From 4911b35d0949f3a77bcf2c8a6325400afdaddc03 Mon Sep 17 00:00:00 2001 From: Nicolas Frayer Date: Mon, 12 Aug 2024 22:19:36 +0200 Subject: [PATCH] NX: efi/loader, add a call to grub_efi_check_nx_required() nx_required was initialized to 0 but was never assigned a value. Call grub_efi_check_nx_required() to solve this. Signed-off-by: Nicolas Frayer --- ...-if-NX-is-required-in-grub_efi_linux.patch | 25 +++++++++++++++++++ grub.patches | 3 ++- grub2.spec | 5 +++- 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch diff --git a/0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch b/0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch new file mode 100644 index 0000000..0942ea4 --- /dev/null +++ b/0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nicolas Frayer +Date: Wed, 25 Sep 2024 17:23:33 +0200 +Subject: [PATCH] efi/loader: Check if NX is required in grub_efi_linux_boot() + +Call grub_efi_check_nx_required() passing it nx_required to +assign the correct value + +Signed-off-by: Nicolas Frayer +--- + grub-core/loader/efi/linux.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index 0d1804b602da..5889e3f36f89 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -236,6 +236,7 @@ grub_efi_linux_boot (grub_addr_t k_address, grub_size_t k_size, + grub_dprintf ("linux", "kernel_address: %p handover_offset: %p params: %p\n", + (void *)k_address, (void *)h_offset, k_params); + ++ grub_efi_check_nx_required(&nx_required); + + if (nx_required && !nx_supported) + return grub_error (GRUB_ERR_BAD_OS, N_("kernel does not support NX loading required by policy")); diff --git a/grub.patches b/grub.patches index f096b8d..8b3e1be 100644 --- a/grub.patches +++ b/grub.patches @@ -272,4 +272,5 @@ Patch0271: 0271-grub2-mkconfig-Simplify-os_name-detection.patch Patch0272: 0272-grub-mkconfig-Remove-check-for-mount-point-for-grub-.patch Patch0273: 0273-efi-api.h-include-missing-__grub_efi_api-macros-on-E.patch Patch0274: 0274-grub-core-net-arp.c-fix-variable-name.patch -Patch0275: 0275-load-EFI-commands-inside-test-expressions.patch \ No newline at end of file +Patch0275: 0275-load-EFI-commands-inside-test-expressions.patch +Patch0276: 0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch diff --git a/grub2.spec b/grub2.spec index 0739c21..87a5b8b 100644 --- a/grub2.spec +++ b/grub2.spec @@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later URL: http://www.gnu.org/software/grub/ @@ -562,6 +562,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Wed Sep 25 2024 Nicolas Frayer 2.12-8 +- NX: efi/loader, add a call to grub_efi_check_nx_required() + * Tue Sep 17 2024 Nicolas Frayer - 2.12-7 - aarch64/macros: Build gnulib with -mbranch-protection=standard