rpms/grub2
8
0
Fork 0
mirror of https://src.fedoraproject.org/rpms/grub2.git synced 2024-11-24 06:22:43 +00:00
Code Issues 24 Projects 4 Releases Packages Wiki Activity Actions

Bump for grub-2.02-beta3

Browse source 
Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2016-03-04 13:32:29 -05:00
parent 52f24b72a1
commit b9efc549fa
98 changed files with 3683 additions and 23320 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
0001-Migrate-PPC-from-Yaboot-to-Grub2.patch
View file

@ -1,7 +1,7 @@
From 430eb790de723e12dab382bebb1bf7c4636f518c Mon Sep 17 00:00:00 2001
From 16e9a0054a4e0b4238a7172a1731658d3407de0e Mon Sep 17 00:00:00 2001
From: Mark Hamzy <hamzy@us.ibm.com>
Date: Wed, 28 Mar 2012 14:46:41 -0500
Subject: [PATCH 01/74] Migrate PPC from Yaboot to Grub2
Subject: [PATCH 01/85] Migrate PPC from Yaboot to Grub2
Add configuration support for serial terminal consoles. This will set the
maximum screen size so that text is not overwritten.
@ -12,10 +12,10 @@ maximum screen size so that text is not overwritten.
create mode 100644 util/grub.d/20_ppc_terminfo.in
diff --git a/Makefile.util.def b/Makefile.util.def
index 3cb6b21..5bb7cef 100644
index ed9b4c6..dfd48fc 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -485,6 +485,13 @@ script = {
@@ -487,6 +487,13 @@ script = {
};
script = {
@ -150,5 +150,5 @@ index 0000000..10d6658
+ terminfo -g ${X}x${Y} ${TERMINAL}
+EOF
--
2.4.3
2.5.0

6
0002-Add-fw_path-variable-revised.patch
View file

@ -1,7 +1,7 @@
From 77809768ce9f984cd2359cb605456314721aca95 Mon Sep 17 00:00:00 2001
From f8ca3a65c0d5095421b1924cc4e2c7a114d340b8 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Wed, 19 Sep 2012 21:22:55 -0300
Subject: [PATCH 02/74] Add fw_path variable (revised)
Subject: [PATCH 02/85] Add fw_path variable (revised)
This patch makes grub look for its config file on efi where the app was
found. It was originally written by Matthew Garrett, and adapted to fix the
@ -77,5 +77,5 @@ index 78a70a8..df12dfb 100644
prefix = grub_env_get ("prefix");
if (prefix)
--
2.4.3
2.5.0

10
0003-Add-support-for-linuxefi.patch
View file

@ -1,7 +1,7 @@
From b1ce9da47f7d73a793f8e41ad4575d09e4ef9e9b Mon Sep 17 00:00:00 2001
From 99cd396f6ea153326a77369decf679d8453f0058 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Tue, 10 Jul 2012 11:58:52 -0400
Subject: [PATCH 03/74] Add support for linuxefi
Subject: [PATCH 03/85] Add support for linuxefi
---
grub-core/Makefile.core.def | 8 +
@ -13,10 +13,10 @@ Subject: [PATCH 03/74] Add support for linuxefi
create mode 100644 grub-core/loader/i386/efi/linux.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index a6101de..a056b42 100644
index 58b4208..2344a5e 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1692,6 +1692,14 @@ module = {
@@ -1731,6 +1731,14 @@ module = {
};
module = {
@ -478,5 +478,5 @@ index da0ca3b..fc36bda 100644
/* Boot parameters for Linux based on 2.6.12. This is used by the setup
--
2.4.3
2.5.0

10
0004-Use-linuxefi-and-initrdefi-where-appropriate.patch
View file

@ -1,17 +1,17 @@
From 98857c979c99a85c6bb9ff758c1d17b522d150ae Mon Sep 17 00:00:00 2001
From dab2b4ed1807414a40e10c6176c7cdcd387269f7 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 16 Jul 2012 18:57:11 -0400
Subject: [PATCH 04/74] Use "linuxefi" and "initrdefi" where appropriate.
Subject: [PATCH 04/85] Use "linuxefi" and "initrdefi" where appropriate.
---
util/grub.d/10_linux.in | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 859b608..b740c93 100644
index 5a78513..ef9e103 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -127,17 +127,31 @@ linux_entry ()
@@ -129,17 +129,31 @@ linux_entry ()
printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
fi
message="$(gettext_printf "Loading Linux %s ..." ${version})"
@ -46,5 +46,5 @@ index 859b608..b740c93 100644
sed "s/^/$submenu_indentation/" << EOF
}
--
2.4.3
2.5.0

14
0005-Don-t-allow-insmod-when-secure-boot-is-enabled.patch
View file

@ -1,7 +1,7 @@
From c76d0d67323efe33ec2e3f44f08047545550d721 Mon Sep 17 00:00:00 2001
From 29846060c0c3f42df442b18d1c19e4975760c0b9 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@ubuntu.com>
Date: Tue, 23 Oct 2012 10:40:49 -0400
Subject: [PATCH 05/74] Don't allow insmod when secure boot is enabled.
Subject: [PATCH 05/85] Don't allow insmod when secure boot is enabled.
Hi,
@ -23,7 +23,7 @@ moves the check into grub_dl_load_file.
3 files changed, 50 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 3a438e9..58931fa 100644
index e394cd9..04e804d 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -38,6 +38,14 @@
@ -41,7 +41,7 @@ index 3a438e9..58931fa 100644
#pragma GCC diagnostic ignored "-Wcast-align"
@@ -680,6 +688,19 @@ grub_dl_load_file (const char *filename)
@@ -686,6 +694,19 @@ grub_dl_load_file (const char *filename)
void *core = 0;
grub_dl_t mod = 0;
@ -62,10 +62,10 @@ index 3a438e9..58931fa 100644
file = grub_file_open (filename);
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index 2e77834..d12701e 100644
index caf9bcc..4026e81 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -260,6 +260,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
@@ -264,6 +264,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
return NULL;
}
@ -113,5 +113,5 @@ index 9a2da0e..2245632 100644
EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
const grub_efi_device_path_t *dp2);
--
2.4.3
2.5.0

8
0006-Pass-x-hex-hex-straight-through-unmolested.patch
View file

@ -1,7 +1,7 @@
From 468d8909c5c86fec5e676df7ca1223a370bab703 Mon Sep 17 00:00:00 2001
From fc4c2701e620c8b72ff13acde949d5718976259b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 1 Oct 2012 13:24:37 -0400
Subject: [PATCH 06/74] Pass "\x[[:hex:]][[:hex:]]" straight through
Subject: [PATCH 06/85] Pass "\x[[:hex:]][[:hex:]]" straight through
unmolested.
---
@ -104,7 +104,7 @@ index d5e10ee..0a5b2af 100644
*buf++ = *c;
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index bb70ebf..2b9341f 100644
index a8502d9..2fd7831 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -52,6 +52,12 @@ static struct grub_script_scope *scope = 0;
@ -179,5 +179,5 @@ index bb70ebf..2b9341f 100644
case '$':
if (escaped)
--
2.4.3
2.5.0

6
0007-Fix-crash-on-http.patch
View file

@ -1,7 +1,7 @@
From 59371cdd4588470ced7b8fbf71ecda648c52b989 Mon Sep 17 00:00:00 2001
From 9a80be91ab985c23d899d6ff5983b493e5ee6056 Mon Sep 17 00:00:00 2001
From: Gustavo Luiz Duarte <gustavold@linux.vnet.ibm.com>
Date: Tue, 25 Sep 2012 18:40:55 -0400
Subject: [PATCH 07/74] Fix crash on http
Subject: [PATCH 07/85] Fix crash on http
Don't free file->data on receiving FIN flag since it is used all over without
checking. http_close() will be called later to free that memory.
@ -24,5 +24,5 @@ index 4684f8b..ef9538c 100644
if (!data->sock)
{
--
2.4.3
2.5.0

14
0008-IBM-client-architecture-CAS-reboot-support.patch
View file

@ -1,7 +1,7 @@
From 13ca7774359074df68cd1042889e44d99f85a695 Mon Sep 17 00:00:00 2001
From c99c2cfb38de87af4b9922467531d6c6a7fea6d2 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Thu, 20 Sep 2012 18:07:39 -0300
Subject: [PATCH 08/74] IBM client architecture (CAS) reboot support
Subject: [PATCH 08/85] IBM client architecture (CAS) reboot support
This is an implementation of IBM client architecture (CAS) reboot for GRUB.
@ -95,7 +95,7 @@ index ddb7783..6db8b98 100644
+ return 0;
+}
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index df12dfb..f805cb3 100644
index df12dfb..759c475 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -33,6 +33,9 @@
@ -120,7 +120,7 @@ index df12dfb..f805cb3 100644
+ if (! grub_ieee1275_cas_reboot (script))
+ {
+ char *dummy[1] = { NULL };
+ if (! grub_script_execute_sourcecode (script, 0, dummy))
+ if (! grub_script_execute_sourcecode (script))
+ boot = 1;
+ }
+ grub_free (script);
@ -132,7 +132,7 @@ index df12dfb..f805cb3 100644
grub_errno = GRUB_ERR_NONE;
}
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index 2b9341f..0f7d143 100644
index 2fd7831..cf6cd66 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -27,6 +27,9 @@
@ -145,7 +145,7 @@ index 2b9341f..0f7d143 100644
/* Max digits for a char is 3 (0xFF is 255), similarly for an int it
is sizeof (int) * 3, and one extra for a possible -ve sign. */
@@ -912,6 +915,10 @@ grub_script_execute_sourcecode (const char *source)
@@ -908,6 +911,10 @@ grub_script_execute_sourcecode (const char *source)
grub_err_t ret = 0;
struct grub_script *parsed_script;
@ -170,5 +170,5 @@ index 8e42513..9f26c69 100644
#define FOR_IEEE1275_DEVALIASES(alias) for (grub_ieee1275_devalias_init_iterator (&(alias)); grub_ieee1275_devalias_next (&(alias));)
--
2.4.3
2.5.0

14
0009-Add-vlan-tag-support.patch
View file

@ -1,7 +1,7 @@
From b258cc2ba1f2284026b6ebcadbb972f0f0fa4de0 Mon Sep 17 00:00:00 2001
From 2167cb5522467d3c51ced3a9f115a770b1242f5a Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 30 Oct 2012 15:19:39 -0200
Subject: [PATCH 09/74] Add vlan-tag support
Subject: [PATCH 09/85] Add vlan-tag support
This patch adds support for virtual LAN (VLAN) tagging. VLAN tagging allows
multiple VLANs in a bridged network to share the same physical network link but
@ -20,10 +20,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=871563
5 files changed, 73 insertions(+), 3 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index d5bd74d..8191f8c 100644
index 1259022..5fa26e1 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -117,6 +117,7 @@ grub_machine_get_bootlocation (char **device, char **path)
@@ -125,6 +125,7 @@ grub_machine_get_bootlocation (char **device, char **path)
char *dev, *canon;
char *ptr;
dev = grub_ieee1275_get_aliasdevname (bootpath);
@ -171,10 +171,10 @@ index 9f26c69..6a21f5d 100644
#define FOR_IEEE1275_DEVALIASES(alias) for (grub_ieee1275_devalias_init_iterator (&(alias)); grub_ieee1275_devalias_next (&(alias));)
diff --git a/include/grub/net.h b/include/grub/net.h
index 538baa3..a799e6b 100644
index 2192fa1..6ac9d72 100644
--- a/include/grub/net.h
+++ b/include/grub/net.h
@@ -538,4 +538,6 @@ extern char *grub_net_default_server;
@@ -561,4 +561,6 @@ extern char *grub_net_default_server;
#define GRUB_NET_INTERVAL 400
#define GRUB_NET_INTERVAL_ADDITION 20
@ -182,5 +182,5 @@ index 538baa3..a799e6b 100644
+
#endif /* ! GRUB_NET_HEADER */
--
2.4.3
2.5.0

12
0010-Add-X-option-to-printf-functions.patch
View file

@ -1,14 +1,14 @@
From 28297386b1d3801d3a79d31e957b0fbed9eb5baa Mon Sep 17 00:00:00 2001
From 27230b0e8df443de67ca83508f6346ddbd947dd4 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 27 Nov 2012 16:58:39 -0200
Subject: [PATCH 10/74] Add %X option to printf functions.
Subject: [PATCH 10/85] Add %X option to printf functions.
---
grub-core/kern/misc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 906d2c2..6b3397f 100644
index d1a54df..8354164 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -587,7 +587,7 @@ grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r)
@ -37,7 +37,7 @@ index 906d2c2..6b3397f 100644
case 'u':
case 'd':
case 'c':
@@ -755,6 +756,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
@@ -761,6 +762,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
switch (c)
{
case 'x':
@ -45,7 +45,7 @@ index 906d2c2..6b3397f 100644
case 'u':
args->ptr[curn].type = UNSIGNED_INT + longfmt;
break;
@@ -892,6 +894,7 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0,
@@ -899,6 +901,7 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0,
c = 'x';
/* Fall through. */
case 'x':
@ -54,5 +54,5 @@ index 906d2c2..6b3397f 100644
case 'd':
{
--
2.4.3
2.5.0

12
0011-DHCP-client-ID-and-UUID-options-added.patch
View file

@ -1,7 +1,7 @@
From 8122de140b4941e6f733aa3b2789eb54284ec5b4 Mon Sep 17 00:00:00 2001
From 6907d098d8bc7b11eef31579754c46adfcfcefa3 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 27 Nov 2012 17:18:53 -0200
Subject: [PATCH 11/74] DHCP client ID and UUID options added.
Subject: [PATCH 11/85] DHCP client ID and UUID options added.
---
grub-core/net/bootp.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++-----
@ -9,7 +9,7 @@ Subject: [PATCH 11/74] DHCP client ID and UUID options added.
2 files changed, 81 insertions(+), 8 deletions(-)
diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
index 4fdeac3..8324aff 100644
index a088244..4532177 100644
--- a/grub-core/net/bootp.c
+++ b/grub-core/net/bootp.c
@@ -25,6 +25,49 @@
@ -128,10 +128,10 @@ index 4fdeac3..8324aff 100644
grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)),
int argc, char **args)
diff --git a/include/grub/net.h b/include/grub/net.h
index a799e6b..59e5975 100644
index 6ac9d72..96aa9fa 100644
--- a/include/grub/net.h
+++ b/include/grub/net.h
@@ -433,6 +433,8 @@ enum
@@ -456,6 +456,8 @@ enum
GRUB_NET_BOOTP_DOMAIN = 0x0f,
GRUB_NET_BOOTP_ROOT_PATH = 0x11,
GRUB_NET_BOOTP_EXTENSIONS_PATH = 0x12,
@ -141,5 +141,5 @@ index a799e6b..59e5975 100644
};
--
2.4.3
2.5.0

16
0012-Search-for-specific-config-file-for-netboot.patch
View file

@ -1,7 +1,7 @@
From 0c18485577c42381f170a9dc1ddd89836cea91b3 Mon Sep 17 00:00:00 2001
From effaaa4ab3cf09f93b124a6242a52f911a9b08b0 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 27 Nov 2012 17:22:07 -0200
Subject: [PATCH 12/74] Search for specific config file for netboot
Subject: [PATCH 12/85] Search for specific config file for netboot
This patch implements a search for a specific configuration when the config
file is on a remoteserver. It uses the following order:
@ -22,10 +22,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=873406
3 files changed, 135 insertions(+), 4 deletions(-)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 21a4e94..cc68b0d 100644
index 9424595..e53d9a0 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -1704,6 +1704,124 @@ grub_net_restore_hw (void)
@@ -1725,6 +1725,124 @@ grub_net_restore_hw (void)
return GRUB_ERR_NONE;
}
@ -151,7 +151,7 @@ index 21a4e94..cc68b0d 100644
static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute;
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index f805cb3..23e2d3f 100644
index 759c475..b2654ef 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -33,6 +33,7 @@
@ -187,10 +187,10 @@ index f805cb3..23e2d3f 100644
grub_enter_normal_mode (config);
grub_free (config);
diff --git a/include/grub/net.h b/include/grub/net.h
index 59e5975..88fc71c 100644
index 96aa9fa..e13ae1e 100644
--- a/include/grub/net.h
+++ b/include/grub/net.h
@@ -542,4 +542,7 @@ extern char *grub_net_default_server;
@@ -565,4 +565,7 @@ extern char *grub_net_default_server;
#define VLANTAG_IDENTIFIER 0x8100
@ -199,5 +199,5 @@ index 59e5975..88fc71c 100644
+
#endif /* ! GRUB_NET_HEADER */
--
2.4.3
2.5.0

10
0013-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
View file

@ -1,7 +1,7 @@
From 4b0168249752a531ddedbdc3884bc675cd24033d Mon Sep 17 00:00:00 2001
From ac6b510c9866cede4aa01e61f1714aba3330019f Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Tue, 22 Jan 2013 06:31:38 +0100
Subject: [PATCH 13/74] blscfg: add blscfg module to parse Boot Loader
Subject: [PATCH 13/85] blscfg: add blscfg module to parse Boot Loader
Specification snippets
http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
@ -21,10 +21,10 @@ Signed-off-by: Peter Jones <grub2-owner@fedoraproject.org>
create mode 100644 grub-core/commands/blscfg.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index a056b42..98b6485 100644
index 2344a5e..8dc731e 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -733,6 +733,14 @@ module = {
@@ -740,6 +740,14 @@ module = {
};
module = {
@ -247,5 +247,5 @@ index 0000000..4274aca
+ grub_unregister_extcmd (cmd);
+}
--
2.4.3
2.5.0

6
0014-Move-bash-completion-script-922997.patch
View file

@ -1,7 +1,7 @@
From 74dc404ac3a93552cf3299e25ebce9e881840fec Mon Sep 17 00:00:00 2001
From 8dca5cb3080944f363e5f4a8ef14aef99204bc92 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 3 Apr 2013 14:35:34 -0400
Subject: [PATCH 14/74] Move bash completion script (#922997)
Subject: [PATCH 14/85] Move bash completion script (#922997)
Apparently these go in a new place now.
---
@ -22,5 +22,5 @@ index 136287c..0bcdb06 100644
$(bash_completion_script): $(bash_completion_source) $(top_builddir)/config.status
--
2.4.3
2.5.0

6
0015-for-ppc-reset-console-display-attr-when-clear-screen.patch
View file

@ -1,7 +1,7 @@
From 8c359782b598dfe24a6685fb2d181f76c9cc012f Mon Sep 17 00:00:00 2001
From 6e0dd47fe5b4b7b25704fa0ebde930000d2614c9 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Wed, 24 Apr 2013 10:51:48 -0300
Subject: [PATCH 15/74] for ppc, reset console display attr when clear screen
Subject: [PATCH 15/85] for ppc, reset console display attr when clear screen
This should fix this bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=908519
@ -23,5 +23,5 @@ index f0d3e3d..7cb7909 100644
data->reverse_video_off = grub_strdup ("\e[m");
if (grub_strcmp ("ieee1275", str) == 0)
--
2.4.3
2.5.0

10
0016-Don-t-write-messages-to-the-screen.patch
View file

@ -1,7 +1,7 @@
From fdb6df04bdd06c990498a283ddcaf0522adf8db0 Mon Sep 17 00:00:00 2001
From 1308677f1bca7991a62be27e90a29915b947c6cc Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 13:30:20 -0400
Subject: [PATCH 16/74] Don't write messages to the screen
Subject: [PATCH 16/85] Don't write messages to the screen
Writing messages to the screen before the menus or boot splash
happens so quickly it looks like something is wrong and isn't
@ -120,10 +120,10 @@ index 8ab7794..da47b18 100644
grub_boot_time ("Before loading embedded modules.");
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index b740c93..70f3169 100644
index ef9e103..f09011f 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -126,29 +126,22 @@ linux_entry ()
@@ -128,29 +128,22 @@ linux_entry ()
fi
printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
fi
@ -154,5 +154,5 @@ index b740c93..70f3169 100644
EOF
fi
--
2.4.3
2.5.0

8
0017-Don-t-print-GNU-GRUB-header.patch
View file

@ -1,7 +1,7 @@
From 0d083e108f6f49c9dddc518a311f7d6718981789 Mon Sep 17 00:00:00 2001
From b7171d2b3f9109b0e63f374bc612587f053bc1c6 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 13:53:48 -0400
Subject: [PATCH 17/74] Don't print GNU GRUB header
Subject: [PATCH 17/85] Don't print GNU GRUB header
No one cares.
---
@ -9,7 +9,7 @@ No one cares.
1 file changed, 2 insertions(+)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 23e2d3f..8e2ec37 100644
index b2654ef..3af349d 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -212,6 +212,7 @@ grub_normal_init_page (struct grub_term_output *term,
@ -29,5 +29,5 @@ index 23e2d3f..8e2ec37 100644
static void
--
2.4.3
2.5.0

6
0018-Don-t-add-to-highlighted-row.patch
View file

@ -1,7 +1,7 @@
From 5c30a4744e7840cb9ae135d470b45416c41bb91e Mon Sep 17 00:00:00 2001
From a2c0cf22de0845e951ec52d39cbc83465523c7cf Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 17:49:45 -0400
Subject: [PATCH 18/74] Don't add '*' to highlighted row
Subject: [PATCH 18/85] Don't add '*' to highlighted row
It is already highlighted.
---
@ -22,5 +22,5 @@ index e22bb91..a3d1f23 100644
grub_print_ucs4_menu (unicode_title,
unicode_title + len,
--
2.4.3
2.5.0

6
0019-Message-string-cleanups.patch
View file

@ -1,7 +1,7 @@
From 0784f9845eee9a4408334b160fe9447481ea1b55 Mon Sep 17 00:00:00 2001
From 6947454763fb5d3ab6b49528532dbe28c0263c15 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 11:09:04 -0400
Subject: [PATCH 19/74] Message string cleanups
Subject: [PATCH 19/85] Message string cleanups
Make use of terminology consistent. Remove jargon.
---
@ -67,5 +67,5 @@ index a3d1f23..64a8386 100644
{
grub_print_error ();
--
2.4.3
2.5.0

6
0020-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch
View file

@ -1,7 +1,7 @@
From 55197d5839d8456cd72b081e2a552e14d50611e9 Mon Sep 17 00:00:00 2001
From 1f3200c3c71179ad7f7b17750bafc83a7241f170 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:08:23 -0400
Subject: [PATCH 20/74] Fix border spacing now that we aren't displaying it
Subject: [PATCH 20/85] Fix border spacing now that we aren't displaying it
---
grub-core/normal/menu_text.c | 6 +++---
@ -28,5 +28,5 @@ index 64a8386..1062d64 100644
geo->timeout_lines = 2;
--
2.4.3
2.5.0

8
0021-Use-the-correct-indentation-for-the-term-help-text.patch
View file

@ -1,7 +1,7 @@
From 38947a46ac4a1c8799a9d743381067324218038f Mon Sep 17 00:00:00 2001
From 9d5eee2350a4897ea27986b6de49cbfadf601ec1 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:08:49 -0400
Subject: [PATCH 21/74] Use the correct indentation for the term help text
Subject: [PATCH 21/85] Use the correct indentation for the term help text
That is consistent with the menu help text
---
@ -9,7 +9,7 @@ That is consistent with the menu help text
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 8e2ec37..725e441 100644
index 3af349d..d98e868 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -426,8 +426,8 @@ grub_normal_reader_init (int nested)
@ -24,5 +24,5 @@ index 8e2ec37..725e441 100644
grub_print_message_indented (msg_formatted, 0, 0, term);
grub_putcode ('\n', term);
--
2.4.3
2.5.0

6
0022-Indent-menu-entries.patch
View file

@ -1,7 +1,7 @@
From 2bbb261ba6fbb2024321d685429a9822f33f22d3 Mon Sep 17 00:00:00 2001
From afb126ce795d0e8a3563fbe650d98e764c76e48e Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:30:55 -0400
Subject: [PATCH 22/74] Indent menu entries
Subject: [PATCH 22/85] Indent menu entries
---
grub-core/normal/menu_text.c | 3 ++-
@ -22,5 +22,5 @@ index 1062d64..ecc60f9 100644
grub_print_ucs4_menu (unicode_title,
unicode_title + len,
--
2.4.3
2.5.0

6
0023-Fix-margins.patch
View file

@ -1,7 +1,7 @@
From 5d7922cf7cc6799bd82f7192f6bb39329888d07a Mon Sep 17 00:00:00 2001
From 351634e72bf586f8b32d0cd51bc046c11fa6faf1 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 14:59:36 -0400
Subject: [PATCH 23/74] Fix margins
Subject: [PATCH 23/85] Fix margins
---
grub-core/normal/menu_text.c | 8 +++-----
@ -33,5 +33,5 @@ index ecc60f9..0e43f2c 100644
- geo->timeout_lines /* timeout */
- 1 /* empty final line */;
--
2.4.3
2.5.0

10
0024-Add-support-for-UEFI-operating-systems-returned-by-o.patch
View file

@ -1,7 +1,7 @@
From 6e6e62cc673d7ac1cdf63437c9fb14f7a5765465 Mon Sep 17 00:00:00 2001
From 988114091719c624869e62f71503c4d7dbd4e0f9 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Wed, 12 Jun 2013 11:51:49 -0400
Subject: [PATCH 24/74] Add support for UEFI operating systems returned by
Subject: [PATCH 24/85] Add support for UEFI operating systems returned by
os-prober
os-prober returns UEFI operating systems in the form:
@ -15,10 +15,10 @@ contrast to legacy OSes, where path is the device string. Handle this case.
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 5fc4f0c..11586c9 100644
index 515a68c..9b8f596 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -322,8 +322,23 @@ EOF
@@ -328,8 +328,23 @@ EOF
EOF
;;
*)
@ -46,5 +46,5 @@ index 5fc4f0c..11586c9 100644
esac
done
--
2.4.3
2.5.0

6
0025-Disable-GRUB-video-support-for-IBM-power-machines.patch
View file

@ -1,7 +1,7 @@
From d27d2a5ba388b2d18881a7ed429d3639801251ec Mon Sep 17 00:00:00 2001
From 56cb4b11a4ccc9b69362105ade4359d8564c40e7 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 11 Jun 2013 15:14:05 -0300
Subject: [PATCH 25/74] Disable GRUB video support for IBM power machines
Subject: [PATCH 25/85] Disable GRUB video support for IBM power machines
Should fix the problem in bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=973205
@ -61,5 +61,5 @@ index 6a21f5d..663935d 100644
extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum grub_ieee1275_flag flag);
--
2.4.3
2.5.0

6
0026-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch
View file

@ -1,7 +1,7 @@
From 63642951c9e35985a3e35ab218d8d0831d60d239 Mon Sep 17 00:00:00 2001
From 0aad785ba452e8b07def0d7af4536e4db3a43e3f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 21 Jun 2013 14:44:08 -0400
Subject: [PATCH 26/74] Use -2 instead of -1 for our right-hand margin, so
Subject: [PATCH 26/85] Use -2 instead of -1 for our right-hand margin, so
linewrapping works (#976643).
Signed-off-by: Peter Jones <grub2-owner@fedoraproject.org>
@ -23,5 +23,5 @@ index 0e43f2c..537d4bf 100644
geo->first_entry_y = 3; /* three empty lines*/
--
2.4.3
2.5.0

14
0027-Use-linux16-when-appropriate-880840.patch
View file

@ -1,7 +1,7 @@
From 8a516f33193744bbe67198fe03cadf1a67129630 Mon Sep 17 00:00:00 2001
From 7ee9874ed9efbe050ee4c17782b7c716fffd2c35 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:05:07 -0400
Subject: [PATCH 27/74] Use linux16 when appropriate (#880840)
Subject: [PATCH 27/85] Use linux16 when appropriate (#880840)
The kernel group really would prefer that we use the 16 bit entry point
on x86 bios machines.
@ -14,10 +14,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 70f3169..013b7f0 100644
index f09011f..c425c90 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -74,6 +74,11 @@ linux_entry ()
@@ -76,6 +76,11 @@ linux_entry ()
type="$3"
args="$4"
@ -29,7 +29,7 @@ index 70f3169..013b7f0 100644
if [ -z "$boot_device_id" ]; then
boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
fi
@@ -132,7 +137,7 @@ linux_entry ()
@@ -134,7 +139,7 @@ linux_entry ()
EOF
else
sed "s/^/$submenu_indentation/" << EOF
@ -38,7 +38,7 @@ index 70f3169..013b7f0 100644
EOF
fi
if test -n "${initrd}" ; then
@@ -142,7 +147,7 @@ EOF
@@ -144,7 +149,7 @@ EOF
EOF
else
sed "s/^/$submenu_indentation/" << EOF
@ -48,5 +48,5 @@ index 70f3169..013b7f0 100644
fi
fi
--
2.4.3
2.5.0

6
0028-Enable-pager-by-default.-985860.patch
View file

@ -1,7 +1,7 @@
From 7a0a7f7efdbf856e53788782f0c8ce3e50f16acb Mon Sep 17 00:00:00 2001
From af60ead60d46234b1392561c88622aa4fcc04557 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:09:27 -0400
Subject: [PATCH 28/74] Enable pager by default. (#985860)
Subject: [PATCH 28/85] Enable pager by default. (#985860)
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -22,5 +22,5 @@ index 93a9023..858b526 100644
load_env
fi
--
2.4.3
2.5.0

6
0029-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch
View file

@ -1,7 +1,7 @@
From 150668f7d02e0cc7e9f07c8c8ffc69763c796bea Mon Sep 17 00:00:00 2001
From a0b51a60c9a47e9e0dc1c8b0e39a0e96ad7152eb Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:13:27 -0400
Subject: [PATCH 29/74] F10 doesn't work on serial, so don't tell the user to
Subject: [PATCH 29/85] F10 doesn't work on serial, so don't tell the user to
hit it (#987443)
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -23,5 +23,5 @@ index 537d4bf..452d55b 100644
STANDARD_MARGIN, STANDARD_MARGIN,
term, dry_run);
--
2.4.3
2.5.0

10
0030-Don-t-say-GNU-Linux-in-generated-menus.patch
View file

@ -1,7 +1,7 @@
From a3400ba9c9969ec9c2447528a746dcc761aaf03f Mon Sep 17 00:00:00 2001
From 22b6e282c8b2efb1cfafd465f7c1fbf0d14e7bb8 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 14 Mar 2011 14:27:42 -0400
Subject: [PATCH 30/74] Don't say "GNU/Linux" in generated menus.
Subject: [PATCH 30/85] Don't say "GNU/Linux" in generated menus.
---
util/grub.d/10_linux.in | 4 ++--
@ -9,7 +9,7 @@ Subject: [PATCH 30/74] Don't say "GNU/Linux" in generated menus.
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 013b7f0..231c74c 100644
index c425c90..ef8a1ce 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@"
@ -25,7 +25,7 @@ index 013b7f0..231c74c 100644
fi
diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
index f532fb9..513aca1 100644
index 46045db..002e11d 100644
--- a/util/grub.d/20_linux_xen.in
+++ b/util/grub.d/20_linux_xen.in
@@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@"
@ -41,5 +41,5 @@ index f532fb9..513aca1 100644
fi
--
2.4.3
2.5.0

6
0031-Don-t-draw-a-border-around-the-menu.patch
View file

@ -1,7 +1,7 @@
From f8a84b6c117a525e48711ae177501cb9b29f8c23 Mon Sep 17 00:00:00 2001
From 99ebf4c934795523601c232f8df39aa79e515fdb Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Wed, 15 May 2013 16:47:33 -0400
Subject: [PATCH 31/74] Don't draw a border around the menu
Subject: [PATCH 31/85] Don't draw a border around the menu
It looks cleaner without it.
---
@ -70,5 +70,5 @@ index 452d55b..1ed2bd9 100644
grub_term_highlight_color = old_color_highlight;
geo->timeout_y = geo->first_entry_y + geo->num_entries
--
2.4.3
2.5.0

6
0032-Use-the-standard-margin-for-the-timeout-string.patch
View file

@ -1,7 +1,7 @@
From a46bec0098c8eb772c630d0aaa32d0eb86e00fa7 Mon Sep 17 00:00:00 2001
From 78fe38273f3f442960788bda46a9411cf503da31 Mon Sep 17 00:00:00 2001
From: William Jon McCann <william.jon.mccann@gmail.com>
Date: Fri, 7 Jun 2013 10:52:32 -0400
Subject: [PATCH 32/74] Use the standard margin for the timeout string
Subject: [PATCH 32/85] Use the standard margin for the timeout string
So that it aligns with the other messages
---
@ -39,5 +39,5 @@ index 1ed2bd9..7681f7d 100644
}
--
2.4.3
2.5.0

14
0034-Add-.eh_frame-to-list-of-relocations-stripped.patch → 0033-Add-.eh_frame-to-list-of-relocations-stripped.patch
View file

@ -1,25 +1,25 @@
From cbe42c54d476e6dfb133028c3b9c2d56821bf449 Mon Sep 17 00:00:00 2001
From 9076aa39f53beb88021bfcaf671d408379febc51 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Mon, 13 Jan 2014 21:50:59 -0500
Subject: [PATCH 34/74] Add .eh_frame to list of relocations stripped
Subject: [PATCH 33/85] Add .eh_frame to list of relocations stripped
---
conf/Makefile.common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/Makefile.common b/conf/Makefile.common
index fcb8d2e..afabfe8 100644
index 11296b5..a476ab5 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -41,7 +41,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding
@@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding
LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC)
CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1
CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-STRIPFLAGS_KERNEL = -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags
+STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags
-STRIPFLAGS_KERNEL = -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx
+STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx
CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
--
2.4.3
2.5.0

29
0033-Fix-grub_script_execute_sourcecode-usage-on-ppc.patch
View file

@ -1,29 +0,0 @@
From 72f5fd673e63802ff829570395d9c7d950b30f52 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 10 Jan 2014 09:36:24 -0500
Subject: [PATCH 33/74] Fix grub_script_execute_sourcecode() usage on ppc.
593e430c made it not take the extra argc/argv that this code still
passes it.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/normal/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 725e441..d98e868 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -289,7 +289,7 @@ grub_normal_execute (const char *config, int nested, int batch)
if (! grub_ieee1275_cas_reboot (script))
{
char *dummy[1] = { NULL };
- if (! grub_script_execute_sourcecode (script, 0, dummy))
+ if (! grub_script_execute_sourcecode (script))
boot = 1;
}
grub_free (script);
--
2.4.3

18
0035-Make-10_linux-work-with-our-changes-for-linux16-and-.patch → 0034-Make-10_linux-work-with-our-changes-for-linux16-and-.patch
View file

@ -1,7 +1,7 @@
From 059cfdc310a6c0456358553619b47c6bf6f2e062 Mon Sep 17 00:00:00 2001
From 824e31316af5b80eef23af79b4059a7c9cca855a Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Jan 2014 13:12:23 -0500
Subject: [PATCH 35/74] Make 10_linux work with our changes for linux16 and
Subject: [PATCH 34/85] Make 10_linux work with our changes for linux16 and
linuxefi on aarch64
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -10,10 +10,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 28 insertions(+), 3 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 231c74c..379a577 100644
index ef8a1ce..6c6a2c6 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -75,8 +75,18 @@ linux_entry ()
@@ -77,8 +77,18 @@ linux_entry ()
args="$4"
sixteenbit=""
@ -33,7 +33,7 @@ index 231c74c..379a577 100644
esac
if [ -z "$boot_device_id" ]; then
@@ -133,7 +143,7 @@ linux_entry ()
@@ -135,7 +145,7 @@ linux_entry ()
fi
if [ -d /sys/firmware/efi ]; then
sed "s/^/$submenu_indentation/" << EOF
@ -42,7 +42,7 @@ index 231c74c..379a577 100644
EOF
else
sed "s/^/$submenu_indentation/" << EOF
@@ -143,7 +153,7 @@ EOF
@@ -145,7 +155,7 @@ EOF
if test -n "${initrd}" ; then
if [ -d /sys/firmware/efi ]; then
sed "s/^/$submenu_indentation/" << EOF
@ -51,7 +51,7 @@ index 231c74c..379a577 100644
EOF
else
sed "s/^/$submenu_indentation/" << EOF
@@ -151,6 +161,13 @@ EOF
@@ -153,6 +163,13 @@ EOF
EOF
fi
fi
@ -65,7 +65,7 @@ index 231c74c..379a577 100644
sed "s/^/$submenu_indentation/" << EOF
}
EOF
@@ -213,6 +230,14 @@ while [ "x$list" != "x" ] ; do
@@ -215,6 +232,14 @@ while [ "x$list" != "x" ] ; do
fi
done
@ -81,5 +81,5 @@ index 231c74c..379a577 100644
for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
if test -e "${i}" ; then
--
2.4.3
2.5.0

10
0036-Don-t-print-during-fdt-loading-method.patch → 0035-Don-t-print-during-fdt-loading-method.patch
View file

@ -1,7 +1,7 @@
From 8eb74c470b7839cf8516aa986aff4a251b9a41a4 Mon Sep 17 00:00:00 2001
From 7e13f9c3289f17407e5fab95d123bc7e3af4f75b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Jan 2014 16:15:46 -0500
Subject: [PATCH 36/74] Don't print during fdt loading method.
Subject: [PATCH 35/85] Don't print during fdt loading method.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -9,10 +9,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 2 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 379a577..794f04b 100644
index 6c6a2c6..652ecc6 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -162,9 +162,7 @@ EOF
@@ -164,9 +164,7 @@ EOF
fi
fi
if test -n "${fdt}" ; then
@ -23,5 +23,5 @@ index 379a577..794f04b 100644
EOF
fi
--
2.4.3
2.5.0

8
0037-Honor-a-symlink-when-generating-configuration-by-gru.patch → 0036-Honor-a-symlink-when-generating-configuration-by-gru.patch
View file

@ -1,7 +1,7 @@
From f81575bfb4a5e65950a7abc2ee5212525f86ad22 Mon Sep 17 00:00:00 2001
From bd76326f1ef98c116fec2a85973ce8e905eeb0b2 Mon Sep 17 00:00:00 2001
From: Marcel Kolaja <mkolaja@redhat.com>
Date: Tue, 21 Jan 2014 10:57:08 -0500
Subject: [PATCH 37/74] Honor a symlink when generating configuration by
Subject: [PATCH 36/85] Honor a symlink when generating configuration by
grub2-mkconfig
Honor a symlink when generating configuration by grub2-mkconfig, so that
@ -11,7 +11,7 @@ the -o option follows it rather than overwriting it with a regular file.
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 3183744..2c17979 100644
index 203b076..4345ea7 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -275,7 +275,8 @@ and /etc/grub.d/* files or please file a bug report with
@ -25,5 +25,5 @@ index 3183744..2c17979 100644
fi
--
2.4.3
2.5.0

6
0038-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch → 0037-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch
View file

@ -1,7 +1,7 @@
From 2f7da057da45a039313a5a905f58f45f7837da6e Mon Sep 17 00:00:00 2001
From 7bd90fb60f66078c445c7f72f7df67957828d6c9 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 30 Jun 2014 14:16:46 -0400
Subject: [PATCH 38/74] Don't munge raw spaces when we're doing our cmdline
Subject: [PATCH 37/85] Don't munge raw spaces when we're doing our cmdline
escaping (#923374)
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -32,5 +32,5 @@ index 0a5b2af..970ea86 100644
{
*buf++ = *c++;
--
2.4.3
2.5.0

8
0039-Don-t-require-a-password-to-boot-entries-generated-b.patch → 0038-Don-t-require-a-password-to-boot-entries-generated-b.patch
View file

@ -1,7 +1,7 @@
From 7a8693b352d9194d96bc02e9297284a5fabf6de5 Mon Sep 17 00:00:00 2001
From 34d870669e636f9261233d52605129e1672f966b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 11 Feb 2014 11:14:50 -0500
Subject: [PATCH 39/74] Don't require a password to boot entries generated by
Subject: [PATCH 38/85] Don't require a password to boot entries generated by
grub-mkconfig.
When we set a password, we just want that to mean you can't /edit/ an entry.
@ -14,7 +14,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 794f04b..df3f288 100644
index 652ecc6..3790ac0 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -26,7 +26,7 @@ datarootdir="@datarootdir@"
@ -27,5 +27,5 @@ index 794f04b..df3f288 100644
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS="$(sed 's, release .*$,,g' /etc/system-release)"
--
2.4.3
2.5.0

10
0040-Don-t-emit-Booting-.-message.patch → 0039-Don-t-emit-Booting-.-message.patch
View file

@ -1,7 +1,7 @@
From 66cfcf6a84e2b87db6eafeba1b950792c6830817 Mon Sep 17 00:00:00 2001
From 5602e9afce77560ca22de1cbf96e2382b38d2d90 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 18 Feb 2014 09:37:49 -0500
Subject: [PATCH 40/74] Don't emit "Booting ..." message.
Subject: [PATCH 39/85] Don't emit "Booting ..." message.
UI team still hates this stuff, so we're disabling it for RHEL 7.
@ -30,10 +30,10 @@ index 719e2fb..89ced26 100644
/* Callback invoked when a default menu entry executed because of a timeout
diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
index 62c7e16..cc41fa1 100644
index eeeee55..8349049 100644
--- a/grub-core/normal/menu_entry.c
+++ b/grub-core/normal/menu_entry.c
@@ -1156,9 +1156,6 @@ run (struct screen *screen)
@@ -1167,9 +1167,6 @@ run (struct screen *screen)
char *dummy[1] = { NULL };
grub_cls ();
@ -44,5 +44,5 @@ index 62c7e16..cc41fa1 100644
errs_before = grub_err_printed_errors;
--
2.4.3
2.5.0

15
0042-May-as-well-try-it.patch → 0040-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch
View file

@ -1,8 +1,9 @@
From 41bab5e877a3f71232a6be47b5bc210e46f15442 Mon Sep 17 00:00:00 2001
From bbb23572730f4032f779ef368972461c272f7434 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 4 Mar 2014 11:00:23 -0500
Subject: [PATCH 42/74] May as well try it.
Subject: [PATCH 40/85] Replace a lot of man pages with slightly nicer ones.
Replace a bunch of machine generated ones with ones that look nicer.
---
conf/Makefile.extra-dist | 1 -
configure.ac | 23 ++++++
@ -121,7 +122,7 @@ Subject: [PATCH 42/74] May as well try it.
create mode 100644 util/grub-sparc64-setup.8
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index ea6b9df..9e9a20c 100644
index b16bd92..39eb94b 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -11,7 +11,6 @@ EXTRA_DIST += unicode
@ -133,7 +134,7 @@ index ea6b9df..9e9a20c 100644
EXTRA_DIST += docs/grub.cfg
EXTRA_DIST += docs/osdetect.cfg
diff --git a/configure.ac b/configure.ac
index e54b9df..357c94e 100644
index a85b134..4369bda 100644
--- a/configure.ac
+++ b/configure.ac
@@ -70,6 +70,29 @@ grub_TRANSFORM([grub-set-default])
@ -497,10 +498,10 @@ index ad25c8a..0000000
-[SEE ALSO]
-.BR grub-menulst2cfg (8)
diff --git a/gentpl.py b/gentpl.py
index 37b1f45..7f03964 100644
index f08bcc4..f069585 100644
--- a/gentpl.py
+++ b/gentpl.py
@@ -798,10 +798,7 @@ def manpage(defn, adddeps):
@@ -800,10 +800,7 @@ def manpage(defn, adddeps):
output("if COND_MAN_PAGES\n")
gvar_add("man_MANS", name + "." + mansection)
@ -1958,5 +1959,5 @@ index 0000000..37ea2dd
+.SH SEE ALSO
+.BR "info grub"
--
2.4.3
2.5.0

304
0041-Make-CTRL-and-ALT-keys-work-as-expected-on-EFI-syste.patch
View file

@ -1,304 +0,0 @@
From 2eeb9c48e4dfd7cd22a214a9cb5dd37094278240 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 3 Feb 2014 15:21:46 -0500
Subject: [PATCH 41/74] Make CTRL and ALT keys work as expected on EFI systems
(version 5).
This is version 4.
Changes from version 1:
- handles SHIFT as a modifier
- handles F11 and F12 keys
- uses the handle provided by the system table to find our _EX protocol.
Changes from version 2:
- eliminate duplicate keycode translation.
Changes from version 3:
- Do not add the shift modifier for any ascii character between space
(0x20) and DEL (0x7f); the combination of the modifier and many of the
keys causes it not to be recognized at all. Specifically, if we
include the modifier on any querty punctuation character, i.e.
anything the string "~!@#$%^&*()_+{}|:\"<>?" represents in C, it stops
being recognized whatsoever.
Changes from version 4:
- Always initialize term->data from locate protocol (i.e. make it
unconditional.)
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/term/efi/console.c | 118 +++++++++++++++++++++++++++++++++++--------
include/grub/efi/api.h | 65 +++++++++++++++++++++++-
2 files changed, 161 insertions(+), 22 deletions(-)
diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c
index a37eb84..677eab5 100644
--- a/grub-core/term/efi/console.c
+++ b/grub-core/term/efi/console.c
@@ -104,26 +104,12 @@ const unsigned efi_codes[] =
GRUB_TERM_KEY_DC, GRUB_TERM_KEY_PPAGE, GRUB_TERM_KEY_NPAGE, GRUB_TERM_KEY_F1,
GRUB_TERM_KEY_F2, GRUB_TERM_KEY_F3, GRUB_TERM_KEY_F4, GRUB_TERM_KEY_F5,
GRUB_TERM_KEY_F6, GRUB_TERM_KEY_F7, GRUB_TERM_KEY_F8, GRUB_TERM_KEY_F9,
- GRUB_TERM_KEY_F10, 0, 0, '\e'
+ GRUB_TERM_KEY_F10, GRUB_TERM_KEY_F10, GRUB_TERM_KEY_F11, '\e'
};
-
static int
-grub_console_getkey (struct grub_term_input *term __attribute__ ((unused)))
+grub_efi_translate_key (grub_efi_input_key_t key)
{
- grub_efi_simple_input_interface_t *i;
- grub_efi_input_key_t key;
- grub_efi_status_t status;
-
- if (grub_efi_is_finished)
- return 0;
-
- i = grub_efi_system_table->con_in;
- status = efi_call_2 (i->read_key_stroke, i, &key);
-
- if (status != GRUB_EFI_SUCCESS)
- return GRUB_TERM_NO_KEY;
-
if (key.scan_code == 0)
{
/* Some firmware implementations use VT100-style codes against the spec.
@@ -139,9 +125,98 @@ grub_console_getkey (struct grub_term_input *term __attribute__ ((unused)))
else if (key.scan_code < ARRAY_SIZE (efi_codes))
return efi_codes[key.scan_code];
+ if (key.unicode_char >= 0x20 && key.unicode_char <= 0x7f)
+ return key.unicode_char;
+
return GRUB_TERM_NO_KEY;
}
+static int
+grub_console_getkey_con (struct grub_term_input *term __attribute__ ((unused)))
+{
+ grub_efi_simple_input_interface_t *i;
+ grub_efi_input_key_t key;
+ grub_efi_status_t status;
+
+ i = grub_efi_system_table->con_in;
+ status = efi_call_2 (i->read_key_stroke, i, &key);
+
+ if (status != GRUB_EFI_SUCCESS)
+ return GRUB_TERM_NO_KEY;
+
+ return grub_efi_translate_key(key);
+}
+
+static int
+grub_console_getkey_ex(struct grub_term_input *term)
+{
+ grub_efi_key_data_t key_data;
+ grub_efi_status_t status;
+ grub_efi_uint32_t kss;
+ int key = -1;
+
+ grub_efi_simple_text_input_ex_interface_t *text_input = term->data;
+
+ status = efi_call_2 (text_input->read_key_stroke, text_input, &key_data);
+
+ if (status != GRUB_EFI_SUCCESS)
+ return GRUB_TERM_NO_KEY;
+
+ kss = key_data.key_state.key_shift_state;
+ key = grub_efi_translate_key(key_data.key);
+
+ if (key == GRUB_TERM_NO_KEY)
+ return GRUB_TERM_NO_KEY;
+
+ if (kss & GRUB_EFI_SHIFT_STATE_VALID)
+ {
+ if ((kss & GRUB_EFI_LEFT_SHIFT_PRESSED
+ || kss & GRUB_EFI_RIGHT_SHIFT_PRESSED)
+ && !(key >= 0x20 && key <= 0x7f))
+ key |= GRUB_TERM_SHIFT;
+ if (kss & GRUB_EFI_LEFT_ALT_PRESSED || kss & GRUB_EFI_RIGHT_ALT_PRESSED)
+ key |= GRUB_TERM_ALT;
+ if (kss & GRUB_EFI_LEFT_CONTROL_PRESSED
+ || kss & GRUB_EFI_RIGHT_CONTROL_PRESSED)
+ key |= GRUB_TERM_CTRL;
+ }
+
+ return key;
+}
+
+static grub_err_t
+grub_efi_console_input_init (struct grub_term_input *term)
+{
+ grub_efi_guid_t text_input_ex_guid =
+ GRUB_EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID;
+
+ if (grub_efi_is_finished)
+ return 0;
+
+ grub_efi_simple_text_input_ex_interface_t *text_input = term->data;
+ if (text_input)
+ return 0;
+
+ text_input = grub_efi_open_protocol(grub_efi_system_table->console_in_handler,
+ &text_input_ex_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ term->data = (void *)text_input;
+
+ return 0;
+}
+
+static int
+grub_console_getkey (struct grub_term_input *term)
+{
+ if (grub_efi_is_finished)
+ return 0;
+
+ if (term->data)
+ return grub_console_getkey_ex(term);
+ else
+ return grub_console_getkey_con(term);
+}
+
static struct grub_term_coordinate
grub_console_getwh (struct grub_term_output *term __attribute__ ((unused)))
{
@@ -243,7 +318,7 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)),
}
static grub_err_t
-grub_efi_console_init (struct grub_term_output *term)
+grub_efi_console_output_init (struct grub_term_output *term)
{
grub_efi_set_text_mode (1);
grub_console_setcursor (term, 1);
@@ -251,7 +326,7 @@ grub_efi_console_init (struct grub_term_output *term)
}
static grub_err_t
-grub_efi_console_fini (struct grub_term_output *term)
+grub_efi_console_output_fini (struct grub_term_output *term)
{
grub_console_setcursor (term, 0);
grub_efi_set_text_mode (0);
@@ -262,13 +337,14 @@ static struct grub_term_input grub_console_term_input =
{
.name = "console",
.getkey = grub_console_getkey,
+ .init = grub_efi_console_input_init,
};
static struct grub_term_output grub_console_term_output =
{
.name = "console",
- .init = grub_efi_console_init,
- .fini = grub_efi_console_fini,
+ .init = grub_efi_console_output_init,
+ .fini = grub_efi_console_output_fini,
.putchar = grub_console_putchar,
.getwh = grub_console_getwh,
.getxy = grub_console_getxy,
@@ -291,8 +367,8 @@ grub_console_init (void)
return;
}
- grub_term_register_input ("console", &grub_console_term_input);
grub_term_register_output ("console", &grub_console_term_output);
+ grub_term_register_input ("console", &grub_console_term_input);
}
void
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index 1a5e38c..029ee92 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -111,7 +111,7 @@
{ 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b } \
}
-#define EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID \
+#define GRUB_EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID \
{ 0xdd9e7534, 0x7762, 0x4698, \
{ 0x8c, 0x14, 0xf5, 0x85, 0x17, 0xa6, 0x25, 0xaa } \
}
@@ -952,6 +952,32 @@ struct grub_efi_input_key
};
typedef struct grub_efi_input_key grub_efi_input_key_t;
+typedef grub_efi_uint8_t grub_efi_key_toggle_state_t;
+struct grub_efi_key_state
+{
+ grub_efi_uint32_t key_shift_state;
+ grub_efi_key_toggle_state_t key_toggle_state;
+};
+typedef struct grub_efi_key_state grub_efi_key_state_t;
+
+#define GRUB_EFI_SHIFT_STATE_VALID 0x80000000
+#define GRUB_EFI_RIGHT_SHIFT_PRESSED 0x00000001
+#define GRUB_EFI_LEFT_SHIFT_PRESSED 0x00000002
+#define GRUB_EFI_RIGHT_CONTROL_PRESSED 0x00000004
+#define GRUB_EFI_LEFT_CONTROL_PRESSED 0x00000008
+#define GRUB_EFI_RIGHT_ALT_PRESSED 0x00000010
+#define GRUB_EFI_LEFT_ALT_PRESSED 0x00000020
+#define GRUB_EFI_RIGHT_LOGO_PRESSED 0x00000040
+#define GRUB_EFI_LEFT_LOGO_PRESSED 0x00000080
+#define GRUB_EFI_MENU_KEY_PRESSED 0x00000100
+#define GRUB_EFI_SYS_REQ_PRESSED 0x00000200
+
+#define GRUB_EFI_TOGGLE_STATE_VALID 0x80
+#define GRUB_EFI_KEY_STATE_EXPOSED 0x40
+#define GRUB_EFI_SCROLL_LOCK_ACTIVE 0x01
+#define GRUB_EFI_NUM_LOCK_ACTIVE 0x02
+#define GRUB_EFI_CAPS_LOCK_ACTIVE 0x04
+
struct grub_efi_simple_text_output_mode
{
grub_efi_int32_t max_mode;
@@ -1294,6 +1320,43 @@ struct grub_efi_simple_input_interface
};
typedef struct grub_efi_simple_input_interface grub_efi_simple_input_interface_t;
+struct grub_efi_key_data {
+ grub_efi_input_key_t key;
+ grub_efi_key_state_t key_state;
+};
+typedef struct grub_efi_key_data grub_efi_key_data_t;
+
+typedef grub_efi_status_t (*grub_efi_key_notify_function_t) (
+ grub_efi_key_data_t *key_data
+ );
+
+struct grub_efi_simple_text_input_ex_interface
+{
+ grub_efi_status_t
+ (*reset) (struct grub_efi_simple_text_input_ex_interface *this,
+ grub_efi_boolean_t extended_verification);
+
+ grub_efi_status_t
+ (*read_key_stroke) (struct grub_efi_simple_text_input_ex_interface *this,
+ grub_efi_key_data_t *key_data);
+
+ grub_efi_event_t wait_for_key;
+
+ grub_efi_status_t
+ (*set_state) (struct grub_efi_simple_text_input_ex_interface *this,
+ grub_efi_key_toggle_state_t *key_toggle_state);
+
+ grub_efi_status_t
+ (*register_key_notify) (struct grub_efi_simple_text_input_ex_interface *this,
+ grub_efi_key_data_t *key_data,
+ grub_efi_key_notify_function_t key_notification_function);
+
+ grub_efi_status_t
+ (*unregister_key_notify) (struct grub_efi_simple_text_input_ex_interface *this,
+ void *notification_handle);
+};
+typedef struct grub_efi_simple_text_input_ex_interface grub_efi_simple_text_input_ex_interface_t;
+
struct grub_efi_simple_text_output_interface
{
grub_efi_status_t
--
2.4.3

6
0043-use-fw_path-prefix-when-fallback-searching-for-grub-.patch → 0041-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
View file

@ -1,7 +1,7 @@
From 8af32e8379ab56a1a2feb422aa4cc0cb8c640684 Mon Sep 17 00:00:00 2001
From 8ac4eca0dbda31022f7e0851278dc827d1e9e002 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Wed, 19 Feb 2014 15:58:43 -0500
Subject: [PATCH 43/74] use fw_path prefix when fallback searching for grub
Subject: [PATCH 41/85] use fw_path prefix when fallback searching for grub
config
When PXE booting via UEFI firmware, grub was searching for grub.cfg
@ -41,5 +41,5 @@ index d98e868..660238a 100644
{
grub_size_t config_len;
--
2.4.3
2.5.0

6
0044-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch → 0042-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
View file

@ -1,7 +1,7 @@
From a57d117e93a7286b2370f8531a24be61e56bcd1e Mon Sep 17 00:00:00 2001
From 6848f121f4e49661b7781a2281ac25e0719580bf Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 6 Mar 2014 11:51:33 -0500
Subject: [PATCH 44/74] Try mac/guid/etc before grub.cfg on tftp config files.
Subject: [PATCH 42/85] Try mac/guid/etc before grub.cfg on tftp config files.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -110,5 +110,5 @@ index 660238a..3ba1cdb 100644
else
grub_enter_normal_mode (argv[0]);
--
2.4.3
2.5.0

6
0045-trim-arp-packets-with-abnormal-size.patch → 0043-trim-arp-packets-with-abnormal-size.patch
View file

@ -1,7 +1,7 @@
From 13599cf511f2be11fec127dde981e2b6958b37bb Mon Sep 17 00:00:00 2001
From 5a9956933791fe61fe42177c2cd1744f197e6553 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Wed, 5 Feb 2014 09:42:42 -0200
Subject: [PATCH 45/74] trim arp packets with abnormal size
Subject: [PATCH 43/85] trim arp packets with abnormal size
GRUB uses arp request to create the arp response. If the incoming packet
is foobared, GRUB needs to trim the arp response packet before sending it.
@ -27,5 +27,5 @@ index 4b68c41..f7c59d3 100644
struct grub_net_buff nb_reply;
struct arppkt *arp_reply;
--
2.4.3
2.5.0

8
0046-Fix-convert-function-to-support-NVMe-devices.patch → 0044-Fix-convert-function-to-support-NVMe-devices.patch
View file

@ -1,7 +1,7 @@
From 1d7732b94984ddc61de2332723176af3b208993d Mon Sep 17 00:00:00 2001
From 3c13b6b0e01eccc2f757283e56f8fa52c89a4dfa Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 18 Feb 2014 11:34:00 -0500
Subject: [PATCH 46/74] Fix convert function to support NVMe devices
Subject: [PATCH 44/85] Fix convert function to support NVMe devices
This is adapted from the patch at
https://bugzilla.redhat.com/show_bug.cgi?id=1019660 , which is against
@ -18,7 +18,7 @@ Signed-off-by: Peter Jones <grub2-owner@fedoraproject.org>
1 file changed, 19 insertions(+)
diff --git a/util/getroot.c b/util/getroot.c
index 36f1730..0030d37 100644
index 92c0d70..bf317a2 100644
--- a/util/getroot.c
+++ b/util/getroot.c
@@ -153,6 +153,7 @@ convert_system_partition_to_system_disk (const char *os_dev, int *is_part)
@ -55,5 +55,5 @@ index 36f1730..0030d37 100644
return grub_util_devmapper_part_to_disk (&st, is_part, os_dev);
--
2.4.3
2.5.0

18
0047-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch → 0045-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch
View file

@ -1,7 +1,7 @@
From c5f3f71aea4fbbdc1d0cc0457f98344255a499cb Mon Sep 17 00:00:00 2001
From dba27fd157c5d4e48f0ab264df894d1290aa6f43 Mon Sep 17 00:00:00 2001
From: Prarit Bhargava <prarit@redhat.com>
Date: Wed, 12 Mar 2014 10:58:16 -0400
Subject: [PATCH 47/74] Fix bad test on GRUB_DISABLE_SUBMENU.
Subject: [PATCH 45/85] Fix bad test on GRUB_DISABLE_SUBMENU.
The file /etc/grub.d/10_linux does
@ -16,22 +16,26 @@ GRUB_DISABLE_SUBMENU="yes".
Resolves: rhbz#1063414
---
util/grub.d/10_linux.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
util/grub.d/10_linux.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index df3f288..137af42 100644
index 3790ac0..a0e71fa 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -257,7 +257,7 @@ while [ "x$list" != "x" ] ; do
@@ -259,7 +259,11 @@ while [ "x$list" != "x" ] ; do
linux_root_device_thisversion=${GRUB_DEVICE}
fi
- if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then
+ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then
+ GRUB_DISABLE_SUBMENU="true"
+ fi
+
+ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
linux_entry "${OS}" "${version}" simple \
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
--
2.4.3
2.5.0

10
0048-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch → 0046-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch
View file

@ -1,7 +1,7 @@
From 753e72ea12dfeb7a1374b9840325795cf65897a5 Mon Sep 17 00:00:00 2001
From 1cd2712d87952f48666ab1a309c8f58d0aa3cedf Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Mon, 10 Feb 2014 16:13:10 -0500
Subject: [PATCH 48/74] Switch to use APM Mustang device tree, for hardware
Subject: [PATCH 46/85] Switch to use APM Mustang device tree, for hardware
testing.
Signed-off-by: David A. Marlin <d.marlin@redhat.com>
@ -10,10 +10,10 @@ Signed-off-by: David A. Marlin <d.marlin@redhat.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 137af42..c97226a 100644
index a0e71fa..dc3d081 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -230,8 +230,8 @@ while [ "x$list" != "x" ] ; do
@@ -232,8 +232,8 @@ while [ "x$list" != "x" ] ; do
fdt=
for i in "dtb-${version}" "dtb-${alt_version}"; do
@ -25,5 +25,5 @@ index 137af42..c97226a 100644
fi
done
--
2.4.3
2.5.0

12
0049-Use-the-default-device-tree-from-the-grub-default-fi.patch → 0047-Use-the-default-device-tree-from-the-grub-default-fi.patch
View file

@ -1,7 +1,7 @@
From 7d0777d57fec835e8a1b8e8ca940598101cdb861 Mon Sep 17 00:00:00 2001
From 49a6a25e62a91c5ce5d61db8e6696fda42af1874 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Wed, 12 Feb 2014 14:54:04 -0500
Subject: [PATCH 49/74] Use the default device tree from the grub default file
Subject: [PATCH 47/85] Use the default device tree from the grub default file
instead of hardcoding a value.
@ -12,7 +12,7 @@ Signed-off-by: David A. Marlin <dmarlin@redhat.com>
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 2c17979..b253a3a 100644
index 4345ea7..41e6afe 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -227,7 +227,8 @@ export GRUB_DEFAULT \
@ -26,10 +26,10 @@ index 2c17979..b253a3a 100644
if test "x${grub_cfg}" != "x"; then
rm -f "${grub_cfg}.new"
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index c97226a..40dbd86 100644
index dc3d081..30e0e85 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -230,8 +230,8 @@ while [ "x$list" != "x" ] ; do
@@ -232,8 +232,8 @@ while [ "x$list" != "x" ] ; do
fdt=
for i in "dtb-${version}" "dtb-${alt_version}"; do
@ -41,5 +41,5 @@ index c97226a..40dbd86 100644
fi
done
--
2.4.3
2.5.0

12
0050-reopen-SNP-protocol-for-exclusive-use-by-grub.patch → 0048-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
View file

@ -1,17 +1,17 @@
From 65d576323537049aff86ec5166d5780613c73ffe Mon Sep 17 00:00:00 2001
From dd4e42e6b7f48e1fa535abba7ec18b827ab80a68 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Sat, 15 Feb 2014 15:10:22 -0500
Subject: [PATCH 50/74] reopen SNP protocol for exclusive use by grub
Subject: [PATCH 48/85] reopen SNP protocol for exclusive use by grub
---
grub-core/net/drivers/efi/efinet.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c
index 70b26af..7b8c4a5 100644
index 5388f95..ea0e0ca 100644
--- a/grub-core/net/drivers/efi/efinet.c
+++ b/grub-core/net/drivers/efi/efinet.c
@@ -329,6 +329,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device,
@@ -330,6 +330,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device,
{
struct grub_net_card *card;
grub_efi_device_path_t *dp;
@ -19,7 +19,7 @@ index 70b26af..7b8c4a5 100644
dp = grub_efi_get_device_path (hnd);
if (! dp)
@@ -382,6 +383,21 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device,
@@ -383,6 +384,21 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device,
&pxe_mode->dhcp_ack,
sizeof (pxe_mode->dhcp_ack),
1, device, path);
@ -42,5 +42,5 @@ index 70b26af..7b8c4a5 100644
}
}
--
2.4.3
2.5.0

6
0054-Add-grub_util_readlink.patch → 0049-Add-grub_util_readlink.patch
View file

@ -1,7 +1,7 @@
From 022a44e0ed6b34a8c5f8c89c25bd9047ff681edd Mon Sep 17 00:00:00 2001
From bae6e629b42cad8f456456cfd75f8d8af1a7185b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 3 Sep 2014 10:01:03 -0400
Subject: [PATCH 54/74] Add grub_util_readlink()
Subject: [PATCH 49/85] Add grub_util_readlink()
Add grub_util_readlink(). This requires pulling in stat and readlink from
gnulib, which pulls in stat and related headers, but after that the
@ -3730,5 +3730,5 @@ index 0000000..9852778
+ REPLACE_LOCALTIME=0; AC_SUBST([REPLACE_LOCALTIME])
+])
--
2.4.3
2.5.0

10
0055-Make-editenv-chase-symlinks-including-those-across-d.patch → 0050-Make-editenv-chase-symlinks-including-those-across-d.patch
View file

@ -1,7 +1,7 @@
From 7375f089a16470cb0c1c583732a7dc8fd7bf6065 Mon Sep 17 00:00:00 2001
From 77b1c342b0a8f471ed71a8be7f098d52f7ea2e72 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 3 Sep 2014 10:38:00 -0400
Subject: [PATCH 55/74] Make editenv chase symlinks including those across
Subject: [PATCH 50/85] Make editenv chase symlinks including those across
devices.
This lets us make /boot/grub2/grubenv a symlink to
@ -17,10 +17,10 @@ Reviewed-by: Adam Jackson <ajax@redhat.com>
2 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/Makefile.util.def b/Makefile.util.def
index 5bb7cef..591c5e5 100644
index dfd48fc..c123038 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -228,8 +228,17 @@ program = {
@@ -230,8 +230,17 @@ program = {
common = util/grub-editenv.c;
common = util/editenv.c;
@ -102,5 +102,5 @@ index c6f8d22..d8d1dad 100644
+ free (rename_target);
}
--
2.4.3
2.5.0

8
0056-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch → 0051-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
View file

@ -1,7 +1,7 @@
From 2cf03adf505fc90176e9caee44c3f2adadbe6218 Mon Sep 17 00:00:00 2001
From afd6af27e20cff7bab17e0c614fc18a2a622a909 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 14:23:23 -0400
Subject: [PATCH 56/74] Generate OS and CLASS in 10_linux from /etc/os-release
Subject: [PATCH 51/85] Generate OS and CLASS in 10_linux from /etc/os-release
This makes us use pretty names in the titles we generate in
grub2-mkconfig when GRUB_DISTRIBUTOR isn't set.
@ -14,7 +14,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 40dbd86..a714340 100644
index 30e0e85..1881c73 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -29,7 +29,8 @@ export TEXTDOMAINDIR="@localedir@"
@ -28,5 +28,5 @@ index 40dbd86..a714340 100644
OS="${GRUB_DISTRIBUTOR}"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
--
2.4.3
2.5.0

40
0051-Reduce-timer-event-frequency-by-10.patch
View file

@ -1,40 +0,0 @@
From 37395693e758b0674a6d504c9672b290eaa172bd Mon Sep 17 00:00:00 2001
From: Mark Salter <msalter@redhat.com>
Date: Thu, 20 Feb 2014 12:54:52 -0500
Subject: [PATCH 51/74] Reduce timer event frequency by 10
Timer event to keep grub msec counter was running at 1000HZ. This was too
fast for UEFI timer driver and resulted in a 10x slowdown in grub time
versus wallclock. Reduce the timer event frequency and increase tick
increment accordingly to keep better time.
Signed-off-by: Mark Salter <msalter@redhat.com>
---
grub-core/kern/arm/efi/init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c
index 2572ca8..06df60e 100644
--- a/grub-core/kern/arm/efi/init.c
+++ b/grub-core/kern/arm/efi/init.c
@@ -38,7 +38,7 @@ static void
increment_timer (grub_efi_event_t event __attribute__ ((unused)),
void *context __attribute__ ((unused)))
{
- tmr++;
+ tmr += 10;
}
void
@@ -52,7 +52,7 @@ grub_machine_init (void)
efi_call_5 (b->create_event, GRUB_EFI_EVT_TIMER | GRUB_EFI_EVT_NOTIFY_SIGNAL,
GRUB_EFI_TPL_CALLBACK, increment_timer, NULL, &tmr_evt);
- efi_call_3 (b->set_timer, tmr_evt, GRUB_EFI_TIMER_PERIODIC, 10000);
+ efi_call_3 (b->set_timer, tmr_evt, GRUB_EFI_TIMER_PERIODIC, 100000);
grub_install_get_time_ms (grub_efi_get_time_ms);
}
--
2.4.3

24
0058-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch → 0052-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch
View file

@ -1,7 +1,7 @@
From 0786b1e018ce247e9e9d1a38996c81cc0e77bdc5 Mon Sep 17 00:00:00 2001
From 0abe2d18fd2924abb9445fbe8e5c51a86176403b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 15:52:08 -0400
Subject: [PATCH 58/74] Minimize the sort ordering for .debug and -rescue-
Subject: [PATCH 52/85] Minimize the sort ordering for .debug and -rescue-
kernels.
Resolves: rhbz#1065360
@ -11,24 +11,24 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 8 insertions(+)
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 60b31ca..c99e19d 100644
index 60b31ca..bfd3017 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -248,6 +248,14 @@ version_test_gt ()
*.old:*.old) ;;
*.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;;
*:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;;
+ *-rescue-*:*-rescue-*) ;;
+ *.debug:*.debug) ;;
+ *-rescue-*:*.debug) return 1 ;;
+ *.debug:*-rescue-*) return 0 ;;
+ *-rescue-*:*) return 1 ;;
+ *:*-rescue-*) return 0 ;;
+ *.debug:*) return 1 ;;
+ *:*.debug) return 0 ;;
+ *-rescue*:*-rescue*) ;;
+ *?debug:*?debug) ;;
+ *-rescue*:*?debug) return 1 ;;
+ *?debug:*-rescue*) return 0 ;;
+ *-rescue*:*) return 1 ;;
+ *:*-rescue*) return 0 ;;
+ *?debug:*) return 1 ;;
+ *:*?debug) return 0 ;;
esac
version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b"
return "$?"
--
2.4.3
2.5.0

25
0052-always-return-error-to-UEFI.patch
View file

@ -1,25 +0,0 @@
From cbadbfbf9694d91b7c5d15f1d7ac7b9773168bab Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Wed, 26 Feb 2014 21:49:12 -0500
Subject: [PATCH 52/74] always return error to UEFI
---
grub-core/kern/efi/efi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index d12701e..c80d85b 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -159,7 +159,7 @@ grub_exit (void)
{
grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
efi_call_4 (grub_efi_system_table->boot_services->exit,
- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0);
+ grub_efi_image_handle, GRUB_EFI_LOAD_ERROR, 0, 0);
for (;;) ;
}
--
2.4.3

12
0059-Add-GRUB_DISABLE_UUID.patch → 0053-Add-GRUB_DISABLE_UUID.patch
View file

@ -1,7 +1,7 @@
From 521c146fd6ee046e0670b55a51754cf11b9302b3 Mon Sep 17 00:00:00 2001
From af746a8a6352386bd6c8cc1d8411afda445f287b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 16:49:25 -0400
Subject: [PATCH 59/74] Add GRUB_DISABLE_UUID.
Subject: [PATCH 53/85] Add GRUB_DISABLE_UUID.
This will cause "search --fs-uuid --set=root ..." not to be generated by
grub2-mkconfig, and instead simply attempt to use the grub device name
@ -17,7 +17,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
3 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index b9f41a7..0d34036 100644
index 82f6fa4..98d4d0d 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1409,6 +1409,13 @@ disable the use of UUIDs, set this option to @samp{true}.
@ -35,7 +35,7 @@ index b9f41a7..0d34036 100644
If graphical video support is required, either because the @samp{gfxterm}
graphical terminal is in use or because @samp{GRUB_GFXPAYLOAD_LINUX} is set,
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index b253a3a..63f7498 100644
index 41e6afe..23fc01f 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -133,11 +133,11 @@ fi
@ -75,7 +75,7 @@ index b253a3a..63f7498 100644
GRUB_GFXMODE \
GRUB_BACKGROUND \
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index c99e19d..38dbcee 100644
index bfd3017..10fabee 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -156,7 +156,7 @@ prepare_grub_to_access_device ()
@ -97,5 +97,5 @@ index c99e19d..38dbcee 100644
else
echo $device |sed 's, ,_,g'
--
2.4.3
2.5.0

202
0053-Suport-for-bi-endianess-in-elf-file.patch
View file

@ -1,202 +0,0 @@
From 1eb395fea007c7b86a72cc264130fb5b2bbd6912 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@linux.vnet.ibm.com>
Date: Fri, 15 Aug 2014 14:39:53 -0300
Subject: [PATCH 53/74] Suport for bi-endianess in elf file
* grub-core/kern/elf.c: check and switch endianess with grub_{be,le}_to
cpu functions.
* grub-core/kern/elfXX.c: Likewise.
Also-by: Tomohiro B Berry <tbberry@us.ibm.com>
---
grub-core/kern/elf.c | 60 +++++++++++++++++++++++++++++++++++++++--
grub-core/kern/elfXX.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 131 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/elf.c b/grub-core/kern/elf.c
index 5f99c43..de90811 100644
--- a/grub-core/kern/elf.c
+++ b/grub-core/kern/elf.c
@@ -28,6 +28,11 @@
GRUB_MOD_LICENSE ("GPLv3+");
+void grub_elf32_check_endianess (grub_elf_t elf);
+void grub_elf64_check_endianess (grub_elf_t elf);
+grub_err_t grub_elf32_check_version (grub_elf_t elf);
+grub_err_t grub_elf64_check_version (grub_elf_t elf);
+
/* Check if EHDR is a valid ELF header. */
static grub_err_t
grub_elf_check_header (grub_elf_t elf)
@@ -38,10 +43,22 @@ grub_elf_check_header (grub_elf_t elf)
|| e->e_ident[EI_MAG1] != ELFMAG1
|| e->e_ident[EI_MAG2] != ELFMAG2
|| e->e_ident[EI_MAG3] != ELFMAG3
- || e->e_ident[EI_VERSION] != EV_CURRENT
- || e->e_version != EV_CURRENT)
+ || e->e_ident[EI_VERSION] != EV_CURRENT)
return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-independent ELF magic"));
+ if (grub_elf_is_elf32 (elf))
+ {
+ grub_elf32_check_endianess (elf);
+ grub_elf32_check_version (elf);
+ }
+ else if (grub_elf_is_elf64 (elf))
+ {
+ grub_elf64_check_endianess (elf);
+ grub_elf64_check_version (elf);
+ }
+ else
+ return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
+
return GRUB_ERR_NONE;
}
@@ -127,7 +144,20 @@ grub_elf_open (const char *name)
#define grub_elf_is_elfXX grub_elf_is_elf32
#define grub_elfXX_load_phdrs grub_elf32_load_phdrs
#define ElfXX_Phdr Elf32_Phdr
+#define ElfXX_Ehdr Elf32_Ehdr
#define grub_uintXX_t grub_uint32_t
+#define grub_be_to_halfXX grub_be_to_cpu16
+#define grub_be_to_wordXX grub_be_to_cpu32
+#define grub_be_to_addrXX grub_be_to_cpu32
+#define grub_be_to_offXX grub_be_to_cpu32
+#define grub_be_to_XwordXX grub_be_to_wordXX
+#define grub_le_to_halfXX grub_le_to_cpu16
+#define grub_le_to_wordXX grub_le_to_cpu32
+#define grub_le_to_addrXX grub_le_to_cpu32
+#define grub_le_to_offXX grub_le_to_cpu32
+#define grub_le_to_XwordXX grub_le_to_wordXX
+#define grub_elfXX_check_endianess grub_elf32_check_endianess
+#define grub_elfXX_check_version grub_elf32_check_version
#include "elfXX.c"
@@ -140,7 +170,20 @@ grub_elf_open (const char *name)
#undef grub_elf_is_elfXX
#undef grub_elfXX_load_phdrs
#undef ElfXX_Phdr
+#undef ElfXX_Ehdr
#undef grub_uintXX_t
+#undef grub_be_to_halfXX
+#undef grub_be_to_wordXX
+#undef grub_be_to_addrXX
+#undef grub_be_to_offXX
+#undef grub_be_to_XwordXX
+#undef grub_le_to_halfXX
+#undef grub_le_to_wordXX
+#undef grub_le_to_addrXX
+#undef grub_le_to_offXX
+#undef grub_le_to_XwordXX
+#undef grub_elfXX_check_endianess
+#undef grub_elfXX_check_version
/* 64-bit */
@@ -153,6 +196,19 @@ grub_elf_open (const char *name)
#define grub_elf_is_elfXX grub_elf_is_elf64
#define grub_elfXX_load_phdrs grub_elf64_load_phdrs
#define ElfXX_Phdr Elf64_Phdr
+#define ElfXX_Ehdr Elf64_Ehdr
#define grub_uintXX_t grub_uint64_t
+#define grub_be_to_halfXX grub_be_to_cpu16
+#define grub_be_to_wordXX grub_be_to_cpu32
+#define grub_be_to_addrXX grub_be_to_cpu64
+#define grub_be_to_offXX grub_be_to_cpu64
+#define grub_be_to_XwordXX grub_be_to_cpu64
+#define grub_le_to_halfXX grub_le_to_cpu16
+#define grub_le_to_wordXX grub_le_to_cpu32
+#define grub_le_to_addrXX grub_le_to_cpu64
+#define grub_le_to_offXX grub_le_to_cpu64
+#define grub_le_to_XwordXX grub_le_to_cpu64
+#define grub_elfXX_check_endianess grub_elf64_check_endianess
+#define grub_elfXX_check_version grub_elf64_check_version
#include "elfXX.c"
diff --git a/grub-core/kern/elfXX.c b/grub-core/kern/elfXX.c
index 1d09971..ecf9df6 100644
--- a/grub-core/kern/elfXX.c
+++ b/grub-core/kern/elfXX.c
@@ -154,3 +154,76 @@ grub_elfXX_load (grub_elf_t elf, const char *filename,
return grub_errno;
}
+
+void
+grub_elfXX_check_endianess (grub_elf_t elf)
+{
+ ElfXX_Ehdr *e = &(elf->ehdr.ehdrXX);
+ ElfXX_Phdr *phdr;
+
+ if (e->e_ident[EI_DATA] == ELFDATA2MSB)
+ {
+ e->e_type = grub_be_to_halfXX (e->e_type);
+ e->e_machine = grub_be_to_halfXX (e->e_machine);
+ e->e_version = grub_be_to_wordXX (e->e_version);
+ e->e_entry = grub_be_to_addrXX (e->e_entry);
+ e->e_phoff = grub_be_to_offXX (e->e_phoff);
+ e->e_shoff = grub_be_to_offXX (e->e_shoff);
+ e->e_flags = grub_be_to_wordXX (e->e_flags);
+ e->e_ehsize = grub_be_to_halfXX (e->e_ehsize);
+ e->e_phentsize = grub_be_to_halfXX (e->e_phentsize);
+ e->e_phnum = grub_be_to_halfXX (e->e_phnum);
+ e->e_shentsize = grub_be_to_halfXX (e->e_shentsize);
+ e->e_shnum = grub_be_to_halfXX (e->e_shnum);
+ e->e_shstrndx = grub_be_to_halfXX (e->e_shstrndx);
+
+ FOR_ELFXX_PHDRS (elf,phdr)
+ {
+ phdr->p_type = grub_be_to_wordXX (phdr->p_type);
+ phdr->p_flags = grub_be_to_wordXX (phdr->p_flags);
+ phdr->p_offset = grub_be_to_offXX (phdr->p_offset);
+ phdr->p_vaddr = grub_be_to_addrXX (phdr->p_vaddr);
+ phdr->p_paddr = grub_be_to_addrXX (phdr->p_paddr);
+ phdr->p_filesz = grub_be_to_XwordXX (phdr->p_filesz);
+ phdr->p_memsz = grub_be_to_XwordXX (phdr->p_memsz);
+ phdr->p_align = grub_be_to_XwordXX (phdr->p_align);
+ }
+ }
+ else if (e->e_ident[EI_DATA] == ELFDATA2LSB)
+ {
+ e->e_type = grub_le_to_halfXX (e->e_type);
+ e->e_machine = grub_le_to_halfXX (e->e_machine);
+ e->e_version = grub_le_to_wordXX (e->e_version);
+ e->e_entry = grub_le_to_addrXX (e->e_entry);
+ e->e_phoff = grub_le_to_offXX (e->e_phoff);
+ e->e_shoff = grub_le_to_offXX (e->e_shoff);
+ e->e_flags = grub_le_to_wordXX (e->e_flags);
+ e->e_ehsize = grub_le_to_halfXX (e->e_ehsize);
+ e->e_phentsize = grub_le_to_halfXX (e->e_phentsize);
+ e->e_phnum = grub_le_to_halfXX (e->e_phnum);
+ e->e_shentsize = grub_le_to_halfXX (e->e_shentsize);
+ e->e_shnum = grub_le_to_halfXX (e->e_shnum);
+ e->e_shstrndx = grub_le_to_halfXX (e->e_shstrndx);
+
+ FOR_ELFXX_PHDRS (elf,phdr)
+ {
+ phdr->p_type = grub_le_to_wordXX (phdr->p_type);
+ phdr->p_flags = grub_le_to_wordXX (phdr->p_flags);
+ phdr->p_offset = grub_le_to_offXX (phdr->p_offset);
+ phdr->p_vaddr = grub_le_to_addrXX (phdr->p_vaddr);
+ phdr->p_paddr = grub_le_to_addrXX (phdr->p_paddr);
+ phdr->p_filesz = grub_le_to_XwordXX (phdr->p_filesz);
+ phdr->p_memsz = grub_le_to_XwordXX (phdr->p_memsz);
+ phdr->p_align = grub_le_to_XwordXX (phdr->p_align);
+ }
+ }
+}
+
+grub_err_t
+grub_elfXX_check_version (grub_elf_t elf)
+{
+ if (elf->ehdr.ehdrXX.e_version != EV_CURRENT)
+ return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-independent ELF magic"));
+
+ return GRUB_ERR_NONE;
+}
--
2.4.3

6
0060-Allow-fallback-to-include-entries-by-title-not-just-.patch → 0054-Allow-fallback-to-include-entries-by-title-not-just-.patch
View file

@ -1,7 +1,7 @@
From bc03dfab52d7ba7c91b74d656d82fd4eed6bae75 Mon Sep 17 00:00:00 2001
From 64fb594957bb9653d970f66909668f1a1806a982 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 5 Sep 2014 10:07:04 -0400
Subject: [PATCH 60/74] Allow "fallback" to include entries by title, not just
Subject: [PATCH 54/85] Allow "fallback" to include entries by title, not just
number.
Resolves: rhbz#1026084
@ -127,5 +127,5 @@ index 89ced26..5b971b3 100644
static int
get_entry_number (grub_menu_t menu, const char *name)
--
2.4.3
2.5.0

197
0061-Load-arm-with-SB-enabled.patch → 0055-Load-arm-with-SB-enabled.patch
View file

@ -1,7 +1,7 @@
From aa0ad4b563fa2387e21a484895e23c4b9a45fb18 Mon Sep 17 00:00:00 2001
From 07ed07a3184330f59264d325460857cd32f544c5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 18 Sep 2014 11:26:14 -0400
Subject: [PATCH 61/74] Load arm with SB enabled.
Subject: [PATCH 55/85] Load arm with SB enabled.
Make sure we actually try to validate secure boot on this platform (even
though we're not shipping it enabled by default.)
@ -10,29 +10,30 @@ This means giving the kernel grub's loaded image as the vehicle for the
kernel command line, because we can't call systab->bs->LoadImage() if SB
is enabled.
---
grub-core/Makefile.core.def | 2 +
grub-core/loader/arm64/linux.c | 124 +++++++++++++++++++-------------------
grub-core/loader/efi/linux.c | 65 ++++++++++++++++++++
grub-core/loader/i386/efi/linux.c | 39 +-----------
include/grub/arm64/linux.h | 13 ++--
grub-core/Makefile.core.def | 3 +
grub-core/loader/arm64/linux.c | 117 ++++++++++++++++++++------------------
grub-core/loader/efi/linux.c | 65 +++++++++++++++++++++
grub-core/loader/i386/efi/linux.c | 39 +------------
include/grub/arm64/linux.h | 7 +++
include/grub/efi/linux.h | 31 ++++++++++
6 files changed, 170 insertions(+), 104 deletions(-)
6 files changed, 171 insertions(+), 91 deletions(-)
create mode 100644 grub-core/loader/efi/linux.c
create mode 100644 include/grub/efi/linux.h
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 98b6485..38291ce 100644
index 8dc731e..94567da 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1667,6 +1667,7 @@ module = {
@@ -1675,6 +1675,8 @@ module = {
ia64_efi = loader/ia64/efi/linux.c;
arm = loader/arm/linux.c;
arm64 = loader/arm64/linux.c;
+ arm64 = loader/efi/linux.c;
fdt = lib/fdt.c;
+ fdt = lib/fdt.c;
common = loader/linux.c;
common = lib/cmdline.c;
@@ -1703,6 +1704,7 @@ module = {
enable = noemu;
@@ -1742,6 +1744,7 @@ module = {
name = linuxefi;
efi = loader/i386/efi/linux.c;
efi = lib/cmdline.c;
@ -41,18 +42,18 @@ index 98b6485..38291ce 100644
enable = x86_64_efi;
};
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index 987f5b9..e18faf3 100644
index 9519d2e..9f425df 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -27,6 +27,7 @@
#include <grub/types.h>
@@ -28,6 +28,7 @@
#include <grub/cpu/linux.h>
#include <grub/cpu/fdtload.h>
#include <grub/efi/efi.h>
+#include <grub/efi/linux.h>
#include <grub/efi/pe32.h>
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
@@ -38,6 +39,7 @@ static int loaded;
@@ -39,6 +40,7 @@ static int loaded;
static void *kernel_addr;
static grub_uint64_t kernel_size;
@ -60,20 +61,23 @@ index 987f5b9..e18faf3 100644
static char *linux_args;
static grub_uint32_t cmdline_size;
@@ -132,7 +134,9 @@ finalize_params_linux (void)
grub_efi_boot_services_t *b;
grub_efi_guid_t fdt_guid = GRUB_EFI_DEVICE_TREE_GUID;
grub_efi_status_t status;
@@ -67,7 +69,8 @@ grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header * lh)
static grub_err_t
finalize_params_linux (void)
{
- int node, retval;
+ grub_efi_loaded_image_t *loaded_image = NULL;
int node, retval;
+ int len;
+ int node, retval, len;
if (!grub_linux_get_fdt ())
void *fdt;
@@ -102,6 +105,26 @@ finalize_params_linux (void)
if (grub_fdt_install() != GRUB_ERR_NONE)
goto failure;
@@ -168,6 +172,23 @@ finalize_params_linux (void)
grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
fdt);
+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
+ fdt);
+
+ /* Convert command line to UCS-2 */
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (!loaded_image)
@ -83,7 +87,7 @@ index 987f5b9..e18faf3 100644
+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t);
+ loaded_image->load_options =
+ grub_efi_allocate_pages (0,
+ BYTES_TO_PAGES (loaded_image->load_options_size));
+ BYTES_TO_PAGES (loaded_image->load_options_size));
+ if (!loaded_image->load_options)
+ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
+
@ -94,48 +98,15 @@ index 987f5b9..e18faf3 100644
return GRUB_ERR_NONE;
failure:
@@ -177,6 +198,23 @@ failure:
@@ -109,73 +132,47 @@ failure:
return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
}
+static void
+free_params (void)
+{
+ grub_efi_loaded_image_t *loaded_image = NULL;
+
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (loaded_image)
+ {
+ if (loaded_image->load_options)
+ grub_efi_free_pages ((grub_efi_physical_address_t)
+ loaded_image->load_options,
+ BYTES_TO_PAGES (loaded_image->load_options_size));
+ loaded_image->load_options = NULL;
+ loaded_image->load_options_size = 0;
+ }
+}
+
static grub_err_t
grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[])
@@ -195,6 +233,10 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)),
if (argc != 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ if (grub_efi_secure_boot ())
+ return grub_error (GRUB_ERR_INVALID_COMMAND,
+ N_("Not loading devicetree - Secure Boot is enabled"));
+
if (loaded_fdt)
grub_free (loaded_fdt);
loaded_fdt = NULL;
@@ -236,73 +278,22 @@ out:
return grub_errno;
}
-grub_err_t
-grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args)
-{
+static void
+free_params (void)
{
- grub_efi_memory_mapped_device_path_t *mempath;
- grub_efi_handle_t image_handle;
- grub_efi_boot_services_t *b;
@ -153,7 +124,8 @@ index 987f5b9..e18faf3 100644
- mempath[0].memory_type = GRUB_EFI_LOADER_DATA;
- mempath[0].start_address = addr;
- mempath[0].end_address = addr + size;
-
+ grub_efi_loaded_image_t *loaded_image = NULL;
- mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE;
- mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE;
- mempath[1].header.length = sizeof (grub_efi_device_path_t);
@ -164,56 +136,71 @@ index 987f5b9..e18faf3 100644
- (void *) addr, size, &image_handle);
- if (status != GRUB_EFI_SUCCESS)
- return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
-
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (loaded_image)
+ {
+ if (loaded_image->load_options)
+ grub_efi_free_pages ((grub_efi_physical_address_t)
+ loaded_image->load_options,
+ BYTES_TO_PAGES (loaded_image->load_options_size));
+ loaded_image->load_options = NULL;
+ loaded_image->load_options_size = 0;
+ }
+}
- grub_dprintf ("linux", "linux command line: '%s'\n", args);
-
+grub_err_t
+grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args)
+{
+ grub_err_t retval;
- /* Convert command line to UCS-2 */
- loaded_image = grub_efi_get_loaded_image (image_handle);
- loaded_image->load_options_size = len =
- (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t);
- loaded_image->load_options =
- grub_efi_allocate_pages (0,
- BYTES_TO_PAGES (loaded_image->load_options_size));
- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
- if (!loaded_image->load_options)
- return grub_errno;
-
+ retval = finalize_params_linux ();
+ if (retval != GRUB_ERR_NONE)
return grub_errno;
- loaded_image->load_options_size =
- 2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
- (grub_uint8_t *) args, len, NULL);
-
- grub_dprintf ("linux", "starting image %p\n", image_handle);
- status = b->start_image (image_handle, 0, NULL);
-
+ grub_dprintf ("linux", "linux command line: '%s'\n", args);
- /* When successful, not reached */
- b->unload_image (image_handle);
- grub_efi_free_pages ((grub_efi_physical_address_t) loaded_image->load_options,
- BYTES_TO_PAGES (loaded_image->load_options_size));
-
- return grub_errno;
-}
-
static grub_err_t
grub_linux_boot (void)
{
+ grub_err_t retval;
+
if (finalize_params_linux () != GRUB_ERR_NONE)
return grub_errno;
- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
+ retval = grub_efi_linux_boot ((char *)kernel_addr, handover_offset,
+ kernel_addr);
- return (grub_arm64_uefi_boot_image((grub_addr_t)kernel_addr,
- kernel_size, linux_args));
+ grub_dprintf ("linux", "linux command line: '%s'\n", linux_args);
+
+ retval = grub_efi_linux_boot ((grub_addr_t)kernel_addr, handover_offset,
+ linux_args);
+
- return grub_errno;
+ /* Never reached... */
+ free_params();
+ return retval;
}
static grub_err_t
@@ -383,6 +374,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_linux_boot (void)
{
- if (finalize_params_linux () != GRUB_ERR_NONE)
- return grub_errno;
-
- return (grub_arm64_uefi_boot_image((grub_addr_t)kernel_addr,
- kernel_size, linux_args));
+ return grub_arm64_uefi_boot_image ((grub_addr_t)kernel_addr,
+ kernel_size, linux_args);
}
static grub_err_t
@@ -253,6 +250,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
{
grub_file_t file = 0;
struct grub_arm64_linux_kernel_header lh;
@ -221,7 +208,7 @@ index 987f5b9..e18faf3 100644
grub_dl_ref (my_mod);
@@ -427,6 +419,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
@@ -297,6 +295,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
@ -237,14 +224,6 @@ index 987f5b9..e18faf3 100644
cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
linux_args = grub_malloc (cmdline_size);
if (!linux_args)
@@ -465,7 +466,6 @@ fail:
return grub_errno;
}
-
static grub_command_t cmd_linux, cmd_initrd, cmd_devicetree;
GRUB_MOD_INIT (linux)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
new file mode 100644
index 0000000..aea378a
@ -384,7 +363,7 @@ index b79e632..e5b7785 100644
static grub_err_t
diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h
index 65796d9..aae2962 100644
index 1ea2369..a2ba24e 100644
--- a/include/grub/arm64/linux.h
+++ b/include/grub/arm64/linux.h
@@ -20,6 +20,7 @@
@ -395,16 +374,10 @@ index 65796d9..aae2962 100644
#define GRUB_ARM64_LINUX_MAGIC 0x644d5241 /* 'ARM\x64' */
@@ -42,11 +43,11 @@ struct grub_arm64_linux_kernel_header
grub_uint32_t hdr_offset; /* Offset of PE/COFF header */
};
-/* Declare the functions for getting dtb and checking/booting image */
-void *grub_linux_get_fdt (void);
-grub_err_t grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header
- *lh);
-grub_err_t grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size,
- char *args);
@@ -44,5 +45,11 @@ grub_err_t grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header
*lh);
grub_err_t grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size,
char *args);
+struct grub_arm64_linux_pe_header
+{
+ grub_uint32_t magic;
@ -451,5 +424,5 @@ index 0000000..d9ede36
+
+#endif /* ! GRUB_EFI_LINUX_HEADER */
--
2.4.3
2.5.0

14
0062-Try-prefix-if-fw_path-doesn-t-work.patch → 0056-Try-prefix-if-fw_path-doesn-t-work.patch
View file

@ -1,7 +1,7 @@
From 434c09b3b8dfc4f4c556a5897b7eb4540e943c03 Mon Sep 17 00:00:00 2001
From eb937ec97d488c88aa5d4e00761655a5e518c450 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 3 Oct 2014 11:08:03 -0400
Subject: [PATCH 62/74] Try $prefix if $fw_path doesn't work.
Subject: [PATCH 56/85] Try $prefix if $fw_path doesn't work.
Related: rhbz#1148652
@ -13,10 +13,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
3 files changed, 75 insertions(+), 75 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 8191f8c..8ca4bf7 100644
index 5fa26e1..8957374 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -131,23 +131,25 @@ grub_machine_get_bootlocation (char **device, char **path)
@@ -139,23 +139,25 @@ grub_machine_get_bootlocation (char **device, char **path)
grub_free (canon);
}
else
@ -57,10 +57,10 @@ index 8191f8c..8ca4bf7 100644
}
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index cc68b0d..6c9ba4c 100644
index e53d9a0..9af9a1f 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -1819,7 +1819,7 @@ grub_net_search_configfile (char *config)
@@ -1840,7 +1840,7 @@ grub_net_search_configfile (char *config)
/* Remove the remaining minus sign at the end. */
config[config_len] = '\0';
@ -207,5 +207,5 @@ index 3ba1cdb..13d9eab 100644
}
--
2.4.3
2.5.0

30
0057-Fix-GRUB_DISABLE_SUBMENU-one-more-time.patch
View file

@ -1,30 +0,0 @@
From 0ad8b88186862b9f7c66b918c1682885ecd4cf65 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Sep 2014 15:25:22 -0400
Subject: [PATCH 57/74] Fix GRUB_DISABLE_SUBMENU one more time.
Resolves: rhbz#1063414
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub.d/10_linux.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index a714340..358dd67 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -258,6 +258,10 @@ while [ "x$list" != "x" ] ; do
linux_root_device_thisversion=${GRUB_DEVICE}
fi
+ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then
+ GRUB_DISABLE_SUBMENU="true"
+ fi
+
if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
linux_entry "${OS}" "${version}" simple \
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
--
2.4.3

18
0063-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch → 0057-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch
View file

@ -1,7 +1,7 @@
From 32a2d1ac838e9d8dc0c05d84ceea65acb826fb1d Mon Sep 17 00:00:00 2001
From 583ace7292d12265b3a44db4190a30757843ff71 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 27 Oct 2014 09:22:55 -0400
Subject: [PATCH 63/74] Try to emit linux16/initrd16 and linuxefi/initrdefi in
Subject: [PATCH 57/85] Try to emit linux16/initrd16 and linuxefi/initrdefi in
30-os_prober.
Resolves: rhbz#1108296
@ -12,12 +12,12 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 11586c9..8b1e8f6 100644
index 9b8f596..dc98eac 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -135,6 +135,28 @@ for OS in ${OSPROBED} ; do
LONGNAME="${LABEL}"
fi
@@ -141,6 +141,28 @@ for OS in ${OSPROBED} ; do
# os-prober returns text string followed by optional counter
CLASS="--class $(echo "${LABEL}" | LC_ALL=C sed 's,[[:digit:]]*$,,' | cut -d' ' -f1 | tr 'A-Z' 'a-z' | LC_ALL=C sed 's,[^[:alnum:]_],_,g')"
+ sixteenbit=""
+ linuxefi="linux"
@ -44,7 +44,7 @@ index 11586c9..8b1e8f6 100644
gettext_printf "Found %s on %s\n" "${LONGNAME}" "${DEVICE}" >&2
case ${BOOT} in
@@ -235,11 +257,11 @@ EOF
@@ -241,11 +263,11 @@ EOF
save_default_entry | grub_add_tab
printf '%s\n' "${prepare_boot_cache}"
cat << EOF
@ -58,7 +58,7 @@ index 11586c9..8b1e8f6 100644
EOF
fi
cat << EOF
@@ -255,11 +277,11 @@ EOF
@@ -261,11 +283,11 @@ EOF
save_default_entry | sed -e "s/^/$grub_tab$grub_tab/"
printf '%s\n' "${prepare_boot_cache}" | grub_add_tab
cat << EOF
@ -73,5 +73,5 @@ index 11586c9..8b1e8f6 100644
fi
cat << EOF
--
2.4.3
2.5.0

6
0064-Update-to-minilzo-2.08.patch → 0058-Update-to-minilzo-2.08.patch
View file

@ -1,7 +1,7 @@
From b8e1b5e1042a35bd66eaff00c1402ef058fc4479 Mon Sep 17 00:00:00 2001
From 0e65d77f65f9f34e47e0e6b70262ac1beb631b89 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Dec 2014 15:36:09 -0500
Subject: [PATCH 64/74] Update to minilzo-2.08
Subject: [PATCH 58/85] Update to minilzo-2.08
This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow
@ -8786,5 +8786,5 @@ index 74fefa9..7937454 100644
--
2.4.3
2.5.0

12
0065-Make-grub2-mkconfig-construct-titles-that-look-like-.patch → 0059-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
View file

@ -1,7 +1,7 @@
From 7fd40157778bf9021ea8228b6a87520b2e8bc926 Mon Sep 17 00:00:00 2001
From ed0b50938807d365da7edbe67c730b121060b064 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 28 Apr 2015 11:15:03 -0400
Subject: [PATCH 65/74] Make grub2-mkconfig construct titles that look like the
Subject: [PATCH 59/85] Make grub2-mkconfig construct titles that look like the
ones we want elsewhere.
Resolves: rhbz#1215839
@ -12,10 +12,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 358dd67..1f5899f 100644
index 1881c73..539ac65 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -66,6 +66,15 @@ case x"$GRUB_FS" in
@@ -68,6 +68,15 @@ case x"$GRUB_FS" in
;;
esac
@ -31,7 +31,7 @@ index 358dd67..1f5899f 100644
title_correction_code=
linux_entry ()
@@ -96,15 +105,14 @@ linux_entry ()
@@ -98,15 +107,14 @@ linux_entry ()
if [ x$type != xsimple ] ; then
case $type in
recovery)
@ -50,5 +50,5 @@ index 358dd67..1f5899f 100644
echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
else
--
2.4.3
2.5.0

6
0067-Make-.gitignore-suck-way-less.patch → 0060-Make-.gitignore-suck-way-less.patch
View file

@ -1,7 +1,7 @@
From 6790364166f755f4e6d9eb427fe3535059d2d9b1 Mon Sep 17 00:00:00 2001
From 100f813fe3ac0926fb5eb7c6f4e025a8beb7d23e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 7 Jul 2015 10:13:14 -0400
Subject: [PATCH 67/74] Make .gitignore suck way less
Subject: [PATCH 60/85] Make .gitignore suck way less
We lost a man page because of incompatibilities between bzr's ignore
system and .gitignore, so solve that slightly better.
@ -367,5 +367,5 @@ index 18ab8e8..06c9f3a 100644
-/grub-fs-tester
+xzcompress_test
--
2.4.3
2.5.0

8
0068-Update-info-with-grub.cfg-netboot-selection-order-11.patch → 0061-Update-info-with-grub.cfg-netboot-selection-order-11.patch
View file

@ -1,7 +1,7 @@
From 10cb311daec38e6098c583f48136d9c24db58624 Mon Sep 17 00:00:00 2001
From 633737138f00d4bb96334d9f7c39db1dfd45dc1c Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Mon, 16 Mar 2015 16:34:51 -0400
Subject: [PATCH 68/74] Update info with grub.cfg netboot selection order
Subject: [PATCH 61/85] Update info with grub.cfg netboot selection order
(#1148650)
Added documentation to the grub info page that specifies the order
@ -13,7 +13,7 @@ Resolves rhbz#1148650
1 file changed, 42 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 0d34036..367b8f7 100644
index 98d4d0d..4c6323b 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -2414,6 +2414,48 @@ grub-mknetdir --net-directory=/srv/tftp --subdir=/boot/grub -d /usr/lib/grub/i38
@ -66,5 +66,5 @@ index 0d34036..367b8f7 100644
@samp{(tftp)} device.
--
2.4.3
2.5.0

14
0069-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch → 0062-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch
View file

@ -1,7 +1,7 @@
From b9f953dc0a2297fab25b968dce4f7320d022c3e1 Mon Sep 17 00:00:00 2001
From 821f5ce2578c66cd25297c3f3bfca8c2a2b2a02e Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Mon, 16 Mar 2015 14:14:19 -0400
Subject: [PATCH 69/74] Use Distribution Package Sort for grub2-mkconfig
Subject: [PATCH 62/85] Use Distribution Package Sort for grub2-mkconfig
(#1124074)
Users reported that newly installed kernels on their systems installed
@ -34,10 +34,10 @@ index 06c9f3a..7697877 100644
grub-set-default
grub-shell
diff --git a/Makefile.util.def b/Makefile.util.def
index 591c5e5..f28d73d 100644
index c123038..1b0dc15 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -674,6 +674,22 @@ program = {
@@ -684,6 +684,22 @@ program = {
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
@ -61,7 +61,7 @@ index 591c5e5..f28d73d 100644
name = grub-mkconfig;
common = util/grub-mkconfig.in;
diff --git a/configure.ac b/configure.ac
index 357c94e..4f26f6c 100644
index 4369bda..127d91d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath])
@ -80,7 +80,7 @@ index 357c94e..4f26f6c 100644
grub_TRANSFORM([grub-reboot.3])
grub_TRANSFORM([grub-render-label.3])
grub_TRANSFORM([grub-script-check.3])
@@ -1630,6 +1632,33 @@ fi
@@ -1731,6 +1733,33 @@ fi
AC_SUBST([LIBDEVMAPPER])
@ -456,5 +456,5 @@ index 0000000..f33bd1e
+ return 0;
+}
--
2.4.3
2.5.0

16
0070-Add-friendly-grub2-password-config-tool-985962.patch → 0063-Add-friendly-grub2-password-config-tool-985962.patch
View file

@ -1,7 +1,7 @@
From 05a8c8724027ddf9cefc0a8be5e2046174f2c38d Mon Sep 17 00:00:00 2001
From 7c9fa22a1e2833f8c8fbee216476a432e7e42361 Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Thu, 25 Jun 2015 11:13:11 -0400
Subject: [PATCH 70/74] Add friendly grub2 password config tool (#985962)
Subject: [PATCH 63/85] Add friendly grub2 password config tool (#985962)
Provided a tool for users to reset the grub2 root user password
without having to alter the grub.cfg. The hashed password now
@ -34,10 +34,10 @@ index 7697877..53a391e 100644
grub-shell-tester
grub-sparc64-setup
diff --git a/Makefile.util.def b/Makefile.util.def
index f28d73d..bc13d4a 100644
index 1b0dc15..5598b03 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -438,6 +438,12 @@ script = {
@@ -440,6 +440,12 @@ script = {
};
script = {
@ -50,7 +50,7 @@ index f28d73d..bc13d4a 100644
name = '10_windows';
common = util/grub.d/10_windows.in;
installdir = grubconf;
@@ -712,6 +718,13 @@ script = {
@@ -722,6 +728,13 @@ script = {
};
script = {
@ -65,7 +65,7 @@ index f28d73d..bc13d4a 100644
common = util/grub-mkconfig_lib.in;
installdir = noinst;
diff --git a/configure.ac b/configure.ac
index 4f26f6c..8545b9d 100644
index 127d91d..d6ef6c3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath])
@ -77,7 +77,7 @@ index 4f26f6c..8545b9d 100644
grub_TRANSFORM([grub-script-check])
grub_TRANSFORM([grub-set-default])
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 63f7498..55ed21e 100644
index 23fc01f..435c1cd 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -263,6 +263,8 @@ for i in "${grub_mkconfig_dir}"/* ; do
@ -270,5 +270,5 @@ index 0000000..facd409
+fi
+EOF
--
2.4.3
2.5.0

30
0071-Make-exit-take-a-return-code.patch → 0064-Make-exit-take-a-return-code.patch
View file

@ -1,7 +1,7 @@
From 05c9156ed3cee62e6aa8f955b96998b5d9302425 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 7 Jul 2015 12:00:26 -0400
Subject: [PATCH 71/74] Make "exit" take a return code.
From 486b53b5102bd17df3e7d596c71eb3b275933ce8 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Wed, 26 Feb 2014 21:49:12 -0500
Subject: [PATCH 64/85] Make "exit" take a return code.
This adds "exit" with a return code. With this patch, any "exit"
command /may/ include a return code, and on platforms that support
@ -59,7 +59,7 @@ index a3a1182..b25ca4b 100644
}
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index c80d85b..95c75d4 100644
index 4026e81..0859910 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -155,11 +155,16 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle)
@ -76,18 +76,18 @@ index c80d85b..95c75d4 100644
+
grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
efi_call_4 (grub_efi_system_table->boot_services->exit,
- grub_efi_image_handle, GRUB_EFI_LOAD_ERROR, 0, 0);
- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0);
+ grub_efi_image_handle, rc, 0, 0);
for (;;) ;
}
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index bb606da..258a564 100644
index d361feb..331fa62 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -135,9 +135,10 @@ xasprintf (const char *fmt, ...)
#endif
@@ -136,9 +136,10 @@ xasprintf (const char *fmt, ...)
#if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL)
void
-grub_exit (void)
+__attribute__ ((noreturn))
@ -96,8 +96,8 @@ index bb606da..258a564 100644
- exit (1);
+ exit (rc < 0 ? 1 : rc);
}
#endif
grub_uint64_t
diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c
index 3314f02..36f9134 100644
--- a/grub-core/kern/i386/coreboot/init.c
@ -125,10 +125,10 @@ index 271b6fb..9fafe98 100644
/* We can't use grub_fatal() in this function. This would create an infinite
loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 8ca4bf7..e2540bc 100644
index 8957374..8efa1a6 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -60,7 +60,7 @@ grub_addr_t grub_ieee1275_original_stack;
@@ -68,7 +68,7 @@ grub_addr_t grub_ieee1275_original_stack;
#endif
void
@ -177,10 +177,10 @@ index be88b77..8b6c55f 100644
grub_halt ();
}
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 6b3397f..27d4b81 100644
index 8354164..81be344 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -1090,7 +1090,7 @@ grub_abort (void)
@@ -1097,7 +1097,7 @@ grub_abort (void)
grub_getkey ();
}
@ -241,5 +241,5 @@ index 2a9f87c..0620814 100644
grub_uint64_t d,
grub_uint64_t *r);
--
2.4.3
2.5.0

6
0072-Add-some-__unused__-where-gcc-5.x-is-more-picky-abou.patch → 0065-Add-some-__unused__-where-gcc-5.x-is-more-picky-abou.patch
View file

@ -1,7 +1,7 @@
From a8b6f41df623cd777e41e0f6d44e25617f8388c9 Mon Sep 17 00:00:00 2001
From 6b45009679f9979bfaad78906e77439f7ef342d7 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 7 Jul 2015 12:04:28 -0400
Subject: [PATCH 72/74] Add some __unused__ where gcc 5.x is more picky about
Subject: [PATCH 65/85] Add some __unused__ where gcc 5.x is more picky about
it.
With some build flags, gcc 5.x throws more warnings about __unused__ not
@ -76,5 +76,5 @@ index 5b971b3..e74cb56 100644
{
#if 0
--
2.4.3
2.5.0

6
0073-Fix-race-in-EFI-validation.patch → 0066-Fix-race-in-EFI-validation.patch
View file

@ -1,7 +1,7 @@
From 62b86cdfaf57a098ba7c6d8b08df161aa294e7a3 Mon Sep 17 00:00:00 2001
From 2fcb75d742dda22a51b7f0e6b766dcf6d20d8633 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 14 Jul 2015 16:58:51 -0700
Subject: [PATCH 73/74] Fix race in EFI validation
Subject: [PATCH 66/85] Fix race in EFI validation
---
grub-core/loader/i386/efi/linux.c | 44 ++++++++++-----------------------------
@ -93,5 +93,5 @@ index e5b7785..7ccf32d 100644
{
grub_dl_unref (my_mod);
--
2.4.3
2.5.0

43
0066-Make-rescue-and-debug-entries-sort-right-again-in-gr.patch
View file

@ -1,43 +0,0 @@
From 7c406374a383c23cdaf1053efee00f90b5013674 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 28 Apr 2015 11:17:02 -0400
Subject: [PATCH 66/74] Make rescue and debug entries sort right /again/ in
grub2-mkconfig.
Related: rhbz#12145839
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub-mkconfig_lib.in | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 38dbcee..10fabee 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -248,14 +248,14 @@ version_test_gt ()
*.old:*.old) ;;
*.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;;
*:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;;
- *-rescue-*:*-rescue-*) ;;
- *.debug:*.debug) ;;
- *-rescue-*:*.debug) return 1 ;;
- *.debug:*-rescue-*) return 0 ;;
- *-rescue-*:*) return 1 ;;
- *:*-rescue-*) return 0 ;;
- *.debug:*) return 1 ;;
- *:*.debug) return 0 ;;
+ *-rescue*:*-rescue*) ;;
+ *?debug:*?debug) ;;
+ *-rescue*:*?debug) return 1 ;;
+ *?debug:*-rescue*) return 0 ;;
+ *-rescue*:*) return 1 ;;
+ *:*-rescue*) return 0 ;;
+ *?debug:*) return 1 ;;
+ *:*?debug) return 0 ;;
esac
version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b"
return "$?"
--
2.4.3

6
0074-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch → 0067-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch
View file

@ -1,7 +1,7 @@
From e433d768dd3d11e93a53e7df8d6c0171b8316b1e Mon Sep 17 00:00:00 2001
From f41e27f8935118dab7ebfbbb93af81069e42fee0 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 22 Jul 2015 11:21:01 -0400
Subject: [PATCH 74/74] Mark po/exclude.pot as binary so git won't try to diff
Subject: [PATCH 67/85] Mark po/exclude.pot as binary so git won't try to diff
nonprintables.
Signed-off-by: Peter Jones <pjones@redhat.com>
@ -18,5 +18,5 @@ index 0000000..33ffaa4
@@ -0,0 +1 @@
+po/exclude.pot binary
--
2.4.3
2.5.0

42
0068-ppc64le-sync-mkconfig-to-disk-1212114.patch Normal file
View file

@ -0,0 +1,42 @@
From fab623aa983f7e713cb27024935191a57c164840 Mon Sep 17 00:00:00 2001
From: Don Zickus <dzickus@redhat.com>
Date: Wed, 22 Jul 2015 13:59:55 -0400
Subject: [PATCH 68/85] ppc64le sync mkconfig to disk (#1212114)
If creating a new grub2 entry using grub2-mkconfig, the entry is not
immediately sync'd to disk. If a crash happens before the writeback,
the subsequent reboot fails because the grub2.cfg is corrupted.
Address this by forcing all the changes (mainly the fs meta data) to disk
before finishing the grub2 conf changes.
Tested by 'grub2-mkconfig -o /etc/grub22.cfg; echo c > /proc/sysrq-trigger'.
Before, the machine would panic and on reboot be stuck without a grub.cfg
to read. After, works as expected.
Resolves: rhbz#1212114
---
util/grub-mkconfig.in | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 435c1cd..54732a2 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -293,3 +293,12 @@ fi
gettext "done" >&2
echo >&2
+
+# make sure changes make it to the disk.
+# if /boot is a mountpoint, force the meta data on disk
+# to by-pass writeback delay.
+# PPC64LE-only to deal with Petitboot issues
+ARCH=$(uname -m)
+if [ "${ARCH}" = "ppc64le" ]; then
+ sync && mountpoint -q /boot &&fsfreeze -f /boot && fsfreeze -u /boot
+fi
--
2.5.0

37
0069-Use-device-part-of-chainloader-target-if-present.patch Normal file
View file

@ -0,0 +1,37 @@
From ee3ea7b2254c03f377b00d885f530dfe35544db1 Mon Sep 17 00:00:00 2001
From: Raymund Will <rw@suse.com>
Date: Fri, 10 Apr 2015 01:45:02 -0400
Subject: [PATCH 69/85] Use device part of chainloader target, if present.
Otherwise chainloading is restricted to '$root', which might not even
be readable by EFI!
v1. use grub_file_get_device_name() to get device name
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/efi/chainloader.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 522a716..6b47497 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -219,8 +219,11 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
if (! file)
goto fail;
- /* Get the root device's device path. */
- dev = grub_device_open (0);
+ /* Get the device path from filename. */
+ char *devname = grub_file_get_device_name (filename);
+ dev = grub_device_open (devname);
+ if (devname)
+ grub_free (devname);
if (! dev)
goto fail;
--
2.5.0

800
0070-Add-secureboot-support-on-efi-chainloader.patch Normal file
View file

@ -0,0 +1,800 @@
From 91d8a0c1767a892e7c73330ca018fbde0a7d2a8e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 6 Oct 2015 13:04:37 -0400
Subject: [PATCH 70/85] Add secureboot support on efi chainloader
Expand the chainloader to be able to verify the image by means of shim
lock protocol. The PE/COFF image is loaded and relocated by the
chainloader instead of calling LoadImage and StartImage UEFI boot
Service as they require positive verification result from keys enrolled
in KEK or DB. The shim will use MOK in addition to firmware enrolled
keys to verify the image.
The chainloader module could be used to load other UEFI bootloaders,
such as xen.efi, and could be signed by any of MOK, KEK or DB.
Based on https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/efi/chainloader.c | 612 ++++++++++++++++++++++++++++++++++---
include/grub/efi/pe32.h | 20 +-
2 files changed, 595 insertions(+), 37 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 6b47497..3cbb6c5 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -32,6 +32,8 @@
#include <grub/efi/api.h>
#include <grub/efi/efi.h>
#include <grub/efi/disk.h>
+#include <grub/efi/pe32.h>
+#include <grub/efi/linux.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/net.h>
@@ -46,9 +48,14 @@ static grub_dl_t my_mod;
static grub_efi_physical_address_t address;
static grub_efi_uintn_t pages;
+static grub_ssize_t fsize;
static grub_efi_device_path_t *file_path;
static grub_efi_handle_t image_handle;
static grub_efi_char16_t *cmdline;
+static grub_ssize_t cmdline_len;
+static grub_efi_handle_t dev_handle;
+
+static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table);
static grub_err_t
grub_chainloader_unload (void)
@@ -63,6 +70,7 @@ grub_chainloader_unload (void)
grub_free (cmdline);
cmdline = 0;
file_path = 0;
+ dev_handle = 0;
grub_dl_unref (my_mod);
return GRUB_ERR_NONE;
@@ -187,12 +195,523 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
return file_path;
}
+#define SHIM_LOCK_GUID \
+ { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } }
+
+typedef union
+{
+ struct grub_pe32_header_32 pe32;
+ struct grub_pe32_header_64 pe32plus;
+} grub_pe_header_t;
+
+struct pe_coff_loader_image_context
+{
+ grub_efi_uint64_t image_address;
+ grub_efi_uint64_t image_size;
+ grub_efi_uint64_t entry_point;
+ grub_efi_uintn_t size_of_headers;
+ grub_efi_uint16_t image_type;
+ grub_efi_uint16_t number_of_sections;
+ grub_efi_uint32_t section_alignment;
+ struct grub_pe32_section_table *first_section;
+ struct grub_pe32_data_directory *reloc_dir;
+ struct grub_pe32_data_directory *sec_dir;
+ grub_efi_uint64_t number_of_rva_and_sizes;
+ grub_pe_header_t *pe_hdr;
+};
+
+typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t;
+
+struct grub_efi_shim_lock
+{
+ grub_efi_status_t (*verify)(void *buffer,
+ grub_efi_uint32_t size);
+ grub_efi_status_t (*hash)(void *data,
+ grub_efi_int32_t datasize,
+ pe_coff_loader_image_context_t *context,
+ grub_efi_uint8_t *sha256hash,
+ grub_efi_uint8_t *sha1hash);
+ grub_efi_status_t (*context)(void *data,
+ grub_efi_uint32_t size,
+ pe_coff_loader_image_context_t *context);
+};
+
+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
+
+static grub_efi_boolean_t
+read_header (void *data, grub_efi_uint32_t size,
+ pe_coff_loader_image_context_t *context)
+{
+ grub_efi_guid_t guid = SHIM_LOCK_GUID;
+ grub_efi_shim_lock_t *shim_lock;
+ grub_efi_status_t status;
+
+ shim_lock = grub_efi_locate_protocol (&guid, NULL);
+
+ if (!shim_lock)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol");
+ return 0;
+ }
+
+ status = shim_lock->context (data, size, context);
+
+ if (status == GRUB_EFI_SUCCESS)
+ {
+ grub_dprintf ("chain", "context success\n");
+ return 1;
+ }
+
+ switch (status)
+ {
+ case GRUB_EFI_UNSUPPORTED:
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported");
+ break;
+ case GRUB_EFI_INVALID_PARAMETER:
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter");
+ break;
+ default:
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code");
+ break;
+ }
+
+ return 0;
+}
+
+static void*
+image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr)
+{
+ if (adr > sz)
+ return NULL;
+
+ return ((grub_uint8_t*)image + adr);
+}
+
+static int
+image_is_64_bit (grub_pe_header_t *pe_hdr)
+{
+ /* .Magic is the same offset in all cases */
+ if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC)
+ return 1;
+ return 0;
+}
+
+static const grub_uint16_t machine_type =
+#if defined(__x86_64__)
+ GRUB_PE32_MACHINE_X86_64;
+#elif defined(__aarch64__)
+ GRUB_PE32_MACHINE_ARM64;
+#elif defined(__arm__)
+ GRUB_PE32_MACHINE_ARMTHUMB_MIXED;
+#elif defined(__i386__) || defined(__i486__) || defined(__i686__)
+ GRUB_PE32_MACHINE_I386;
+#elif defined(__ia64__)
+ GRUB_PE32_MACHINE_IA64;
+#else
+#error this architecture is not supported by grub2
+#endif
+
+static grub_efi_status_t
+relocate_coff (pe_coff_loader_image_context_t *context,
+ struct grub_pe32_section_table *section,
+ void *orig, void *data)
+{
+ struct grub_pe32_data_directory *reloc_base, *reloc_base_end;
+ grub_efi_uint64_t adjust;
+ struct grub_pe32_fixup_block *reloc, *reloc_end;
+ char *fixup, *fixup_base, *fixup_data = NULL;
+ grub_efi_uint16_t *fixup_16;
+ grub_efi_uint32_t *fixup_32;
+ grub_efi_uint64_t *fixup_64;
+ grub_efi_uint64_t size = context->image_size;
+ void *image_end = (char *)orig + size;
+ int n = 0;
+
+ if (image_is_64_bit (context->pe_hdr))
+ context->pe_hdr->pe32plus.optional_header.image_base =
+ (grub_uint64_t)(unsigned long)data;
+ else
+ context->pe_hdr->pe32.optional_header.image_base =
+ (grub_uint32_t)(unsigned long)data;
+
+ /* Alright, so here's how this works:
+ *
+ * context->reloc_dir gives us two things:
+ * - the VA the table of base relocation blocks are (maybe) to be
+ * mapped at (reloc_dir->rva)
+ * - the virtual size (reloc_dir->size)
+ *
+ * The .reloc section (section here) gives us some other things:
+ * - the name! kind of. (section->name)
+ * - the virtual size (section->virtual_size), which should be the same
+ * as RelocDir->Size
+ * - the virtual address (section->virtual_address)
+ * - the file section size (section->raw_data_size), which is
+ * a multiple of optional_header->file_alignment. Only useful for image
+ * validation, not really useful for iteration bounds.
+ * - the file address (section->raw_data_offset)
+ * - a bunch of stuff we don't use that's 0 in our binaries usually
+ * - Flags (section->characteristics)
+ *
+ * and then the thing that's actually at the file address is an array
+ * of struct grub_pe32_fixup_block structs with some values packed behind
+ * them. The block_size field of this structure includes the
+ * structure itself, and adding it to that structure's address will
+ * yield the next entry in the array.
+ */
+
+ reloc_base = image_address (orig, size, section->raw_data_offset);
+ reloc_base_end = image_address (orig, size, section->raw_data_offset
+ + section->virtual_size - 1);
+
+ grub_dprintf ("chain", "reloc_base %p reloc_base_end %p\n", reloc_base,
+ reloc_base_end);
+
+ if (!reloc_base && !reloc_base_end)
+ return GRUB_EFI_SUCCESS;
+
+ if (!reloc_base || !reloc_base_end)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary");
+ return GRUB_EFI_UNSUPPORTED;
+ }
+
+ adjust = (grub_uint64_t)data - context->image_address;
+ if (adjust == 0)
+ return GRUB_EFI_SUCCESS;
+
+ while (reloc_base < reloc_base_end)
+ {
+ grub_uint16_t *entry;
+ reloc = (struct grub_pe32_fixup_block *)((char*)reloc_base);
+
+ if ((reloc_base->size == 0) ||
+ (reloc_base->size > context->reloc_dir->size))
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "Reloc %d block size %d is invalid\n", n,
+ reloc_base->size);
+ return GRUB_EFI_UNSUPPORTED;
+ }
+
+ entry = &reloc->entries[0];
+ reloc_end = (struct grub_pe32_fixup_block *)
+ ((char *)reloc_base + reloc_base->size);
+
+ if ((void *)reloc_end < data || (void *)reloc_end > image_end)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary",
+ n);
+ return GRUB_EFI_UNSUPPORTED;
+ }
+
+ fixup_base = image_address(data, size, reloc_base->rva);
+
+ if (!fixup_base)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n);
+ return GRUB_EFI_UNSUPPORTED;
+ }
+
+ while ((void *)entry < (void *)reloc_end)
+ {
+ fixup = fixup_base + (*entry & 0xFFF);
+ switch ((*entry) >> 12)
+ {
+ case GRUB_PE32_REL_BASED_ABSOLUTE:
+ break;
+ case GRUB_PE32_REL_BASED_HIGH:
+ fixup_16 = (grub_uint16_t *)fixup;
+ *fixup_16 = (grub_uint16_t)
+ (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16)));
+ if (fixup_data != NULL)
+ {
+ *(grub_uint16_t *) fixup_data = *fixup_16;
+ fixup_data = fixup_data + sizeof (grub_uint16_t);
+ }
+ break;
+ case GRUB_PE32_REL_BASED_LOW:
+ fixup_16 = (grub_uint16_t *)fixup;
+ *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust);
+ if (fixup_data != NULL)
+ {
+ *(grub_uint16_t *) fixup_data = *fixup_16;
+ fixup_data = fixup_data + sizeof (grub_uint16_t);
+ }
+ break;
+ case GRUB_PE32_REL_BASED_HIGHLOW:
+ fixup_32 = (grub_uint32_t *)fixup;
+ *fixup_32 = *fixup_32 + (grub_uint32_t)adjust;
+ if (fixup_data != NULL)
+ {
+ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t));
+ *(grub_uint32_t *) fixup_data = *fixup_32;
+ fixup_data += sizeof (grub_uint32_t);
+ }
+ break;
+ case GRUB_PE32_REL_BASED_DIR64:
+ fixup_64 = (grub_uint64_t *)fixup;
+ *fixup_64 = *fixup_64 + (grub_uint64_t)adjust;
+ if (fixup_data != NULL)
+ {
+ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t));
+ *(grub_uint64_t *) fixup_data = *fixup_64;
+ fixup_data += sizeof (grub_uint64_t);
+ }
+ break;
+ default:
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "Reloc %d unknown relocation type %d",
+ n, (*entry) >> 12);
+ return GRUB_EFI_UNSUPPORTED;
+ }
+ entry += 1;
+ }
+ reloc_base = (struct grub_pe32_data_directory *)reloc_end;
+ n++;
+ }
+
+ return GRUB_EFI_SUCCESS;
+}
+
+static grub_efi_device_path_t *
+grub_efi_get_media_file_path (grub_efi_device_path_t *dp)
+{
+ while (1)
+ {
+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+
+ if (type == GRUB_EFI_END_DEVICE_PATH_TYPE)
+ break;
+ else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
+ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
+ return dp;
+
+ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
+ }
+
+ return NULL;
+}
+
+static grub_efi_boolean_t
+handle_image (void *data, grub_efi_uint32_t datasize)
+{
+ grub_efi_boot_services_t *b;
+ grub_efi_loaded_image_t *li, li_bak;
+ grub_efi_status_t efi_status;
+ char *buffer = NULL;
+ char *buffer_aligned = NULL;
+ grub_efi_uint32_t i, size;
+ struct grub_pe32_section_table *section;
+ char *base, *end;
+ pe_coff_loader_image_context_t context;
+ grub_uint32_t section_alignment;
+ grub_uint32_t buffer_size;
+
+ b = grub_efi_system_table->boot_services;
+
+ if (read_header (data, datasize, &context))
+ {
+ grub_dprintf ("chain", "Succeed to read header\n");
+ }
+ else
+ {
+ grub_dprintf ("chain", "Failed to read header\n");
+ goto error_exit;
+ }
+
+ section_alignment = context.section_alignment;
+ buffer_size = context.image_size + section_alignment;
+
+ efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA,
+ buffer_size, &buffer);
+
+ if (efi_status != GRUB_EFI_SUCCESS)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto error_exit;
+ }
+
+ buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment);
+
+ if (!buffer_aligned)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto error_exit;
+ }
+
+ grub_memcpy (buffer_aligned, data, context.size_of_headers);
+
+ char *reloc_base, *reloc_base_end;
+ reloc_base = image_address (buffer_aligned, datasize,
+ context.reloc_dir->rva);
+ /* RelocBaseEnd here is the address of the last byte of the table */
+ reloc_base_end = image_address (buffer_aligned, datasize,
+ context.reloc_dir->rva
+ + context.reloc_dir->size - 1);
+ struct grub_pe32_section_table *reloc_section = NULL;
+
+ section = context.first_section;
+ for (i = 0; i < context.number_of_sections; i++, section++)
+ {
+ size = section->virtual_size;
+ if (size > section->raw_data_size)
+ size = section->raw_data_size;
+
+ base = image_address (buffer_aligned, context.image_size,
+ section->virtual_address);
+ end = image_address (buffer_aligned, context.image_size,
+ section->virtual_address + size - 1);
+
+
+ /* We do want to process .reloc, but it's often marked
+ * discardable, so we don't want to memcpy it. */
+ if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0)
+ {
+ if (reloc_section)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "Image has multiple relocation sections");
+ goto error_exit;
+ }
+
+ /* If it has nonzero sizes, and our bounds check
+ * made sense, and the VA and size match RelocDir's
+ * versions, then we believe in this section table. */
+ if (section->raw_data_size && section->virtual_size &&
+ base && end && reloc_base == base && reloc_base_end == end)
+ {
+ reloc_section = section;
+ }
+ }
+
+ if (section->characteristics && GRUB_PE32_SCN_MEM_DISCARDABLE)
+ continue;
+
+ if (!base || !end)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size");
+ goto error_exit;
+ }
+
+ if (section->virtual_address < context.size_of_headers ||
+ section->raw_data_offset < context.size_of_headers)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "Section %d is inside image headers", i);
+ goto error_exit;
+ }
+
+ if (section->raw_data_size > 0)
+ grub_memcpy (base, (grub_efi_uint8_t*)data + section->raw_data_offset,
+ size);
+
+ if (size < section->virtual_size)
+ grub_memset (base + size, 0, section->virtual_size - size);
+
+ grub_dprintf ("chain", "copied section %s\n", section->name);
+ }
+
+ /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */
+ if (context.number_of_rva_and_sizes <= 5)
+ {
+ grub_dprintf ("chain", "image has no relocation entry\n");
+ goto error_exit;
+ }
+
+ if (context.reloc_dir->size && reloc_section)
+ {
+ /* run the relocation fixups */
+ efi_status = relocate_coff (&context, reloc_section, data,
+ buffer_aligned);
+
+ if (efi_status != GRUB_EFI_SUCCESS)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed");
+ goto error_exit;
+ }
+ }
+
+ entry_point = image_address (buffer_aligned, context.image_size,
+ context.entry_point);
+
+ if (!entry_point)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point");
+ goto error_exit;
+ }
+
+ li = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (!li)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available");
+ goto error_exit;
+ }
+
+ grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t));
+ li->image_base = buffer_aligned;
+ li->image_size = context.image_size;
+ li->load_options = cmdline;
+ li->load_options_size = cmdline_len;
+ li->file_path = grub_efi_get_media_file_path (file_path);
+ li->device_handle = dev_handle;
+ if (li->file_path)
+ {
+ grub_printf ("file path: ");
+ grub_efi_print_device_path (li->file_path);
+ }
+ else
+ {
+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found");
+ goto error_exit;
+ }
+
+ efi_status = efi_call_2 (entry_point, grub_efi_image_handle,
+ grub_efi_system_table);
+
+ grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t));
+ efi_status = efi_call_1 (b->free_pool, buffer);
+
+ return 1;
+
+error_exit:
+ if (buffer)
+ efi_call_1 (b->free_pool, buffer);
+
+ return 0;
+}
+
+static grub_err_t
+grub_secureboot_chainloader_unload (void)
+{
+ grub_efi_boot_services_t *b;
+
+ b = grub_efi_system_table->boot_services;
+ efi_call_2 (b->free_pages, address, pages);
+ grub_free (file_path);
+ grub_free (cmdline);
+ cmdline = 0;
+ file_path = 0;
+ dev_handle = 0;
+
+ grub_dl_unref (my_mod);
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_secureboot_chainloader_boot (void)
+{
+ handle_image ((void *)address, fsize);
+ grub_loader_unset ();
+ return grub_errno;
+}
+
static grub_err_t
grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[])
{
grub_file_t file = 0;
- grub_ssize_t size;
grub_efi_status_t status;
grub_efi_boot_services_t *b;
grub_device_t dev = 0;
@@ -200,7 +719,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_loaded_image_t *loaded_image;
char *filename;
void *boot_image = 0;
- grub_efi_handle_t dev_handle = 0;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -212,9 +730,36 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
address = 0;
image_handle = 0;
file_path = 0;
+ dev_handle = 0;
b = grub_efi_system_table->boot_services;
+ if (argc > 1)
+ {
+ int i;
+ grub_efi_char16_t *p16;
+
+ for (i = 1, cmdline_len = 0; i < argc; i++)
+ cmdline_len += grub_strlen (argv[i]) + 1;
+
+ cmdline_len *= sizeof (grub_efi_char16_t);
+ cmdline = p16 = grub_malloc (cmdline_len);
+ if (! cmdline)
+ goto fail;
+
+ for (i = 1; i < argc; i++)
+ {
+ char *p8;
+
+ p8 = argv[i];
+ while (*p8)
+ *(p16++) = *(p8++);
+
+ *(p16++) = ' ';
+ }
+ *(--p16) = 0;
+ }
+
file = grub_file_open (filename);
if (! file)
goto fail;
@@ -263,14 +808,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_printf ("file path: ");
grub_efi_print_device_path (file_path);
- size = grub_file_size (file);
- if (!size)
+ fsize = grub_file_size (file);
+ if (!fsize)
{
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
filename);
goto fail;
}
- pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12);
+ pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12);
status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES,
GRUB_EFI_LOADER_CODE,
@@ -284,7 +829,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
boot_image = (void *) ((grub_addr_t) address);
- if (grub_file_read (file, boot_image, size) != size)
+ if (grub_file_read (file, boot_image, fsize) != fsize)
{
if (grub_errno == GRUB_ERR_NONE)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
@@ -294,7 +839,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
#if defined (__i386__) || defined (__x86_64__)
- if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header))
+ if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header))
{
struct grub_macho_fat_header *head = boot_image;
if (head->magic
@@ -303,6 +848,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_uint32_t i;
struct grub_macho_fat_arch *archs
= (struct grub_macho_fat_arch *) (head + 1);
+
+ if (grub_efi_secure_boot())
+ {
+ grub_error (GRUB_ERR_BAD_OS,
+ "MACHO binaries are forbidden with Secure Boot");
+ goto fail;
+ }
+
for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++)
{
if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype))
@@ -317,21 +870,28 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
> ~grub_cpu_to_le32 (archs[i].size)
|| grub_cpu_to_le32 (archs[i].offset)
+ grub_cpu_to_le32 (archs[i].size)
- > (grub_size_t) size)
+ > (grub_size_t) fsize)
{
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
filename);
goto fail;
}
boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset);
- size = grub_cpu_to_le32 (archs[i].size);
+ fsize = grub_cpu_to_le32 (archs[i].size);
}
}
#endif
+ if (grub_linuxefi_secure_validate((void *)address, fsize))
+ {
+ grub_file_close (file);
+ grub_loader_set (grub_secureboot_chainloader_boot,
+ grub_secureboot_chainloader_unload, 0);
+ return 0;
+ }
+
status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
- boot_image, size,
- &image_handle);
+ boot_image, fsize, &image_handle);
if (status != GRUB_EFI_SUCCESS)
{
if (status == GRUB_EFI_OUT_OF_RESOURCES)
@@ -353,33 +913,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
loaded_image->device_handle = dev_handle;
- if (argc > 1)
+ if (cmdline)
{
- int i, len;
- grub_efi_char16_t *p16;
-
- for (i = 1, len = 0; i < argc; i++)
- len += grub_strlen (argv[i]) + 1;
-
- len *= sizeof (grub_efi_char16_t);
- cmdline = p16 = grub_malloc (len);
- if (! cmdline)
- goto fail;
-
- for (i = 1; i < argc; i++)
- {
- char *p8;
-
- p8 = argv[i];
- while (*p8)
- *(p16++) = *(p8++);
-
- *(p16++) = ' ';
- }
- *(--p16) = 0;
-
loaded_image->load_options = cmdline;
- loaded_image->load_options_size = len;
+ loaded_image->load_options_size = cmdline_len;
}
grub_file_close (file);
@@ -401,6 +938,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
if (address)
efi_call_2 (b->free_pages, address, pages);
+ if (cmdline)
+ grub_free (cmdline);
+
grub_dl_unref (my_mod);
return grub_errno;
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index f79c36c..f79782e 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -212,7 +212,11 @@ struct grub_pe64_optional_header
struct grub_pe32_section_table
{
char name[8];
- grub_uint32_t virtual_size;
+ union
+ {
+ grub_uint32_t physical_address;
+ grub_uint32_t virtual_size;
+ };
grub_uint32_t virtual_address;
grub_uint32_t raw_data_size;
grub_uint32_t raw_data_offset;
@@ -263,6 +267,20 @@ struct grub_pe32_header
#endif
};
+struct grub_pe32_header_32
+{
+ char signature[GRUB_PE32_SIGNATURE_SIZE];
+ struct grub_pe32_coff_header coff_header;
+ struct grub_pe32_optional_header optional_header;
+};
+
+struct grub_pe32_header_64
+{
+ char signature[GRUB_PE32_SIGNATURE_SIZE];
+ struct grub_pe32_coff_header coff_header;
+ struct grub_pe64_optional_header optional_header;
+};
+
struct grub_pe32_fixup_block
{
grub_uint32_t page_rva;
--
2.5.0

474
0071-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch Normal file
View file

@ -0,0 +1,474 @@
From f42d408e388e3e18da3ca17e0e88d08e8ee2260d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 6 Oct 2015 16:09:25 -0400
Subject: [PATCH 71/85] Make any of the loaders that link in efi mode honor
secure boot.
And in this case "honor" means "even if somebody does link this in, they
won't register commands if SB is enabled."
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 1 +
grub-core/commands/iorw.c | 7 +++++
grub-core/commands/memrw.c | 7 +++++
grub-core/kern/efi/efi.c | 28 ------------------
grub-core/kern/efi/sb.c | 58 ++++++++++++++++++++++++++++++++++++++
grub-core/loader/efi/appleloader.c | 7 +++++
grub-core/loader/efi/chainloader.c | 1 +
grub-core/loader/i386/bsd.c | 7 +++++
grub-core/loader/i386/linux.c | 7 +++++
grub-core/loader/i386/pc/linux.c | 7 +++++
grub-core/loader/multiboot.c | 7 +++++
grub-core/loader/xnu.c | 7 +++++
include/grub/efi/efi.h | 1 -
include/grub/efi/sb.h | 29 +++++++++++++++++++
15 files changed, 146 insertions(+), 29 deletions(-)
create mode 100644 grub-core/kern/efi/sb.c
create mode 100644 include/grub/efi/sb.h
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index 04e9395..fd715a8 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 94567da..1656c01 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -177,6 +177,7 @@ kernel = {
i386_multiboot = kern/i386/pc/acpi.c;
i386_coreboot = kern/acpi.c;
i386_multiboot = kern/acpi.c;
+ common = kern/efi/sb.c;
x86 = kern/i386/tsc.c;
x86 = kern/i386/tsc_pit.c;
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
index a0c164e..41a7f3f 100644
--- a/grub-core/commands/iorw.c
+++ b/grub-core/commands/iorw.c
@@ -23,6 +23,7 @@
#include <grub/env.h>
#include <grub/cpu/io.h>
#include <grub/i18n.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd_read_byte =
grub_register_extcmd ("inb", grub_cmd_read, 0,
N_("PORT"), N_("Read 8-bit value from PORT."),
@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw)
GRUB_MOD_FINI(memrw)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_extcmd (cmd_read_byte);
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
index 98769ea..088cbe9 100644
--- a/grub-core/commands/memrw.c
+++ b/grub-core/commands/memrw.c
@@ -22,6 +22,7 @@
#include <grub/extcmd.h>
#include <grub/env.h>
#include <grub/i18n.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd_read_byte =
grub_register_extcmd ("read_byte", grub_cmd_read, 0,
N_("ADDR"), N_("Read 8-bit value from ADDR."),
@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw)
GRUB_MOD_FINI(memrw)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_extcmd (cmd_read_byte);
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index 0859910..101307f 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -269,34 +269,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
return NULL;
}
-grub_efi_boolean_t
-grub_efi_secure_boot (void)
-{
- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
- grub_size_t datasize;
- char *secure_boot = NULL;
- char *setup_mode = NULL;
- grub_efi_boolean_t ret = 0;
-
- secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
-
- if (datasize != 1 || !secure_boot)
- goto out;
-
- setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
-
- if (datasize != 1 || !setup_mode)
- goto out;
-
- if (*secure_boot && !*setup_mode)
- ret = 1;
-
- out:
- grub_free (secure_boot);
- grub_free (setup_mode);
- return ret;
-}
-
#pragma GCC diagnostic ignored "-Wcast-align"
/* Search the mods section from the PE32/PE32+ image. This code uses
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
new file mode 100644
index 0000000..a41b6c5
--- /dev/null
+++ b/grub-core/kern/efi/sb.c
@@ -0,0 +1,58 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2014 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/err.h>
+#include <grub/mm.h>
+#include <grub/types.h>
+#include <grub/cpu/linux.h>
+#include <grub/efi/efi.h>
+#include <grub/efi/pe32.h>
+#include <grub/efi/linux.h>
+#include <grub/efi/sb.h>
+
+int
+grub_efi_secure_boot (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+ grub_size_t datasize;
+ char *secure_boot = NULL;
+ char *setup_mode = NULL;
+ grub_efi_boolean_t ret = 0;
+
+ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
+
+ if (datasize != 1 || !secure_boot)
+ goto out;
+
+ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
+
+ if (datasize != 1 || !setup_mode)
+ goto out;
+
+ if (*secure_boot && !*setup_mode)
+ ret = 1;
+
+ out:
+ grub_free (secure_boot);
+ grub_free (setup_mode);
+ return ret;
+#else
+ return 0;
+#endif
+}
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
index 74888c4..69c2a10 100644
--- a/grub-core/loader/efi/appleloader.c
+++ b/grub-core/loader/efi/appleloader.c
@@ -24,6 +24,7 @@
#include <grub/misc.h>
#include <grub/efi/api.h>
#include <grub/efi/efi.h>
+#include <grub/efi/sb.h>
#include <grub/command.h>
#include <grub/i18n.h>
@@ -227,6 +228,9 @@ static grub_command_t cmd;
GRUB_MOD_INIT(appleloader)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
N_("[OPTS]"),
/* TRANSLATORS: This command is used on EFI to
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
GRUB_MOD_FINI(appleloader)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_command (cmd);
}
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 3cbb6c5..c4184fa 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -34,6 +34,7 @@
#include <grub/efi/disk.h>
#include <grub/efi/pe32.h>
#include <grub/efi/linux.h>
+#include <grub/efi/sb.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/net.h>
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
index 7f96515..87709aa 100644
--- a/grub-core/loader/i386/bsd.c
+++ b/grub-core/loader/i386/bsd.c
@@ -38,6 +38,7 @@
#ifdef GRUB_MACHINE_PCBIOS
#include <grub/machine/int.h>
#endif
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -2124,6 +2125,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
GRUB_MOD_INIT (bsd)
{
+ if (grub_efi_secure_boot())
+ return;
+
/* Net and OpenBSD kernels are often compressed. */
grub_dl_load ("gzio");
@@ -2163,6 +2167,9 @@ GRUB_MOD_INIT (bsd)
GRUB_MOD_FINI (bsd)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_extcmd (cmd_freebsd);
grub_unregister_extcmd (cmd_openbsd);
grub_unregister_extcmd (cmd_netbsd);
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index fddcc46..b0afcca 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -35,6 +35,7 @@
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1136,6 +1137,9 @@ static grub_command_t cmd_linux, cmd_initrd;
GRUB_MOD_INIT(linux)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd_linux = grub_register_command ("linux", grub_cmd_linux,
0, N_("Load Linux."));
cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
@@ -1145,6 +1149,9 @@ GRUB_MOD_INIT(linux)
GRUB_MOD_FINI(linux)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_command (cmd_linux);
grub_unregister_command (cmd_initrd);
}
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index a293b17..9128315 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -35,6 +35,7 @@
#include <grub/i386/floppy.h>
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -472,6 +473,9 @@ static grub_command_t cmd_linux, cmd_initrd;
GRUB_MOD_INIT(linux16)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd_linux =
grub_register_command ("linux16", grub_cmd_linux,
0, N_("Load Linux."));
@@ -483,6 +487,9 @@ GRUB_MOD_INIT(linux16)
GRUB_MOD_FINI(linux16)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_command (cmd_linux);
grub_unregister_command (cmd_initrd);
}
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 73aa0aa..64a6513 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -42,6 +42,7 @@
#include <grub/video.h>
#include <grub/memory.h>
#include <grub/i18n.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -391,6 +392,9 @@ static grub_command_t cmd_multiboot, cmd_module;
GRUB_MOD_INIT(multiboot)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd_multiboot =
#ifdef GRUB_USE_MULTIBOOT2
grub_register_command ("multiboot2", grub_cmd_multiboot,
@@ -411,6 +415,9 @@ GRUB_MOD_INIT(multiboot)
GRUB_MOD_FINI(multiboot)
{
+ if (grub_efi_secure_boot())
+ return;
+
grub_unregister_command (cmd_multiboot);
grub_unregister_command (cmd_module);
}
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
index c9885b1..df8dfdb 100644
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@@ -33,6 +33,7 @@
#include <grub/extcmd.h>
#include <grub/env.h>
#include <grub/i18n.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1469,6 +1470,9 @@ static grub_extcmd_t cmd_splash;
GRUB_MOD_INIT(xnu)
{
+ if (grub_efi_secure_boot())
+ return;
+
cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
N_("Load XNU image."));
cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
@@ -1509,6 +1513,9 @@ GRUB_MOD_INIT(xnu)
GRUB_MOD_FINI(xnu)
{
+ if (grub_efi_secure_boot())
+ return;
+
#ifndef GRUB_MACHINE_EMU
grub_unregister_command (cmd_resume);
#endif
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 2245632..9a2da0e 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -76,7 +76,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
const grub_efi_guid_t *guid,
void *data,
grub_size_t datasize);
-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void);
int
EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
const grub_efi_device_path_t *dp2);
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
new file mode 100644
index 0000000..9629fbb
--- /dev/null
+++ b/include/grub/efi/sb.h
@@ -0,0 +1,29 @@
+/* sb.h - declare functions for EFI Secure Boot support */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_EFI_SB_HEADER
+#define GRUB_EFI_SB_HEADER 1
+
+#include <grub/types.h>
+#include <grub/dl.h>
+
+/* Functions. */
+int EXPORT_FUNC (grub_efi_secure_boot) (void);
+
+#endif /* ! GRUB_EFI_SB_HEADER */
--
2.5.0

84
0072-Make-efi-machines-load-an-env-block-from-a-variable.patch Normal file
View file

@ -0,0 +1,84 @@
From 03055b5b837187a511d23bbfa1ad80cd5b7c1619 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 7 Dec 2015 14:20:49 -0500
Subject: [PATCH 72/85] Make efi machines load an env block from a variable
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/Makefile.core.def | 1 +
grub-core/kern/efi/init.c | 34 +++++++++++++++++++++++++++++++++-
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 1656c01..ac195d1 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -173,6 +173,7 @@ kernel = {
efi = term/efi/console.c;
efi = kern/acpi.c;
efi = kern/efi/acpi.c;
+ efi = lib/envblk.c;
i386_coreboot = kern/i386/pc/acpi.c;
i386_multiboot = kern/i386/pc/acpi.c;
i386_coreboot = kern/acpi.c;
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index e9c85de..a5b6c1d 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -25,9 +25,40 @@
#include <grub/env.h>
#include <grub/mm.h>
#include <grub/kernel.h>
+#include <grub/lib/envblk.h>
grub_addr_t grub_modbase;
+#define GRUB_EFI_GRUB_VARIABLE_GUID \
+ { 0x91376aff, 0xcba6, 0x42be, \
+ { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \
+ }
+
+/* Helper for grub_efi_env_init */
+static int
+set_var (const char *name, const char *value,
+ void *whitelist __attribute__((__unused__)))
+{
+ grub_env_set (name, value);
+ return 0;
+}
+
+static void
+grub_efi_env_init (void)
+{
+ grub_efi_guid_t efi_grub_guid = GRUB_EFI_GRUB_VARIABLE_GUID;
+ struct grub_envblk envblk_s = { NULL, 0 };
+ grub_envblk_t envblk = &envblk_s;
+
+ envblk_s.buf = grub_efi_get_variable ("GRUB_ENV", &efi_grub_guid,
+ &envblk_s.size);
+ if (!envblk_s.buf || envblk_s.size < 1)
+ return;
+
+ grub_envblk_iterate (envblk, NULL, set_var);
+ grub_free (envblk_s.buf);
+}
+
void
grub_efi_init (void)
{
@@ -42,10 +73,11 @@ grub_efi_init (void)
efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer,
0, 0, 0, NULL);
+ grub_efi_env_init ();
grub_efidisk_init ();
}
-void (*grub_efi_net_config) (grub_efi_handle_t hnd,
+void (*grub_efi_net_config) (grub_efi_handle_t hnd,
char **device,
char **path);
--
2.5.0

16
0075-Fix-security-issue-when-reading-username-and-passwor.patch → 0073-Fix-security-issue-when-reading-username-and-passwor.patch
View file

@ -1,7 +1,7 @@
From b059b6f9c7d236e83829689a1615f180f230baaa Mon Sep 17 00:00:00 2001
From 74d97a32e6a70d8083a53b85e4669f920a133b32 Mon Sep 17 00:00:00 2001
From: Hector Marco-Gisbert <hecmargi@upv.es>
Date: Fri, 13 Nov 2015 16:21:09 +0100
Subject: [PATCH 75/76] Fix security issue when reading username and password
Subject: [PATCH 73/85] Fix security issue when reading username and password
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
@ -17,7 +17,7 @@ Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index 010e550..524a3d8 100644
index 683a8aa..c5ab9eb 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
@ -27,10 +27,10 @@ index 010e550..524a3d8 100644
- if (key == '\b')
+ if (key == '\b' && cur_len)
{
cur_len--;
continue;
if (cur_len)
cur_len--;
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
index c6bd96e..5782ec5 100644
index 7338f82..6d6dc7d 100644
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
@ -40,8 +40,8 @@ index c6bd96e..5782ec5 100644
- if (key == '\b')
+ if (key == '\b' && cur_len)
{
cur_len--;
grub_printf ("\b");
if (cur_len)
{
--
2.5.0

4
0076-01_users-Handle-GRUB_PASSWORD-better.patch → 0074-01_users-Handle-GRUB_PASSWORD-better.patch
View file

@ -1,7 +1,7 @@
From e5e933f4fd449301fc1856db31ef1167b4867cd1 Mon Sep 17 00:00:00 2001
From f415b6a5a0fe2a40f24435275fa30f146579928f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 4 Dec 2015 09:28:38 -0500
Subject: [PATCH 76/76] 01_users: Handle GRUB_PASSWORD better.
Subject: [PATCH 74/85] 01_users: Handle GRUB_PASSWORD better.
Only handle GRUB2_PASSWORD not GRUB_PASSWORD.

175
0075-Make-grub_fatal-also-backtrace.patch Normal file
View file

@ -0,0 +1,175 @@
From 5154ca6af1dd682b7ab8e92b156d5256b27bed77 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 27 Jan 2016 09:22:42 -0500
Subject: [PATCH 75/85] Make grub_fatal() also backtrace.
---
grub-core/Makefile.core.def | 3 ++
grub-core/kern/misc.c | 8 +++++-
grub-core/lib/arm64/backtrace.c | 62 +++++++++++++++++++++++++++++++++++++++++
grub-core/lib/backtrace.c | 2 ++
grub-core/lib/i386/backtrace.c | 14 +++++++++-
5 files changed, 87 insertions(+), 2 deletions(-)
create mode 100644 grub-core/lib/arm64/backtrace.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index ac195d1..990e41b 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -157,6 +157,9 @@ kernel = {
softdiv = lib/division.c;
+ x86 = lib/i386/backtrace.c;
+ x86 = lib/backtrace.c;
+
i386 = kern/i386/dl.c;
i386_xen = kern/i386/dl.c;
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 81be344..d7dcd97 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -24,6 +24,7 @@
#include <grub/term.h>
#include <grub/env.h>
#include <grub/i18n.h>
+#include <grub/backtrace.h>
union printf_arg
{
@@ -1087,8 +1088,13 @@ grub_xasprintf (const char *fmt, ...)
static void __attribute__ ((noreturn))
grub_abort (void)
{
+#ifndef GRUB_UTIL
+#if defined(__i386__) || defined(__x86_64__)
+ grub_backtrace();
+#endif
+#endif
grub_printf ("\nAborted.");
-
+
#ifndef GRUB_UTIL
if (grub_term_inputs)
#endif
diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c
new file mode 100644
index 0000000..1079b53
--- /dev/null
+++ b/grub-core/lib/arm64/backtrace.c
@@ -0,0 +1,62 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/misc.h>
+#include <grub/command.h>
+#include <grub/err.h>
+#include <grub/dl.h>
+#include <grub/mm.h>
+#include <grub/term.h>
+#include <grub/backtrace.h>
+
+#define MAX_STACK_FRAME 102400
+
+void
+grub_backtrace_pointer (int frame)
+{
+ while (1)
+ {
+ void *lp = __builtin_return_address (frame);
+ if (!lp)
+ break;
+
+ lp = __builtin_extract_return_addr (lp);
+
+ grub_printf ("%p: ", lp);
+ grub_backtrace_print_address (lp);
+ grub_printf (" (");
+ for (i = 0; i < 2; i++)
+ grub_printf ("%p,", ((void **)ptr) [i + 2]);
+ grub_printf ("%p)\n", ((void **)ptr) [i + 2]);
+ nptr = *(void **)ptr;
+ if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME
+ || nptr == ptr)
+ {
+ grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr);
+ break;
+ }
+ ptr = nptr;
+ }
+}
+
+void
+grub_backtrace (void)
+{
+ grub_backtrace_pointer (1);
+}
+
diff --git a/grub-core/lib/backtrace.c b/grub-core/lib/backtrace.c
index 825a880..c0ad6ab 100644
--- a/grub-core/lib/backtrace.c
+++ b/grub-core/lib/backtrace.c
@@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
void
grub_backtrace_print_address (void *addr)
{
+#ifndef GRUB_UTIL
grub_dl_t mod;
FOR_DL_MODULES (mod)
@@ -44,6 +45,7 @@ grub_backtrace_print_address (void *addr)
}
}
+#endif
grub_printf ("%p", addr);
}
diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c
index c3e03c7..c67273d 100644
--- a/grub-core/lib/i386/backtrace.c
+++ b/grub-core/lib/i386/backtrace.c
@@ -15,11 +15,23 @@
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <config.h>
+#ifdef GRUB_UTIL
+#define REALLY_GRUB_UTIL GRUB_UTIL
+#undef GRUB_UTIL
+#endif
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+#ifdef REALLY_GRUB_UTIL
+#define GRUB_UTIL REALLY_GRUB_UTIL
+#undef REALLY_GRUB_UTIL
+#endif
#include <grub/misc.h>
#include <grub/command.h>
#include <grub/err.h>
-#include <grub/dl.h>
#include <grub/mm.h>
#include <grub/term.h>
#include <grub/backtrace.h>
--
2.5.0

28
0076-Failed-config-now-returns-exit-code-1252311.patch Normal file
View file

@ -0,0 +1,28 @@
From 4c8dba66554a0b7029270220a2b99d9fdd607560 Mon Sep 17 00:00:00 2001
From: Robert Marshall <rmarshall@redhat.com>
Date: Fri, 29 Jan 2016 14:49:24 -0500
Subject: [PATCH 76/85] Failed config now returns exit code (#1252311)
Grub would notify the user if the new config was invalid, however, it
did not exit properly with exit code 1. Added the proper exit code.
Resolves: rhbz#1252311
---
util/grub-mkconfig.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 54732a2..73a18f7 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -284,6 +284,7 @@ Ensure that there are no errors in /etc/default/grub
and /etc/grub.d/* files or please file a bug report with
%s file attached." "${grub_cfg}.new" >&2
echo >&2
+ exit 1
else
# none of the children aborted with error, install the new grub.cfg
cat ${grub_cfg}.new > ${grub_cfg}
--
2.5.0

789
0077-Core-TPM-support.patch Normal file
View file

@ -0,0 +1,789 @@
From 771a1c4dd99ba4cc6ae6fb980c173f8933752a65 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 14 Jul 2015 17:06:35 -0700
Subject: [PATCH 77/85] Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 3 +
grub-core/kern/dl.c | 3 +
grub-core/kern/efi/tpm.c | 282 +++++++++++++++++++++++++++++++++++++++++++
grub-core/kern/i386/pc/tpm.c | 132 ++++++++++++++++++++
grub-core/kern/tpm.c | 13 ++
include/grub/efi/tpm.h | 153 +++++++++++++++++++++++
include/grub/tpm.h | 91 ++++++++++++++
8 files changed, 678 insertions(+)
create mode 100644 grub-core/kern/efi/tpm.c
create mode 100644 grub-core/kern/i386/pc/tpm.c
create mode 100644 grub-core/kern/tpm.c
create mode 100644 include/grub/efi/tpm.h
create mode 100644 include/grub/tpm.h
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index fd715a8..d082933 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -93,6 +93,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/tpm.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h
if COND_i386_pc
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 990e41b..9fa9790 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -126,6 +126,7 @@ kernel = {
common = kern/rescue_parser.c;
common = kern/rescue_reader.c;
common = kern/term.c;
+ common = kern/tpm.c;
noemu = kern/compiler-rt.c;
noemu = kern/mm.c;
@@ -177,6 +178,7 @@ kernel = {
efi = kern/acpi.c;
efi = kern/efi/acpi.c;
efi = lib/envblk.c;
+ efi = kern/efi/tpm.c;
i386_coreboot = kern/i386/pc/acpi.c;
i386_multiboot = kern/i386/pc/acpi.c;
i386_coreboot = kern/acpi.c;
@@ -222,6 +224,7 @@ kernel = {
i386_pc = kern/i386/pc/init.c;
i386_pc = kern/i386/pc/mmap.c;
+ i386_pc = kern/i386/pc/tpm.c;
i386_pc = term/i386/pc/console.c;
i386_qemu = bus/pci.c;
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 04e804d..247cd0a 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -32,6 +32,7 @@
#include <grub/env.h>
#include <grub/cache.h>
#include <grub/i18n.h>
+#include <grub/tpm.h>
/* Platforms where modules are in a readonly area of memory. */
#if defined(GRUB_MACHINE_QEMU)
@@ -733,6 +734,8 @@ grub_dl_load_file (const char *filename)
opens of the same device. */
grub_file_close (file);
+ grub_tpm_measure(core, size, GRUB_TPM_PCR, filename);
+
mod = grub_dl_load_core (core, size);
grub_free (core);
if (! mod)
diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
new file mode 100644
index 0000000..c9fb3c1
--- /dev/null
+++ b/grub-core/kern/efi/tpm.c
@@ -0,0 +1,282 @@
+#include <grub/err.h>
+#include <grub/i18n.h>
+#include <grub/efi/api.h>
+#include <grub/efi/efi.h>
+#include <grub/efi/tpm.h>
+#include <grub/mm.h>
+#include <grub/tpm.h>
+#include <grub/term.h>
+
+static grub_efi_guid_t tpm_guid = EFI_TPM_GUID;
+static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID;
+
+static grub_efi_boolean_t grub_tpm_present(grub_efi_tpm_protocol_t *tpm)
+{
+ grub_efi_status_t status;
+ TCG_EFI_BOOT_SERVICE_CAPABILITY caps;
+ grub_uint32_t flags;
+ grub_efi_physical_address_t eventlog, lastevent;
+
+ caps.Size = (grub_uint8_t)sizeof(caps);
+
+ status = efi_call_5(tpm->status_check, tpm, &caps, &flags, &eventlog,
+ &lastevent);
+
+ if (status != GRUB_EFI_SUCCESS || caps.TPMDeactivatedFlag
+ || !caps.TPMPresentFlag)
+ return 0;
+
+ return 1;
+}
+
+static grub_efi_boolean_t grub_tpm2_present(grub_efi_tpm2_protocol_t *tpm)
+{
+ grub_efi_status_t status;
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
+
+ caps.Size = (grub_uint8_t)sizeof(caps);
+
+ status = efi_call_2(tpm->get_capability, tpm, &caps);
+
+ if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
+ return 0;
+
+ return 1;
+}
+
+static grub_efi_boolean_t grub_tpm_handle_find(grub_efi_handle_t *tpm_handle,
+ grub_efi_uint8_t *protocol_version)
+{
+ grub_efi_handle_t *handles;
+ grub_efi_uintn_t num_handles;
+
+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm_guid, NULL,
+ &num_handles);
+ if (handles && num_handles > 0) {
+ *tpm_handle = handles[0];
+ *protocol_version = 1;
+ return 1;
+ }
+
+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL,
+ &num_handles);
+ if (handles && num_handles > 0) {
+ *tpm_handle = handles[0];
+ *protocol_version = 2;
+ return 1;
+ }
+
+ return 0;
+}
+
+static grub_err_t
+grub_tpm1_execute(grub_efi_handle_t tpm_handle,
+ PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ grub_efi_status_t status;
+ grub_efi_tpm_protocol_t *tpm;
+ grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn);
+ grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut);
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm_present(tpm))
+ return 0;
+
+ /* UEFI TPM protocol takes the raw operand block, no param block header */
+ status = efi_call_5 (tpm->pass_through_to_tpm, tpm,
+ inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn,
+ outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+static grub_err_t
+grub_tpm2_execute(grub_efi_handle_t tpm_handle,
+ PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ grub_efi_status_t status;
+ grub_efi_tpm2_protocol_t *tpm;
+ grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn);
+ grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut);
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm2_present(tpm))
+ return 0;
+
+ /* UEFI TPM protocol takes the raw operand block, no param block header */
+ status = efi_call_5 (tpm->submit_command, tpm,
+ inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn,
+ outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+grub_err_t
+grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_uint8_t protocol_version;
+
+ /* It's not a hard failure for there to be no TPM */
+ if (!grub_tpm_handle_find(&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1) {
+ return grub_tpm1_execute(tpm_handle, inbuf, outbuf);
+ } else {
+ return grub_tpm2_execute(tpm_handle, inbuf, outbuf);
+ }
+}
+
+typedef struct {
+ grub_uint32_t pcrindex;
+ grub_uint32_t eventtype;
+ grub_uint8_t digest[20];
+ grub_uint32_t eventsize;
+ grub_uint8_t event[1];
+} Event;
+
+
+static grub_err_t
+grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ Event *event;
+ grub_efi_status_t status;
+ grub_efi_tpm_protocol_t *tpm;
+ grub_efi_physical_address_t lastevent;
+ grub_uint32_t algorithm;
+ grub_uint32_t eventnum = 0;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm_present(tpm))
+ return 0;
+
+ event = grub_zalloc(sizeof (Event) + grub_strlen(description) + 1);
+ if (!event)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate TPM event buffer"));
+
+ event->pcrindex = pcr;
+ event->eventtype = EV_IPL;
+ event->eventsize = grub_strlen(description) + 1;
+ grub_memcpy(event->event, description, event->eventsize);
+
+ algorithm = TCG_ALG_SHA;
+ status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
+ algorithm, event, &eventnum, &lastevent);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+static grub_err_t
+grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ EFI_TCG2_EVENT *event;
+ grub_efi_status_t status;
+ grub_efi_tpm2_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if (!grub_tpm2_present(tpm))
+ return 0;
+
+ event = grub_zalloc(sizeof (EFI_TCG2_EVENT) + grub_strlen(description) + 1);
+ if (!event)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate TPM event buffer"));
+
+ event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
+ event->Header.HeaderVersion = 1;
+ event->Header.PCRIndex = pcr;
+ event->Header.EventType = EV_IPL;
+ event->Size = sizeof(*event) - sizeof(event->Event) + grub_strlen(description) + 1;
+ grub_memcpy(event->Event, description, grub_strlen(description) + 1);
+
+ status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
+ (grub_uint64_t) size, event);
+
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ return grub_error (GRUB_ERR_IO, N_("Command failed"));
+ case GRUB_EFI_INVALID_PARAMETER:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+ case GRUB_EFI_NOT_FOUND:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+ default:
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ }
+}
+
+grub_err_t
+grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+
+ if (!grub_tpm_handle_find(&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1) {
+ return grub_tpm1_log_event(tpm_handle, buf, size, pcr, description);
+ } else {
+ return grub_tpm2_log_event(tpm_handle, buf, size, pcr, description);
+ }
+}
diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
new file mode 100644
index 0000000..8c6c1e6
--- /dev/null
+++ b/grub-core/kern/i386/pc/tpm.c
@@ -0,0 +1,132 @@
+#include <grub/err.h>
+#include <grub/i18n.h>
+#include <grub/mm.h>
+#include <grub/tpm.h>
+#include <grub/misc.h>
+#include <grub/i386/pc/int.h>
+
+#define TCPA_MAGIC 0x41504354
+
+int tpm_present(void);
+
+int tpm_present(void)
+{
+ struct grub_bios_int_registers regs;
+
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ regs.eax = 0xbb00;
+ regs.ebx = TCPA_MAGIC;
+ grub_bios_interrupt (0x1a, &regs);
+
+ if (regs.eax == 0)
+ return 1;
+
+ return 0;
+}
+
+grub_err_t
+grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf)
+{
+ struct grub_bios_int_registers regs;
+ grub_addr_t inaddr, outaddr;
+
+ if (!tpm_present())
+ return 0;
+
+ inaddr = (grub_addr_t) inbuf;
+ outaddr = (grub_addr_t) outbuf;
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ regs.eax = 0xbb02;
+ regs.ebx = TCPA_MAGIC;
+ regs.ecx = 0;
+ regs.edx = 0;
+ regs.es = (inaddr & 0xffff0000) >> 4;
+ regs.edi = inaddr & 0xffff;
+ regs.ds = outaddr >> 4;
+ regs.esi = outaddr & 0xf;
+
+ grub_bios_interrupt (0x1a, &regs);
+
+ if (regs.eax)
+ return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
+
+ return 0;
+}
+
+typedef struct {
+ grub_uint32_t pcrindex;
+ grub_uint32_t eventtype;
+ grub_uint8_t digest[20];
+ grub_uint32_t eventdatasize;
+ grub_uint8_t event[0];
+} GRUB_PACKED Event;
+
+typedef struct {
+ grub_uint16_t ipblength;
+ grub_uint16_t reserved;
+ grub_uint32_t hashdataptr;
+ grub_uint32_t hashdatalen;
+ grub_uint32_t pcr;
+ grub_uint32_t reserved2;
+ grub_uint32_t logdataptr;
+ grub_uint32_t logdatalen;
+} GRUB_PACKED EventIncoming;
+
+typedef struct {
+ grub_uint16_t opblength;
+ grub_uint16_t reserved;
+ grub_uint32_t eventnum;
+ grub_uint8_t hashvalue[20];
+} GRUB_PACKED EventOutgoing;
+
+grub_err_t
+grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ struct grub_bios_int_registers regs;
+ EventIncoming incoming;
+ EventOutgoing outgoing;
+ Event *event;
+ grub_uint32_t datalength;
+
+ if (!tpm_present())
+ return 0;
+
+ datalength = grub_strlen(description);
+ event = grub_zalloc(datalength + sizeof(Event));
+ if (!event)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate TPM event buffer"));
+
+ event->pcrindex = pcr;
+ event->eventtype = 0x0d;
+ event->eventdatasize = grub_strlen(description);
+ grub_memcpy(event->event, description, datalength);
+
+ incoming.ipblength = sizeof(incoming);
+ incoming.hashdataptr = (grub_uint32_t)buf;
+ incoming.hashdatalen = size;
+ incoming.pcr = pcr;
+ incoming.logdataptr = (grub_uint32_t)event;
+ incoming.logdatalen = datalength + sizeof(Event);
+
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ regs.eax = 0xbb01;
+ regs.ebx = TCPA_MAGIC;
+ regs.ecx = 0;
+ regs.edx = 0;
+ regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4;
+ regs.edi = ((grub_addr_t) &incoming) & 0xffff;
+ regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4;
+ regs.esi = ((grub_addr_t) &outgoing) & 0xffff;
+
+ grub_bios_interrupt (0x1a, &regs);
+
+ grub_free(event);
+
+ if (regs.eax)
+ return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
+
+ return 0;
+}
diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
new file mode 100644
index 0000000..1a99187
--- /dev/null
+++ b/grub-core/kern/tpm.c
@@ -0,0 +1,13 @@
+#include <grub/err.h>
+#include <grub/i18n.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/tpm.h>
+#include <grub/term.h>
+
+grub_err_t
+grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ return grub_tpm_log_event(buf, size, pcr, description);
+}
diff --git a/include/grub/efi/tpm.h b/include/grub/efi/tpm.h
new file mode 100644
index 0000000..e2aff4a
--- /dev/null
+++ b/include/grub/efi/tpm.h
@@ -0,0 +1,153 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2015 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_EFI_TPM_HEADER
+#define GRUB_EFI_TPM_HEADER 1
+
+#define EFI_TPM_GUID {0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd }};
+#define EFI_TPM2_GUID {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }};
+
+typedef struct {
+ grub_efi_uint8_t Major;
+ grub_efi_uint8_t Minor;
+ grub_efi_uint8_t RevMajor;
+ grub_efi_uint8_t RevMinor;
+} TCG_VERSION;
+
+typedef struct _TCG_EFI_BOOT_SERVICE_CAPABILITY {
+ grub_efi_uint8_t Size; /// Size of this structure.
+ TCG_VERSION StructureVersion;
+ TCG_VERSION ProtocolSpecVersion;
+ grub_efi_uint8_t HashAlgorithmBitmap; /// Hash algorithms .
+ char TPMPresentFlag; /// 00h = TPM not present.
+ char TPMDeactivatedFlag; /// 01h = TPM currently deactivated.
+} TCG_EFI_BOOT_SERVICE_CAPABILITY;
+
+typedef struct {
+ grub_efi_uint32_t PCRIndex;
+ grub_efi_uint32_t EventType;
+ grub_efi_uint8_t digest[20];
+ grub_efi_uint32_t EventSize;
+ grub_efi_uint8_t Event[1];
+} TCG_PCR_EVENT;
+
+struct grub_efi_tpm_protocol
+{
+ grub_efi_status_t (*status_check) (struct grub_efi_tpm_protocol *this,
+ TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
+ grub_efi_uint32_t *TCGFeatureFlags,
+ grub_efi_physical_address_t *EventLogLocation,
+ grub_efi_physical_address_t *EventLogLastEntry);
+ grub_efi_status_t (*hash_all) (struct grub_efi_tpm_protocol *this,
+ grub_efi_uint8_t *HashData,
+ grub_efi_uint64_t HashLen,
+ grub_efi_uint32_t AlgorithmId,
+ grub_efi_uint64_t *HashedDataLen,
+ grub_efi_uint8_t **HashedDataResult);
+ grub_efi_status_t (*log_event) (struct grub_efi_tpm_protocol *this,
+ TCG_PCR_EVENT *TCGLogData,
+ grub_efi_uint32_t *EventNumber,
+ grub_efi_uint32_t Flags);
+ grub_efi_status_t (*pass_through_to_tpm) (struct grub_efi_tpm_protocol *this,
+ grub_efi_uint32_t TpmInputParameterBlockSize,
+ grub_efi_uint8_t *TpmInputParameterBlock,
+ grub_efi_uint32_t TpmOutputParameterBlockSize,
+ grub_efi_uint8_t *TpmOutputParameterBlock);
+ grub_efi_status_t (*log_extend_event) (struct grub_efi_tpm_protocol *this,
+ grub_efi_physical_address_t HashData,
+ grub_efi_uint64_t HashDataLen,
+ grub_efi_uint32_t AlgorithmId,
+ TCG_PCR_EVENT *TCGLogData,
+ grub_efi_uint32_t *EventNumber,
+ grub_efi_physical_address_t *EventLogLastEntry);
+};
+
+typedef struct grub_efi_tpm_protocol grub_efi_tpm_protocol_t;
+
+typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_BITMAP;
+typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_FORMAT;
+typedef grub_efi_uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP;
+
+typedef struct tdEFI_TCG2_VERSION {
+ grub_efi_uint8_t Major;
+ grub_efi_uint8_t Minor;
+} GRUB_PACKED EFI_TCG2_VERSION;
+
+typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
+ grub_efi_uint8_t Size;
+ EFI_TCG2_VERSION StructureVersion;
+ EFI_TCG2_VERSION ProtocolVersion;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
+ EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
+ grub_efi_boolean_t TPMPresentFlag;
+ grub_efi_uint16_t MaxCommandSize;
+ grub_efi_uint16_t MaxResponseSize;
+ grub_efi_uint32_t ManufacturerID;
+ grub_efi_uint32_t NumberOfPcrBanks;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
+} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
+
+typedef grub_efi_uint32_t TCG_PCRINDEX;
+typedef grub_efi_uint32_t TCG_EVENTTYPE;
+
+typedef struct tdEFI_TCG2_EVENT_HEADER {
+ grub_efi_uint32_t HeaderSize;
+ grub_efi_uint16_t HeaderVersion;
+ TCG_PCRINDEX PCRIndex;
+ TCG_EVENTTYPE EventType;
+} GRUB_PACKED EFI_TCG2_EVENT_HEADER;
+
+typedef struct tdEFI_TCG2_EVENT {
+ grub_efi_uint32_t Size;
+ EFI_TCG2_EVENT_HEADER Header;
+ grub_efi_uint8_t Event[1];
+} GRUB_PACKED EFI_TCG2_EVENT;
+
+struct grub_efi_tpm2_protocol
+{
+ grub_efi_status_t (*get_capability) (struct grub_efi_tpm2_protocol *this,
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
+ grub_efi_status_t (*get_event_log) (struct grub_efi_tpm2_protocol *this,
+ EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
+ grub_efi_physical_address_t *EventLogLocation,
+ grub_efi_physical_address_t *EventLogLastEntry,
+ grub_efi_boolean_t *EventLogTruncated);
+ grub_efi_status_t (*hash_log_extend_event) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint64_t Flags,
+ grub_efi_physical_address_t *DataToHash,
+ grub_efi_uint64_t DataToHashLen,
+ EFI_TCG2_EVENT *EfiTcgEvent);
+ grub_efi_status_t (*submit_command) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t InputParameterBlockSize,
+ grub_efi_uint8_t *InputParameterBlock,
+ grub_efi_uint32_t OutputParameterBlockSize,
+ grub_efi_uint8_t *OutputParameterBlock);
+ grub_efi_status_t (*get_active_pcr_blanks) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t *ActivePcrBanks);
+ grub_efi_status_t (*set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t ActivePcrBanks);
+ grub_efi_status_t (*get_result_of_set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this,
+ grub_efi_uint32_t *OperationPresent,
+ grub_efi_uint32_t *Response);
+};
+
+typedef struct grub_efi_tpm2_protocol grub_efi_tpm2_protocol_t;
+
+#define TCG_ALG_SHA 0x00000004
+
+#endif
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
new file mode 100644
index 0000000..40d3cf6
--- /dev/null
+++ b/include/grub/tpm.h
@@ -0,0 +1,91 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2015 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_TPM_HEADER
+#define GRUB_TPM_HEADER 1
+
+#define SHA1_DIGEST_SIZE 20
+
+#define TPM_BASE 0x0
+#define TPM_SUCCESS TPM_BASE
+#define TPM_AUTHFAIL (TPM_BASE + 0x1)
+#define TPM_BADINDEX (TPM_BASE + 0x2)
+
+#define GRUB_TPM_PCR 9
+#define GRUB_KERNEL_PCR 10
+#define GRUB_INITRD_PCR 11
+#define GRUB_CMDLINE_PCR 12
+
+#define TPM_TAG_RQU_COMMAND 0x00C1
+#define TPM_ORD_Extend 0x14
+
+#define EV_IPL 0x0d
+
+/* TCG_PassThroughToTPM Input Parameter Block */
+typedef struct {
+ grub_uint16_t IPBLength;
+ grub_uint16_t Reserved1;
+ grub_uint16_t OPBLength;
+ grub_uint16_t Reserved2;
+ grub_uint8_t TPMOperandIn[1];
+} GRUB_PACKED PassThroughToTPM_InputParamBlock;
+
+/* TCG_PassThroughToTPM Output Parameter Block */
+typedef struct {
+ grub_uint16_t OPBLength;
+ grub_uint16_t Reserved;
+ grub_uint8_t TPMOperandOut[1];
+} GRUB_PACKED PassThroughToTPM_OutputParamBlock;
+
+typedef struct {
+ grub_uint16_t tag;
+ grub_uint32_t paramSize;
+ grub_uint32_t ordinal;
+ grub_uint32_t pcrNum;
+ grub_uint8_t inDigest[SHA1_DIGEST_SIZE]; /* The 160 bit value representing the event to be recorded. */
+} GRUB_PACKED ExtendIncoming;
+
+/* TPM_Extend Outgoing Operand */
+typedef struct {
+ grub_uint16_t tag;
+ grub_uint32_t paramSize;
+ grub_uint32_t returnCode;
+ grub_uint8_t outDigest[SHA1_DIGEST_SIZE]; /* The PCR value after execution of the command. */
+} GRUB_PACKED ExtendOutgoing;
+
+grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
+ grub_uint8_t pcr,
+ const char *description);
+#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
+grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf);
+grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size,
+ grub_uint8_t pcr, const char *description);
+#else
+static inline grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf) { return 0; };
+static inline grub_err_t grub_tpm_log_event(unsigned char *buf,
+ grub_size_t size,
+ grub_uint8_t pcr,
+ const char *description)
+{
+ return 0;
+};
+#endif
+
+#endif
--
2.5.0

42
0078-Measure-kernel-initrd.patch Normal file
View file

@ -0,0 +1,42 @@
From 15861b92def9c82f505580b40049365952ea3f83 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Thu, 16 Jul 2015 15:22:34 -0700
Subject: [PATCH 78/85] Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
---
grub-core/loader/i386/efi/linux.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 7ccf32d..4ee45e9 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -27,6 +27,7 @@
#include <grub/lib/cmdline.h>
#include <grub/efi/efi.h>
#include <grub/efi/linux.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -129,6 +130,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
argv[i]);
goto fail;
}
+ grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd");
ptr += cursize;
grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
ptr += ALIGN_UP_OVERHEAD (cursize, 4);
@@ -184,6 +186,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel");
+
if (! grub_linuxefi_secure_validate (kernel, filelen))
{
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
--
2.5.0

179
0079-Add-BIOS-boot-measurement.patch Normal file
View file

@ -0,0 +1,179 @@
From 7c80ec2e9a3beea04cc00ebf1fbbaa5f947f0388 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 15:48:51 -0700
Subject: [PATCH 79/85] Add BIOS boot measurement
Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware
can't do this stage for us.
---
grub-core/boot/i386/pc/boot.S | 30 +++++++++++++++++++++++++-
grub-core/boot/i386/pc/diskboot.S | 44 +++++++++++++++++++++++++++++++++++++++
2 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
index ea167fe..c1df86d 100644
--- a/grub-core/boot/i386/pc/boot.S
+++ b/grub-core/boot/i386/pc/boot.S
@@ -24,11 +24,14 @@
* defines for the code go here
*/
+#define TPM 1
+
/* Print message string */
#define MSG(x) movw $x, %si; call LOCAL(message)
#define ERR(x) movw $x, %si; jmp LOCAL(error_message)
.macro floppy
+#ifndef TPM
part_start:
LOCAL(probe_values):
@@ -85,6 +88,7 @@ fd_probe_error_string: .asciz "Floppy"
movb MACRO_DOLLAR(79), %ch
jmp LOCAL(final_init)
+#endif
.endm
.macro scratch
@@ -252,6 +256,7 @@ real_start:
/* set %si to the disk address packet */
movw $disk_address_packet, %si
+#ifndef TPM
/* check if LBA is supported */
movb $0x41, %ah
movw $0x55aa, %bx
@@ -271,6 +276,7 @@ real_start:
andw $1, %cx
jz LOCAL(chs_mode)
+#endif
LOCAL(lba_mode):
xorw %ax, %ax
@@ -314,6 +320,9 @@ LOCAL(lba_mode):
jmp LOCAL(copy_buffer)
LOCAL(chs_mode):
+#ifdef TPM
+ jmp LOCAL(general_error)
+#else
/*
* Determine the hard disk geometry from the BIOS!
* We do this first, so that LS-120 IDE floppies work correctly.
@@ -425,7 +434,7 @@ setup_sectors:
jc LOCAL(read_error)
movw %es, %bx
-
+#endif /* TPM */
LOCAL(copy_buffer):
/*
* We need to save %cx and %si because the startup code in
@@ -448,6 +457,25 @@ LOCAL(copy_buffer):
popw %ds
popa
+#ifdef TPM
+ pusha
+
+ movw $0xBB00, %ax /* TCG_StatusCheck */
+ int $0x1A
+ test %eax, %eax
+ jnz boot /* No TPM or TPM deactivated */
+
+ movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
+ movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di
+ xorl %esi, %esi
+ movl $0x41504354, %ebx /* TCPA */
+ movl $0x200, %ecx /* Measure 512 bytes */
+ movl $0x8, %edx /* PCR 8 */
+ int $0x1A
+
+ popa
+#endif
+boot:
/* boot kernel */
jmp *(LOCAL(kernel_address))
diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
index c8b87ed..05dd7fa 100644
--- a/grub-core/boot/i386/pc/diskboot.S
+++ b/grub-core/boot/i386/pc/diskboot.S
@@ -19,6 +19,8 @@
#include <grub/symbol.h>
#include <grub/machine/boot.h>
+#define TPM 1
+
/*
* defines for the code go here
*/
@@ -53,6 +55,21 @@ _start:
/* this sets up for the first run through "bootloop" */
movw $LOCAL(firstlist), %di
+#ifdef TPM
+ /* clear EAX to remove potential garbage */
+ xorl %eax, %eax
+ /* 8(%di) = number of sectors to read */
+ movw 8(%di), %ax
+
+ /* Multiply number of sectors to read with 512 bytes. EAX is 32bit
+ * which is large enough to hold values of up to 4GB. I doubt there
+ * will ever be a core.img larger than that. ;-) */
+ shll $9, %eax
+
+ /* write result to bytes_to_measure var */
+ movl %eax, bytes_to_measure
+#endif
+
/* save the sector number of the second sector in %ebp */
movl (%di), %ebp
@@ -290,6 +307,29 @@ LOCAL(copy_buffer):
/* END OF MAIN LOOP */
LOCAL(bootit):
+#ifdef TPM
+ pusha
+ movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
+
+ movw $0x0, %bx
+ movw %bx, %es
+
+ /* We've already measured the first 512 bytes, now measure the rest */
+ xorl %edi, %edi
+ movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di
+
+ movl $0x41504354, %ebx /* EBX = "TCPA" */
+
+ /* %ecx = The length, in bytes, of the buffer to measure */
+ movl $bytes_to_measure, %esi
+ movl (%esi), %ecx
+ xorl %esi, %esi
+ movl $0x9, %edx /* PCR 9 */
+
+ int $0x1A
+
+ popa
+#endif
/* print a newline */
MSG(notification_done)
popw %dx /* this makes sure %dl is our "boot" drive */
@@ -324,6 +364,10 @@ geometry_error_string: .asciz "Geom"
read_error_string: .asciz "Read"
general_error_string: .asciz " Error"
+#ifdef TPM
+bytes_to_measure: .long 0
+#endif
+
/*
* message: write the string pointed to by %si
*
--
2.5.0

107
0080-Rework-linux-command.patch Normal file
View file

@ -0,0 +1,107 @@
From 600a01418498f09223aed5ebc693c941f4e7b049 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:12:39 -0700
Subject: [PATCH 80/85] Rework linux command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
---
grub-core/loader/i386/linux.c | 34 +++++++++++++++++++++-------------
1 file changed, 21 insertions(+), 13 deletions(-)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index b0afcca..5eb7d17 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -681,12 +681,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_file_t file = 0;
struct linux_kernel_header lh;
grub_uint8_t setup_sects;
- grub_size_t real_size, prot_size, prot_file_size;
+ grub_size_t real_size, prot_size, prot_file_size, kernel_offset;
grub_ssize_t len;
int i;
grub_size_t align, min_align;
int relocatable;
grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR;
+ grub_uint8_t *kernel = NULL;
grub_dl_ref (my_mod);
@@ -700,7 +701,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (! file)
goto fail;
- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
+ len = grub_file_size (file);
+ kernel = grub_malloc (len);
+ if (!kernel)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
+ goto fail;
+ }
+
+ if (grub_file_read (file, kernel, len) != len)
{
if (!grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
@@ -708,6 +717,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_memcpy (&lh, kernel, sizeof (lh));
+ kernel_offset = sizeof (lh);
+
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
{
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
@@ -807,13 +819,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
linux_params.ps_mouse = linux_params.padding10 = 0;
len = sizeof (linux_params) - sizeof (lh);
- if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len)
- {
- if (!grub_errno)
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
- goto fail;
- }
+
+ grub_memcpy (&linux_params + sizeof (lh), kernel + kernel_offset, len);
+ kernel_offset += len;
linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
@@ -872,7 +880,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
/* The other parameters are filled when booting. */
- grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE);
+ kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE;
grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n",
(unsigned) real_size, (unsigned) prot_size);
@@ -1017,9 +1025,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
- (sizeof (LINUX_IMAGE) - 1));
len = prot_file_size;
- if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
+ grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
if (grub_errno == GRUB_ERR_NONE)
{
@@ -1030,6 +1036,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
fail:
+ grub_free (kernel);
+
if (file)
grub_file_close (file);
--
2.5.0

101
0081-Rework-linux16-command.patch Normal file
View file

@ -0,0 +1,101 @@
From 1f01062c05e9c86cbc5a01432a2a7293edfd30b6 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:20:58 -0700
Subject: [PATCH 81/85] Rework linux16 command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
---
grub-core/loader/i386/pc/linux.c | 34 +++++++++++++++++++++-------------
1 file changed, 21 insertions(+), 13 deletions(-)
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 9128315..b864e54 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -124,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_file_t file = 0;
struct linux_kernel_header lh;
grub_uint8_t setup_sects;
- grub_size_t real_size;
+ grub_size_t real_size, kernel_offset = 0;
grub_ssize_t len;
int i;
char *grub_linux_prot_chunk;
int grub_linux_is_bzimage;
grub_addr_t grub_linux_prot_target;
grub_err_t err;
+ grub_uint8_t *kernel = NULL;
grub_dl_ref (my_mod);
@@ -144,7 +145,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (! file)
goto fail;
- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
+ len = grub_file_size (file);
+ kernel = grub_malloc (len);
+ if (!kernel)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
+ goto fail;
+ }
+
+ if (grub_file_read (file, kernel, len) != len)
{
if (!grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
@@ -152,6 +161,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_memcpy (&lh, kernel, sizeof (lh));
+ kernel_offset = sizeof (lh);
+
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
{
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
@@ -315,13 +327,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh));
len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh);
- if (grub_file_read (file, grub_linux_real_chunk + sizeof (lh), len) != len)
- {
- if (!grub_errno)
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
- goto fail;
- }
+ grub_memcpy (grub_linux_real_chunk + sizeof (lh), kernel + kernel_offset,
+ len);
+ kernel_offset += len;
if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE)
|| grub_le_to_cpu16 (lh.version) < 0x0200)
@@ -356,10 +364,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
}
len = grub_linux16_prot_size;
- if (grub_file_read (file, grub_linux_prot_chunk, grub_linux16_prot_size)
- != (grub_ssize_t) grub_linux16_prot_size && !grub_errno)
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
+ grub_memcpy (grub_linux_prot_chunk, kernel + kernel_offset, len);
+ kernel_offset += len;
if (grub_errno == GRUB_ERR_NONE)
{
@@ -369,6 +375,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
fail:
+ grub_free (kernel);
+
if (file)
grub_file_close (file);
--
2.5.0

87
0082-Measure-kernel-and-initrd-on-BIOS-systems.patch Normal file
View file

@ -0,0 +1,87 @@
From 16e2e25c137c69a46d82b6d7a3fe540ec5a2cbc4 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:28:29 -0700
Subject: [PATCH 82/85] Measure kernel and initrd on BIOS systems
Measure the kernel and initrd when loaded on BIOS systems
---
grub-core/loader/i386/linux.c | 5 +++++
grub-core/loader/i386/pc/linux.c | 3 +++
grub-core/loader/linux.c | 2 ++
3 files changed, 10 insertions(+)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 5eb7d17..342c9fe 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -36,6 +36,7 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/efi/sb.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -717,7 +718,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel");
+
grub_memcpy (&lh, kernel, sizeof (lh));
+
kernel_offset = sizeof (lh);
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
@@ -1026,6 +1030,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
len = prot_file_size;
grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
+ kernel_offset += len;
if (grub_errno == GRUB_ERR_NONE)
{
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index b864e54..6b8f365 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -36,6 +36,7 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/efi/sb.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -161,6 +162,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel");
+
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index be6fa0f..3005c0d 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -4,6 +4,7 @@
#include <grub/misc.h>
#include <grub/file.h>
#include <grub/mm.h>
+#include <grub/tpm.h>
struct newc_head
{
@@ -288,6 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
grub_initrd_close (initrd_ctx);
return grub_errno;
}
+ grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd");
ptr += cursize;
}
if (newc)
--
2.5.0

43
0083-Measure-the-kernel-commandline.patch Normal file
View file

@ -0,0 +1,43 @@
From c7e870b771bbe43d56143d0be62ba91e30a032cf Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Sun, 9 Aug 2015 16:32:29 -0700
Subject: [PATCH 83/85] Measure the kernel commandline
Measure the kernel commandline to ensure that it hasn't been modified
---
grub-core/lib/cmdline.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index 970ea86..6b56304 100644
--- a/grub-core/lib/cmdline.c
+++ b/grub-core/lib/cmdline.c
@@ -19,6 +19,7 @@
#include <grub/lib/cmdline.h>
#include <grub/misc.h>
+#include <grub/tpm.h>
static int
is_hex(char c)
@@ -79,7 +80,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
{
int i, space;
unsigned int arg_size;
- char *c;
+ char *c, *orig = buf;
for (i = 0; i < argc; i++)
{
@@ -125,5 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
*buf = 0;
+ grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR,
+ "Kernel Commandline");
+
return i;
}
--
2.5.0

76
0084-Measure-commands.patch Normal file
View file

@ -0,0 +1,76 @@
From 9c55b8018c900f7e67e80693311ac3173a5df7fc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Mon, 10 Aug 2015 15:27:12 -0700
Subject: [PATCH 84/85] Measure commands
Measure each command executed by grub, which includes script execution.
---
grub-core/script/execute.c | 25 +++++++++++++++++++++++--
include/grub/tpm.h | 1 +
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index cf6cd66..9ae04a0 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -30,6 +30,7 @@
#ifdef GRUB_MACHINE_IEEE1275
#include <grub/ieee1275/ieee1275.h>
#endif
+#include <grub/tpm.h>
/* Max digits for a char is 3 (0xFF is 255), similarly for an int it
is sizeof (int) * 3, and one extra for a possible -ve sign. */
@@ -967,8 +968,9 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
grub_err_t ret = 0;
grub_script_function_t func = 0;
char errnobuf[18];
- char *cmdname;
- int argc;
+ char *cmdname, *cmdstring;
+ int argc, offset = 0, cmdlen = 0;
+ unsigned int i;
char **args;
int invert;
struct grub_script_argv argv = { 0, 0, 0 };
@@ -977,6 +979,25 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
return grub_errno;
+ for (i = 0; i < argv.argc; i++) {
+ cmdlen += grub_strlen (argv.args[i]) + 1;
+ }
+
+ cmdstring = grub_malloc (cmdlen);
+ if (!cmdstring)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate command buffer"));
+ }
+
+ for (i = 0; i < argv.argc; i++) {
+ offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
+ argv.args[i]);
+ }
+ cmdstring[cmdlen-1]= '\0';
+ grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR,
+ cmdstring);
+ grub_free(cmdstring);
invert = 0;
argc = argv.argc - 1;
args = argv.args + 1;
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 40d3cf6..7fc9d77 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -30,6 +30,7 @@
#define GRUB_KERNEL_PCR 10
#define GRUB_INITRD_PCR 11
#define GRUB_CMDLINE_PCR 12
+#define GRUB_COMMAND_PCR 13
#define TPM_TAG_RQU_COMMAND 0x00C1
#define TPM_ORD_Extend 0x14
--
2.5.0

76
0085-Measure-multiboot-images-and-modules.patch Normal file
View file

@ -0,0 +1,76 @@
From 8e7be33d76340fde72c128019ce72f5e0da6135c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 1 Sep 2015 16:02:55 -0700
Subject: [PATCH 85/85] Measure multiboot images and modules
---
grub-core/loader/i386/multiboot_mbi.c | 3 +++
grub-core/loader/multiboot.c | 2 ++
grub-core/loader/multiboot_mbi2.c | 3 +++
3 files changed, 8 insertions(+)
diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
index f60b702..43a08e4 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@@ -36,6 +36,7 @@
#include <grub/net.h>
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
+#include <grub/tpm.h>
#ifdef GRUB_MACHINE_EFI
#include <grub/efi/efi.h>
@@ -164,6 +165,8 @@ grub_multiboot_load (grub_file_t file, const char *filename)
return grub_errno;
}
+ grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename);
+
header = find_header (buffer, len);
if (header == 0)
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 64a6513..58e6329 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -43,6 +43,7 @@
#include <grub/memory.h>
#include <grub/i18n.h>
#include <grub/efi/sb.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -385,6 +386,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
}
grub_file_close (file);
+ grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]);
return GRUB_ERR_NONE;
}
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
index f147d67..8f163ea 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -36,6 +36,7 @@
#include <grub/i18n.h>
#include <grub/net.h>
#include <grub/lib/cmdline.h>
+#include <grub/tpm.h>
#if defined (GRUB_MACHINE_EFI)
#include <grub/efi/efi.h>
@@ -126,6 +127,8 @@ grub_multiboot_load (grub_file_t file, const char *filename)
COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
+ grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename);
+
header = find_header (buffer, len);
if (header == 0)
--
2.5.0

8
do-rebase
View file

@ -100,14 +100,14 @@ Date: Wed Jul 22 10:18:00 2015 -0400
Subject: Stop trying to "git format-patch" across a merge that confuses it
EOF
git diff --full-index --binary refs/tags/grub-2.02-beta2..refs/remotes/github/master
) > grub-2.02-beta2-to-origin-master.patch
git diff --full-index --binary refs/tags/grub-2.02-beta3..refs/remotes/github/master
) > grub-2.02-beta3-to-origin-master.patch
patches=$(git format-patch refs/remotes/github/master..refs/remotes/github/${releasever})
echo Patch0000: grub-2.02-beta2-to-origin-master.patch > grub.patches
echo Patch0000: grub-2.02-beta3-to-origin-master.patch > grub.patches
for x in $patches ; do
echo Patch$(echo ${x} | cut -d- -f1): ${x} >> grub.patches
done
rpmdev-bumpspec -c "- Rebased to newer upstream for ${releasever}" grub2.spec
git add 0*.patch grub2.spec grub-2.02-beta2-to-origin-master.patch grub.patches
git add 0*.patch grub2.spec grub-2.02-beta3-to-origin-master.patch grub.patches
fedpkg commit -s -c

22148
grub-2.02-beta2-to-origin-master.patch
View file

File diff suppressed because it is too large Load diff

54
grub-2.02-beta3-to-origin-master.patch Normal file
View file

@ -0,0 +1,54 @@
From: Peter Jones <pjones@redhat.com>
Date: Wed Jul 22 10:18:00 2015 -0400
Subject: Stop trying to "git format-patch" across a merge that confuses it
diff --git a/NEWS b/NEWS
index c9a975219fcc24162858e461f439886c4cb3841e..572eadb3ef27138481e91643b8bb60d27ce867c8 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ New in 2.02:
* ZFS features support.
* ZFS LZ4 support.
* XFS V5 format support.
+ * LVM RAID1 support.
* New/improved terminal and video support:
* Monochrome text (matching `hercules' in GRUB Legacy).
@@ -49,6 +50,7 @@ New in 2.02:
* Improve TFTP robustness.
* Parse `nd' disk names in GRUB Legacy configuration files.
* Issue separate DNS queries for IPv4 and IPv6.
+ * Support IPv6 Router Advertisement to configure default router.
* Coreboot improvements:
* CBFS support both in on-disk images (loopback) and flash.
@@ -96,6 +98,8 @@ New in 2.02:
EFI Stall. If everything fails, use hardcoded frequency 800MHz.
* Support Hyper-V Gen2 platforms which lack PIT for TSC calibration.
* Map UEFI Persistent Memory to E820 persistent memory.
+ * New Xen loader on ARM64.
+ * Respect alignment requirement for block device IO buffers on EFI.
* Security:
* Add optional facility to enforce that all files read by the core image
@@ -134,6 +138,11 @@ New in 2.02:
menu entry immediately.
* New `file' command and grub-file utility to check file types.
* New syslinux configuration file parser.
+ * Set menu entry class to primary OS name returned by os-prober to display
+ OS specific icon.
+ * On Linux x86 detect EFI word size in grub-install and automatically select
+ correct platform (x86_64-efi or i386-efi) to install. Requires Linux kernel
+ 4.0 or higher.
* Build system:
* Remove all uses of nested functions; GRUB no longer requires an
@@ -160,6 +169,8 @@ New in 2.02:
* emu libusb support removed (was broken and unmaintained).
* powerpc64le compile support.
* Use fixed timestamp when generating GRUB image for reproducible builds.
+ * Verify at build time that modules contain only supported relocations and their
+ structure matches what boot-time module loader expects.
* Revision control moved to git.

99
grub.patches
View file

@ -1,4 +1,4 @@
Patch0000: grub-2.02-beta2-to-origin-master.patch
Patch0000: grub-2.02-beta3-to-origin-master.patch
Patch0001: 0001-Migrate-PPC-from-Yaboot-to-Grub2.patch
Patch0002: 0002-Add-fw_path-variable-revised.patch
Patch0003: 0003-Add-support-for-linuxefi.patch
@ -31,47 +31,56 @@ Patch0029: 0029-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch
Patch0030: 0030-Don-t-say-GNU-Linux-in-generated-menus.patch
Patch0031: 0031-Don-t-draw-a-border-around-the-menu.patch
Patch0032: 0032-Use-the-standard-margin-for-the-timeout-string.patch
Patch0033: 0033-Fix-grub_script_execute_sourcecode-usage-on-ppc.patch
Patch0034: 0034-Add-.eh_frame-to-list-of-relocations-stripped.patch
Patch0035: 0035-Make-10_linux-work-with-our-changes-for-linux16-and-.patch
Patch0036: 0036-Don-t-print-during-fdt-loading-method.patch
Patch0037: 0037-Honor-a-symlink-when-generating-configuration-by-gru.patch
Patch0038: 0038-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch
Patch0039: 0039-Don-t-require-a-password-to-boot-entries-generated-b.patch
Patch0040: 0040-Don-t-emit-Booting-.-message.patch
Patch0041: 0041-Make-CTRL-and-ALT-keys-work-as-expected-on-EFI-syste.patch
Patch0042: 0042-May-as-well-try-it.patch
Patch0043: 0043-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
Patch0044: 0044-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
Patch0045: 0045-trim-arp-packets-with-abnormal-size.patch
Patch0046: 0046-Fix-convert-function-to-support-NVMe-devices.patch
Patch0047: 0047-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch
Patch0048: 0048-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch
Patch0049: 0049-Use-the-default-device-tree-from-the-grub-default-fi.patch
Patch0050: 0050-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
Patch0051: 0051-Reduce-timer-event-frequency-by-10.patch
Patch0052: 0052-always-return-error-to-UEFI.patch
Patch0053: 0053-Suport-for-bi-endianess-in-elf-file.patch
Patch0054: 0054-Add-grub_util_readlink.patch
Patch0055: 0055-Make-editenv-chase-symlinks-including-those-across-d.patch
Patch0056: 0056-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
Patch0057: 0057-Fix-GRUB_DISABLE_SUBMENU-one-more-time.patch
Patch0058: 0058-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch
Patch0059: 0059-Add-GRUB_DISABLE_UUID.patch
Patch0060: 0060-Allow-fallback-to-include-entries-by-title-not-just-.patch
Patch0061: 0061-Load-arm-with-SB-enabled.patch
Patch0062: 0062-Try-prefix-if-fw_path-doesn-t-work.patch
Patch0063: 0063-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch
Patch0064: 0064-Update-to-minilzo-2.08.patch
Patch0065: 0065-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
Patch0066: 0066-Make-rescue-and-debug-entries-sort-right-again-in-gr.patch
Patch0067: 0067-Make-.gitignore-suck-way-less.patch
Patch0068: 0068-Update-info-with-grub.cfg-netboot-selection-order-11.patch
Patch0069: 0069-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch
Patch0070: 0070-Add-friendly-grub2-password-config-tool-985962.patch
Patch0071: 0071-Make-exit-take-a-return-code.patch
Patch0072: 0072-Add-some-__unused__-where-gcc-5.x-is-more-picky-abou.patch
Patch0073: 0073-Fix-race-in-EFI-validation.patch
Patch0074: 0074-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch
Patch0075: 0075-Fix-security-issue-when-reading-username-and-passwor.patch
Patch0076: 0076-01_users-Handle-GRUB_PASSWORD-better.patch
Patch0033: 0033-Add-.eh_frame-to-list-of-relocations-stripped.patch
Patch0034: 0034-Make-10_linux-work-with-our-changes-for-linux16-and-.patch
Patch0035: 0035-Don-t-print-during-fdt-loading-method.patch
Patch0036: 0036-Honor-a-symlink-when-generating-configuration-by-gru.patch
Patch0037: 0037-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch
Patch0038: 0038-Don-t-require-a-password-to-boot-entries-generated-b.patch
Patch0039: 0039-Don-t-emit-Booting-.-message.patch
Patch0040: 0040-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch
Patch0041: 0041-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
Patch0042: 0042-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
Patch0043: 0043-trim-arp-packets-with-abnormal-size.patch
Patch0044: 0044-Fix-convert-function-to-support-NVMe-devices.patch
Patch0045: 0045-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch
Patch0046: 0046-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch
Patch0047: 0047-Use-the-default-device-tree-from-the-grub-default-fi.patch
Patch0048: 0048-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
Patch0049: 0049-Add-grub_util_readlink.patch
Patch0050: 0050-Make-editenv-chase-symlinks-including-those-across-d.patch
Patch0051: 0051-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
Patch0052: 0052-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch
Patch0053: 0053-Add-GRUB_DISABLE_UUID.patch
Patch0054: 0054-Allow-fallback-to-include-entries-by-title-not-just-.patch
Patch0055: 0055-Load-arm-with-SB-enabled.patch
Patch0056: 0056-Try-prefix-if-fw_path-doesn-t-work.patch
Patch0057: 0057-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch
Patch0058: 0058-Update-to-minilzo-2.08.patch
Patch0059: 0059-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
Patch0060: 0060-Make-.gitignore-suck-way-less.patch
Patch0061: 0061-Update-info-with-grub.cfg-netboot-selection-order-11.patch
Patch0062: 0062-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch
Patch0063: 0063-Add-friendly-grub2-password-config-tool-985962.patch
Patch0064: 0064-Make-exit-take-a-return-code.patch
Patch0065: 0065-Add-some-__unused__-where-gcc-5.x-is-more-picky-abou.patch
Patch0066: 0066-Fix-race-in-EFI-validation.patch
Patch0067: 0067-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch
Patch0068: 0068-ppc64le-sync-mkconfig-to-disk-1212114.patch
Patch0069: 0069-Use-device-part-of-chainloader-target-if-present.patch
Patch0070: 0070-Add-secureboot-support-on-efi-chainloader.patch
Patch0071: 0071-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch
Patch0072: 0072-Make-efi-machines-load-an-env-block-from-a-variable.patch
Patch0073: 0073-Fix-security-issue-when-reading-username-and-passwor.patch
Patch0074: 0074-01_users-Handle-GRUB_PASSWORD-better.patch
Patch0075: 0075-Make-grub_fatal-also-backtrace.patch
Patch0076: 0076-Failed-config-now-returns-exit-code-1252311.patch
Patch0077: 0077-Core-TPM-support.patch
Patch0078: 0078-Measure-kernel-initrd.patch
Patch0079: 0079-Add-BIOS-boot-measurement.patch
Patch0080: 0080-Rework-linux-command.patch
Patch0081: 0081-Rework-linux16-command.patch
Patch0082: 0082-Measure-kernel-and-initrd-on-BIOS-systems.patch
Patch0083: 0083-Measure-the-kernel-commandline.patch
Patch0084: 0084-Measure-commands.patch
Patch0085: 0085-Measure-multiboot-images-and-modules.patch

7
grub2.spec
View file

@ -39,13 +39,13 @@
%endif
%global tarversion 2.02~beta2
%global tarversion 2.02~beta3
%undefine _missing_build_ids_terminate_build
Name: grub2
Epoch: 1
Version: 2.02
Release: 0.25%{?dist}
Release: 0.26%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
@ -546,6 +546,9 @@ fi
%{_datarootdir}/grub/themes/starfield
%changelog
* Fri Mar 04 2016 Peter Jones <pjones@redhat.com> - 2.02-0.26
- Rebased to newer upstream (grub-2.02-beta3) for fedora-24
* Thu Dec 10 2015 Peter Jones <pjones@redhat.com> - 2.02-0.25
- Fix security issue when reading username and password
Related: CVE-2015-8370

2
sources
View file

@ -1,3 +1,3 @@
566c4668b90b610c1f6c0c402cbd6ab0 theme.tar.bz2
8c28087c5fcb3188f1244b390efffdbe unifont-5.1.20080820.pcf.gz
be62932eade308a364ea4bbc91295930 grub-2.02~beta2.tar.xz
ab399fc6f74a97d66ff77f04b743149c grub-2.02~beta3.tar.xz