define MSG(x) movw $x, %si; call LOCAL(message)
#define ERR(x) movw $x, %si; jmp LOCAL(error_message)
.macro floppy
+#ifndef TPM
part_start:
LOCAL(probe_values):
@@ -85,6 +88,7 @@ fd_probe_error_string: .asciz "Floppy"
movb MACRO_DOLLAR(79), %ch
jmp LOCAL(final_init)
+#endif
.endm
.macro scratch
@@ -252,6 +256,7 @@ real_start:
/* set %si to the disk address packet */
movw $disk_address_packet, %si
+#ifndef TPM
/* check if LBA is supported */
movb $0x41, %ah
movw $0x55aa, %bx
@@ -271,6 +276,7 @@ real_start:
andw $1, %cx
jz LOCAL(chs_mode)
+#endif
LOCAL(lba_mode):
xorw %ax, %ax
@@ -314,6 +320,9 @@ LOCAL(lba_mode):
jmp LOCAL(copy_buffer)
LOCAL(chs_mode):
+#ifdef TPM
+ jmp LOCAL(general_error)
+#else
/*
* Determine the hard disk geometry from the BIOS!
* We do this first, so that LS-120 IDE floppies work correctly.
@@ -425,7 +434,7 @@ setup_sectors:
jc LOCAL(read_error)
movw %es, %bx
-
+#endif /* TPM */
LOCAL(copy_buffer):
/*
* We need to save %cx and %si because the startup code in
@@ -448,6 +457,25 @@ LOCAL(copy_buffer):
popw %ds
popa
+#ifdef TPM
+ pusha
+
+ movw $0xBB00, %ax /* TCG_StatusCheck */
+ int $0x1A
+ test %eax, %eax
+ jnz boot /* No TPM or TPM deactivated */
+
+ movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
+ movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di
+ xorl %esi, %esi
+ movl $0x41504354, %ebx /* TCPA */
+ movl $0x200, %ecx /* Measure 512 bytes */
+ movl $0x8, %edx /* PCR 8 */
+ int $0x1A
+
+ popa
+#endif
+boot:
/* boot kernel */
jmp *(LOCAL(kernel_address))
diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
index c8b87ed..05dd7fa 100644
--- a/grub-core/boot/i386/pc/diskboot.S
+++ b/grub-core/boot/i386/pc/diskboot.S
@@ -19,6 +19,8 @@
#include <grub/symbol.h>
#include <grub/machine/boot.h>
+#define TPM 1
+
/*
* defines for the code go here
*/
@@ -53,6 +55,21 @@ _start:
/* this sets up for the first run through "bootloop" */
movw $LOCAL(firstlist), %di
+#ifdef TPM
+ /* clear EAX to remove potential garbage */
+ xorl %eax, %eax
+ /* 8(%di) = number of sectors to read */
+ movw 8(%di), %ax
+
+ /* Multiply number of sectors to read with 512 bytes. EAX is 32bit
+ * which is large enough to hold values of up to 4GB. I doubt there
+ * will ever be a core.img larger than that. ;-) */
+ shll $9, %eax
+
+ /* write result to bytes_to_measure var */
+ movl %eax, bytes_to_measure
+#endif
+
/* save the sector number of the second sector in %ebp */
movl (%di), %ebp
@@ -290,6 +307,29 @@ LOCAL(copy_buffer):
/* END OF MAIN LOOP */
LOCAL(bootit):
+#ifdef TPM
+ pusha
+ movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
+
+ movw $0x0, %bx
+ movw %bx, %es
+
+ /* We've already measured the first 512 bytes, now measure the rest */
+ xorl %edi, %edi
+ movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di
+
+ movl $0x41504354, %ebx /* EBX = "TCPA" */
+
+ /* %ecx = The length, in bytes, of the buffer to measure */
+ movl $bytes_to_measure, %esi
+ movl (%esi), %ecx
+ xorl %esi, %esi
+ movl $0x9, %edx /* PCR 9 */
+
+ int $0x1A
+
+ popa
+#endif
/* print a newline */
MSG(notification_done)
popw %dx /* this makes sure %dl is our "boot" drive */
@@ -324,6 +364,10 @@ geometry_error_string: .asciz "Geom"
read_error_string: .asciz "Read"
general_error_string: .asciz " Error"
+#ifdef TPM
+bytes_to_measure: .long 0
+#endif
+
/*
* message: write the string pointed to by %si
*
--
2.5.5

6
0083-Make-grub-editenv-build-again.patch → 0076-Make-grub-editenv-build-again.patch
View File

@ -1,7 +1,7 @@
From b24ff20535415944f34bc7e36fc9bc2d9a58849e Mon Sep 17 00:00:00 2001
From edaa6c877917816d57603e26d660107c82ffbb5d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 4 Mar 2016 16:29:13 -0500
Subject: [PATCH 83/89] Make grub-editenv build again.
Subject: [PATCH 76/87] Make grub-editenv build again.
36212460d3565b18439a3a8130b28e6c97702c6a split how some of the mkimage
utility functions are defined, and they wind up being linked into
@ -26,5 +26,5 @@ index 226c46b..8007de9 100644
common = util/config.c;
common = util/resolve.c;
--
2.5.5
2.7.4

6
0084-Fix-locale-issue-in-grub-setpassword-1294243.patch → 0077-Fix-locale-issue-in-grub-setpassword-1294243.patch
View File

@ -1,7 +1,7 @@
From 805a40238db66c43f1d847530704664352621a90 Mon Sep 17 00:00:00 2001
From d2f552900d87b62ca0dbc740902d561bc32f32be Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Fri, 29 Jan 2016 17:34:02 -0500
Subject: [PATCH 84/89] Fix locale issue in grub-setpassword (#1294243)
Subject: [PATCH 77/87] Fix locale issue in grub-setpassword (#1294243)
A shell substitution was expecting non-translated output to grab the
hashed password and put it in the user.cfg file. Modified code to force
@ -26,5 +26,5 @@ index dd76f00..2923f43 100644
sed -e "s/PBKDF2 hash of your password is //"
}
--
2.5.5
2.7.4

8
0085-Fix-up-some-man-pages-rpmdiff-noticed.patch → 0078-Fix-up-some-man-pages-rpmdiff-noticed.patch
View File

@ -1,7 +1,7 @@
From 3b1718192f814b2705bfdafbbdaa0d65cd97247f Mon Sep 17 00:00:00 2001
From 216188f920d3ade19626d6e8fe450cea2c427e53 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 23 Sep 2014 09:58:49 -0400
Subject: [PATCH 85/89] Fix up some man pages rpmdiff noticed.
Subject: [PATCH 78/87] Fix up some man pages rpmdiff noticed.
---
configure.ac | 2 ++
@ -13,7 +13,7 @@ Subject: [PATCH 85/89] Fix up some man pages rpmdiff noticed.
create mode 100644 util/grub-syslinux2cfg.1
diff --git a/configure.ac b/configure.ac
index 627c146..ec3ae9c 100644
index 67ff20c..25de2c1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -78,6 +78,7 @@ grub_TRANSFORM([grub-fstest.3])
@ -149,5 +149,5 @@ index 0000000..8530948
+.SH SEE ALSO
+.BR "info grub"
--
2.5.5
2.7.4

10
0086-Handle-rssd-storage-devices.patch → 0079-Handle-rssd-storage-devices.patch
View File

@ -1,7 +1,7 @@
From 9857940f9b685eda3711ee6533c2669c70198b2b Mon Sep 17 00:00:00 2001
From 90e2d3fbb161d494cdfc0ad0da740a6a4f651d70 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 30 Jun 2015 15:50:41 -0400
Subject: [PATCH 86/89] Handle rssd storage devices.
Subject: [PATCH 79/87] Handle rssd storage devices.
Resolves: rhbz#1087962
@ -11,10 +11,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 13 insertions(+)
diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
index 10480b6..469923b 100644
index 09e7e6e..ad7b774 100644
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -892,6 +892,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st,
@@ -898,6 +898,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st,
return path;
}
@ -35,5 +35,5 @@ index 10480b6..469923b 100644
if ((strncmp ("loop", p, 4) == 0) && p[4] >= '0' && p[4] <= '9')
{
--
2.5.5
2.7.4

87
0079-Measure-kernel-and-initrd-on-BIOS-systems.patch
View File

@ -1,87 +0,0 @@
From 14b0cec058b100b50a5e373249cef19df05a812a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:28:29 -0700
Subject: [PATCH 79/89] Measure kernel and initrd on BIOS systems
Measure the kernel and initrd when loaded on BIOS systems
---
grub-core/loader/i386/linux.c | 5 +++++
grub-core/loader/i386/pc/linux.c | 3 +++
grub-core/loader/linux.c | 2 ++
3 files changed, 10 insertions(+)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 5eb7d17..342c9fe 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -36,6 +36,7 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/efi/sb.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -717,7 +718,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel");
+
grub_memcpy (&lh, kernel, sizeof (lh));
+
kernel_offset = sizeof (lh);
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
@@ -1026,6 +1030,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
len = prot_file_size;
grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
+ kernel_offset += len;
if (grub_errno == GRUB_ERR_NONE)
{
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index b864e54..6b8f365 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -36,6 +36,7 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/efi/sb.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -161,6 +162,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel");
+
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index be6fa0f..3005c0d 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -4,6 +4,7 @@
#include <grub/misc.h>
#include <grub/file.h>
#include <grub/mm.h>
+#include <grub/tpm.h>
struct newc_head
{
@@ -288,6 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
grub_initrd_close (initrd_ctx);
return grub_errno;
}
+ grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd");
ptr += cursize;
}
if (newc)
--
2.5.5

43
0080-Measure-the-kernel-commandline.patch
View File

@ -1,43 +0,0 @@
From 64e659a7843a49aab05a7ff29c52e52f78845831 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:32:29 -0700
Subject: [PATCH 80/89] Measure the kernel commandline
Measure the kernel commandline to ensure that it hasn't been modified
---
grub-core/lib/cmdline.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index 970ea86..6b56304 100644
--- a/grub-core/lib/cmdline.c
+++ b/grub-core/lib/cmdline.c
@@ -19,6 +19,7 @@
#include <grub/lib/cmdline.h>
#include <grub/misc.h>
+#include <grub/tpm.h>
static int
is_hex(char c)
@@ -79,7 +80,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
{
int i, space;
unsigned int arg_size;
- char *c;
+ char *c, *orig = buf;
for (i = 0; i < argc; i++)
{
@@ -125,5 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
*buf = 0;
+ grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR,
+ "Kernel Commandline");
+
return i;
}
--
2.5.5

31
0080-Warn-if-grub-password-will-not-be-read-1290803.patch Normal file
View File

@ -0,0 +1,31 @@
From f46e9b0378cfaced22f0de5e8061ddb0c6829ee8 Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Mon, 22 Feb 2016 15:30:05 -0500
Subject: [PATCH 80/87] Warn if grub password will not be read (#1290803)
It is possible for a system to have never run grub-mkconfig and add the
section that reads the user.cfg file which contains a user set GRUB
password. Users in that scenario will now be warned that grub-mkconfig
must be run prior to their newly set password taking effect.
Resolves: rhbz#1290803
---
util/grub-setpassword.in | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in
index 2923f43..dd7b793 100644
--- a/util/grub-setpassword.in
+++ b/util/grub-setpassword.in
@@ -121,3 +121,8 @@ fi
install -m 0600 /dev/null "${grubdir}/user.cfg" 2>/dev/null || :
chmod 0600 "${grubdir}/user.cfg" 2>/dev/null || :
echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg"
+
+if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${grubdir}/grub.cfg"; then
+ echo "WARNING: The current configuration lacks password support!"
+ echo "Update your configuration with @grub_mkconfig@ to support this feature."
+fi
--
2.7.4

58
0081-Clean-up-grub-setpassword-documentation-1290799.patch Normal file
View File

@ -0,0 +1,58 @@
From f41adcd85164ef8a0d0918f0508f29dcf3c7467d Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Tue, 26 Jan 2016 10:28:35 -0500
Subject: [PATCH 81/87] Clean up grub-setpassword documentation (#1290799)
The output for --help had some errors. Corrected those and polished the
text to be a little easier to follow. Carried verbage over to man page
to maintain internal consistency.
Resolves: rhbz#1290799
---
util/grub-setpassword.8 | 2 +-
util/grub-setpassword.in | 15 +++++++--------
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
index 49200a8..dc91dd6 100644
--- a/util/grub-setpassword.8
+++ b/util/grub-setpassword.8
@@ -19,7 +19,7 @@ Display program usage and exit.
-v, --version
Display the current version.
.TP
--o, --output[=\fIDIRECTORY PATH\fR]
+-o, --output=<\fIDIRECTORY\fR>
Choose the file path to which user.cfg will be written.
.SH SEE ALSO
diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in
index dd7b793..d7924af 100644
--- a/util/grub-setpassword.in
+++ b/util/grub-setpassword.in
@@ -16,15 +16,14 @@ grub_mkpasswd="${bindir}/@grub_mkpasswd_pbkdf2@"
# Print the usage.
usage () {
cat <<EOF
-Usage: $0 [OPTION] [SOURCE]
-Run GRUB script in a Qemu instance.
-
- -h, --help print this message and exit
- -v, --version print the version information and exit
- -o, --output_path choose a custom output path for user.cfg
-
+Usage: $0 [OPTION]
$0 prompts the user to set a password on the grub bootloader. The password
-is written to a file named user.cfg.
+is written to a file named user.cfg which lives in the GRUB directory
+located by default at ${grubdir}.
+
+ -h, --help print this message and exit
+ -v, --version print the version information and exit
+ -o, --output_path <DIRECTORY> put user.cfg in a user-selected directory
Report bugs at https://bugzilla.redhat.com.
EOF
--
2.7.4

76
0081-Measure-commands.patch
View File

@ -1,76 +0,0 @@
From d73f9224234a35ad371891f3dd3f005274969d86 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Mon, 10 Aug 2015 15:27:12 -0700
Subject: [PATCH 81/89] Measure commands
Measure each command executed by grub, which includes script execution.
---
grub-core/script/execute.c | 25 +++++++++++++++++++++++--
include/grub/tpm.h | 1 +
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index cf6cd66..9ae04a0 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -30,6 +30,7 @@
#ifdef GRUB_MACHINE_IEEE1275
#include <grub/ieee1275/ieee1275.h>
#endif
+#include <grub/tpm.h>
/* Max digits for a char is 3 (0xFF is 255), similarly for an int it
is sizeof (int) * 3, and one extra for a possible -ve sign. */
@@ -967,8 +968,9 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
grub_err_t ret = 0;
grub_script_function_t func = 0;
char errnobuf[18];
- char *cmdname;
- int argc;
+ char *cmdname, *cmdstring;
+ int argc, offset = 0, cmdlen = 0;
+ unsigned int i;
char **args;
int invert;
struct grub_script_argv argv = { 0, 0, 0 };
@@ -977,6 +979,25 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
return grub_errno;
+ for (i = 0; i < argv.argc; i++) {
+ cmdlen += grub_strlen (argv.args[i]) + 1;
+ }
+
+ cmdstring = grub_malloc (cmdlen);
+ if (!cmdstring)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate command buffer"));
+ }
+
+ for (i = 0; i < argv.argc; i++) {
+ offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
+ argv.args[i]);
+ }
+ cmdstring[cmdlen-1]= '\0';
+ grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR,
+ cmdstring);
+ grub_free(cmdstring);
invert = 0;
argc = argv.argc - 1;
args = argv.args + 1;
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 40d3cf6..7fc9d77 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -30,6 +30,7 @@
#define GRUB_KERNEL_PCR 10
#define GRUB_INITRD_PCR 11
#define GRUB_CMDLINE_PCR 12
+#define GRUB_COMMAND_PCR 13
#define TPM_TAG_RQU_COMMAND 0x00C1
#define TPM_ORD_Extend 0x14
--
2.5.5

76
0082-Measure-multiboot-images-and-modules.patch
View File

@ -1,76 +0,0 @@
From dbbb480855f86c3c47cd941de6511d1a1dfdeb31 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 1 Sep 2015 16:02:55 -0700
Subject: [PATCH 82/89] Measure multiboot images and modules
---
grub-core/loader/i386/multiboot_mbi.c | 3 +++
grub-core/loader/multiboot.c | 2 ++
grub-core/loader/multiboot_mbi2.c | 3 +++
3 files changed, 8 insertions(+)
diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
index f60b702..43a08e4 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@@ -36,6 +36,7 @@
#include <grub/net.h>
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
+#include <grub/tpm.h>
#ifdef GRUB_MACHINE_EFI
#include <grub/efi/efi.h>
@@ -164,6 +165,8 @@ grub_multiboot_load (grub_file_t file, const char *filename)
return grub_errno;
}
+ grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename);
+
header = find_header (buffer, len);
if (header == 0)
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 64a6513..58e6329 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -43,6 +43,7 @@
#include <grub/memory.h>
#include <grub/i18n.h>
#include <grub/efi/sb.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -385,6 +386,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
}
grub_file_close (file);
+ grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]);
return GRUB_ERR_NONE;
}
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
index f147d67..8f163ea 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -36,6 +36,7 @@
#include <grub/i18n.h>
#include <grub/net.h>
#include <grub/lib/cmdline.h>
+#include <grub/tpm.h>
#if defined (GRUB_MACHINE_EFI)
#include <grub/efi/efi.h>
@@ -126,6 +127,8 @@ grub_multiboot_load (grub_file_t file, const char *filename)
COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
+ grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename);
+
header = find_header (buffer, len);
if (header == 0)
--
2.5.5

353
0082-Re-work-some-intricacies-of-PE-loading.patch Normal file
View File

@ -0,0 +1,353 @@
From e2b22111a8ec58091603fc785f54b1b998888735 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 9 Jun 2016 12:22:29 -0400
Subject: [PATCH 82/87] Re-work some intricacies of PE loading.
The PE spec is not a well written document, and awesomely every place
where there's an ambiguous way to read something, Windows' bootmgfw.efi
takes a different read than either of them.
---
grub-core/loader/efi/chainloader.c | 156 +++++++++++++++++++++++++++++--------
include/grub/efi/pe32.h | 32 +++++++-
2 files changed, 152 insertions(+), 36 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index c4184fa..323f873 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -297,7 +297,7 @@ image_is_64_bit (grub_pe_header_t *pe_hdr)
return 0;
}
-static const grub_uint16_t machine_type =
+static const grub_uint16_t machine_type __attribute__((__unused__)) =
#if defined(__x86_64__)
GRUB_PE32_MACHINE_X86_64;
#elif defined(__aarch64__)
@@ -363,10 +363,10 @@ relocate_coff (pe_coff_loader_image_context_t *context,
reloc_base = image_address (orig, size, section->raw_data_offset);
reloc_base_end = image_address (orig, size, section->raw_data_offset
- + section->virtual_size - 1);
+ + section->virtual_size);
- grub_dprintf ("chain", "reloc_base %p reloc_base_end %p\n", reloc_base,
- reloc_base_end);
+ grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n",
+ reloc_base, reloc_base_end);
if (!reloc_base && !reloc_base_end)
return GRUB_EFI_SUCCESS;
@@ -503,12 +503,13 @@ handle_image (void *data, grub_efi_uint32_t datasize)
grub_efi_status_t efi_status;
char *buffer = NULL;
char *buffer_aligned = NULL;
- grub_efi_uint32_t i, size;
+ grub_efi_uint32_t i;
struct grub_pe32_section_table *section;
char *base, *end;
pe_coff_loader_image_context_t context;
grub_uint32_t section_alignment;
grub_uint32_t buffer_size;
+ int found_entry_point = 0;
b = grub_efi_system_table->boot_services;
@@ -522,8 +523,28 @@ handle_image (void *data, grub_efi_uint32_t datasize)
goto error_exit;
}
+ /*
+ * The spec says, uselessly, of SectionAlignment:
+ * =====
+ * The alignment (in bytes) of sections when they are loaded into
+ * memory. It must be greater than or equal to FileAlignment. The
+ * default is the page size for the architecture.
+ * =====
+ * Which doesn't tell you whose responsibility it is to enforce the
+ * "default", or when. It implies that the value in the field must
+ * be > FileAlignment (also poorly defined), but it appears visual
+ * studio will happily write 512 for FileAlignment (its default) and
+ * 0 for SectionAlignment, intending to imply PAGE_SIZE.
+ *
+ * We only support one page size, so if it's zero, nerf it to 4096.
+ */
section_alignment = context.section_alignment;
+ if (section_alignment == 0)
+ section_alignment = 4096;
+
buffer_size = context.image_size + section_alignment;
+ grub_dprintf ("chain", "image size is %08lx, datasize is %08x\n",
+ context.image_size, datasize);
efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA,
buffer_size, &buffer);
@@ -535,7 +556,6 @@ handle_image (void *data, grub_efi_uint32_t datasize)
}
buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment);
-
if (!buffer_aligned)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
@@ -544,27 +564,62 @@ handle_image (void *data, grub_efi_uint32_t datasize)
grub_memcpy (buffer_aligned, data, context.size_of_headers);
+ entry_point = image_address (buffer_aligned, context.image_size,
+ context.entry_point);
+
+ grub_dprintf ("chain", "entry_point: %p\n", entry_point);
+ if (!entry_point)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point");
+ goto error_exit;
+ }
+
char *reloc_base, *reloc_base_end;
- reloc_base = image_address (buffer_aligned, datasize,
+ grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n",
+ (void *)(unsigned long long)context.reloc_dir->rva,
+ context.reloc_dir->size);
+ reloc_base = image_address (buffer_aligned, context.image_size,
context.reloc_dir->rva);
/* RelocBaseEnd here is the address of the last byte of the table */
- reloc_base_end = image_address (buffer_aligned, datasize,
+ reloc_base_end = image_address (buffer_aligned, context.image_size,
context.reloc_dir->rva
+ context.reloc_dir->size - 1);
+ grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n",
+ reloc_base, reloc_base_end);
+
struct grub_pe32_section_table *reloc_section = NULL;
section = context.first_section;
for (i = 0; i < context.number_of_sections; i++, section++)
{
- size = section->virtual_size;
- if (size > section->raw_data_size)
- size = section->raw_data_size;
+ char name[9];
base = image_address (buffer_aligned, context.image_size,
section->virtual_address);
end = image_address (buffer_aligned, context.image_size,
- section->virtual_address + size - 1);
+ section->virtual_address + section->virtual_size -1);
+ grub_strncpy(name, section->name, 9);
+ name[8] = '\0';
+ grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i,
+ name, base, end);
+
+ if (end < base)
+ {
+ grub_dprintf ("chain", " base is %p but end is %p... bad.\n",
+ base, end);
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "Image has invalid negative size");
+ goto error_exit;
+ }
+
+ if (section->virtual_address <= context.entry_point &&
+ (section->virtual_address + section->raw_data_size - 1)
+ > context.entry_point)
+ {
+ found_entry_point++;
+ grub_dprintf ("chain", " section contains entry point\n");
+ }
/* We do want to process .reloc, but it's often marked
* discardable, so we don't want to memcpy it. */
@@ -583,21 +638,46 @@ handle_image (void *data, grub_efi_uint32_t datasize)
if (section->raw_data_size && section->virtual_size &&
base && end && reloc_base == base && reloc_base_end == end)
{
+ grub_dprintf ("chain", " section is relocation section\n");
reloc_section = section;
}
+ else
+ {
+ grub_dprintf ("chain", " section is not reloc section?\n");
+ grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n",
+ section->raw_data_size, section->virtual_size);
+ grub_dprintf ("chain", " base: %p end: %p\n", base, end);
+ grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n",
+ reloc_base, reloc_base_end);
+ }
}
- if (section->characteristics && GRUB_PE32_SCN_MEM_DISCARDABLE)
- continue;
+ grub_dprintf ("chain", " Section characteristics are %08x\n",
+ section->characteristics);
+ grub_dprintf ("chain", " Section virtual size: %08x\n",
+ section->virtual_size);
+ grub_dprintf ("chain", " Section raw_data size: %08x\n",
+ section->raw_data_size);
+ if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE)
+ {
+ grub_dprintf ("chain", " Discarding section\n");
+ continue;
+ }
if (!base || !end)
{
+ grub_dprintf ("chain", " section is invalid\n");
grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size");
goto error_exit;
}
- if (section->virtual_address < context.size_of_headers ||
- section->raw_data_offset < context.size_of_headers)
+ if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA)
+ {
+ if (section->raw_data_size != 0)
+ grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n");
+ }
+ else if (section->virtual_address < context.size_of_headers ||
+ section->raw_data_offset < context.size_of_headers)
{
grub_error (GRUB_ERR_BAD_ARGUMENT,
"Section %d is inside image headers", i);
@@ -605,13 +685,24 @@ handle_image (void *data, grub_efi_uint32_t datasize)
}
if (section->raw_data_size > 0)
- grub_memcpy (base, (grub_efi_uint8_t*)data + section->raw_data_offset,
- size);
+ {
+ grub_dprintf ("chain", " copying 0x%08x bytes to %p\n",
+ section->raw_data_size, base);
+ grub_memcpy (base,
+ (grub_efi_uint8_t*)data + section->raw_data_offset,
+ section->raw_data_size);
+ }
- if (size < section->virtual_size)
- grub_memset (base + size, 0, section->virtual_size - size);
+ if (section->raw_data_size < section->virtual_size)
+ {
+ grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n",
+ section->virtual_size - section->raw_data_size,
+ base + section->raw_data_size);
+ grub_memset (base + section->raw_data_size, 0,
+ section->virtual_size - section->raw_data_size);
+ }
- grub_dprintf ("chain", "copied section %s\n", section->name);
+ grub_dprintf ("chain", " finished section %s\n", name);
}
/* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */
@@ -634,12 +725,15 @@ handle_image (void *data, grub_efi_uint32_t datasize)
}
}
- entry_point = image_address (buffer_aligned, context.image_size,
- context.entry_point);
-
- if (!entry_point)
+ if (!found_entry_point)
{
- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point");
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections");
+ goto error_exit;
+ }
+ if (found_entry_point > 1)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point",
+ found_entry_point);
goto error_exit;
}
@@ -657,26 +751,24 @@ handle_image (void *data, grub_efi_uint32_t datasize)
li->load_options_size = cmdline_len;
li->file_path = grub_efi_get_media_file_path (file_path);
li->device_handle = dev_handle;
- if (li->file_path)
- {
- grub_printf ("file path: ");
- grub_efi_print_device_path (li->file_path);
- }
- else
+ if (!li->file_path)
{
grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found");
goto error_exit;
}
+ grub_dprintf ("chain", "booting via entry point\n");
efi_status = efi_call_2 (entry_point, grub_efi_image_handle,
grub_efi_system_table);
+ grub_dprintf ("chain", "entry_point returned %ld\n", efi_status);
grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t));
efi_status = efi_call_1 (b->free_pool, buffer);
return 1;
error_exit:
+ grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno);
if (buffer)
efi_call_1 (b->free_pool, buffer);
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index f79782e..8396bde 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -227,12 +227,18 @@ struct grub_pe32_section_table
grub_uint32_t characteristics;
};
+#define GRUB_PE32_SCN_TYPE_NO_PAD 0x00000008
#define GRUB_PE32_SCN_CNT_CODE 0x00000020
#define GRUB_PE32_SCN_CNT_INITIALIZED_DATA 0x00000040
-#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000
-#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000
-#define GRUB_PE32_SCN_MEM_READ 0x40000000
-#define GRUB_PE32_SCN_MEM_WRITE 0x80000000
+#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA 0x00000080
+#define GRUB_PE32_SCN_LNK_OTHER 0x00000100
+#define GRUB_PE32_SCN_LNK_INFO 0x00000200
+#define GRUB_PE32_SCN_LNK_REMOVE 0x00000800
+#define GRUB_PE32_SCN_LNK_COMDAT 0x00001000
+#define GRUB_PE32_SCN_GPREL 0x00008000
+#define GRUB_PE32_SCN_MEM_16BIT 0x00020000
+#define GRUB_PE32_SCN_MEM_LOCKED 0x00040000
+#define GRUB_PE32_SCN_MEM_PRELOAD 0x00080000
#define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000
#define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000
@@ -241,10 +247,28 @@ struct grub_pe32_section_table
#define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000
#define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000
#define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000
+#define GRUB_PE32_SCN_ALIGN_128BYTES 0x00800000
+#define GRUB_PE32_SCN_ALIGN_256BYTES 0x00900000
+#define GRUB_PE32_SCN_ALIGN_512BYTES 0x00A00000
+#define GRUB_PE32_SCN_ALIGN_1024BYTES 0x00B00000
+#define GRUB_PE32_SCN_ALIGN_2048BYTES 0x00C00000
+#define GRUB_PE32_SCN_ALIGN_4096BYTES 0x00D00000
+#define GRUB_PE32_SCN_ALIGN_8192BYTES 0x00E00000
#define GRUB_PE32_SCN_ALIGN_SHIFT 20
#define GRUB_PE32_SCN_ALIGN_MASK 7
+#define GRUB_PE32_SCN_LNK_NRELOC_OVFL 0x01000000
+#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000
+#define GRUB_PE32_SCN_MEM_NOT_CACHED 0x04000000
+#define GRUB_PE32_SCN_MEM_NOT_PAGED 0x08000000
+#define GRUB_PE32_SCN_MEM_SHARED 0x10000000
+#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000
+#define GRUB_PE32_SCN_MEM_READ 0x40000000
+#define GRUB_PE32_SCN_MEM_WRITE 0x80000000
+
+
+
#define GRUB_PE32_SIGNATURE_SIZE 4
struct grub_pe32_header
--
2.7.4

386
0083-Rework-even-more-of-efi-chainload-so-non-sb-cases-wo.patch Normal file
View File

@ -0,0 +1,386 @@
From 8b4deb97529ba7ff689a11639f2a5bfdb29ad2ea Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 10 Jun 2016 14:06:15 -0400
Subject: [PATCH 83/87] Rework even more of efi chainload so non-sb cases work
right.
This ensures that if shim protocol is not loaded, or is loaded but shim
is disabled, we will fall back to a correct load method for the efi
chain loader.
Here's what I tested with this version:
results expected actual
------------------------------------------------------------
sb + enabled + shim + fedora success success
sb + enabled + shim + win success success
sb + enabled + grub + fedora fail fail
sb + enabled + grub + win fail fail
sb + mokdisabled + shim + fedora success success
sb + mokdisabled + shim + win success success
sb + mokdisabled + grub + fedora fail fail
sb + mokdisabled + grub + win fail fail
sb disabled + shim + fedora success success*
sb disabled + shim + win success success*
sb disabled + grub + fedora success success
sb disabled + grub + win success success
nosb + shim + fedora success success*
nosb + shim + win success success*
nosb + grub + fedora success success
nosb + grub + win success success
* for some reason shim protocol is being installed in these cases, and I
can't see why, but I think it may be this firmware build returning an
erroneous value. But this effectively falls back to the mokdisabled
behavior, which works correctly, and the presence of the "grub" (i.e.
no shim) tests effectively tests the desired behavior here.
Resolves: rhbz#1344512
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/kern/efi/sb.c | 14 +++--
grub-core/loader/arm64/linux.c | 4 +-
grub-core/loader/efi/chainloader.c | 115 ++++++++++++++++++++++---------------
grub-core/loader/efi/linux.c | 13 +++--
grub-core/loader/i386/efi/linux.c | 10 +++-
include/grub/efi/linux.h | 2 +-
6 files changed, 99 insertions(+), 59 deletions(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index a41b6c5..d74778b 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -36,14 +36,20 @@ grub_efi_secure_boot (void)
grub_efi_boolean_t ret = 0;
secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
-
if (datasize != 1 || !secure_boot)
- goto out;
+ {
+ grub_dprintf ("secureboot", "No SecureBoot variable\n");
+ goto out;
+ }
+ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
-
if (datasize != 1 || !setup_mode)
- goto out;
+ {
+ grub_dprintf ("secureboot", "No SetupMode variable\n");
+ goto out;
+ }
+ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
if (*secure_boot && !*setup_mode)
ret = 1;
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index 4756ef7..f83820e 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -251,6 +251,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_file_t file = 0;
struct grub_arm64_linux_kernel_header lh;
struct grub_arm64_linux_pe_header *pe;
+ int rc;
grub_dl_ref (my_mod);
@@ -295,7 +296,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
- if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size))
+ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);
+ if (rc < 0)
{
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
goto fail;
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 323f873..49a7662 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -178,7 +178,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
/* Fill the file path for the directory. */
d = (grub_efi_device_path_t *) ((char *) file_path
+ ((char *) d - (char *) dp));
- grub_efi_print_device_path (d);
copy_file_path ((grub_efi_file_path_device_path_t *) d,
dir_start, dir_end - dir_start);
@@ -248,10 +247,9 @@ read_header (void *data, grub_efi_uint32_t size,
grub_efi_status_t status;
shim_lock = grub_efi_locate_protocol (&guid, NULL);
-
if (!shim_lock)
{
- grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol");
+ grub_dprintf ("chain", "no shim lock protocol");
return 0;
}
@@ -276,7 +274,7 @@ read_header (void *data, grub_efi_uint32_t size,
break;
}
- return 0;
+ return -1;
}
static void*
@@ -510,17 +508,24 @@ handle_image (void *data, grub_efi_uint32_t datasize)
grub_uint32_t section_alignment;
grub_uint32_t buffer_size;
int found_entry_point = 0;
+ int rc;
b = grub_efi_system_table->boot_services;
- if (read_header (data, datasize, &context))
+ rc = read_header (data, datasize, &context);
+ if (rc < 0)
{
- grub_dprintf ("chain", "Succeed to read header\n");
+ grub_dprintf ("chain", "Failed to read header\n");
+ goto error_exit;
+ }
+ else if (rc == 0)
+ {
+ grub_dprintf ("chain", "Secure Boot is not enabled\n");
+ return 0;
}
else
{
- grub_dprintf ("chain", "Failed to read header\n");
- goto error_exit;
+ grub_dprintf ("chain", "Header read without error\n");
}
/*
@@ -793,9 +798,55 @@ grub_secureboot_chainloader_unload (void)
}
static grub_err_t
+grub_load_and_start_image(void *boot_image)
+{
+ grub_efi_boot_services_t *b;
+ grub_efi_status_t status;
+ grub_efi_loaded_image_t *loaded_image;
+
+ b = grub_efi_system_table->boot_services;
+
+ status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
+ boot_image, fsize, &image_handle);
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ if (status == GRUB_EFI_OUT_OF_RESOURCES)
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
+ else
+ grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+ return -1;
+ }
+
+ /* LoadImage does not set a device handler when the image is
+ loaded from memory, so it is necessary to set it explicitly here.
+ This is a mess. */
+ loaded_image = grub_efi_get_loaded_image (image_handle);
+ if (! loaded_image)
+ {
+ grub_error (GRUB_ERR_BAD_OS, "no loaded image available");
+ return -1;
+ }
+ loaded_image->device_handle = dev_handle;
+
+ if (cmdline)
+ {
+ loaded_image->load_options = cmdline;
+ loaded_image->load_options_size = cmdline_len;
+ }
+
+ return 0;
+}
+
+static grub_err_t
grub_secureboot_chainloader_boot (void)
{
- handle_image ((void *)address, fsize);
+ int rc;
+ rc = handle_image ((void *)address, fsize);
+ if (rc == 0)
+ {
+ grub_load_and_start_image((void *)address);
+ }
+
grub_loader_unset ();
return grub_errno;
}
@@ -809,9 +860,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_boot_services_t *b;
grub_device_t dev = 0;
grub_efi_device_path_t *dp = 0;
- grub_efi_loaded_image_t *loaded_image;
char *filename;
void *boot_image = 0;
+ int rc;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -898,9 +949,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
if (! file_path)
goto fail;
- grub_printf ("file path: ");
- grub_efi_print_device_path (file_path);
-
fsize = grub_file_size (file);
if (!fsize)
{
@@ -975,51 +1023,28 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
#endif
- if (grub_linuxefi_secure_validate((void *)address, fsize))
+ rc = grub_linuxefi_secure_validate((void *)address, fsize);
+ grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc);
+ if (rc > 0)
{
grub_file_close (file);
grub_loader_set (grub_secureboot_chainloader_boot,
grub_secureboot_chainloader_unload, 0);
return 0;
}
-
- status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
- boot_image, fsize, &image_handle);
- if (status != GRUB_EFI_SUCCESS)
+ else if (rc == 0)
{
- if (status == GRUB_EFI_OUT_OF_RESOURCES)
- grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
- else
- grub_error (GRUB_ERR_BAD_OS, "cannot load image");
-
- goto fail;
- }
-
- /* LoadImage does not set a device handler when the image is
- loaded from memory, so it is necessary to set it explicitly here.
- This is a mess. */
- loaded_image = grub_efi_get_loaded_image (image_handle);
- if (! loaded_image)
- {
- grub_error (GRUB_ERR_BAD_OS, "no loaded image available");
- goto fail;
- }
- loaded_image->device_handle = dev_handle;
+ grub_load_and_start_image(boot_image);
+ grub_file_close (file);
+ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
- if (cmdline)
- {
- loaded_image->load_options = cmdline;
- loaded_image->load_options_size = cmdline_len;
+ return 0;
}
grub_file_close (file);
grub_device_close (dev);
- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
- return 0;
-
- fail:
-
+fail:
if (dev)
grub_device_close (dev);
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index aea378a..8890bdf 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -33,21 +33,24 @@ struct grub_efi_shim_lock
};
typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
-grub_efi_boolean_t
+int
grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
{
grub_efi_guid_t guid = SHIM_LOCK_GUID;
grub_efi_shim_lock_t *shim_lock;
+ grub_efi_status_t status;
shim_lock = grub_efi_locate_protocol(&guid, NULL);
-
+ grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
if (!shim_lock)
- return 1;
+ return 0;
- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
+ status = shim_lock->verify(data, size);
+ grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status);
+ if (status == GRUB_EFI_SUCCESS)
return 1;
- return 0;
+ return -1;
}
typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *);
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 7ccf32d..82f75b7 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -155,6 +155,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
struct linux_kernel_header lh;
grub_ssize_t len, start, filelen;
void *kernel = NULL;
+ int rc;
grub_dl_ref (my_mod);
@@ -180,13 +181,16 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (grub_file_read (file, kernel, filelen) != filelen)
{
- grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]);
+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"),
+ argv[0]);
goto fail;
}
- if (! grub_linuxefi_secure_validate (kernel, filelen))
+ rc = grub_linuxefi_secure_validate (kernel, filelen);
+ if (rc < 0)
{
- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
+ argv[0]);
grub_free (kernel);
goto fail;
}
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
index d9ede36..0033d93 100644
--- a/include/grub/efi/linux.h
+++ b/include/grub/efi/linux.h
@@ -22,7 +22,7 @@
#include <grub/err.h>
#include <grub/symbol.h>
-grub_efi_boolean_t
+int
EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size);
grub_err_t
EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,
--
2.7.4

25
0084-linuxefi-fix-double-free-on-verification-failure.patch Normal file
View File

@ -0,0 +1,25 @@
From 0a3a4d0b69b5d68f3e4b6b74fe2e6b5d4dcace4f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Jun 2016 09:50:25 -0400
Subject: [PATCH 84/87] linuxefi: fix double free on verification failure.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/i386/efi/linux.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 82f75b7..010bf98 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -191,7 +191,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
{
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
argv[0]);
- grub_free (kernel);
goto fail;
}
--
2.7.4

25
0085-fix-machine-type-test-in-30_os-prober.in.patch Normal file
View File

@ -0,0 +1,25 @@
From be4d338b0c086e9cbbd2d353cd88abad67c000c9 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 11 Jul 2016 13:36:45 -0400
Subject: [PATCH 85/87] fix machine type test in 30_os-prober.in
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub.d/30_os-prober.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index dc98eac..e40274f 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -144,6 +144,7 @@ for OS in ${OSPROBED} ; do
sixteenbit=""
linuxefi="linux"
initrdefi="initrd"
+ machine=`uname -m`
case "$machine" in
i?86|x86_64)
sixteenbit="16"
--
2.7.4

44
0086-ppc64le-has-no-separate-boot-mount-1261926.patch Normal file
View File

@ -0,0 +1,44 @@
From 12a2215a6f13f2503a9e38d84fff64789c6a34b7 Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Fri, 17 Jun 2016 11:47:34 -0400
Subject: [PATCH 86/87] ppc64le has no separate /boot mount (#1261926)
The patch for rhbz#1212114 ensures that ppc64le systems sync grub config
changes to disk prior to grub-mkconfig completion and a reboot.
This patch required checking for /boot as its own mount point because
issuing fsfreeze to a root partition is unwise. For administrators who
configured a ppc64le system with no separate /boot partition, the failed
check results in an error message. The file is written and would work
most of the time, however, it also introduces a corner case where the
behavior manifested in rhbz#1212114 could re-appear on these systems.
The system call issued by fsfreeeze is being issued by methods within
the anaconda installer and can be removed from GRUB proper.
Related: rhbz#1315468
Resolves: rhbz#1261926
---
util/grub-mkconfig.in | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 73a18f7..fb87247 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -294,12 +294,3 @@ fi
gettext "done" >&2
echo >&2
-
-# make sure changes make it to the disk.
-# if /boot is a mountpoint, force the meta data on disk
-# to by-pass writeback delay.
-# PPC64LE-only to deal with Petitboot issues
-ARCH=$(uname -m)
-if [ "${ARCH}" = "ppc64le" ]; then
- sync && mountpoint -q /boot &&fsfreeze -f /boot && fsfreeze -u /boot
-fi
--
2.7.4

302
0087-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Normal file
View File

@ -0,0 +1,302 @@
From d3d42740661dce4df12330e57a1681a3b296622e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 23 Jun 2016 11:01:39 -0400
Subject: [PATCH 87/87] Add grub-get-kernel-settings and use it in 10_linux
This patch adds grub-get-kernel-settings, which reads the system kernel
installation configuration from /etc/sysconfig/kernel, and outputs
${GRUB_...} variables suitable for evaluation by grub-mkconfig. Those
variables are then used by 10_linux to choose whether or not to create
debug stanzas.
Resolves: rhbz#1226325
---
.gitignore | 1 +
Makefile.util.def | 7 +++
configure.ac | 2 +
util/bash-completion.d/grub-completion.bash.in | 22 ++++++++
util/grub-get-kernel-settings.3 | 20 +++++++
util/grub-get-kernel-settings.in | 78 ++++++++++++++++++++++++++
util/grub-mkconfig.in | 3 +
util/grub.d/10_linux.in | 23 ++++++--
8 files changed, 151 insertions(+), 5 deletions(-)
create mode 100644 util/grub-get-kernel-settings.3
create mode 100644 util/grub-get-kernel-settings.in
diff --git a/.gitignore b/.gitignore
index 53a391e..f2f1ef5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -112,6 +112,7 @@ grub-emu-lite
grub-file
grub-fs-tester
grub-fstest
+grub-get-kernel-settings
grub-glue-efi
grub-install
grub-kbdcomp
diff --git a/Makefile.util.def b/Makefile.util.def
index 8007de9..38cdf4c 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -716,6 +716,13 @@ script = {
};
script = {
+ name = grub-get-kernel-settings;
+ common = util/grub-get-kernel-settings.in;
+ mansection = 3;
+ installdir = sbin;
+};
+
+script = {
name = grub-set-default;
common = util/grub-set-default.in;
mansection = 8;
diff --git a/configure.ac b/configure.ac
index 25de2c1..1d8f7e7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -58,6 +58,7 @@ grub_TRANSFORM([grub-install])
grub_TRANSFORM([grub-mkconfig])
grub_TRANSFORM([grub-mkfont])
grub_TRANSFORM([grub-mkimage])
+grub_TRANSFORM([grub-get-kernel-settings])
grub_TRANSFORM([grub-glue-efi])
grub_TRANSFORM([grub-mklayout])
grub_TRANSFORM([grub-mkpasswd-pbkdf2])
@@ -75,6 +76,7 @@ grub_TRANSFORM([grub-file])
grub_TRANSFORM([grub-bios-setup.3])
grub_TRANSFORM([grub-editenv.1])
grub_TRANSFORM([grub-fstest.3])
+grub_TRANSFORM([grub-get-kernel-settings.3])
grub_TRANSFORM([grub-glue-efi.3])
grub_TRANSFORM([grub-install.1])
grub_TRANSFORM([grub-kbdcomp.3])
diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in
index 44bf135..5c4acd4 100644
--- a/util/bash-completion.d/grub-completion.bash.in
+++ b/util/bash-completion.d/grub-completion.bash.in
@@ -265,6 +265,28 @@ unset __grub_sparc64_setup_program
#
+# grub-get-kernel-settings
+#
+_grub_get_kernel_settings () {
+ local cur
+
+ COMPREPLY=()
+ cur=`_get_cword`
+
+ if [[ "$cur" == -* ]]; then
+ __grubcomp "$(__grub_get_options_from_help)"
+ else
+ # Default complete with a filename
+ _filedir
+ fi
+}
+__grub_get_kernel_settings_program="@grub_get_kernel_settings@"
+have ${__grub_get_kernel_settings_program} && \
+ complete -F _grub_get_kernel_settings -o filenames ${__grub_get_kernel_settings_program}
+unset __grub_get_kernel_settings_program
+
+
+#
# grub-install
#
_grub_install () {
diff --git a/util/grub-get-kernel-settings.3 b/util/grub-get-kernel-settings.3
new file mode 100644
index 0000000..ba33330
--- /dev/null
+++ b/util/grub-get-kernel-settings.3
@@ -0,0 +1,20 @@
+.TH GRUB-GET-KERNEL-SETTINGS 3 "Thu Jun 25 2015"
+.SH NAME
+\fBgrub-get-kernel-settings\fR \(em Evaluate the system's kernel installation settings for use while making a grub configuration file.
+
+.SH SYNOPSIS
+\fBgrub-get-kernel-settings\fR [OPTION]
+
+.SH DESCRIPTION
+\fBgrub-get-kernel-settings\fR reads the kernel installation settings on the host system, and emits a set of grub settings suitable for use when creating a grub configuration file.
+
+.SH OPTIONS
+.TP
+-h, --help
+Display program usage and exit.
+.TP
+-v, --version
+Display the current version.
+
+.SH SEE ALSO
+.BR "info grub"
diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
new file mode 100644
index 0000000..1204621
--- /dev/null
+++ b/util/grub-get-kernel-settings.in
@@ -0,0 +1,78 @@
+#!/bin/sh
+set -e
+
+# Evaluate new-kernel-pkg's configuration file.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+PACKAGE_NAME=@PACKAGE_NAME@
+PACKAGE_VERSION=@PACKAGE_VERSION@
+datadir="@datadir@"
+if [ "x$pkgdatadir" = x ]; then
+ pkgdatadir="${datadir}/@PACKAGE@"
+fi
+
+self=`basename $0`
+
+export TEXTDOMAIN=@PACKAGE@
+export TEXTDOMAINDIR="@localedir@"
+
+. "${pkgdatadir}/grub-mkconfig_lib"
+
+# Usage: usage
+# Print the usage.
+usage () {
+ gettext_printf "Usage: %s [OPTION]\n" "$self"
+ gettext "Evaluate new-kernel-pkg configuration"; echo
+ echo
+ print_option_help "-h, --help" "$(gettext "print this message and exit")"
+ print_option_help "-v, --version" "$(gettext "print the version information and exit")"
+ echo
+}
+
+# Check the arguments.
+while test $# -gt 0
+do
+ option=$1
+ shift
+
+ case "$option" in
+ -h | --help)
+ usage
+ exit 0 ;;
+ -v | --version)
+ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}"
+ exit 0 ;;
+ -*)
+ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
+ usage
+ exit 1
+ ;;
+ # Explicitly ignore non-option arguments, for compatibility.
+ esac
+done
+
+if test -f /etc/sysconfig/kernel ; then
+ . /etc/sysconfig/kernel
+fi
+
+if [ "$MAKEDEBUG" = "yes" ]; then
+ echo GRUB_LINUX_MAKE_DEBUG=true
+ echo export GRUB_LINUX_MAKE_DEBUG
+ echo GRUB_CMDLINE_LINUX_DEBUG=\"systemd.log_level=debug systemd.log_target=kmsg\"
+ echo export GRUB_CMDLINE_LINUX_DEBUG
+ echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\"
+ echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX
+fi
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index fb87247..e32de5e 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -45,6 +45,7 @@ grub_probe="${sbindir}/@grub_probe@"
grub_file="${bindir}/@grub_file@"
grub_editenv="${bindir}/@grub_editenv@"
grub_script_check="${bindir}/@grub_script_check@"
+grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
export TEXTDOMAIN=@PACKAGE@
export TEXTDOMAINDIR="@localedir@"
@@ -151,6 +152,8 @@ if test -f ${sysconfdir}/default/grub ; then
. ${sysconfdir}/default/grub
fi
+eval "$("${grub_get_kernel_settings}")" || true
+
if [ "x$GRUB_DISABLE_UUID" != "xtrue" -a -z "$GRUB_DEVICE_UUID" ]; then
GRUB_DEVICE_UUID="$GRUB_DEVICE_UUID_GENERATED"
fi
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 1215241..0c5b227 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -84,7 +84,8 @@ linux_entry ()
os="$1"
version="$2"
type="$3"
- args="$4"
+ isdebug="$4"
+ args="$5"
sixteenbit=""
linuxefi="linux"
@@ -116,6 +117,9 @@ linux_entry ()
quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
fi
+ if [ x$isdebug = xdebug ]; then
+ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}"
+ fi
echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
else
echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
@@ -273,11 +277,15 @@ while [ "x$list" != "x" ] ; do
fi
if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
- linux_entry "${OS}" "${version}" simple \
+ linux_entry "${OS}" "${version}" simple standard \
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+ linux_entry "${OS}" "${version}" simple debug \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
+ fi
submenu_indentation="$grub_tab"
-
+
if [ -z "$boot_device_id" ]; then
boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
fi
@@ -286,10 +294,15 @@ while [ "x$list" != "x" ] ; do
is_top_level=false
fi
- linux_entry "${OS}" "${version}" advanced \
+ linux_entry "${OS}" "${version}" advanced standard \
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+ linux_entry "${OS}" "${version}" advanced debug \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
+ fi
+
if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
- linux_entry "${OS}" "${version}" recovery \
+ linux_entry "${OS}" "${version}" recovery standard \
"single ${GRUB_CMDLINE_LINUX}"
fi
--
2.7.4

31
0087-Fix-boot-when-there-s-no-TPM.patch
View File

@ -1,31 +0,0 @@
From 3c140c43b91594e2fdd90362499c63733e2d0a8a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Wed, 23 Mar 2016 16:49:42 -0700
Subject: [PATCH 87/89] Fix boot when there's no TPM
If the firmware has TPM support but has no TPM, we're jumping to core.img
without popping the registers back onto the stack. Fix that.
(cherry picked from commit c2eee36ec08f8ed0cd25b8030276347680be4843)
---
grub-core/boot/i386/pc/boot.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
index c1df86d..acab373 100644
--- a/grub-core/boot/i386/pc/boot.S
+++ b/grub-core/boot/i386/pc/boot.S
@@ -473,9 +473,9 @@ LOCAL(copy_buffer):
movl $0x8, %edx /* PCR 8 */
int $0x1A
+boot:
popa
#endif
-boot:
/* boot kernel */
jmp *(LOCAL(kernel_address))
--
2.5.5

219
0088-Rework-TPM-measurements.patch
View File

@ -1,219 +0,0 @@
From f4ed8103fcc767b5a39b0b051e72901b543bf8d5 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Wed, 23 Mar 2016 17:03:43 -0700
Subject: [PATCH 88/89] Rework TPM measurements
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
(cherry picked from commit bb3473d7c8741ad5ef7cf8aafbbcf094df08bfc9)
---
grub-core/kern/dl.c | 2 +-
grub-core/kern/tpm.c | 10 ++++++++--
grub-core/lib/cmdline.c | 4 ++--
grub-core/loader/i386/efi/linux.c | 4 ++--
grub-core/loader/i386/linux.c | 2 +-
grub-core/loader/i386/multiboot_mbi.c | 2 +-
grub-core/loader/i386/pc/linux.c | 2 +-
grub-core/loader/linux.c | 2 +-
grub-core/loader/multiboot.c | 2 +-
grub-core/loader/multiboot_mbi2.c | 2 +-
grub-core/script/execute.c | 4 ++--
include/grub/tpm.h | 9 +++------
12 files changed, 24 insertions(+), 21 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 247cd0a..a023d3b 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -734,7 +734,7 @@ grub_dl_load_file (const char *filename)
opens of the same device. */
grub_file_close (file);
- grub_tpm_measure(core, size, GRUB_TPM_PCR, filename);
+ grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename);
mod = grub_dl_load_core (core, size);
grub_free (core);
diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
index 1a99187..cb5a812 100644
--- a/grub-core/kern/tpm.c
+++ b/grub-core/kern/tpm.c
@@ -7,7 +7,13 @@
grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
- const char *description)
+ const char *kind, const char *description)
{
- return grub_tpm_log_event(buf, size, pcr, description);
+ grub_err_t ret;
+ char *desc = grub_xasprintf("%s %s", kind, description);
+ if (!desc)
+ return GRUB_ERR_OUT_OF_MEMORY;
+ ret = grub_tpm_log_event(buf, size, pcr, description);
+ grub_free(desc);
+ return ret;
}
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index 6b56304..178f738 100644
--- a/grub-core/lib/cmdline.c
+++ b/grub-core/lib/cmdline.c
@@ -126,8 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
*buf = 0;
- grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR,
- "Kernel Commandline");
+ grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_ASCII_PCR,
+ "grub_kernel_cmdline", orig);
return i;
}
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 4ee45e9..bd80be4 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -130,7 +130,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
argv[i]);
goto fail;
}
- grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd");
+ grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_linuxefi", "Initrd");
ptr += cursize;
grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
ptr += ALIGN_UP_OVERHEAD (cursize, 4);
@@ -186,7 +186,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel");
+ grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel");
if (! grub_linuxefi_secure_validate (kernel, filelen))
{
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 342c9fe..90d3392 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -718,7 +718,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel");
+ grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Kernel");
grub_memcpy (&lh, kernel, sizeof (lh));
diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
index 43a08e4..efaa66c 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@@ -165,7 +165,7 @@ grub_multiboot_load (grub_file_t file, const char *filename)
return grub_errno;
}
- grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename);
+ grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename);
header = find_header (buffer, len);
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 6b8f365..7edbc5e 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -162,7 +162,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel");
+ grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel");
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index 3005c0d..78c41e3 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -289,7 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
grub_initrd_close (initrd_ctx);
return grub_errno;
}
- grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd");
+ grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Initrd");
ptr += cursize;
}
if (newc)
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 58e6329..234164b 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -386,7 +386,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
}
grub_file_close (file);
- grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]);
+ grub_tpm_measure (module, size, GRUB_BINARY_PCR, "grub_multiboot", argv[0]);
return GRUB_ERR_NONE;
}
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
index 8f163ea..3d1117b 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -127,7 +127,7 @@ grub_multiboot_load (grub_file_t file, const char *filename)
COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
- grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename);
+ grub_tpm_measure ((unsigned char *)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename);
header = find_header (buffer, len);
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index 9ae04a0..976643c 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -995,8 +995,8 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
argv.args[i]);
}
cmdstring[cmdlen-1]= '\0';
- grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR,
- cmdstring);
+ grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR,
+ "grub_cmd", cmdstring);
grub_free(cmdstring);
invert = 0;
argc = argv.argc - 1;
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 7fc9d77..ecb2d09 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -26,11 +26,8 @@
#define TPM_AUTHFAIL (TPM_BASE + 0x1)
#define TPM_BADINDEX (TPM_BASE + 0x2)
-#define GRUB_TPM_PCR 9
-#define GRUB_KERNEL_PCR 10
-#define GRUB_INITRD_PCR 11
-#define GRUB_CMDLINE_PCR 12
-#define GRUB_COMMAND_PCR 13
+#define GRUB_ASCII_PCR 8
+#define GRUB_BINARY_PCR 9
#define TPM_TAG_RQU_COMMAND 0x00C1
#define TPM_ORD_Extend 0x14
@@ -70,7 +67,7 @@ typedef struct {
} GRUB_PACKED ExtendOutgoing;
grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
- grub_uint8_t pcr,
+ grub_uint8_t pcr, const char *kind,
const char *description);
#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
--
2.5.5

586
0088-blscfg-make-the-bls_import-command-know-to-search-en.patch Normal file
View File

@ -0,0 +1,586 @@
From 986d3e15ed15b19abde41f65a610325573f4db7d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 24 Oct 2016 14:51:06 -0400
Subject: [PATCH 88/89] blscfg: make the bls_import command know to search env
files for blsdir
This makes it so when you do "bls_import" on EFI systems, it searches
/EFI/*/ directories for a grubenv, and if it finds it, temporarily
merges that environment into grub's env.
Once that is done, if there's a variable named "blsdir", it looks there
for BLS config files. If that is absent, it tries to load them from
/EFI/$DIR/loader/entries/
---
grub-core/commands/blscfg.c | 246 ++++++++++++++++++++++++++++++++++++++++---
grub-core/commands/loadenv.c | 77 +-------------
grub-core/commands/loadenv.h | 93 ++++++++++++++++
include/grub/compiler.h | 2 +
4 files changed, 328 insertions(+), 90 deletions(-)
create mode 100644 grub-core/commands/loadenv.h
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 4274aca..2a16858 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -30,32 +30,40 @@
#include <grub/env.h>
#include <grub/file.h>
#include <grub/normal.h>
+#include <grub/lib/envblk.h>
GRUB_MOD_LICENSE ("GPLv3+");
+#include "loadenv.h"
+
+#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
+#define GRUB_BOOT_DEVICE "($root)"
#ifdef GRUB_MACHINE_EFI
#define GRUB_LINUX_CMD "linuxefi"
#define GRUB_INITRD_CMD "initrdefi"
-#define GRUB_BLS_CONFIG_PATH "/EFI/fedora/loader/entries/"
-#define GRUB_BOOT_DEVICE "($boot)"
#else
#define GRUB_LINUX_CMD "linux"
#define GRUB_INITRD_CMD "initrd"
-#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
-#define GRUB_BOOT_DEVICE "($root)"
#endif
static int parse_entry (
const char *filename,
- const struct grub_dirhook_info *info __attribute__ ((unused)),
- void *data __attribute__ ((unused)))
+ const struct grub_dirhook_info *info UNUSED,
+ void *data)
{
grub_size_t n;
char *p;
grub_file_t f = NULL;
grub_off_t sz;
char *title = NULL, *options = NULL, *clinux = NULL, *initrd = NULL, *src = NULL;
+ char *id = NULL;
+ char *class[] = { NULL, NULL };
+ char **classes = class[0];
const char *args[2] = { NULL, NULL };
+ const char *dirname = (const char *)data;
+ const char *devid = grub_env_get ("boot");
+
+ grub_dprintf ("blscfg", "filename: \"%s\"\n", filename);
if (filename[0] == '.')
return 0;
@@ -67,12 +75,14 @@ static int parse_entry (
if (grub_strcmp (filename + n - 5, ".conf") != 0)
return 0;
- p = grub_xasprintf (GRUB_BLS_CONFIG_PATH "%s", filename);
+ p = grub_xasprintf ("(%s)%s/%s", devid, dirname, filename);
+ grub_dprintf ("blscfg", "entry path: \"%s\"\n", p);
f = grub_file_open (p);
if (!f)
goto finish;
+ grub_dprintf ("blscfg", "getting size\n");
sz = grub_file_size (f);
if (sz == GRUB_FILE_SIZE_UNKNOWN || sz > 1024*1024)
goto finish;
@@ -113,18 +123,33 @@ static int parse_entry (
if (!initrd)
goto finish;
}
+ else if (grub_strncmp (buf, "id ", 3) == 0)
+ {
+ grub_free (id);
+ id = grub_strdup (buf + 3);
+ if (!id)
+ goto finish;
+ }
+ else if (grub_strncmp (buf, "index ", 6) == 0)
+ {
+ grub_free (class[0]);
+ class[0] = grub_strdup (buf + 6);
+ if (!class[0])
+ goto finish;
+ }
grub_free(buf);
}
if (!linux)
{
- grub_printf ("Skipping file %s with no 'linux' key.", p);
+ grub_dprintf ("blscfg", "Skipping file %s with no 'linux' key.", p);
goto finish;
}
args[0] = title ? title : filename;
+ grub_dprintf("blscfg", "adding menu entry for \"%s\"\n", clinux);
src = grub_xasprintf ("load_video\n"
"set gfx_payload=keep\n"
"insmod gzio\n"
@@ -133,7 +158,7 @@ static int parse_entry (
GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
initrd ? GRUB_INITRD_CMD " " : "", initrd ? GRUB_BOOT_DEVICE : "", initrd ? initrd : "", initrd ? "\n" : "");
- grub_normal_add_menu_entry (1, args, NULL, NULL, "bls", NULL, NULL, src, 0);
+ grub_normal_add_menu_entry (1, args, classes, id, "bls", NULL, NULL, src, 0);
finish:
grub_free (p);
@@ -142,15 +167,192 @@ finish:
grub_free (clinux);
grub_free (initrd);
grub_free (src);
+ grub_free (id);
+ grub_free (class[0]);
+
+ if (f)
+ grub_file_close (f);
+
+ return 0;
+}
+
+#ifdef GRUB_MACHINE_EFI
+static grub_envblk_t saved_env = NULL;
+
+static int
+save_var (const char *name, const char *value, void *whitelist UNUSED)
+{
+ const char *val = grub_env_get (name);
+ grub_dprintf("blscfg", "saving \"%s\"\n", name);
+
+ if (val)
+ grub_envblk_set (saved_env, name, value);
+
+ return 0;
+}
+
+static int
+unset_var (const char *name, const char *value UNUSED, void *whitelist)
+{
+ grub_dprintf("blscfg", "restoring \"%s\"\n", name);
+ if (! whitelist)
+ {
+ grub_env_unset (name);
+ return 0;
+ }
+
+ if (test_whitelist_membership (name,
+ (const grub_env_whitelist_t *) whitelist))
+ grub_env_unset (name);
+
+ return 0;
+}
+
+struct find_entry_info {
+ grub_device_t dev;
+ grub_fs_t fs;
+};
+
+/*
+ * filename: if the directory is /EFI/something/ , filename is "something"
+ * info: unused
+ * data: the filesystem object the file is on.
+ */
+static int find_entry (const char *filename,
+ const struct grub_dirhook_info *dirhook_info UNUSED,
+ void *data)
+{
+ struct find_entry_info *info = (struct find_entry_info *)data;
+ grub_file_t f = NULL;
+ char *grubenv_path = NULL;
+ grub_envblk_t env = NULL;
+ char *default_blsdir = NULL;
+ const char *blsdir = NULL;
+ char *saved_env_buf = NULL;
+ grub_size_t l;
+ int r = 0;
+ const char *devid = grub_env_get ("boot");
+
+ if (!grub_strcmp (filename, ".") ||
+ !grub_strcmp (filename, "..") ||
+ !grub_strcasecmp (filename, "boot"))
+ return 0;
+
+ saved_env_buf = grub_malloc (512);
+
+ // set a default blsdir
+ default_blsdir = grub_xasprintf ("/EFI/%s%s", filename,
+ GRUB_BLS_CONFIG_PATH);
+ grub_env_set ("blsdir", default_blsdir);
+ grub_dprintf ("blscfg", "default_blsdir: \"%s\"\n", default_blsdir);
+
+ /*
+ * try to load a grubenv from /EFI/wherever/grubenv
+ */
+ grubenv_path = grub_xasprintf ("(%s)/EFI/%s/grubenv", devid, filename);
+ grub_dprintf ("blscfg", "looking for \"%s\"\n", grubenv_path);
+ f = grub_file_open (grubenv_path);
+
+ grub_dprintf ("blscfg", "%s it\n", f ? "found" : "did not find");
+ grub_free (grubenv_path);
+ if (f)
+ {
+ grub_off_t sz;
+
+ grub_dprintf ("blscfg", "getting size\n");
+ sz = grub_file_size (f);
+ if (sz == GRUB_FILE_SIZE_UNKNOWN || sz > 1024*1024)
+ goto finish;
+
+ grub_dprintf ("blscfg", "reading env\n");
+ env = read_envblk_file (f);
+ if (!env)
+ goto finish;
+ grub_dprintf ("blscfg", "read env file\n");
+
+ grub_memset (saved_env_buf, '#', 512);
+ grub_memcpy (saved_env_buf, GRUB_ENVBLK_SIGNATURE,
+ sizeof (GRUB_ENVBLK_SIGNATURE));
+ grub_dprintf ("blscfg", "saving env\n");
+ saved_env = grub_envblk_open (saved_env_buf, 512);
+ if (!saved_env)
+ goto finish;
+
+ // save everything listed in "env" with values from our existing grub env
+ grub_envblk_iterate (env, NULL, save_var);
+ // set everything from our loaded grubenv into the real grub env
+ grub_envblk_iterate (env, NULL, set_var);
+ }
+ else
+ {
+ grub_err_t e;
+ grub_dprintf ("blscfg", "no such file\n");
+ do
+ {
+ e = grub_error_pop();
+ } while (e);
+
+ }
+
+ blsdir = grub_env_get ("blsdir");
+ if (!blsdir)
+ goto finish;
+
+ grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir);
+ if (blsdir[0] != '/')
+ blsdir = grub_xasprintf ("/EFI/%s/%s/", filename, blsdir);
+ else
+ blsdir = grub_strdup (blsdir);
+
+ if (!blsdir)
+ goto finish;
+
+ grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir);
+ r = info->fs->dir (info->dev, blsdir, parse_entry, (char *)blsdir);
+ if (r != 0) {
+ grub_dprintf ("blscfg", "parse_entry returned error\n");
+ grub_err_t e;
+ do
+ {
+ e = grub_error_pop();
+ } while (e);
+ }
+
+finish:
+ grub_free (blsdir);
+
+ grub_env_unset ("blsdir");
+
+ if (saved_env)
+ {
+ // remove everything from the real environment that's defined in env
+ grub_envblk_iterate (env, NULL, unset_var);
+
+ // re-set the things from our original environment
+ grub_envblk_iterate (saved_env, NULL, set_var);
+ grub_envblk_close (saved_env);
+ saved_env = NULL;
+ }
+ else if (saved_env_buf)
+ {
+ // if we have a saved environment, grub_envblk_close() freed this.
+ grub_free (saved_env_buf);
+ }
+
+ if (env)
+ grub_envblk_close (env);
if (f)
grub_file_close (f);
+ grub_free (default_blsdir);
+
return 0;
}
+#endif
static grub_err_t
-grub_cmd_bls_import (grub_extcmd_context_t ctxt __attribute__ ((unused)),
+grub_cmd_blscfg (grub_extcmd_context_t ctxt __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
@@ -158,15 +360,22 @@ grub_cmd_bls_import (grub_extcmd_context_t ctxt __attribute__ ((unused)),
grub_device_t dev;
static grub_err_t r;
const char *devid;
+#ifdef GRUB_MACHINE_EFI
+ struct find_entry_info info;
+#endif
- devid = grub_env_get ("root");
+ grub_dprintf ("blscfg", "finding boot\n");
+ devid = grub_env_get ("boot");
if (!devid)
- return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "root");
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND,
+ N_("variable `%s' isn't set"), "boot");
+ grub_dprintf ("blscfg", "opening %s\n", devid);
dev = grub_device_open (devid);
if (!dev)
return grub_errno;
+ grub_dprintf ("blscfg", "probing fs\n");
fs = grub_fs_probe (dev);
if (!fs)
{
@@ -174,7 +383,14 @@ grub_cmd_bls_import (grub_extcmd_context_t ctxt __attribute__ ((unused)),
goto finish;
}
- r = fs->dir (dev, GRUB_BLS_CONFIG_PATH, parse_entry, NULL);
+#ifdef GRUB_MACHINE_EFI
+ info.dev = dev;
+ info.fs = fs;
+ grub_dprintf ("blscfg", "scanning /EFI/\n");
+ r = fs->dir (dev, "/EFI/", find_entry, &info);
+#else
+ r = fs->dir (dev, GRUB_BLS_CONFIG_PATH, parse_entry, GRUB_BLS_CONFIG_PATH);
+#endif
finish:
if (dev)
@@ -187,8 +403,8 @@ static grub_extcmd_t cmd;
GRUB_MOD_INIT(bls)
{
- cmd = grub_register_extcmd ("bls_import",
- grub_cmd_bls_import,
+ cmd = grub_register_extcmd ("blscfg",
+ grub_cmd_blscfg,
0,
NULL,
N_("Import Boot Loader Specification snippets."),
diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c
index acd93d1..91c9945 100644
--- a/grub-core/commands/loadenv.c
+++ b/grub-core/commands/loadenv.c
@@ -28,6 +28,8 @@
#include <grub/extcmd.h>
#include <grub/i18n.h>
+#include "loadenv.h"
+
GRUB_MOD_LICENSE ("GPLv3+");
static const struct grub_arg_option options[] =
@@ -84,81 +86,6 @@ open_envblk_file (char *filename, int untrusted)
return file;
}
-static grub_envblk_t
-read_envblk_file (grub_file_t file)
-{
- grub_off_t offset = 0;
- char *buf;
- grub_size_t size = grub_file_size (file);
- grub_envblk_t envblk;
-
- buf = grub_malloc (size);
- if (! buf)
- return 0;
-
- while (size > 0)
- {
- grub_ssize_t ret;
-
- ret = grub_file_read (file, buf + offset, size);
- if (ret <= 0)
- {
- grub_free (buf);
- return 0;
- }
-
- size -= ret;
- offset += ret;
- }
-
- envblk = grub_envblk_open (buf, offset);
- if (! envblk)
- {
- grub_free (buf);
- grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block");
- return 0;
- }
-
- return envblk;
-}
-
-struct grub_env_whitelist
-{
- grub_size_t len;
- char **list;
-};
-typedef struct grub_env_whitelist grub_env_whitelist_t;
-
-static int
-test_whitelist_membership (const char* name,
- const grub_env_whitelist_t* whitelist)
-{
- grub_size_t i;
-
- for (i = 0; i < whitelist->len; i++)
- if (grub_strcmp (name, whitelist->list[i]) == 0)
- return 1; /* found it */
-
- return 0; /* not found */
-}
-
-/* Helper for grub_cmd_load_env. */
-static int
-set_var (const char *name, const char *value, void *whitelist)
-{
- if (! whitelist)
- {
- grub_env_set (name, value);
- return 0;
- }
-
- if (test_whitelist_membership (name,
- (const grub_env_whitelist_t *) whitelist))
- grub_env_set (name, value);
-
- return 0;
-}
-
static grub_err_t
grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args)
{
diff --git a/grub-core/commands/loadenv.h b/grub-core/commands/loadenv.h
new file mode 100644
index 0000000..952f461
--- /dev/null
+++ b/grub-core/commands/loadenv.h
@@ -0,0 +1,93 @@
+/* loadenv.c - command to load/save environment variable. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008,2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+static grub_envblk_t UNUSED
+read_envblk_file (grub_file_t file)
+{
+ grub_off_t offset = 0;
+ char *buf;
+ grub_size_t size = grub_file_size (file);
+ grub_envblk_t envblk;
+
+ buf = grub_malloc (size);
+ if (! buf)
+ return 0;
+
+ while (size > 0)
+ {
+ grub_ssize_t ret;
+
+ ret = grub_file_read (file, buf + offset, size);
+ if (ret <= 0)
+ {
+ grub_free (buf);
+ return 0;
+ }
+
+ size -= ret;
+ offset += ret;
+ }
+
+ envblk = grub_envblk_open (buf, offset);
+ if (! envblk)
+ {
+ grub_free (buf);
+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block");
+ return 0;
+ }
+
+ return envblk;
+}
+
+struct grub_env_whitelist
+{
+ grub_size_t len;
+ char **list;
+};
+typedef struct grub_env_whitelist grub_env_whitelist_t;
+
+static int UNUSED
+test_whitelist_membership (const char* name,
+ const grub_env_whitelist_t* whitelist)
+{
+ grub_size_t i;
+
+ for (i = 0; i < whitelist->len; i++)
+ if (grub_strcmp (name, whitelist->list[i]) == 0)
+ return 1; /* found it */
+
+ return 0; /* not found */
+}
+
+/* Helper for grub_cmd_load_env. */
+static int UNUSED
+set_var (const char *name, const char *value, void *whitelist)
+{
+ if (! whitelist)
+ {
+ grub_env_set (name, value);
+ return 0;
+ }
+
+ if (test_whitelist_membership (name,
+ (const grub_env_whitelist_t *) whitelist))
+ grub_env_set (name, value);
+
+ return 0;
+}
diff --git a/include/grub/compiler.h b/include/grub/compiler.h
index c9e1d7a..9859ff4 100644
--- a/include/grub/compiler.h
+++ b/include/grub/compiler.h
@@ -48,4 +48,6 @@
# define WARN_UNUSED_RESULT
#endif
+#define UNUSED __attribute__((__unused__))
+
#endif /* ! GRUB_COMPILER_HEADER */
--
2.9.3

29
0089-Fix-event-log-prefix.patch
View File

@ -1,29 +0,0 @@
From c11f14d8b152ea83349670b029470d779e8b0ec7 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 29 Mar 2016 15:36:49 -0700
Subject: [PATCH 89/89] Fix event log prefix
We're not passing the prefixed version of the description to the event log.
Fix that.
(cherry picked from commit aab446306b8a78c741e229861c4988738cfc6426)
---
grub-core/kern/tpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
index cb5a812..e5e8fce 100644
--- a/grub-core/kern/tpm.c
+++ b/grub-core/kern/tpm.c
@@ -13,7 +13,7 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
char *desc = grub_xasprintf("%s %s", kind, description);
if (!desc)
return GRUB_ERR_OUT_OF_MEMORY;
- ret = grub_tpm_log_event(buf, size, pcr, description);
+ ret = grub_tpm_log_event(buf, size, pcr, desc);
grub_free(desc);
return ret;
}
--
2.5.5

Some files were not shown because too many files have changed in this diff Show More