From 68246dd73613dd450dd766acf2c3746acc8add0a Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Mon, 18 May 2020 10:39:14 +0200 Subject: [PATCH] Only enable the tpm module for EFI platforms The module is only built for EFI, so don't enable it for other platforms. Signed-off-by: Javier Martinez Canillas --- ...-Enable-module-for-all-EFI-platforms.patch | 26 +++++++++++++++++++ grub.macros | 4 +-- grub.patches | 1 + grub2.spec | 5 +++- 4 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 0217-tpm-Enable-module-for-all-EFI-platforms.patch diff --git a/0217-tpm-Enable-module-for-all-EFI-platforms.patch b/0217-tpm-Enable-module-for-all-EFI-platforms.patch new file mode 100644 index 0000000..f119785 --- /dev/null +++ b/0217-tpm-Enable-module-for-all-EFI-platforms.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 18 May 2020 12:56:27 +0200 +Subject: [PATCH] tpm: Enable module for all EFI platforms + +The tpm module is only enabled for x86_64, but there's nothing specific to +that architecture in the code and could be enabled for all EFI platforms. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 661994686e6..b283c502b9c 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2512,7 +2512,7 @@ module = { + name = tpm; + common = commands/tpm.c; + efi = commands/efi/tpm.c; +- enable = x86_64_efi; ++ enable = efi; + }; + + module = { diff --git a/grub.macros b/grub.macros index fc6bfff..9c87491 100644 --- a/grub.macros +++ b/grub.macros @@ -115,7 +115,7 @@ %ifarch aarch64 %{arm} riscv64 %global efi_modules " " %else -%global efi_modules " backtrace chain usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug " +%global efi_modules " backtrace chain tpm usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug " %endif %ifarch aarch64 %{arm} riscv64 @@ -402,7 +402,7 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\ password_pbkdf2 pgp png reboot \\\ regexp search search_fs_uuid search_fs_file \\\ search_label serial sleep syslinuxcfg test tftp \\\ - tpm version video xfs zstd " \ + version video xfs zstd " \ GRUB_MODULES+=%{efi_modules} \ %{expand:%%{mkimage %{1} %{2} %{3} %{4}}} \ %{nil} diff --git a/grub.patches b/grub.patches index a833b9e..4cfe79a 100644 --- a/grub.patches +++ b/grub.patches @@ -214,3 +214,4 @@ Patch0213: 0213-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch Patch0214: 0214-10_linux.in-Store-cmdline-in-BLS-snippets-instead-of.patch Patch0215: 0215-10_linux.in-restore-existence-check-in-get_sorted_bl.patch Patch0216: 0216-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch +Patch0217: 0217-tpm-Enable-module-for-all-EFI-platforms.patch diff --git a/grub2.spec b/grub2.spec index 591b7d5..dc80982 100644 --- a/grub2.spec +++ b/grub2.spec @@ -9,7 +9,7 @@ Name: grub2 Epoch: 1 Version: 2.04 -Release: 19%{?dist} +Release: 20%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -504,6 +504,9 @@ rm -r /boot/grub2.tmp/ || : %endif %changelog +* Mon May 18 2020 Javier Martinez Canillas - 2.04-20 +- Only enable the tpm module for EFI platforms + * Sat May 16 2020 Javier Martinez Canillas - 2.04-19 - Enable tpm module and make system to boot even if TPM measurements fail Resolves: rhbz#1836433