Commit graph

628 commits

Author SHA1 Message Date
Christian Kellner
a32aa179fa Transition existing installations to unified GRUB configuration
The previous commits, especially b14117, unified the grub config
locations across all platforms. In brief, this means that in the
case of EFI, the config file in the EFI System Partition (ESP)
is now meant to be a small stub config file that will in turn
load the main configuration in /boot/grub2, which is used on
all other platforms as well. For new installations all this is
done by the Anaconda installer. But existing installations also
need to be adapted.
Add a %posttrans script to the grub2-common package that will,
if a non-unified installation is detected, transition it into
a unified one. This is done by moving the main grub.cfg file
from the ESP to /boot/grub2, creating minimal stub on the ESP
instead. Additionally, the grubenv file is also moved from the
ESP to /boot/grub2.
The detection of the non-unified installation is done by
checking if the grub.cfg on the ESP contains the 'configfile'
directive. If so, it is assumed the system has a unified
grub configuration.

Signed-off-by: Christian Kellner <christian@kellner.me>
2021-02-22 19:32:42 +01:00
Javier Martinez Canillas
b141171629
Appended signatures support, unify GRUB config location and some fixes
- Remove -fcf-protection compiler flag to allow i386 builds (law)
  Related: rhbz#1915452
- Unify GRUB configuration file location across all platforms
  Related: rhbz#1918817
- Add 'at_keyboard_fallback_set' var to force the set manually (rmetrich)
- Add appended signatures support for ppc64le LPAR Secure Boot (daxtens)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-09 01:04:42 +01:00
Javier Martinez Canillas
4fe0f66632
Unify GRUB configuration file location across all platforms
The GRUB configuration files layout on EFI platforms isn't consistent with
other non-EFI platforms (e.g: legacy BIOS x86 and Open Firmware ppc64le).

On platforms using EFI, the GRUB config file (grub.cfg) and environment
variables block (grubenv) are stored in the EFI System Partition (ESP),
while for non-EFI platforms these are stored in the boot partition (or
/boot directory if not boot partition is used).

The reason for this is that the path where the GRUB bootloader searches
for its configuration file varies depending on the firmware interface.

For EFI the GRUB binary is located in the ESP and it expects to find its
config file in that location as well. But this creates the mentioned
inconsistency, because the GRUB configuration file has to be stored in
/boot/efi/EFI/fedora/grub.cfg while for non-EFI platforms it has to be
stored in /boot/grub2/grub.cfg.

To allow all platforms to have the GRUB config file in the same location,
only a minimal config file could be stored in the ESP and this will load
the one that is stored in /boot/grub2.

Related: rhbz#1918817

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-09 00:44:03 +01:00
Jeff Law
3a8f1e293b
Remove -fcf-protection compiler flag to allow i386 builds
GRUB uses -march=i386 to build the x86 BIOS code but recent changes in the
default %{optflags} enabled the -fcf-protection flag that's not compatible
with pre-i686 CPUs.

This led to a build error in the grub2 package. To avoid this failure and
let the package to build again, remove the -fcf-protection flag for now.

Related: rhbz#1915452

Signed-off-by: Jeff Law <law@redhat.com>
2021-02-08 19:42:10 +01:00
Javier Martinez Canillas
ca5becb9a3
Fix module loading in the 20_linux_xen script
Resolves: rhbz#1858364

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-02-08 13:30:04 +01:00
Javier Martinez Canillas
f9736ec085
at_keyboard: use set 1 when keyboard is in Translate mode
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-01-12 17:01:31 +01:00
Javier Martinez Canillas
d84350c121
Add DNF protected.d fragments and pull a few fixes and enhancements
- Add DNF protected.d fragments for GRUB packages
  Resolves: rhbz#1874541
- Include keylayouts and at_keyboard modules in EFI builds
- Add GRUB enhanced debugging features
- ieee1275: Avoiding many unecessary open/close
- ieee1275: device mapper and fibre channel discovery support
- Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-31 16:17:43 +01:00
Javier Martinez Canillas
8c2cf1c368
Add DNF protected.d fragments for GRUB packages
Users can unintentionally remove the grub2 packages and break their system
by deleting the bootloader. To prevent this mark them as protected by DNF.

Resolves: rhbz#1874541

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 22:45:54 +01:00
Javier Martinez Canillas
c321e640dc
Include keylayouts and at_keyboard modules in EFI builds
This is needed to support PC AT keyboards on machines using EFI.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 20:50:03 +01:00
Javier Martinez Canillas
ec73df1b6e
Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch
The /boot/grub2/grubenv file is not installed by the grub2 packages but
is either a symbolic link created on %install or a regular file created
by Anaconda during installation.

This is causing the tps-rpmtest to fail in some architectures since the
file attributes don't match what's expected by the package. Because is
a special file, make verification  to ignore the size, mode, checksum
and mtime attributes.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-12-30 20:50:03 +01:00
Oğuz Ersen
96eeab8abd Update 0131-Add-grub-set-bootflag-utility.patch
Fix name of menu_show_once bootflag in man page.
2020-12-24 10:14:04 +00:00
Peetz0r
5a625020e2
Fixed some typos in grub-install.8 man page 2020-12-18 00:32:39 +01:00
Florian Weimer
fac1a22c9e
Remove build dependency on autogen 2020-11-11 16:52:19 +01:00
Javier Martinez Canillas
f7e054f3d6
Roll over TFTP block counter to prevent timeouts with data packets
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-31 14:19:03 +02:00
Javier Martinez Canillas
ae1167a78d
Set TFTP blocksize to 1428 instead of 2048 to avoid IP fragmentation
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-21 15:59:56 +02:00
Javier Martinez Canillas
cc2f966c55
Fix TFTP timeouts when trying to fetch files larger than 65535 KiB
Resolves: rhbz#1869335

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-21 12:56:15 +02:00
Javier Martinez Canillas
db0149e860
Add support for "systemctl reboot --boot-loader-menu=xx"
Related: rhbz#1857389

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-08-12 14:43:54 +02:00
Peter Jones
47cf63735c "Minor" bug fixes
Resolves: CVE-2020-10713
Resolves: CVE-2020-14308
Resolves: CVE-2020-14309
Resolves: CVE-2020-14310
Resolves: CVE-2020-14311
Resolves: CVE-2020-15705
Resolves: CVE-2020-15706
Resolves: CVE-2020-15707

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-08-10 22:02:39 -04:00
Jeff Law
dc2f1a03d9 Move lto disablement to a point where it works for this package 2020-07-21 13:43:44 -06:00
Jeff Law
95f5dd8a82 Disable LTO 2020-06-30 14:10:27 -06:00
Javier Martinez Canillas
51e876849c
Only mark GRUB as BLS supported in OSTree systems with a boot partition
OSTree doesn't support installations that don't have a boot partition. The
BLS snippets assume that there will be one, so this has to be checked and
only mark GRUB as supporting BLS in OSTree systems have a boot partition.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-18 17:18:11 +02:00
Javier Martinez Canillas
9f83bf2258
Fix build with rpm-4.16 and a HTTP boot issue with relative paths
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-08 10:15:55 +02:00
Javier Martinez Canillas
0993459d92
Install GRUB as \EFI\BOOT\BOOTARM.EFI in armv7hl
The Default Boot Behavior for EFI if no BootOrder and Boot#### variables
are found is to look for an ESP and start \EFI\BOOT\BOOT{$arch}.efi.

This is usually fallback.efi installed by the shim package, but since shim
isn't used on armv7, there's no \EFI\BOOT\BOOTARM.EFI installed in the ESP.

So install GRUB as \EFI\BOOT\BOOTARM.EFI for armv7 so there is a default
EFI binary to be started.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-07 10:50:19 +02:00
Javier Martinez Canillas
098a8a9e99
Fix an out of memory error when loading large initrd images
Resolves: rhbz#1838633

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-26 18:09:54 +02:00
Javier Martinez Canillas
7fb7a6a7a5
Don't update BLS files that aren't managed by GRUB scripts
Resolves: rhbz#1837783

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-20 14:21:29 +02:00
Javier Martinez Canillas
68246dd736
Only enable the tpm module for EFI platforms
The module is only built for EFI, so don't enable it for other platforms.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-18 13:26:28 +02:00
Javier Martinez Canillas
4cf8c08cf7
Enable tpm module and make system to boot even if TPM measurements fail
Since GRUB 2.04 there is support for TPM measurements in a tpm module that
uses the verifiers framework. So this is used now instead of the previous
downstream patches that we were carrying.

But we forgot to enable this module when rebasing to 2.04 which leads to
GRUB no longer measuring the kernel, initrd and command line parameters.

One side effect of using the verifiers framework is that if measurements
fail, GRUB won't be able to open the files since the errors from the tpm
module are propagated. This means that a firmware with a buggy tpm support
will prevent the machine to boot, which was not the case with the previous
downstream patches. Don't propagate the measurement errors to prevent this.

Resolves: rhbz#1836433

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-18 10:19:45 +02:00
Adam Williamson
4ff1f12e40 10_linux.in: restore existence check in get_sorted_bls 2020-05-14 18:02:26 -07:00
Javier Martinez Canillas
4a742183a3
Store cmdline in BLS snippets instead of using a grubenv variable
The kernel cmdline was stored as a kernelopts variable in the grubenv file
and the BLS snippets used that. But this turned out to be fragile since the
grubenv file could be removed or get corrupted easily.

To prevent the entries to not have a cmdline if the grubenv can't be read,
a fallback variable was set in the GRUB config file. But this still caused
issues since the config needs to be re-generated to change the parameters.

Instead, let's store the cmdline in the BLS snippets. This will make the
configuration more robust, since it will work even without the grubenv
file and the BLS entries will contain all the information needed to boot.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-13 20:03:20 +02:00
Javier Martinez Canillas
107dc9a693
Fix a segfault in grub2-editenv when attempting to shrink a variable
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-05-12 20:17:50 +02:00
Javier Martinez Canillas
b914a7e168
Fix bugs in the blscfg module and in the 10_linux script for ppc64le
blscfg: Lookup default_kernelopts variable as fallback for options
  Related: rhbz#1765297
10_linux.in: fix early exit due error when reading petitboot version
  Resolves: rhbz#1827397

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-30 15:55:52 +02:00
Javier Martinez Canillas
b28e5aa886
efi: Set image base address before jumping to the PE/COFF entry point
Resolves: rhbz#1825411

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-23 21:35:17 +02:00
Javier Martinez Canillas
5b188159a7
Make the grub-switch-to-blscfg and 10_linux scripts more robust
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-16 21:42:23 +02:00
Javier Martinez Canillas
7509e59c4a
Drop 10_linux_bls and avoid corner case of blsdir set with ostree
The logic to parse the BLS configs to generate a set of menuentry commands
that's needed on ppc64le machines with bootloaders that don't have support
to parse BLS config directly, was implemented in a 10_linux_bls script.

But there's no need to have a separate script just for this and this logic
can be merged into the 10_linux script to avoid code duplication.

Also since the blscfg module will also now be used by ostree-based distros
there is a possible corner case in which a user set the blsdir variable to
a BLS directory path that is different than the default used by ostree.

So to avoid possible issues, only drop the marker file to specify that the
bootloader has support to parse BLS files if this variable hasn't been set.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-04-02 14:44:30 +02:00
Javier Martinez Canillas
7c2bab5e98
grub-switch-to-blscfg: Update grub2 binary in ESP for OSTree systems
Related: rhbz#1751272

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-03-26 18:30:49 +01:00
Javier Martinez Canillas
904d351ffd
Fix for entries having an empty initrd command and HTTP boot issues
Resolves: rhbz#1806022

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-03-17 19:04:44 +01:00
Peter Jones
1ac3b7869a Add a noautobuild file
Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-21 13:34:34 -05:00
Javier Martinez Canillas
fbe5a8c26a
A bunch of RISC-V build fixes and some cleanups
- Add riscv64 support to grub.macros and RISC-V build fixes (davidlt)
- blscfg: Always use the root variable to search for BLS snippets
- bootstrap.conf: Force autogen.sh to use python3

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-01-16 16:01:15 +01:00
David Abdurachmanov
b888fb3a32
Add RISC-V (riscv64) support to grub.macros
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
2020-01-16 15:35:56 +01:00
Javier Martinez Canillas
89bc295877
Make blscfg to support the GRUB_SAVEDEFAULT option
This option was not supported on a BLS configuration.

Resolves: rhbz#1704926

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-01-13 19:54:14 +01:00
Peter Jones
190e583e94 Add zstd to the EFI module list.
cmurf and javierm noticed[0] that we don't have zstd enabled, and that could
cause issues in some cases for /boot on btrfs subvolumes.  This adds it to our
module list.

[0] https://github.com/rhinstaller/anaconda/pull/2255#discussion_r359123085

Related: rhbz#1418336

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-06 10:30:23 -05:00
Peter Jones
0cb30b7d2b Renumber sources
This gets rid of the vestigial remnants of the now-obsolete
release-to-master.patch , and moves gnulib to be earlier in our source list.

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-06 10:28:40 -05:00
Peter Robinson
af4ccfff6b drop tools-extra from grub2-pc dependencies 2019-12-12 02:04:27 +00:00
Javier Martinez Canillas
3f3dfd4006
A couple BLS fixes and various grub2 cleanups
- Various grub2 cleanups (pbrobinson)
- Another fix for blscfg variable expansion support
- blscfg: Add support for sorting the plus ('+') higher than base version
  Resolves: rhbz#1767395

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-12-05 17:21:27 +01:00
Peter Robinson
8733281382
various grub2 cleanups
- drop deprecated groups from the macros file, already gone from main spec.
- don't ship arch specific bits in tools-extra that are already special cased in tools
- move grub2-glue-efi to tools-efi, it's Mac specific and there's othe Mac efi tools there
- drop tools-extra dep for efi binaries, all in tools-efi and anaconda deals with that
- put grub2-install man page in the right package with the util
- other minor cleanups
2019-12-05 17:01:50 +01:00
Javier Martinez Canillas
5db4bc774e
Fix a grub hidden-menu regression and a bug in blscfg variable expansion
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-11-27 12:12:44 +01:00
Javier Martinez Canillas
eeeca9c900
grub-set-bootflag: Write new env to tmpfile and then rename
Resolves: CVE-2019-14865
Resolves: rhbz#1776580

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-11-26 11:43:57 +01:00
Javier Martinez Canillas
d3ceae4bfd
Some BLS cleanups and fixes
- 20-grub-install: Don't add an id field to generated BLS snippets
- 99-grub-mkconfig: Disable BLS usage for Xen machines
  Resolves: rhbz#1703700
- Don't add a class option to menu entries generated for ppc64le
  Resolves: rhbz#1758225
- 10_linux.in: Also use GRUB_CMDLINE_LINUX_DEFAULT to set kernelopts
- blscfg: Don't hardcode an env var as fallback for the BLS options field
  Resolves: rhbz#1710483

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-10-17 13:41:17 +02:00
Javier Martinez Canillas
897e388763
99-grub-mkconfig: Disable BLS usage for Xen machines
PV and PVH Xen DomU guests boot with pygrub that doesn't have BLS support.
Also Xen Dom0 use the menuentries from 20_linux_xen and not the ones from
10_linux. So BLS support needs to be disabled for both Xen Dom0 and DomU
and use a traditional grub.cfg file generated by the grub2-mkconfig tool.

Resolves: rhbz#1703700

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Tested-by: Steven Haigh <netwiz@crc.id.au>
2019-10-16 11:42:54 +02:00
Javier Martinez Canillas
7ea6052755
20-grub-install: Don't add an id field to generated BLS snippets
The id field isn't used anymore by the blscfg module and instead the BLS
filename without the .conf is used as the id for the generated menu entry.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-10-15 14:07:05 +02:00