SLFO-pool/grub2
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main grub2 revision 9f1dd6e43dce259b7b25edf576c620f4

Browse Source
This commit is contained in:
Adrian Schröter 2024-07-03 10:52:42 +02:00
parent 5a5e453693
commit eb839a715e
51 changed files with 5006 additions and 1427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
0001-Unify-the-check-to-enable-btrfs-relative-path.patch
View File

@ -88,8 +88,8 @@ Signed-off-by: Michael Chang <mchang@suse.com>
switch (platform)
{
case GRUB_INSTALL_PLATFORM_I386_EFI:
@@ -1454,8 +1493,7 @@
debug_image);
@@ -1478,8 +1517,7 @@
debug_image);
}
- if (config.is_suse_btrfs_snapshot_enabled
@ -98,7 +98,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
{
if (!load_cfg_f)
load_cfg_f = grub_util_fopen (load_cfg, "wb");
@@ -1669,21 +1707,13 @@
@@ -1670,21 +1708,13 @@
#ifdef __linux__
@ -124,7 +124,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
if (subvol && mount_path)
{
@@ -1708,11 +1738,6 @@
@@ -1709,11 +1739,6 @@
}
}

1613
0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch Normal file
View File

File diff suppressed because it is too large Load Diff

37
0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch Normal file
View File

@ -0,0 +1,37 @@
From 5846e14a4dbf0c73969a32625d841e4f842ccdea Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 31 Jan 2024 18:44:27 +0800
Subject: [PATCH] disk: Optimize disk iteration by moving memdisk to the end
When performing file or UUID-based searches, prioritize returning
operating system disk devices over the memdisk. The memdisk, typically
used for internal grub data, is moved to the last position in the search
order. This improves search efficiency and prevents potential unexpected
results.
Signed-off-by: Michael Chang <mchang@suse.com>
---
include/grub/disk.h | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/grub/disk.h b/include/grub/disk.h
index bf0958885..f4fd7a00f 100644
--- a/include/grub/disk.h
+++ b/include/grub/disk.h
@@ -244,7 +244,12 @@ grub_disk_dev_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data)
for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++)
for (p = grub_disk_dev_list; p; p = p->next)
- if (p->disk_iterate && (p->disk_iterate) (hook, hook_data, pull))
+ if (p->id != GRUB_DISK_DEVICE_MEMDISK_ID && p->disk_iterate && (p->disk_iterate) (hook, hook_data, pull))
+ return 1;
+
+ for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++)
+ for (p = grub_disk_dev_list; p; p = p->next)
+ if (p->id == GRUB_DISK_DEVICE_MEMDISK_ID && p->disk_iterate && (p->disk_iterate) (hook, hook_data, pull))
return 1;
return 0;
--
2.43.0

35
0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
View File

@ -1,35 +0,0 @@
From 652b221a5eacb1421891c1469608028e2c2f0615 Mon Sep 17 00:00:00 2001
From: Glenn Washburn <development@efficientek.com>
Date: Fri, 18 Aug 2023 12:27:22 -0500
Subject: [PATCH] disk/cryptodisk: Fix missing change when updating to use
grub_uuidcasecmp
This was causing the cryptomount command to return failure even though
the crypto device was successfully added. Of course, this meant that any
script using the return code would behave unexpectedly.
Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner)
Suggested-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/cryptodisk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 802b191b2..c79d4125a 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1323,7 +1323,8 @@ grub_cryptodisk_scan_device (const char *name,
dev = grub_cryptodisk_scan_device_real (name, source, cargs);
if (dev)
{
- ret = (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, dev->uuid) == 0);
+ ret = (cargs->search_uuid != NULL
+ && grub_uuidcasecmp (cargs->search_uuid, dev->uuid, sizeof (dev->uuid)) == 0);
goto cleanup;
}
--
2.41.0

33
0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
View File

@ -1,33 +0,0 @@
From f903b9a9adb64e733e581771d2a24efae7fbe529 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de>
Date: Thu, 5 Oct 2023 11:02:25 +0200
Subject: [PATCH] fs/btrfs: Zero file data not backed by extents
Implicit holes in file data need to be zeroed explicitly, instead of
just leaving the data in the buffer uninitialized.
This led to kernels randomly failing to boot in "fun" ways when loaded
from btrfs with the no_holes feature enabled, because large blocks of
zeros in the kernel file contained random data instead.
Signed-off-by: Fabian Vogt <fvogt@suse.de>
---
grub-core/fs/btrfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 19bff4610..ba0c58352 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -1603,6 +1603,8 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
csize = grub_le_to_cpu64 (key_out.offset) - pos;
if (csize > len)
csize = len;
+
+ grub_memset (buf, 0, csize);
buf += csize;
pos += csize;
len -= csize;
--
2.42.0

93
0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
View File

@ -1,93 +0,0 @@
From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:31:57 +0300
Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the
$ATTRIBUTE_LIST attribute for the $MFT file
When parsing an extremely fragmented $MFT file, i.e., the file described
using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
containing bytes read from the underlying drive to store sector numbers,
which are consumed later to read data from these sectors into another buffer.
These sectors numbers, two 32-bit integers, are always stored at predefined
offsets, 0x10 and 0x14, relative to first byte of the selected entry within
the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
However, when parsing a specially-crafted file system image, this may cause
the NTFS code to write these integers beyond the buffer boundary, likely
causing the GRUB memory allocator to misbehave or fail. These integers contain
values which are controlled by on-disk structures of the NTFS file system.
Such modification and resulting misbehavior may touch a memory range not
assigned to the GRUB and owned by firmware or another EFI application/driver.
This fix introduces checks to ensure that these sector numbers are never
written beyond the boundary.
Fixes: CVE-2023-4692
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bbdbe24ad..c3c4db117 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
if (at->attr_end)
{
- grub_uint8_t *pa;
+ grub_uint8_t *pa, *pa_end;
at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
if (at->emft_buf == NULL)
@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
at->attr_nxt = at->edat_buf;
at->attr_end = at->edat_buf + u32at (pa, 0x30);
+ pa_end = at->edat_buf + n;
}
else
{
at->attr_nxt = at->attr_end + u16at (pa, 0x14);
at->attr_end = at->attr_end + u32at (pa, 4);
+ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
}
at->flags |= GRUB_NTFS_AF_ALST;
while (at->attr_nxt < at->attr_end)
@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
at->flags |= GRUB_NTFS_AF_GPOS;
at->attr_cur = at->attr_nxt;
pa = at->attr_cur;
+
+ if ((pa >= pa_end) || (pa_end - pa < 0x18))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
+ return NULL;
+ }
+
grub_set_unaligned32 ((char *) pa + 0x10,
grub_cpu_to_le32 (at->mft->data->mft_start));
grub_set_unaligned32 ((char *) pa + 0x14,
@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
{
if (*pa != attr)
break;
+
+ if ((pa >= pa_end) || (pa_end - pa < 0x18))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
+ return NULL;
+ }
+
if (read_attr
(at, pa + 0x10,
u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
--
2.42.0

51
0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
View File

@ -1,51 +0,0 @@
From b541e93b4dab6f652941d086af4fe2da676d0ee3 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Thu, 28 Sep 2023 22:33:44 +0000
Subject: [PATCH 1/3] fs/xfs: Incorrect short form directory data boundary
check
After parsing of the current entry, the entry pointer is advanced
to the next entry at the end of the "for" loop. In case where the
last entry is at the end of the data boundary, the advanced entry
pointer can point off the data boundary. The subsequent boundary
check for the advanced entry pointer can cause a failure.
The fix is to include the boundary check into the "for" loop
condition.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/fs/xfs.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index b91cd32b4..ebf962793 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
if (iterate_dir_call_hook (parent, "..", &ctx))
return 1;
- for (i = 0; i < head->count; i++)
+ for (i = 0; i < head->count &&
+ (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)); i++)
{
grub_uint64_t ino;
grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de);
@@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
de->name[de->len] = c;
de = grub_xfs_inline_next_de(dir->data, head, de);
-
- if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
- return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
-
}
break;
}
--
2.42.1

48
0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch Normal file
View File

@ -0,0 +1,48 @@
From 045aae8fe7238aabc217700df4d17d83b7d891f3 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 23 Jan 2024 12:46:16 +0800
Subject: [PATCH] fs/xfs: always verify the total number of entries is not zero
---
grub-core/fs/xfs.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index bc2224dbb..1ce5fa4fc 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -900,6 +900,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
{
struct grub_xfs_dir2_entry *direntry =
grub_xfs_first_de(dir->data, dirblock);
+ struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock);
+
int entries = -1;
char *end = dirblock + dirblk_size;
@@ -918,18 +920,16 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
*/
if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
{
- struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock);
-
end = (char *) tail;
/* Subtract the space used by leaf nodes. */
end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct grub_xfs_dir_leaf_entry);
+ }
- entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale);
+ entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale);
- if (!entries)
- continue;
- }
+ if (!entries)
+ continue;
/* Iterate over all entries within this block. */
while ((char *) direntry < (char *) end)
--
2.43.0

229
0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
View File

@ -1,229 +0,0 @@
From 4bcf6f747c3ab0b998c6f5a361804e38bc9c4334 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Wed, 4 Oct 2023 11:32:35 -0400
Subject: [PATCH] kern/ieee1275/init: Restrict high memory in presence of
fadump on ppc64
When a kernel dump is present then restrict the high memory regions to
avoid allocating memory where the kernel dump resides. Use the
ibm,kernel-dump node under /rtas to determine whether a kernel dump
exists and up to which limit GRUB can use available memory. Set the
upper_mem_limit to the size of the kernel dump section of type
REAL_MODE_REGION and therefore only allow GRUB's memory usage for high
addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can
use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit
and the kernel-dump memory regions above upper_mem_limit remain
untouched. This change has no effect on memory allocations below
linux_rmo_save (typically at 640MB).
Also, fall back to allocating below rmo_linux_save in case the chunk of
memory there would be larger than the chunk of memory above RMO_ADDR_MAX.
This can for example occur if a free memory area is found starting at 300MB
extending up to 1GB but a kernel dump is located at 768MB and therefore
does not allow the allocation of the high memory area but requiring to use
the chunk starting at 300MB to avoid an unnecessary out-of-memory condition.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Hari Bathini <hbathini@linux.ibm.com>
Cc: Pavithra Prakash <pavrampu@in.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Carolyn Scherrer <cpscherr@us.ibm.com>
Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/ieee1275/init.c | 144 ++++++++++++++++++++++++++++++++-
1 file changed, 142 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index bd9a4804b..d6c9c9049 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -17,6 +17,8 @@
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <stddef.h> /* offsetof() */
+
#include <grub/kernel.h>
#include <grub/dl.h>
#include <grub/disk.h>
@@ -196,6 +198,96 @@ grub_claim_heap (void)
#else
/* Helpers for mm on powerpc. */
+/* ibm,kernel-dump data structures */
+struct kd_section
+{
+ grub_uint32_t flags;
+ grub_uint16_t src_datatype;
+#define KD_SRC_DATATYPE_REAL_MODE_REGION 0x0011
+ grub_uint16_t error_flags;
+ grub_uint64_t src_address;
+ grub_uint64_t num_bytes;
+ grub_uint64_t act_bytes;
+ grub_uint64_t dst_address;
+} GRUB_PACKED;
+
+#define MAX_KD_SECTIONS 10
+
+struct kernel_dump
+{
+ grub_uint32_t format;
+ grub_uint16_t num_sections;
+ grub_uint16_t status_flags;
+ grub_uint32_t offset_1st_section;
+ grub_uint32_t num_blocks;
+ grub_uint64_t start_block;
+ grub_uint64_t num_blocks_avail;
+ grub_uint32_t offet_path_string;
+ grub_uint32_t max_time_allowed;
+ struct kd_section kds[MAX_KD_SECTIONS]; /* offset_1st_section should point to kds[0] */
+} GRUB_PACKED;
+
+/*
+ * Determine if a kernel dump exists and if it does, then determine the highest
+ * address that grub can use for memory allocations.
+ * The caller must have initialized *highest to rmo_top. *highest will not
+ * be modified if no kernel dump is found.
+ */
+static void
+check_kernel_dump (grub_uint64_t *highest)
+{
+ struct kernel_dump kernel_dump;
+ grub_ssize_t kernel_dump_size;
+ grub_ieee1275_phandle_t rtas;
+ struct kd_section *kds;
+ grub_size_t i;
+
+ /* If there's a kernel-dump it must have at least one section */
+ if (grub_ieee1275_finddevice ("/rtas", &rtas) ||
+ grub_ieee1275_get_property (rtas, "ibm,kernel-dump", &kernel_dump,
+ sizeof (kernel_dump), &kernel_dump_size) ||
+ kernel_dump_size <= (grub_ssize_t) offsetof (struct kernel_dump, kds[1]))
+ return;
+
+ kernel_dump_size = grub_min (kernel_dump_size, (grub_ssize_t) sizeof (kernel_dump));
+
+ if (grub_be_to_cpu32 (kernel_dump.format) != 1)
+ {
+ grub_printf (_("Error: ibm,kernel-dump has an unexpected format version '%u'\n"),
+ grub_be_to_cpu32 (kernel_dump.format));
+ return;
+ }
+
+ if (grub_be_to_cpu16 (kernel_dump.num_sections) > MAX_KD_SECTIONS)
+ {
+ grub_printf (_("Error: Too many kernel dump sections: %d\n"),
+ grub_be_to_cpu32 (kernel_dump.num_sections));
+ return;
+ }
+
+ for (i = 0; i < grub_be_to_cpu16 (kernel_dump.num_sections); i++)
+ {
+ kds = (struct kd_section *) ((grub_addr_t) &kernel_dump +
+ grub_be_to_cpu32 (kernel_dump.offset_1st_section) +
+ i * sizeof (struct kd_section));
+ /* sanity check the address is within the 'kernel_dump' struct */
+ if ((grub_addr_t) kds > (grub_addr_t) &kernel_dump + kernel_dump_size + sizeof (*kds))
+ {
+ grub_printf (_("Error: 'kds' address beyond last available section\n"));
+ return;
+ }
+
+ if ((grub_be_to_cpu16 (kds->src_datatype) == KD_SRC_DATATYPE_REAL_MODE_REGION) &&
+ (grub_be_to_cpu64 (kds->src_address) == 0))
+ {
+ *highest = grub_min (*highest, grub_be_to_cpu64 (kds->num_bytes));
+ break;
+ }
+ }
+
+ return;
+}
+
/*
* How much memory does OF believe exists in total?
*
@@ -275,10 +367,31 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
*
* Finally, we also want to make sure that when grub loads the kernel,
* it isn't going to use up all the memory we're trying to reserve! So
- * enforce our entire RUNTIME_MIN_SPACE here:
+ * enforce our entire RUNTIME_MIN_SPACE here (no fadump):
+ *
+ * | Top of memory == upper_mem_limit -|
+ * | |
+ * | available |
+ * | |
+ * |---------- 768 MB ----------|
+ * | |
+ * | reserved |
+ * | |
+ * |--- 768 MB - runtime min space ---|
+ * | |
+ * | available |
+ * | |
+ * |---------- 0 MB ----------|
+ *
+ * In case fadump is used, we allow the following:
*
* |---------- Top of memory ----------|
* | |
+ * | unavailable |
+ * | (kernel dump area) |
+ * | |
+ * |--------- upper_mem_limit ---------|
+ * | |
* | available |
* | |
* |---------- 768 MB ----------|
@@ -333,17 +446,44 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
}
else
{
+ grub_uint64_t upper_mem_limit = rmo_top;
+ grub_uint64_t orig_addr = addr;
+
+ check_kernel_dump (&upper_mem_limit);
+
/*
* we order these cases to prefer higher addresses and avoid some
* splitting issues
+ * The following shows the order of variables:
+ * no kernel dump: linux_rmo_save < RMO_ADDR_MAX <= upper_mem_limit == rmo_top
+ * with kernel dump: liuxx_rmo_save < RMO_ADDR_MAX <= upper_mem_limit <= rmo_top
*/
- if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX)
+ if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX && upper_mem_limit >= RMO_ADDR_MAX)
{
grub_dprintf ("ieee1275",
"adjusting region for RUNTIME_MIN_SPACE: (%llx -> %llx) -> (%llx -> %llx)\n",
addr, addr + len, RMO_ADDR_MAX, addr + len);
len = (addr + len) - RMO_ADDR_MAX;
addr = RMO_ADDR_MAX;
+
+ /* We must not exceed the upper_mem_limit (assuming it's >= RMO_ADDR_MAX) */
+ if (addr + len > upper_mem_limit)
+ {
+ /* take the bigger chunk from either below linux_rmo_save or above upper_mem_limit */
+ len = upper_mem_limit - addr;
+ if (orig_addr < linux_rmo_save && linux_rmo_save - orig_addr > len)
+ {
+ /* lower part is bigger */
+ addr = orig_addr;
+ len = linux_rmo_save - addr;
+ }
+
+ grub_dprintf ("ieee1275", "re-adjusted region to: (%llx -> %llx)\n",
+ addr, addr + len);
+
+ if (len == 0)
+ return 0;
+ }
}
else if ((addr < linux_rmo_save) && ((addr + len) > linux_rmo_save))
{
--
2.42.0

43
0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch Normal file
View File

@ -0,0 +1,43 @@
From d683bed5c76c54e6bc5c26eef2f8d7136a3c75c4 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Thu, 11 Aug 2022 16:51:57 +0200
Subject: [PATCH] loader/arm64/efi/linux: Remove magic number header field
check
The "ARM\x64" magic number in the file header identifies an image as one
that implements the bare metal boot protocol, allowing the loader to
simply move the file to a suitably aligned address in memory, with
sufficient headroom for the trailing .bss segment (the required memory
size is described in the header as well).
Note of this matters for GRUB, as it only supports EFI boot. EFI does
not care about this magic number, and nor should GRUB: this prevents us
from booting other PE linux images, such as the generic EFI zboot
decompressor, which is a pure PE/COFF image, and does not implement the
bare metal boot protocol.
So drop the magic number check.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/arm64/efi/linux.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c
index 33df0e1fd..a9f5e05e4 100644
--- a/grub-core/loader/arm64/efi/linux.c
+++ b/grub-core/loader/arm64/efi/linux.c
@@ -57,9 +57,6 @@ static grub_addr_t initrd_end;
static grub_err_t
grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh)
{
- if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE)
- return grub_error(GRUB_ERR_BAD_OS, "invalid magic number");
-
if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC)
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled"));
--
2.43.0

76
0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
View File

@ -1,76 +0,0 @@
From 1fdc9daf97a1518960e5603dd43a5f353cb3ca89 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 30 Nov 2023 13:45:13 +0800
Subject: [PATCH 1/2] mkstandalone: ensure stable timestamps for generated
images
This change mirrors a previous fix [1] but is specific to images
generated by grub-mkstandalone.
The former fix (85a7be241) focused on utilizing a stable timestamp
during binary generation in the util/mkimage context. This commit
extends that approach to the images produced by grub-mkstandalone,
ensuring consistency and stability in timestamps across all generated
binaries.
[1] 85a7be241 util/mkimage: Use stable timestamp when generating
binaries.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
---
util/grub-mkstandalone.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
index bdbeea6a6..8e1229925 100644
--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
@@ -30,6 +30,9 @@
#pragma GCC diagnostic error "-Wmissing-prototypes"
#pragma GCC diagnostic error "-Wmissing-declarations"
+/* use 2015-01-01T00:00:00+0000 as a stock timestamp */
+#define STABLE_EMBEDDING_TIMESTAMP 1420070400
+
static char *output_image;
static char **files;
static int nfiles;
@@ -184,7 +187,6 @@ add_tar_file (const char *from,
struct head hd;
grub_util_fd_t in;
ssize_t r;
- grub_uint32_t mtime = 0;
grub_uint32_t size;
COMPILE_TIME_ASSERT (sizeof (hd) == 512);
@@ -192,8 +194,6 @@ add_tar_file (const char *from,
if (grub_util_is_special_file (from))
return;
- mtime = grub_util_get_mtime (from);
-
optr = tcn = xmalloc (strlen (to) + 1);
for (iptr = to; *iptr == '/'; iptr++);
for (; *iptr; iptr++)
@@ -234,7 +234,7 @@ add_tar_file (const char *from,
memcpy (hd.gid, "0001750", 7);
set_tar_value (hd.size, optr - tcn, 12);
- set_tar_value (hd.mtime, mtime, 12);
+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
hd.typeflag = 'L';
memcpy (hd.magic, MAGIC, sizeof (hd.magic));
memcpy (hd.uname, "grub", 4);
@@ -264,7 +264,7 @@ add_tar_file (const char *from,
memcpy (hd.gid, "0001750", 7);
set_tar_value (hd.size, size, 12);
- set_tar_value (hd.mtime, mtime, 12);
+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
hd.typeflag = '0';
memcpy (hd.magic, MAGIC, sizeof (hd.magic));
memcpy (hd.uname, "grub", 4);
--
2.43.0

238
0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch Normal file
View File

@ -0,0 +1,238 @@
From b353ca96bf002a9262fdf74637f39615d003d069 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 8 Dec 2023 11:51:57 +0800
Subject: [PATCH 1/2] ofdisk: enhance boot time by focusing on boot disk
relevance
After a historical review, it's clear that a boot delay regression
coincided with the introduction of the fcp iterating patch. Reverting
this patch has shown promising signs in mitigating the issue. In order
to improve the efficiency, a more refined discovery process is proposed,
aiming to exclude device types differing from the boot disk to curtail
unnecessary iterations.
This patch extends prior efforts by exclusively targeting root device
discovery linked to the boot disk, verifying device types to prevent
process elongation.
It is worth noting that grub's opportunistic approach to assembling the
root device, seeking accessible results in parallel during iteration,
sometimes allows even a partially assembled RAID, albeit in a degraded
mode. However, delays stem from unrelated devices appearing before the
actual boot device.
To streamline the boot process, the patch utilizes parent nodes in
conjunction with block device nodes to extract essential boot-related
information. This refined identification method efficiently limits the
application's scope to devices connected to the chosen boot device,
notably optimizing subsequent device iteration. By adeptly filtering out
devices not linked to the same FCP (Fibre Channel Protocol) device, it
significantly enhances boot efficiency, ensuring a more streamlined and
efficient boot process.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/disk/ieee1275/ofdisk.c | 136 +++++++++++++++++++++++++++++--
1 file changed, 131 insertions(+), 5 deletions(-)
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -31,6 +31,13 @@
static char *last_devpath;
static grub_ieee1275_ihandle_t last_ihandle;
+#define IEEE1275_DISK_ALIAS "/disk@"
+#define IEEE1275_NVMEOF_DISK_ALIAS "/nvme-of/controller@"
+
+static char *boot_type;
+static char *boot_parent;
+static int is_boot_nvmeof;
+
struct ofdisk_hash_ent
{
char *devpath;
@@ -529,12 +536,21 @@
{
if (grub_strcmp (alias->type, "fcp") == 0)
{
- // Iterate disks
- dev_iterate_fcp_disks(alias);
-
- // Iterate NVMeoF
- dev_iterate_fcp_nvmeof(alias);
+ if (boot_type &&
+ grub_strcmp (boot_type, alias->type) != 0)
+ {
+ grub_dprintf ("ofdisk", "Skipped device: %s, type %s did not match boot_type %s\n",
+ alias->path, alias->type, boot_type);
+ goto iter_children;
+ }
+ if (grub_strcmp (boot_parent, alias->path) == 0)
+ {
+ if (is_boot_nvmeof)
+ dev_iterate_fcp_nvmeof(alias);
+ else
+ dev_iterate_fcp_disks(alias);
+ }
}
else if (grub_strcmp (alias->type, "vscsi") == 0)
{
@@ -552,6 +568,14 @@
char *buf, *bufptr;
unsigned i;
+ if (boot_type &&
+ grub_strcmp (boot_type, alias->type) != 0)
+ {
+ grub_dprintf ("ofdisk", "Skipped device: %s, type %s did not match boot_type %s\n",
+ alias->path, alias->type, boot_type);
+ return;
+ }
+
if (grub_ieee1275_open (alias->path, &ihandle))
return;
@@ -615,6 +639,14 @@
grub_uint16_t table_size;
grub_ieee1275_ihandle_t ihandle;
+ if (boot_type &&
+ grub_strcmp (boot_type, alias->type) != 0)
+ {
+ grub_dprintf ("ofdisk", "Skipped device: %s, type %s did not match boot_type %s\n",
+ alias->path, alias->type, boot_type);
+ goto iter_children;
+ }
+
buf = grub_malloc (grub_strlen (alias->path) +
sizeof ("/disk@7766554433221100"));
if (!buf)
@@ -674,6 +706,7 @@
return;
}
+ iter_children:
{
struct grub_ieee1275_devalias child;
@@ -1046,6 +1079,68 @@
.next = 0
};
+static char *
+get_parent_devname (const char *devname, int *is_nvmeof)
+{
+ char *parent, *pptr;
+
+ if (is_nvmeof)
+ *is_nvmeof = 0;
+
+ parent = grub_strdup (devname);
+
+ if (parent == NULL)
+ {
+ grub_print_error ();
+ return NULL;
+ }
+
+ pptr = grub_strstr (parent, IEEE1275_DISK_ALIAS);
+
+ if (pptr != NULL)
+ {
+ *pptr = '\0';
+ return parent;
+ }
+
+ pptr = grub_strstr (parent, IEEE1275_NVMEOF_DISK_ALIAS);
+
+ if (pptr != NULL)
+ {
+ *pptr = '\0';
+ if (is_nvmeof)
+ *is_nvmeof = 1;
+ return parent;
+ }
+
+ return parent;
+}
+
+static char *
+get_boot_device_parent (const char *bootpath, int *is_nvmeof)
+{
+ char *dev, *canon, *parent;
+
+ dev = grub_ieee1275_get_aliasdevname (bootpath);
+ canon = grub_ieee1275_canonicalise_devname (dev);
+
+ if (!canon)
+ {
+ /* This should not happen. */
+ grub_error (GRUB_ERR_BAD_DEVICE, "canonicalise devname failed");
+ grub_print_error ();
+ return NULL;
+ }
+ else
+ grub_dprintf ("ofdisk", "%s is canonical %s\n", bootpath, canon);
+
+ parent = get_parent_devname (canon, is_nvmeof);
+ grub_dprintf ("ofdisk", "%s is parent of %s\n", parent, canon);
+
+ grub_free (canon);
+ return parent;
+}
+
static void
insert_bootpath (void)
{
@@ -1081,6 +1176,12 @@
char *device = grub_ieee1275_get_devname (bootpath);
op = ofdisk_hash_add (device, NULL);
op->is_boot = 1;
+ boot_parent = get_boot_device_parent (bootpath, &is_boot_nvmeof);
+ boot_type = grub_ieee1275_get_device_type (boot_parent);
+ if (boot_type)
+ grub_dprintf ("ofdisk", "the boot device type %s is used for root device discovery, others excluded\n", boot_type);
+ else
+ grub_dprintf ("ofdisk", "unknown boot device type, will use all devices to discover root and may be slow\n");
}
grub_free (type);
grub_free (bootpath);
@@ -1097,12 +1198,37 @@
grub_disk_dev_unregister (&grub_ofdisk_dev);
}
+static const char *
+grub_env_get_boot_type (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val __attribute__ ((unused)))
+{
+ static char *ret;
+
+ if (!ret)
+ ret = grub_xasprintf("boot: %s type: %s is_nvmeof: %d",
+ boot_parent,
+ boot_type ? : "unknown",
+ is_boot_nvmeof);
+
+ return ret;
+}
+
+static char *
+grub_env_set_boot_type (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val __attribute__ ((unused)))
+{
+ /* READ ONLY */
+ return NULL;
+}
+
void
grub_ofdisk_init (void)
{
grub_disk_firmware_fini = grub_ofdisk_fini;
insert_bootpath ();
+ grub_register_variable_hook ("ofdisk_boot_type", grub_env_get_boot_type,
+ grub_env_set_boot_type );
grub_disk_dev_register (&grub_ofdisk_dev);
}

60
0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch Normal file
View File

@ -0,0 +1,60 @@
From 72a582b1c3954f9b917a4d687c95fc94faf551c6 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 24 Jan 2024 18:03:51 +0800
Subject: [PATCH] squash! ieee1275/ofpath: enable NVMeoF logical device
translation
Fixes build error on gcc-14:
[ 73s] In file included from ../grub-core/osdep/ofpath.c:2:
[ 73s] ../grub-core/osdep/linux/ofpath.c: In function 'of_find_fc_host':
[ 73s] ../grub-core/osdep/linux/ofpath.c:427:22: error: allocation of insufficient size '8' for type 'struct ofpath_files_list_root' with size '16' [-Werror=alloc-size]
[ 73s] 427 | portnames_file_list=malloc(sizeof(portnames_file_list));
[ 73s] | ^
[ 73s] ../grub-core/osdep/linux/ofpath.c: In function 'of_path_of_nvme':
[ 73s] ../grub-core/osdep/linux/ofpath.c:589:21: error: allocation of insufficient size '8' for type 'struct ofpath_nvmeof_info' with size '32' [-Werror=alloc-size]
[ 73s] 589 | nvmeof_info = malloc(sizeof(nvmeof_info));
[ 73s] | ^
[ 73s] ../grub-core/osdep/linux/ofpath.c:618:21: error: allocation of insufficient size '8' for type 'struct ofpath_nvmeof_info' with size '32' [-Werror=alloc-size]
[ 73s] 618 | nvmeof_info = malloc(sizeof(nvmeof_info));
[ 73s] | ^
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/osdep/linux/ofpath.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c
index 7129099db..55ed7ddf2 100644
--- a/grub-core/osdep/linux/ofpath.c
+++ b/grub-core/osdep/linux/ofpath.c
@@ -424,7 +424,7 @@ of_find_fc_host(char* host_wwpn){
struct ofpath_files_list_root* portnames_file_list;
- portnames_file_list=malloc(sizeof(portnames_file_list));
+ portnames_file_list=malloc(sizeof(*portnames_file_list));
portnames_file_list->items=0;
portnames_file_list->first=NULL;
@@ -586,7 +586,7 @@ of_path_of_nvme(const char *sys_devname __attribute__((unused)),
/* If is a NVMeoF */
if(strstr(sysfs_path,"nvme-fabrics")){
struct ofpath_nvmeof_info* nvmeof_info;
- nvmeof_info = malloc(sizeof(nvmeof_info));
+ nvmeof_info = malloc(sizeof(*nvmeof_info));
of_path_get_nvmeof_adapter_info(sysfs_path, nvmeof_info);
@@ -615,7 +615,7 @@ of_path_of_nvme(const char *sys_devname __attribute__((unused)),
sysfs_path = nvme_get_syspath (device);
if(strstr(sysfs_path,"nvme-fabrics")){
struct ofpath_nvmeof_info* nvmeof_info;
- nvmeof_info = malloc(sizeof(nvmeof_info));
+ nvmeof_info = malloc(sizeof(*nvmeof_info));
of_path_get_nvmeof_adapter_info(sysfs_path, nvmeof_info);
--
2.43.0

16
0002-AUDIT-0-http-boot-tracker-bug.patch
View File

@ -39,17 +39,15 @@ Signed-off-by: Michael Chang <mchang@suse.com>
{
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -31,7 +31,8 @@
@@ -30,6 +30,7 @@
GRUB_MOD_LICENSE ("GPLv3+");
enum
{
- HTTP_PORT = 80
+ HTTP_PORT = 80,
+ HTTP_MAX_CHUNK_SIZE = GRUB_INT_MAX
};
#define HTTP_PORT ((grub_uint16_t) 80)
+#define HTTP_MAX_CHUNK_SIZE GRUB_INT_MAX
@@ -86,6 +87,8 @@
typedef struct http_data
{
@@ -82,6 +83,8 @@
if (data->in_chunk_len == 2)
{
data->chunk_rem = grub_strtoul (ptr, 0, 16);

411
0002-Add-BLS-support-to-grub-mkconfig.patch Normal file
View File

@ -0,0 +1,411 @@
From 439de947262b0d8d4a02ca5afb1ef4f15853962c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 9 Dec 2016 15:40:29 -0500
Subject: [PATCH 2/9] Add BLS support to grub-mkconfig
GRUB now has BootLoaderSpec support, the user can choose to use this by
setting GRUB_ENABLE_BLSCFG to true in /etc/default/grub. On this setup,
the boot menu entries are not added to the grub.cfg, instead BLS config
files are parsed by blscfg command and the entries created dynamically.
A 10_linux_bls grub.d snippet to generate menu entries from BLS files
is also added that can be used on platforms where the bootloader doesn't
have BLS support and only can parse a normal grub configuration file.
Portions of the 10_linux_bls were taken from the ostree-grub-generator
script that's included in the OSTree project.
Fixes to support multi-devices and generate a BLS section even if no
kernels are found in the boot directory were proposed by Yclept Nemo
and Tom Gundersen respectively.
Signed-off-by: Peter Jones <pjones@redhat.com>
[javierm: remove outdated URL for BLS document]
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
[iwienand@redhat.com: skip machine ID check when updating entries]
Signed-off-by: Ian Wienand <iwienand@redhat.com>
[rharwood: commit message composits, drop man pages]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
util/grub-mkconfig.in | 9 +-
util/grub-mkconfig_lib.in | 22 +++-
util/grub.d/10_linux.in | 244 +++++++++++++++++++++++++++++++++++++-
3 files changed, 269 insertions(+), 6 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index cf5b79342..7af15df94 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -49,6 +49,8 @@ grub_script_check="${bindir}/@grub_script_check@"
export TEXTDOMAIN=@PACKAGE@
export TEXTDOMAINDIR="@localedir@"
+export GRUB_GRUBENV_UPDATE="yes"
+
. "${pkgdatadir}/grub-mkconfig_lib"
# Usage: usage
@@ -58,6 +60,7 @@ usage () {
gettext "Generate a grub config file"; echo
echo
print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")"
+ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")"
print_option_help "-h, --help" "$(gettext "print this message and exit")"
print_option_help "-V, --version" "$(gettext "print the version information and exit")"
echo
@@ -93,6 +96,9 @@ do
--output=*)
grub_cfg=`echo "$option" | sed 's/--output=//'`
;;
+ --no-grubenv-update)
+ GRUB_GRUBENV_UPDATE="no"
+ ;;
-*)
gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
usage
@@ -300,7 +306,8 @@ export GRUB_DEFAULT \
GRUB_DISABLE_SUBMENU \
SUSE_BTRFS_SNAPSHOT_BOOTING \
SUSE_CMDLINE_XENEFI \
- SUSE_REMOVE_LINUX_ROOT_PARAM
+ SUSE_REMOVE_LINUX_ROOT_PARAM \
+ GRUB_ENABLE_BLSCFG
if test "x${grub_cfg}" != "x"; then
rm -f "${grub_cfg}.new"
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 22fb7668f..5db4337c6 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -30,6 +30,9 @@ fi
if test "x$grub_file" = x; then
grub_file="${bindir}/@grub_file@"
fi
+if test "x$grub_editenv" = x; then
+ grub_editenv="${bindir}/@grub_editenv@"
+fi
if test "x$grub_mkrelpath" = x; then
grub_mkrelpath="${bindir}/@grub_mkrelpath@"
fi
@@ -123,8 +126,19 @@ EOF
fi
}
+prepare_grub_to_access_device_with_variable ()
+{
+ device_variable="$1"
+ shift
+ prepare_grub_to_access_device "$@"
+ unset "device_variable"
+}
+
prepare_grub_to_access_device ()
{
+ if [ -z "$device_variable" ]; then
+ device_variable="root"
+ fi
old_ifs="$IFS"
IFS='
'
@@ -159,18 +173,18 @@ prepare_grub_to_access_device ()
# otherwise set root as per value in device.map.
fs_hint="`"${grub_probe}" --device $@ --target=compatibility_hint`"
if [ "x$fs_hint" != x ]; then
- echo "set root='$fs_hint'"
+ echo "set ${device_variable}='$fs_hint'"
fi
if [ "x${GRUB_DISABLE_UUID}" != "xtrue" ] && fs_uuid="`"${grub_probe}" --device $@ --target=fs_uuid 2> /dev/null`" ; then
hints="`"${grub_probe}" --device $@ --target=hints_string 2> /dev/null`" || hints=
if [ "x$hints" != x ]; then
echo "if [ x\$feature_platform_search_hint = xy ]; then"
- echo " search --no-floppy --fs-uuid --set=root ${hints} ${fs_uuid}"
+ echo " search --no-floppy --fs-uuid --set=${device_variable} ${hints} ${fs_uuid}"
echo "else"
- echo " search --no-floppy --fs-uuid --set=root ${fs_uuid}"
+ echo " search --no-floppy --fs-uuid --set=${device_variable} ${fs_uuid}"
echo "fi"
else
- echo "search --no-floppy --fs-uuid --set=root ${fs_uuid}"
+ echo "search --no-floppy --fs-uuid --set=${device_variable} ${fs_uuid}"
fi
fi
IFS="$old_ifs"
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 5531239eb..49eccbeaf 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -91,6 +91,244 @@ if [ "x$SUSE_REMOVE_LINUX_ROOT_PARAM" = "xtrue" ]; then
LINUX_ROOT_DEVICE=""
fi
+populate_header_warn()
+{
+if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
+ bls_parser="10_linux script"
+else
+ bls_parser="blscfg command"
+fi
+cat <<EOF
+
+# This section was generated by a script. Do not modify the generated file - all changes
+# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
+#
+# The $bls_parser parses the BootLoaderSpec files stored in /boot/loader/entries and
+# populates the boot menu. Please refer to the Boot Loader Specification documentation
+# for the files format: https://systemd.io/BOOT_LOADER_SPECIFICATION/.
+
+EOF
+}
+
+read_config()
+{
+ config_file=${1}
+ title=""
+ initrd=""
+ options=""
+ linux=""
+ grub_arg=""
+
+ while read -r line
+ do
+ record=$(echo ${line} | cut -f 1 -d ' ')
+ value=$(echo ${line} | cut -s -f2- -d ' ')
+ case "${record}" in
+ "title")
+ title=${value}
+ ;;
+ "initrd")
+ initrd=${value}
+ ;;
+ "linux")
+ linux=${value}
+ ;;
+ "options")
+ options=${value}
+ ;;
+ "grub_arg")
+ grub_arg=${value}
+ ;;
+ esac
+ done < ${config_file}
+}
+
+blsdir="/boot/loader/entries"
+
+get_sorted_bls()
+{
+ if ! [ -d "${blsdir}" ]; then
+ return
+ fi
+
+ local IFS=$'\n'
+
+ files=($(for bls in ${blsdir}/*.conf; do
+ if ! [[ -e "${bls}" ]] ; then
+ continue
+ fi
+ bls="${bls%.conf}"
+ bls="${bls##*/}"
+ echo "${bls}"
+ done | ${kernel_sort} 2>/dev/null | tac)) || :
+
+ echo "${files[@]}"
+}
+
+update_bls_cmdline()
+{
+ local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ local -a files=($(get_sorted_bls))
+
+ for bls in "${files[@]}"; do
+ local options="${cmdline}"
+ if [ -z "${bls##*debug*}" ]; then
+ options="${options} ${GRUB_CMDLINE_LINUX_DEBUG}"
+ fi
+ options="$(echo "${options}" | sed -e 's/\//\\\//g')"
+ sed -i -e "s/^options.*/options ${options}/" "${blsdir}/${bls}.conf"
+ done
+}
+
+populate_menu()
+{
+ local -a files=($(get_sorted_bls))
+
+ gettext_printf "Generating boot entries from BLS files...\n" >&2
+
+ for bls in "${files[@]}"; do
+ read_config "${blsdir}/${bls}.conf"
+
+ menu="${menu}menuentry '${title}' ${grub_arg} --id=${bls} {\n"
+ menu="${menu}\t linux ${linux} ${options}\n"
+ if [ -n "${initrd}" ] ; then
+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
+ fi
+ menu="${menu}}\n\n"
+ done
+ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation
+ printf "$menu"
+}
+
+# Make BLS the default if GRUB_ENABLE_BLSCFG was not set and grubby is not installed.
+if [ -z "${GRUB_ENABLE_BLSCFG}" ] && ! command -v new-kernel-pkg >/dev/null; then
+ GRUB_ENABLE_BLSCFG="true"
+fi
+
+if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
+ if [ x$dirname = x/ ]; then
+ if [ -z "${prepare_root_cache}" ]; then
+ prepare_grub_to_access_device ${GRUB_DEVICE}
+ fi
+ else
+ if [ -z "${prepare_boot_cache}" ]; then
+ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT}
+ fi
+ fi
+
+ if [ -d /sys/firmware/efi ]; then
+ bootefi_device="`${grub_probe} --target=device /boot/efi/`"
+ prepare_grub_to_access_device_with_variable boot ${bootefi_device}
+ else
+ boot_device="`${grub_probe} --target=device /boot/`"
+ prepare_grub_to_access_device_with_variable boot ${boot_device}
+ fi
+
+ arch="$(uname -m)"
+ if [ "x${arch}" = "xppc64le" ] && [ -d /sys/firmware/opal ]; then
+
+ BLS_POPULATE_MENU="true"
+ petitboot_path="/sys/firmware/devicetree/base/ibm,firmware-versions/petitboot"
+
+ if test -e ${petitboot_path}; then
+ read -r -d '' petitboot_version < ${petitboot_path}
+ petitboot_version="$(echo ${petitboot_version//v})"
+
+ if test -n ${petitboot_version}; then
+ major_version="$(echo ${petitboot_version} | cut -d . -f1)"
+ minor_version="$(echo ${petitboot_version} | cut -d . -f2)"
+
+ re='^[0-9]+$'
+ if [[ $major_version =~ $re ]] && [[ $minor_version =~ $re ]] &&
+ ([[ ${major_version} -gt 1 ]] ||
+ [[ ${major_version} -eq 1 &&
+ ${minor_version} -ge 8 ]]); then
+ BLS_POPULATE_MENU="false"
+ fi
+ fi
+ fi
+ fi
+
+ populate_header_warn
+
+ cat << EOF
+# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
+# entries populated from BootLoaderSpec files that use this variable work correctly even
+# without a grubenv file, define a fallback kernelopts variable if this has not been set.
+#
+# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
+# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
+# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
+# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
+if [ -z "\${kernelopts}" ]; then
+ set kernelopts="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+fi
+EOF
+
+ update_bls_cmdline
+
+ if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
+ populate_menu
+ else
+ cat << EOF
+
+insmod blscfg
+blscfg
+EOF
+ fi
+
+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
+ blsdir="/boot/loader/entries"
+ [ -d "${blsdir}" ] && GRUB_BLS_FS="$(${grub_probe} --target=fs ${blsdir})"
+ if [ "x${GRUB_BLS_FS}" = "xbtrfs" ] || [ "x${GRUB_BLS_FS}" = "xzfs" ]; then
+ blsdir=$(make_system_path_relative_to_its_root "${blsdir}")
+ if [ "x${blsdir}" != "x/loader/entries" ] && [ "x${blsdir}" != "x/boot/loader/entries" ]; then
+ ${grub_editenv} - set blsdir="${blsdir}"
+ fi
+ fi
+
+ if [ -n "${GRUB_EARLY_INITRD_LINUX_CUSTOM}" ]; then
+ ${grub_editenv} - set early_initrd="${GRUB_EARLY_INITRD_LINUX_CUSTOM}"
+ fi
+
+ if [ -n "${GRUB_DEFAULT_DTB}" ]; then
+ ${grub_editenv} - set devicetree="${GRUB_DEFAULT_DTB}"
+ fi
+
+ if [ -n "${GRUB_SAVEDEFAULT}" ]; then
+ ${grub_editenv} - set save_default="${GRUB_SAVEDEFAULT}"
+ fi
+ fi
+
+ exit 0
+fi
+
+mktitle ()
+{
+ local title_type
+ local version
+ local OS_NAME
+ local OS_VERS
+
+ title_type=$1 && shift
+ version=$1 && shift
+
+ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})"
+ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})"
+
+ case $title_type in
+ recovery)
+ title=$(printf '%s (%s) %s (recovery mode)' \
+ "${OS_NAME}" "${version}" "${OS_VERS}")
+ ;;
+ *)
+ title=$(printf '%s (%s) %s' \
+ "${OS_NAME}" "${version}" "${OS_VERS}")
+ ;;
+ esac
+ echo -n ${title}
+}
+
title_correction_code=
hotkey=1
@@ -124,6 +362,7 @@ linux_entry ()
if [ -z "$boot_device_id" ]; then
boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
fi
+
if [ x$type != xsimple ] ; then
case $type in
recovery)
@@ -298,6 +537,7 @@ fi
is_top_level=true
for linux in ${reverse_sorted_list}; do
gettext_printf "Found linux image: %s\n" "$linux" >&2
+
basename=`basename $linux`
dirname=`dirname $linux`
rel_dirname=`make_system_path_relative_to_its_root $dirname`
@@ -348,7 +588,9 @@ for linux in ${reverse_sorted_list}; do
for i in ${initrd}; do
initrd_display="${initrd_display} ${dirname}/${i}"
done
- gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
+ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then
+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
+ fi
fi
config=
--
2.44.0

58
0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
View File

@ -1,58 +0,0 @@
From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:32:33 +0300
Subject: [PATCH 2/6] fs/ntfs: Fix an OOB read when reading data from the
resident $DATA attribute
When reading a file containing resident data, i.e., the file data is stored in
the $DATA attribute within the NTFS file record, not in external clusters,
there are no checks that this resident data actually fits the corresponding
file record segment.
When parsing a specially-crafted file system image, the current NTFS code will
read the file data from an arbitrary, attacker-chosen memory offset and of
arbitrary, attacker-chosen length.
This allows an attacker to display arbitrary chunks of memory, which could
contain sensitive information like password hashes or even plain-text,
obfuscated passwords from BS EFI variables.
This fix implements a check to ensure that resident data is read from the
corresponding file record segment only.
Fixes: CVE-2023-4693
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index c3c4db117..a68e173d8 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
{
if (ofs + len > u32at (pa, 0x10))
return grub_error (GRUB_ERR_BAD_FS, "read out of range");
- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
+
+ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
+
+ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
+
+ if (u16at (pa, 0x14) + u32at (pa, 0x10) >
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
+
+ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
return 0;
}
--
2.42.0

171
0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
View File

@ -1,171 +0,0 @@
From 4a6a5c4a6bb2426235364be9f3698763ddcf4775 Mon Sep 17 00:00:00 2001
From: Jon DeVree <nuxi@vault24.org>
Date: Tue, 17 Oct 2023 23:03:47 -0400
Subject: [PATCH 2/3] fs/xfs: Fix XFS directory extent parsing
The XFS directory entry parsing code has never been completely correct
for extent based directories. The parser correctly handles the case
where the directory is contained in a single extent, but then mistakenly
assumes the data blocks for the multiple extent case are each identical
to the single extent case. The difference in the format of the data
blocks between the two cases is tiny enough that its gone unnoticed for
a very long time.
A recent change introduced some additional bounds checking into the XFS
parser. Like GRUB's existing parser, it is correct for the single extent
case but incorrect for the multiple extent case. When parsing a directory
with multiple extents, this new bounds checking is sometimes (but not
always) tripped and triggers an "invalid XFS directory entry" error. This
probably would have continued to go unnoticed but the /boot/grub/<arch>
directory is large enough that it often has multiple extents.
The difference between the two cases is that when there are multiple
extents, the data blocks do not contain a trailer nor do they contain
any leaf information. That information is stored in a separate set of
extents dedicated to just the leaf information. These extents come after
the directory entry extents and are not included in the inode size. So
the existing parser already ignores the leaf extents.
The only reason to read the trailer/leaf information at all is so that
the parser can avoid misinterpreting that data as directory entries. So
this updates the parser as follows:
For the single extent case the parser doesn't change much:
1. Read the size of the leaf information from the trailer
2. Set the end pointer for the parser to the start of the leaf
information. (The previous bounds checking set the end pointer to the
start of the trailer, so this is actually a small improvement.)
3. Set the entries variable to the expected number of directory entries.
For the multiple extent case:
1. Set the end pointer to the end of the block.
2. Do not set up the entries variable. Figuring out how many entries are
in each individual block is complex and does not seem worth it when
it appears to be safe to just iterate over the entire block.
The bounds check itself was also dependent upon the faulty XFS parser
because it accidentally used "filename + length - 1". Presumably this
was able to pass the fuzzer because in the old parser there was always
8 bytes of slack space between the tail pointer and the actual end of
the block. Since this is no longer the case the bounds check needs to be
updated to "filename + length + 1" in order to prevent a regression in
the handling of corrupt fliesystems.
Notes:
* When there is only one extent there will only ever be one block. If
more than one block is required then XFS will always switch to holding
leaf information in a separate extent.
* B-tree based directories seems to be parsed properly by the same code
that handles multiple extents. This is unlikely to ever occur within
/boot though because its only used when there are an extremely large
number of directory entries.
Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem)
Fixes: b2499b29c (Adds support for the XFS filesystem.)
Fixes: https://savannah.gnu.org/bugs/?64376
Signed-off-by: Jon DeVree <nuxi@vault24.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/fs/xfs.c | 52 +++++++++++++++++++++++++++++++++-------------
1 file changed, 38 insertions(+), 14 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index ebf962793..18edfcff4 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -223,6 +223,12 @@ struct grub_xfs_inode
/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
+struct grub_xfs_dir_leaf_entry
+{
+ grub_uint32_t hashval;
+ grub_uint32_t address;
+} GRUB_PACKED;
+
struct grub_xfs_dirblock_tail
{
grub_uint32_t leaf_count;
@@ -874,9 +880,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
{
struct grub_xfs_dir2_entry *direntry =
grub_xfs_first_de(dir->data, dirblock);
- int entries;
- struct grub_xfs_dirblock_tail *tail =
- grub_xfs_dir_tail(dir->data, dirblock);
+ int entries = -1;
+ char *end = dirblock + dirblk_size;
numread = grub_xfs_read_file (dir, 0, 0,
blk << dirblk_log2,
@@ -887,14 +892,27 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 0;
}
- entries = (grub_be_to_cpu32 (tail->leaf_count)
- - grub_be_to_cpu32 (tail->leaf_stale));
+ /*
+ * Leaf and tail information are only in the data block if the number
+ * of extents is 1.
+ */
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
+ {
+ struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock);
+
+ end = (char *) tail;
+
+ /* Subtract the space used by leaf nodes. */
+ end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct grub_xfs_dir_leaf_entry);
- if (!entries)
- continue;
+ entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale);
+
+ if (!entries)
+ continue;
+ }
/* Iterate over all entries within this block. */
- while ((char *)direntry < (char *)tail)
+ while ((char *) direntry < (char *) end)
{
grub_uint8_t *freetag;
char *filename;
@@ -914,7 +932,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
}
filename = (char *)(direntry + 1);
- if (filename + direntry->len - 1 > (char *) tail)
+ if (filename + direntry->len + 1 > (char *) end)
return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
/* The byte after the filename is for the filetype, padding, or
@@ -928,11 +946,17 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 1;
}
- /* Check if last direntry in this block is
- reached. */
- entries--;
- if (!entries)
- break;
+ /*
+ * The expected number of directory entries is only tracked for the
+ * single extent case.
+ */
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
+ {
+ /* Check if last direntry in this block is reached. */
+ entries--;
+ if (!entries)
+ break;
+ }
/* Select the next directory entry. */
direntry = grub_xfs_next_de(dir->data, direntry);
--
2.42.1

75
0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
View File

@ -1,75 +0,0 @@
From bb9bbe0f66a8462a1b2477fbc2aa1d70973035d4 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 30 Nov 2023 16:30:45 +0800
Subject: [PATCH 2/2] mkstandalone: ensure deterministic tar file creation by
sorting contents
The add_tar_files() function currently iterates through a directory's
content using readdir(), which doesn't guarantee a specific order. This
lack of deterministic behavior impacts reproducibility in the build
process.
This commit resolves the issue by introducing sorting functionality. The
list retrieved by readdir() is now sorted alphabetically before
incorporation into the tar archive, ensuring consistent and predictable
file ordering within the archive.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
---
util/grub-mkstandalone.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
index 8e1229925..e4b5bcab4 100644
--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
@@ -205,22 +205,42 @@ add_tar_file (const char *from,
{
grub_util_fd_dir_t d;
grub_util_fd_dirent_t de;
+ char **from_files;
+ grub_size_t alloc = 8, used = 0;
+ grub_size_t i;
d = grub_util_fd_opendir (from);
+ from_files = xmalloc (alloc * sizeof (*from_files));
while ((de = grub_util_fd_readdir (d)))
{
- char *fp, *tfp;
if (strcmp (de->d_name, ".") == 0)
continue;
if (strcmp (de->d_name, "..") == 0)
continue;
- fp = grub_util_path_concat (2, from, de->d_name);
- tfp = xasprintf ("%s/%s", to, de->d_name);
+ if (alloc <= used)
+ {
+ alloc <<= 1;
+ from_files = xrealloc (from_files, alloc * sizeof (*from_files));
+ }
+ from_files[used++] = xstrdup(de->d_name);
+ }
+ qsort (from_files, used, sizeof (*from_files), grub_qsort_strcmp);
+
+ for (i = 0; i < used; i++)
+ {
+ char *fp, *tfp;
+
+ fp = grub_util_path_concat (2, from, from_files[i]);
+ tfp = xasprintf ("%s/%s", to, from_files[i]);
add_tar_file (fp, tfp);
+ free (tfp);
free (fp);
+ free (from_files[i]);
}
+
grub_util_fd_closedir (d);
+ free (from_files);
free (tcn);
return;
}
--
2.43.0

164
0002-ofdisk-add-early_log-support.patch Normal file
View File

@ -0,0 +1,164 @@
From 8959b9d97b00f791ffe02b5e3ec3fdf6bff25838 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 12 Dec 2023 15:34:18 +0800
Subject: [PATCH 2/2] ofdisk: add early_log support
The command ofdisk_early_msg can be used to review debug message logged
before output console is initialized.
For eg:
grub> ofdisk_early_msg
/vdevice/v-scsi@71000002/disk@8000000000000000 is canonical
/vdevice/v-scsi@71000002/disk@8000000000000000
/vdevice/v-scsi@71000002 is parent of
/vdevice/v-scsi@71000002/disk@80000000
00000000
the boot device type vscsi is used for root device discovery, others excluded
We can use it in conjunction with the $ofdisk_boot_type variable to get
better understanding the boot device information.
grub> echo $ofdisk_boot_type
boot: /vdevice/v-scsi@71000002 type: vscsi is_nvmeof? 0
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/disk/ieee1275/ofdisk.c | 75 +++++++++++++++++++++++++++++---
1 file changed, 70 insertions(+), 5 deletions(-)
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -25,6 +25,7 @@
#include <grub/i18n.h>
#include <grub/time.h>
#include <grub/env.h>
+#include <grub/command.h>
#define RETRY_DEFAULT_TIMEOUT 15
@@ -60,6 +61,9 @@
#define OFDISK_HASH_SZ 8
static struct ofdisk_hash_ent *ofdisk_hash[OFDISK_HASH_SZ];
+static void early_log (const char *fmt, ...);
+static void print_early_log (void);
+
static int
ofdisk_hash_fn (const char *devpath)
{
@@ -1132,10 +1136,10 @@
return NULL;
}
else
- grub_dprintf ("ofdisk", "%s is canonical %s\n", bootpath, canon);
+ early_log ("%s is canonical %s\n", bootpath, canon);
parent = get_parent_devname (canon, is_nvmeof);
- grub_dprintf ("ofdisk", "%s is parent of %s\n", parent, canon);
+ early_log ("%s is parent of %s\n", parent, canon);
grub_free (canon);
return parent;
@@ -1179,9 +1183,9 @@
boot_parent = get_boot_device_parent (bootpath, &is_boot_nvmeof);
boot_type = grub_ieee1275_get_device_type (boot_parent);
if (boot_type)
- grub_dprintf ("ofdisk", "the boot device type %s is used for root device discovery, others excluded\n", boot_type);
+ early_log ("the boot device type %s is used for root device discovery, others excluded\n", boot_type);
else
- grub_dprintf ("ofdisk", "unknown boot device type, will use all devices to discover root and may be slow\n");
+ early_log ("unknown boot device type, will use all devices to discover root and may be slow\n");
}
grub_free (type);
grub_free (bootpath);
@@ -1205,7 +1209,7 @@
static char *ret;
if (!ret)
- ret = grub_xasprintf("boot: %s type: %s is_nvmeof: %d",
+ ret = grub_xasprintf("boot: %s type: %s is_nvmeof? %d",
boot_parent,
boot_type ? : "unknown",
is_boot_nvmeof);
@@ -1221,6 +1225,17 @@
return NULL;
}
+static grub_err_t
+grub_cmd_early_msg (struct grub_command *cmd __attribute__ ((unused)),
+ int argc __attribute__ ((unused)),
+ char *argv[] __attribute__ ((unused)))
+{
+ print_early_log ();
+ return 0;
+}
+
+static grub_command_t cmd_early_msg;
+
void
grub_ofdisk_init (void)
{
@@ -1230,6 +1245,9 @@
grub_register_variable_hook ("ofdisk_boot_type", grub_env_get_boot_type,
grub_env_set_boot_type );
+ cmd_early_msg =
+ grub_register_command ("ofdisk_early_msg", grub_cmd_early_msg,
+ 0, N_("Show early boot message in ofdisk."));
grub_disk_dev_register (&grub_ofdisk_dev);
}
@@ -1278,3 +1296,50 @@
return 0;
}
+
+struct ofdisk_early_msg
+{
+ struct ofdisk_early_msg *next;
+ char *msg;
+};
+
+static struct ofdisk_early_msg *early_msg_head;
+static struct ofdisk_early_msg **early_msg_last = &early_msg_head;
+
+static void
+early_log (const char *fmt, ...)
+{
+ struct ofdisk_early_msg *n;
+ va_list args;
+
+ grub_error_push ();
+ n = grub_malloc (sizeof (*n));
+ if (!n)
+ {
+ grub_errno = 0;
+ grub_error_pop ();
+ return;
+ }
+ n->next = 0;
+
+ va_start (args, fmt);
+ n->msg = grub_xvasprintf (fmt, args);
+ va_end (args);
+
+ *early_msg_last = n;
+ early_msg_last = &n->next;
+
+ grub_errno = 0;
+ grub_error_pop ();
+}
+
+static void
+print_early_log (void)
+{
+ struct ofdisk_early_msg *cur;
+
+ if (!early_msg_head)
+ grub_printf ("no early log is available\n");
+ for (cur = early_msg_head; cur; cur = cur->next)
+ grub_printf ("%s\n", cur->msg);
+}

385
0003-Add-grub2-switch-to-blscfg.patch Normal file
View File

@ -0,0 +1,385 @@
From 90153f1c9631498723450d84e014e25865fecc1b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 15 Mar 2018 14:12:40 -0400
Subject: [PATCH 3/9] Add grub2-switch-to-blscfg
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
[jhlavac: Use ${etcdefaultgrub} instead of /etc/default/grub]
Signed-off-by: Jan Hlavac <jhlavac@redhat.com>
[rharwood: skip on ostree installations, migrate man to h2m]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
Makefile.util.def | 7 +
docs/man/grub-switch-to-blscfg.h2m | 2 +
util/grub-switch-to-blscfg.in | 317 +++++++++++++++++++++++++++++
util/grub.d/10_linux.in | 2 +-
4 files changed, 327 insertions(+), 1 deletion(-)
create mode 100644 docs/man/grub-switch-to-blscfg.h2m
create mode 100644 util/grub-switch-to-blscfg.in
diff --git a/Makefile.util.def b/Makefile.util.def
index 6bb30c165..ffedea24a 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -1460,6 +1460,13 @@ program = {
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
+script = {
+ name = grub-switch-to-blscfg;
+ common = util/grub-switch-to-blscfg.in;
+ mansection = 8;
+ installdir = sbin;
+};
+
program = {
name = grub-glue-efi;
mansection = 1;
diff --git a/docs/man/grub-switch-to-blscfg.h2m b/docs/man/grub-switch-to-blscfg.h2m
new file mode 100644
index 000000000..fa341426a
--- /dev/null
+++ b/docs/man/grub-switch-to-blscfg.h2m
@@ -0,0 +1,2 @@
+[NAME]
+grub-switch-to-blscfg \- switch to using BLS config files
diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
new file mode 100644
index 000000000..a851424be
--- /dev/null
+++ b/util/grub-switch-to-blscfg.in
@@ -0,0 +1,317 @@
+#! /bin/sh
+#
+# Set a default boot entry for GRUB.
+# Copyright (C) 2004,2009 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+#set -eu
+
+# Initialize some variables.
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+sbindir=@sbindir@
+bindir=@bindir@
+sysconfdir="@sysconfdir@"
+PACKAGE_NAME=@PACKAGE_NAME@
+PACKAGE_VERSION=@PACKAGE_VERSION@
+datarootdir="@datarootdir@"
+datadir="@datadir@"
+if [ ! -v pkgdatadir ]; then
+ pkgdatadir="${datadir}/@PACKAGE@"
+fi
+
+self=`basename $0`
+
+grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
+grub_editenv=${bindir}/@grub_editenv@
+etcdefaultgrub=/etc/default/grub
+
+eval "$("${grub_get_kernel_settings}")" || true
+
+EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
+if [ -d /sys/firmware/efi/efivars/ ]; then
+ startlink=/etc/grub2-efi.cfg
+ grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
+else
+ startlink=/etc/grub2.cfg
+ grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'`
+fi
+
+blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'`
+
+backupsuffix=.bak
+
+arch="$(uname -m)"
+
+export TEXTDOMAIN=@PACKAGE@
+export TEXTDOMAINDIR="@localedir@"
+
+. "${pkgdatadir}/grub-mkconfig_lib"
+
+# Usage: usage
+# Print the usage.
+usage () {
+ gettext_printf "Usage: %s\n" "$self"
+ gettext "Switch to BLS config files.\n"; echo
+ echo
+ print_option_help "-h, --help" "$(gettext "print this message and exit")"
+ print_option_help "-V, --version" "$(gettext "print the version information and exit")"
+ echo
+ print_option_help "--backup-suffix=$(gettext "SUFFIX")" "$backupsuffix"
+ print_option_help "--bls-directory=$(gettext "DIR")" "$blsdir"
+ print_option_help "--config-file=$(gettext "FILE")" "$startlink"
+ print_option_help "--grub-defaults=$(gettext "FILE")" "$etcdefaultgrub"
+ print_option_help "--grub-directory=$(gettext "DIR")" "$grubdir"
+ # echo
+ # gettext "Report bugs to <bug-grub@gnu.org>."; echo
+}
+
+argument () {
+ opt=$1
+ shift
+
+ if test $# -eq 0; then
+ gettext_printf "%s: option requires an argument -- \`%s'\n" "$self" "$opt" 1>&2
+ exit 1
+ fi
+ echo $1
+}
+
+# Check the arguments.
+while test $# -gt 0
+do
+ option=$1
+ shift
+
+ case "$option" in
+ -h | --help)
+ usage
+ exit 0 ;;
+ -V | --version)
+ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}"
+ exit 0 ;;
+
+ --backup-suffix)
+ backupsuffix=`argument $option "$@"`
+ shift
+ ;;
+ --backup-suffix=*)
+ backupsuffix=`echo "$option" | sed 's/--backup-suffix=//'`
+ ;;
+
+ --bls-directory)
+ blsdir=`argument $option "$@"`
+ shift
+ ;;
+ --bls-directory=*)
+ blsdir=`echo "$option" | sed 's/--bls-directory=//'`
+ ;;
+
+ --config-file)
+ startlink=`argument $option "$@"`
+ shift
+ ;;
+ --config-file=*)
+ startlink=`echo "$option" | sed 's/--config-file=//'`
+ ;;
+
+ --grub-defaults)
+ etcdefaultgrub=`argument $option "$@"`
+ shift
+ ;;
+ --grub-defaults=*)
+ etcdefaultgrub=`echo "$option" | sed 's/--grub-defaults=//'`
+ ;;
+
+ --grub-directory)
+ grubdir=`argument $option "$@"`
+ shift
+ ;;
+ --grub-directory=*)
+ grubdir=`echo "$option" | sed 's/--grub-directory=//'`
+ ;;
+
+ *)
+ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
+ usage
+ exit 1
+ ;;
+ esac
+done
+
+find_grub_cfg() {
+ local candidate=""
+ while [ -e "${candidate}" -o $# -gt 0 ]
+ do
+ if [ ! -e "${candidate}" ] ; then
+ candidate="$1"
+ shift
+ fi
+
+ if [ -L "${candidate}" ]; then
+ candidate="$(realpath "${candidate}")"
+ fi
+
+ if [ -f "${candidate}" ]; then
+ export GRUB_CONFIG_FILE="${candidate}"
+ return 0
+ fi
+ done
+ return 1
+}
+
+if ! find_grub_cfg ${startlink} ${grubdir}/grub.cfg ; then
+ gettext_printf "Couldn't find config file\n" 1>&2
+ exit 1
+fi
+
+if [ ! -d "${blsdir}" ]; then
+ install -m 700 -d "${blsdir}"
+fi
+
+if [ -f /etc/machine-id ]; then
+ MACHINE_ID=$(cat /etc/machine-id)
+else
+ MACHINE_ID=$(dmesg | sha256sum)
+fi
+
+mkbls() {
+ local kernelver=$1 && shift
+ local datetime=$1 && shift
+ local kernelopts=$1 && shift
+
+ local debugname=""
+ local debugid=""
+ local flavor=""
+
+ if [ "$kernelver" == *\+* ] ; then
+ local flavor=-"${kernelver##*+}"
+ if [ "${flavor}" == "-debug" ]; then
+ local debugname=" with debugging"
+ local debugid="-debug"
+ fi
+ fi
+ (
+ source /etc/os-release
+
+ cat <<EOF
+title ${NAME} (${kernelver}) ${VERSION}${debugname}
+version ${kernelver}${debugid}
+linux /vmlinuz-${kernelver}
+initrd /initramfs-${kernelver}.img
+options ${kernelopts}
+grub_users \$grub_users
+grub_arg --unrestricted
+grub_class kernel${flavor}
+EOF
+ ) | cat
+}
+
+copy_bls() {
+ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
+ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf"
+ linux="/vmlinuz-${kernelver}"
+ linux_path="/boot${linux}"
+ kernel_dir="/lib/modules/${kernelver}"
+
+ if [ ! -d "${kernel_dir}" ] ; then
+ continue
+ fi
+ if [ ! -f "${linux_path}" ]; then
+ continue
+ fi
+
+ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")"
+ bootprefix="${linux_relpath%%"${linux}"}"
+ cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+
+ mkbls "${kernelver}" \
+ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
+ "${bootprefix}" "${cmdline}" >"${bls_target}"
+
+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
+ cp -aT "${bls_target}" "${bls_debug}"
+ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
+ options="$(echo "${cmdline} ${GRUB_CMDLINE_LINUX_DEBUG}" | sed -e 's/\//\\\//g')"
+ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}"
+ sed -i -e "s/^options.*/options ${options}/" "${bls_debug}"
+ fi
+ done
+
+ if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then
+ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf"
+ fi
+}
+
+# The grub2 EFI binary is not copied to the ESP as a part of an ostree
+# transaction. Make sure a grub2 version with BLS support is installed
+# but only do this if the blsdir is not set, to make sure that the BLS
+# parsing module will search for the BLS snippets in the default path.
+if test -f /run/ostree-booted && test -d /sys/firmware/efi/efivars && \
+ ! ${grub_editenv} - list | grep -q blsdir && \
+ mountpoint -q /boot; then
+ grub_binary="$(find /usr/lib/ostree-boot/efi/EFI/${EFIDIR}/ -name grub*.efi)"
+ install -m 700 ${grub_binary} ${grubdir} || exit 1
+ # Create a hidden file to indicate that grub2 now has BLS support.
+ touch /boot/grub2/.grub2-blscfg-supported
+fi
+
+GENERATE=0
+if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \
+ | grep -vq '^GRUB_ENABLE_BLSCFG="*true"*\s*$' ; then
+ if ! sed -i"${backupsuffix}" \
+ -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=true,' \
+ "${etcdefaultgrub}" ; then
+ gettext_printf "Updating %s failed\n" "${etcdefaultgrub}"
+ exit 1
+ fi
+ GENERATE=1
+elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
+ if ! echo 'GRUB_ENABLE_BLSCFG=true' >> "${etcdefaultgrub}" ; then
+ gettext_printf "Updating %s failed\n" "${etcdefaultgrub}"
+ exit 1
+ fi
+ GENERATE=1
+fi
+
+if [ "${GENERATE}" -eq 1 ] ; then
+ copy_bls
+
+ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then
+ mod_dir="i386-pc"
+ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then
+ mod_dir="powerpc-ieee1275"
+ fi
+
+ if [ -n "${mod_dir}" ]; then
+ for mod in blscfg increment; do
+ install -m 700 ${prefix}/lib/grub/${mod_dir}/${mod}.mod ${grubdir}/$mod_dir/ || exit 1
+ done
+ fi
+
+ cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}"
+ if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then
+ install -m 700 "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}"
+ sed -i"${backupsuffix}" \
+ -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=false,' \
+ "${etcdefaultgrub}"
+ gettext_printf "Updating %s failed\n" "${GRUB_CONFIG_FILE}"
+ exit 1
+ fi
+fi
+
+# Bye.
+exit 0
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 49eccbeaf..45eefb332 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -147,7 +147,7 @@ blsdir="/boot/loader/entries"
get_sorted_bls()
{
- if ! [ -d "${blsdir}" ]; then
+ if ! [ -d "${blsdir}" ] || [ -f /run/ostree-booted ] || [ -d /ostree/repo ]; then
return
fi
--
2.44.0

6
0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
View File

@ -232,20 +232,18 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
--- a/include/grub/i386/linux.h
+++ b/include/grub/i386/linux.h
@@ -138,7 +138,12 @@
@@ -148,6 +148,11 @@
grub_uint32_t kernel_alignment;
grub_uint8_t relocatable;
grub_uint8_t min_alignment;
- grub_uint8_t pad[2];
+#define LINUX_XLF_KERNEL_64 (1<<0)
+#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1)
+#define LINUX_XLF_EFI_HANDOVER_32 (1<<2)
+#define LINUX_XLF_EFI_HANDOVER_64 (1<<3)
+#define LINUX_XLF_EFI_KEXEC (1<<4)
+ grub_uint16_t xloadflags;
grub_uint16_t xloadflags;
grub_uint32_t cmdline_size;
grub_uint32_t hardware_subarch;
grub_uint64_t hardware_subarch_data;
--- a/grub-core/loader/efi/linux_boot.c
+++ b/grub-core/loader/efi/linux_boot.c
@@ -30,11 +30,16 @@

73
0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
View File

@ -1,73 +0,0 @@
From 7e5f031a6a6a3decc2360a7b0c71abbe598e7354 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:33:17 +0300
Subject: [PATCH 3/6] fs/ntfs: Fix an OOB read when parsing directory entries
from resident and non-resident index attributes
This fix introduces checks to ensure that index entries are never read
beyond the corresponding directory index.
The lack of this check is a minor issue, likely not exploitable in any way.
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index a68e173d8..2d78b96e1 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -599,7 +599,7 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
}
static int
-list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
+list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, grub_uint8_t *end_pos,
grub_fshelp_iterate_dir_hook_t hook, void *hook_data)
{
grub_uint8_t *np;
@@ -610,6 +610,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
grub_uint8_t namespace;
char *ustr;
+ if ((pos >= end_pos) || (end_pos - pos < 0x52))
+ break;
+
if (pos[0xC] & 2) /* end signature */
break;
@@ -617,6 +620,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
ns = *(np++);
namespace = *(np++);
+ if (2 * ns > end_pos - pos - 0x52)
+ break;
+
/*
* Ignore files in DOS namespace, as they will reappear as Win32
* names.
@@ -806,7 +812,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
}
cur_pos += 0x10; /* Skip index root */
- ret = list_file (mft, cur_pos + u16at (cur_pos, 0), hook, hook_data);
+ ret = list_file (mft, cur_pos + u16at (cur_pos, 0),
+ at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
+ hook, hook_data);
if (ret)
goto done;
@@ -893,6 +901,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
(const grub_uint8_t *) "INDX")))
goto done;
ret = list_file (mft, &indx[0x18 + u16at (indx, 0x18)],
+ indx + (mft->data->idx_size << GRUB_NTFS_BLK_SHR),
hook, hook_data);
if (ret)
goto done;
--
2.42.0

115
0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
View File

@ -1,115 +0,0 @@
From e7b1a524d5f86dcfddfbb069577e3b148dbb19cd Mon Sep 17 00:00:00 2001
From: Anthony Iliopoulos via Grub-devel <grub-devel@gnu.org>
Date: Thu, 26 Oct 2023 11:53:39 +0200
Subject: [PATCH 3/3] fs/xfs: add large extent counters incompat feature
support
XFS introduced 64-bit extent counters for inodes via a series of
upstream commits, and the feature was marked as stable in v6.5 via
commit 61d7e8274cd8 ("xfs: drop EXPERIMENTAL tag for large extent
counts").
Further, xfsprogs release v6.5.0 switched this feature on by default in
mkfs.xfs via commit e5b18d7d1d96 ("mkfs: enable large extent counts by
default").
Filesystems formatted with large extent count support (nrext64=1) are
thus currently not recognizable by grub, since this is an incompat
feature. Add the required support so that those filesystems and inodes
with large extent counters can be read by grub.
Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
---
grub-core/fs/xfs.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 18edfcff4..bc2224dbb 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -79,6 +79,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
/* Inode flags2 flags */
#define XFS_DIFLAG2_BIGTIME_BIT 3
#define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT)
+#define XFS_DIFLAG2_NREXT64_BIT 4
+#define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT)
/* incompat feature flags */
#define XFS_SB_FEAT_INCOMPAT_FTYPE (1 << 0) /* filetype in dirent */
@@ -86,6 +88,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */
#define XFS_SB_FEAT_INCOMPAT_BIGTIME (1 << 3) /* large timestamps */
#define XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR (1 << 4) /* needs xfs_repair */
+#define XFS_SB_FEAT_INCOMPAT_NREXT64 (1 << 5) /* large extent counters */
/*
* Directory entries with ftype are explicitly handled by GRUB code.
@@ -101,7 +104,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
XFS_SB_FEAT_INCOMPAT_SPINODES | \
XFS_SB_FEAT_INCOMPAT_META_UUID | \
XFS_SB_FEAT_INCOMPAT_BIGTIME | \
- XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR)
+ XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR | \
+ XFS_SB_FEAT_INCOMPAT_NREXT64)
struct grub_xfs_sblock
{
@@ -203,7 +207,8 @@ struct grub_xfs_inode
grub_uint16_t mode;
grub_uint8_t version;
grub_uint8_t format;
- grub_uint8_t unused2[26];
+ grub_uint8_t unused2[18];
+ grub_uint64_t nextents_big;
grub_uint64_t atime;
grub_uint64_t mtime;
grub_uint64_t ctime;
@@ -545,11 +550,26 @@ get_fsb (const void *keys, int idx)
return grub_be_to_cpu64 (grub_get_unaligned64 (p));
}
+static int
+grub_xfs_inode_has_large_extent_counts (const struct grub_xfs_inode *inode)
+{
+ return inode->version >= 3 &&
+ (inode->flags2 & grub_cpu_to_be64_compile_time (XFS_DIFLAG2_NREXT64));
+}
+
+static grub_uint64_t
+grub_xfs_get_inode_nextents (struct grub_xfs_inode *inode)
+{
+ return (grub_xfs_inode_has_large_extent_counts (inode)) ?
+ grub_be_to_cpu64 (inode->nextents_big) :
+ grub_be_to_cpu32 (inode->nextents);
+}
+
static grub_disk_addr_t
grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
{
struct grub_xfs_btree_node *leaf = 0;
- int ex, nrec;
+ grub_uint64_t ex, nrec;
struct grub_xfs_extent *exts;
grub_uint64_t ret = 0;
@@ -574,7 +594,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
/ (2 * sizeof (grub_uint64_t));
do
{
- int i;
+ grub_uint64_t i;
for (i = 0; i < nrec; i++)
{
@@ -621,7 +641,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
grub_addr_t exts_end = 0;
grub_addr_t data_end = 0;
- nrec = grub_be_to_cpu32 (node->inode.nextents);
+ nrec = grub_xfs_get_inode_nextents (&node->inode);
exts = (struct grub_xfs_extent *) grub_xfs_inode_data(&node->inode);
if (grub_mul (sizeof (struct grub_xfs_extent), nrec, &exts_end) ||
--
2.42.1

27
0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
View File

@ -127,21 +127,20 @@ Platform Reference (PAPR).
default:
return 0;
}
@@ -666,10 +674,11 @@
" --output '%s' "
" --dtb '%s' "
"--sbat '%s' "
- "--format '%s' --compression '%s' %s %s %s\n",
+ "--format '%s' --compression '%s' "
+ "--appended-signature-size %zu %s %s %s\n",
dir, prefix,
outname, dtb ? : "", sbat ? : "", mkimage_target,
- compnames[compression], note ? "--note" : "",
+ compnames[compression], appsig_size, note ? "--note" : "",
disable_shim_lock ? "--disable-shim-lock" : "", s);
free (s);
@@ -679,9 +687,11 @@
*p = '\0';
@@ -680,7 +689,7 @@
grub_util_info ("grub-mkimage --directory '%s' --prefix '%s' --output '%s'"
- " --format '%s' --compression '%s'%s%s%s\n",
+ " --format '%s' --compression '%s'"
+ " --appended-signature-size %zu%s%s%s\n",
dir, prefix, outname,
mkimage_target, compnames[compression],
+ appsig_size,
note ? " --note" : "",
disable_shim_lock ? " --disable-shim-lock" : "", s);
free (s);
@@ -693,7 +703,7 @@
grub_install_generate_image (dir, prefix, fp, outname,
modules.entries, memdisk_path,
pubkeys, npubkeys, config_path, tgt,

11
0004-Introduce-prep_load_env-command.patch
View File

@ -27,7 +27,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2673,3 +2673,9 @@
@@ -2679,3 +2679,9 @@
common = lib/libtasn1_wrap/tests/Test_strings.c;
common = lib/libtasn1_wrap/wrap_tests.c;
};
@ -39,7 +39,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
+};
--- /dev/null
+++ b/grub-core/commands/prep_loadenv.c
@@ -0,0 +1,230 @@
@@ -0,0 +1,237 @@
+#include <grub/dl.h>
+#include <grub/mm.h>
+#include <grub/file.h>
@ -210,6 +210,13 @@ Signed-off-by: Michael Chang <mchang@suse.com>
+ if (!dev)
+ return grub_errno;
+
+ /* Only needed for disk device */
+ if (!dev->disk)
+ {
+ err = GRUB_ERR_NONE;
+ goto out;
+ }
+
+ ret = grub_partition_iterate (dev->disk, part_hook, prep);
+ if (ret == 1 && *prep)
+ {

30
0004-blscfg-Don-t-root-device-in-emu-builds.patch Normal file
View File

@ -0,0 +1,30 @@
From 2fccb958910afaaf03cbec1a6b98ad197d088ad4 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 25 Aug 2022 17:57:55 -0400
Subject: [PATCH 4/9] blscfg: Don't root device in emu builds
Otherwise, we end up looking for kernel/initrd in /boot/boot which
doesn't work at all. Non-emu builds need to be looking in
($root)/boot/, which is what this is for.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/commands/blscfg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 7132555df..150ca96f4 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -41,7 +41,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
#ifdef GRUB_MACHINE_EMU
-#define GRUB_BOOT_DEVICE "/boot"
+#define GRUB_BOOT_DEVICE ""
#else
#define GRUB_BOOT_DEVICE "($root)"
#endif
--
2.44.0

51
0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
View File

@ -1,51 +0,0 @@
From 7a5a116739fa6d8a625da7d6b9272c9a2462f967 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:33:44 +0300
Subject: [PATCH 4/6] fs/ntfs: Fix an OOB read when parsing bitmaps for index
attributes
This fix introduces checks to ensure that bitmaps for directory indices
are never read beyond their actual sizes.
The lack of this check is a minor issue, likely not exploitable in any way.
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 2d78b96e1..bb70c89fb 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
if (is_resident)
{
+ if (bitmap_len > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap too large");
+ goto done;
+ }
+
+ if (cur_pos >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
+ goto done;
+ }
+
+ if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
+ {
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
+ goto done;
+ }
+
grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
bitmap_len);
}
--
2.42.0

121
0005-blscfg-check-for-mounted-boot-in-emu.patch Normal file
View File

@ -0,0 +1,121 @@
From 6d33393fd3c538aaead2698777c02d6d6d0221c9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 7 Mar 2023 18:59:40 -0500
Subject: [PATCH 5/9] blscfg: check for mounted /boot in emu
Irritatingly, BLS defines paths relatives to the mountpoint of the
filesystem which contains its snippets, not / or any other fixed
location. So grub2-emu needs to know whether /boot is a separate
filesysem from / and conditionally prepend a path.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/commands/blscfg.c | 54 +++++++++++++++++++++++++++++++++----
1 file changed, 49 insertions(+), 5 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 150ca96f4..6495891b9 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -40,8 +40,9 @@ GRUB_MOD_LICENSE ("GPLv3+");
#include "loadenv.h"
#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
+
#ifdef GRUB_MACHINE_EMU
-#define GRUB_BOOT_DEVICE ""
+#define GRUB_BOOT_DEVICE "/boot"
#else
#define GRUB_BOOT_DEVICE "($root)"
#endif
@@ -54,8 +55,50 @@ struct keyval
static struct bls_entry *entries = NULL;
+/* Cache probing in frob_boot_device(). Used for linux entry also.
+ * Always true in non-emu, meaning to prefix things with GRUB_BOOT_DEVICE. */
+static int separate_boot = -1;
+
#define FOR_BLS_ENTRIES(var) FOR_LIST_ELEMENTS (var, entries)
+/* BLS appears to make paths relative to the filesystem that snippets are
+ * on, not /. Attempt to cope. */
+static char *frob_boot_device(char *tmp)
+{
+#ifdef GRUB_MACHINE_EMU
+ grub_file_t f;
+ char *line = NULL;
+
+ if (separate_boot != -1)
+ goto probed;
+
+ separate_boot = 0;
+
+ f = grub_file_open ("/proc/mounts", GRUB_FILE_TYPE_CONFIG);
+ if (f == NULL)
+ goto probed;
+
+ while ((line = grub_file_getline (f)))
+ {
+ if (grub_strstr (line, " " GRUB_BOOT_DEVICE " "))
+ {
+ separate_boot = 1;
+ grub_free (line);
+ break;
+ }
+
+ grub_free(line);
+ }
+
+ grub_file_close (f);
+ probed:
+ if (!separate_boot)
+ return grub_stpcpy (tmp, " ");
+#endif
+
+ return grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+}
+
static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
{
char *k, *v;
@@ -842,7 +885,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding early initrd %s\n", early_initrds[i]);
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
tmp = grub_stpcpy (tmp, initrd_prefix);
tmp = grub_stpcpy (tmp, early_initrds[i]);
grub_free(early_initrds[i]);
@@ -851,7 +894,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]);
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
tmp = grub_stpcpy (tmp, initrds[i]);
}
tmp = grub_stpcpy (tmp, "\n");
@@ -888,7 +931,7 @@ static void create_entry (struct bls_entry *entry)
}
char *tmp = dt;
tmp = grub_stpcpy (dt, "devicetree");
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
if (add_dt_prefix)
tmp = grub_stpcpy (tmp, prefix);
tmp = grub_stpcpy (tmp, devicetree);
@@ -907,7 +950,8 @@ static void create_entry (struct bls_entry *entry)
"linux %s%s%s%s\n"
"%s%s",
savedefault ? "savedefault\n" : "",
- GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
+ separate_boot ? GRUB_BOOT_DEVICE : "",
+ clinux, options ? " " : "", options ? options : "",
initrd ? initrd : "", dt ? dt : "");
grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, 0, &index, entry);
--
2.44.0

61
0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
View File

@ -1,61 +0,0 @@
From 1fe82c41e070385e273d7bb1cfb482627a3c28e8 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:38:19 +0300
Subject: [PATCH 5/6] fs/ntfs: Fix an OOB read when parsing a volume label
This fix introduces checks to ensure that an NTFS volume label is always
read from the corresponding file record segment.
The current NTFS code allows the volume label string to be read from an
arbitrary, attacker-chosen memory location. However, the bytes read are
always treated as UTF-16LE. So, the final string displayed is mostly
unreadable and it can't be easily converted back to raw bytes.
The lack of this check is a minor issue, likely not causing a significant
data leak.
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bb70c89fb..ff5e3740f 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -1213,13 +1213,29 @@ grub_ntfs_label (grub_device_t device, char **label)
init_attr (&mft->attr, mft);
pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME);
+
+ if (pa >= mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
+ goto fail;
+ }
+
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa < 0x16)
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
+ goto fail;
+ }
+
if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
{
int len;
len = u32at (pa, 0x10) / 2;
pa += u16at (pa, 0x14);
- *label = get_utf8 (pa, len);
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
+ *label = get_utf8 (pa, len);
+ else
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
}
fail:
--
2.42.0

168
0006-Follow-the-device-where-blscfg-is-discovered.patch Normal file
View File

@ -0,0 +1,168 @@
From 6523d493b0772316a3fbb249eb070ada5d266a98 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 28 Jun 2023 14:32:40 +0800
Subject: [PATCH 6/9] Follow the device where blscfg is discovered
Previously, the code assumed that GRUB_BOOT_DEVICE "($root)" was always
the correct device for the discovered bls menu. However, this assumption
could lead to inaccuracies when attempting to load bls for devices other
than $root.
This patch introduces a more robust approach by utilizing the `struct
find_entry_info *info->devid` parameter, representing the device used to
discover the bls directory. This change ensures consistency in
subsequent translations to native GRUB commands, eliminating potential
discrepancies in device identification during the blscfg process.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/commands/blscfg.c | 40 +++++++++++++++++++++++++------------
include/grub/menu.h | 1 +
2 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 6495891b9..c872bcef0 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -55,15 +55,18 @@ struct keyval
static struct bls_entry *entries = NULL;
-/* Cache probing in frob_boot_device(). Used for linux entry also.
- * Always true in non-emu, meaning to prefix things with GRUB_BOOT_DEVICE. */
-static int separate_boot = -1;
-
#define FOR_BLS_ENTRIES(var) FOR_LIST_ELEMENTS (var, entries)
/* BLS appears to make paths relative to the filesystem that snippets are
* on, not /. Attempt to cope. */
-static char *frob_boot_device(char *tmp)
+#ifdef GRUB_MACHINE_EMU
+/* Cache probing in frob_boot_device(). Used for linux entry also.
+ * Unused in non-emu, meaning to prefix things with device of parent blsdir. */
+static int separate_boot = -1;
+static char *frob_boot_device(char *tmp, const char *bootdev UNUSED)
+#else
+static char *frob_boot_device(char *tmp, const char *bootdev)
+#endif
{
#ifdef GRUB_MACHINE_EMU
grub_file_t f;
@@ -94,9 +97,11 @@ static char *frob_boot_device(char *tmp)
probed:
if (!separate_boot)
return grub_stpcpy (tmp, " ");
-#endif
-
return grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+#else
+ tmp = grub_stpcpy (tmp, " ");
+ return grub_stpcpy (tmp, bootdev);
+#endif
}
static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
@@ -568,6 +573,9 @@ static int read_entry (
if (rc < 0)
break;
}
+
+ if (info->devid)
+ entry->devid = grub_strdup(info->devid);
if (!rc)
bls_add_entry(entry);
@@ -772,6 +780,7 @@ static void create_entry (struct bls_entry *entry)
char *id = entry->filename;
char *dotconf = id;
char *hotkey = NULL;
+ char *bootdev = entry->devid ? grub_xasprintf("(%s)", entry->devid) : grub_strdup (GRUB_BOOT_DEVICE);
char *users = NULL;
char **classes = NULL;
@@ -865,12 +874,12 @@ static void create_entry (struct bls_entry *entry)
char *tmp;
for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
- initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \
+ initrd_size += sizeof (" ") + grub_strlen (bootdev) \
+ grub_strlen(initrd_prefix) \
+ grub_strlen (early_initrds[i]) + 1;
for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
- initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \
+ initrd_size += sizeof (" ") + grub_strlen (bootdev) \
+ grub_strlen (initrds[i]) + 1;
initrd_size += 1;
@@ -885,7 +894,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding early initrd %s\n", early_initrds[i]);
- tmp = frob_boot_device (tmp);
+ tmp = frob_boot_device (tmp, bootdev);
tmp = grub_stpcpy (tmp, initrd_prefix);
tmp = grub_stpcpy (tmp, early_initrds[i]);
grub_free(early_initrds[i]);
@@ -894,7 +903,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]);
- tmp = frob_boot_device (tmp);
+ tmp = frob_boot_device (tmp, bootdev);
tmp = grub_stpcpy (tmp, initrds[i]);
}
tmp = grub_stpcpy (tmp, "\n");
@@ -916,7 +925,7 @@ static void create_entry (struct bls_entry *entry)
}
}
- dt_size = sizeof("devicetree " GRUB_BOOT_DEVICE) + grub_strlen(devicetree) + 1;
+ dt_size = sizeof("devicetree ") + grub_strlen(bootdev) + grub_strlen(devicetree) + 1;
if (add_dt_prefix)
{
@@ -931,7 +940,7 @@ static void create_entry (struct bls_entry *entry)
}
char *tmp = dt;
tmp = grub_stpcpy (dt, "devicetree");
- tmp = frob_boot_device (tmp);
+ tmp = frob_boot_device (tmp, bootdev);
if (add_dt_prefix)
tmp = grub_stpcpy (tmp, prefix);
tmp = grub_stpcpy (tmp, devicetree);
@@ -950,7 +959,11 @@ static void create_entry (struct bls_entry *entry)
"linux %s%s%s%s\n"
"%s%s",
savedefault ? "savedefault\n" : "",
+#ifdef GRUB_MACHINE_EMU
separate_boot ? GRUB_BOOT_DEVICE : "",
+#else
+ bootdev,
+#endif
clinux, options ? " " : "", options ? options : "",
initrd ? initrd : "", dt ? dt : "");
@@ -969,6 +982,7 @@ finish:
grub_free (args);
grub_free (argv);
grub_free (src);
+ grub_free (bootdev);
}
struct find_entry_info {
diff --git a/include/grub/menu.h b/include/grub/menu.h
index 43080828c..76b191c33 100644
--- a/include/grub/menu.h
+++ b/include/grub/menu.h
@@ -28,6 +28,7 @@ struct bls_entry
int nkeyvals;
char *filename;
int visible;
+ const char *devid;
};
struct grub_menu_entry_class
--
2.44.0

159
0006-fs-ntfs-Make-code-more-readable.patch
View File

@ -1,159 +0,0 @@
From e58b870ff926415e23fc386af41ff81b2f588763 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:40:07 +0300
Subject: [PATCH 6/6] fs/ntfs: Make code more readable
Move some calls used to access NTFS attribute header fields into
functions with human-readable names.
Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++--------------
1 file changed, 33 insertions(+), 15 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index ff5e3740f..de435aa14 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs)
return grub_le_to_cpu64 (grub_get_unaligned64 ((char *) ptr + ofs));
}
+static grub_uint16_t
+first_attr_off (void *mft_buf_ptr)
+{
+ return u16at (mft_buf_ptr, 0x14);
+}
+
+static grub_uint16_t
+res_attr_data_off (void *res_attr_ptr)
+{
+ return u16at (res_attr_ptr, 0x14);
+}
+
+static grub_uint32_t
+res_attr_data_len (void *res_attr_ptr)
+{
+ return u32at (res_attr_ptr, 0x10);
+}
+
grub_ntfscomp_func_t grub_ntfscomp_func;
static grub_err_t
@@ -106,7 +124,7 @@ init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft)
{
at->mft = mft;
at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0;
- at->attr_nxt = mft->buf + u16at (mft->buf, 0x14);
+ at->attr_nxt = mft->buf + first_attr_off (mft->buf);
at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL;
}
@@ -154,7 +172,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
return NULL;
}
- new_pos = &at->emft_buf[u16at (at->emft_buf, 0x14)];
+ new_pos = &at->emft_buf[first_attr_off (at->emft_buf)];
while (*new_pos != 0xFF)
{
if ((*new_pos == *at->attr_cur)
@@ -213,7 +231,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
else
{
- at->attr_nxt = at->attr_end + u16at (pa, 0x14);
+ at->attr_nxt = at->attr_end + res_attr_data_off (pa);
at->attr_end = at->attr_end + u32at (pa, 4);
pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
}
@@ -399,20 +417,20 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
if (pa[8] == 0)
{
- if (ofs + len > u32at (pa, 0x10))
+ if (ofs + len > res_attr_data_len (pa))
return grub_error (GRUB_ERR_BAD_FS, "read out of range");
- if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ if (res_attr_data_len (pa) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
- if (u16at (pa, 0x14) + u32at (pa, 0x10) >
+ if (res_attr_data_off (pa) + res_attr_data_len (pa) >
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
- grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
+ grub_memcpy (dest, pa + res_attr_data_off (pa) + ofs, len);
return 0;
}
@@ -556,7 +574,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno)
(unsigned long long) mftno);
if (!pa[8])
- mft->size = u32at (pa, 0x10);
+ mft->size = res_attr_data_len (pa);
else
mft->size = u64at (pa, 0x30);
@@ -805,7 +823,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
(u32at (cur_pos, 0x18) != 0x490024) ||
(u32at (cur_pos, 0x1C) != 0x300033))
continue;
- cur_pos += u16at (cur_pos, 0x14);
+ cur_pos += res_attr_data_off (cur_pos);
if (*cur_pos != 0x30) /* Not filename index */
continue;
break;
@@ -834,7 +852,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
{
int is_resident = (cur_pos[8] == 0);
- bitmap_len = ((is_resident) ? u32at (cur_pos, 0x10) :
+ bitmap_len = ((is_resident) ? res_attr_data_len (cur_pos) :
u32at (cur_pos, 0x28));
bmp = grub_malloc (bitmap_len);
@@ -855,14 +873,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
goto done;
}
- if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
+ if (res_attr_data_off (cur_pos) + res_attr_data_len (cur_pos) >
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
{
grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
goto done;
}
- grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
+ grub_memcpy (bmp, cur_pos + res_attr_data_off (cur_pos),
bitmap_len);
}
else
@@ -1226,12 +1244,12 @@ grub_ntfs_label (grub_device_t device, char **label)
goto fail;
}
- if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
+ if ((pa) && (pa[8] == 0) && (res_attr_data_len (pa)))
{
int len;
- len = u32at (pa, 0x10) / 2;
- pa += u16at (pa, 0x14);
+ len = res_attr_data_len (pa) / 2;
+ pa += res_attr_data_off (pa);
if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
*label = get_utf8 (pa, len);
else
--
2.42.0

264
0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch Normal file
View File

@ -0,0 +1,264 @@
From 855b3e5cd4d672e961a366ff0f53e3a09a1ad0cc Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 30 Jun 2023 14:37:41 +0800
Subject: [PATCH 7/9] grub-switch-to-blscfg: adapt to openSUSE
A few tweaks to make it 'just works' for openSUSE:
- remove RHEL specific $grub_get_kernel_settings and all reference to it.
- make $grubdir and $startlink to the path in openSUSE
- change the bls template to openSUSE
- make $cmdline account for btrfs subvolumes, among others
- remove RHEL specific $GRUB_LINUX_MAKE_DEBUG and all related code
- remove ostree specific hack
- ignore increment.mod
Signed-off-by: Michael Chang <mchang@suse.com>
---
util/grub-switch-to-blscfg.in | 144 ++++++++++++++++++++--------------
1 file changed, 87 insertions(+), 57 deletions(-)
diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
index a851424be..66ecc0cae 100644
--- a/util/grub-switch-to-blscfg.in
+++ b/util/grub-switch-to-blscfg.in
@@ -34,21 +34,18 @@ fi
self=`basename $0`
-grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
grub_editenv=${bindir}/@grub_editenv@
-etcdefaultgrub=/etc/default/grub
+grub_probe="${sbindir}/@grub_probe@"
+etcdefaultgrub=${sysconfdir}/default/grub
-eval "$("${grub_get_kernel_settings}")" || true
-
-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
-if [ -d /sys/firmware/efi/efivars/ ]; then
- startlink=/etc/grub2-efi.cfg
- grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
-else
- startlink=/etc/grub2.cfg
- grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'`
+if test -f "$etcdefaultgrub" ; then
+ # shellcheck source=/etc/default/grub
+ . "$etcdefaultgrub"
fi
+grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'`
+startlink="${grubdir}/grub.cfg"
+
blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'`
backupsuffix=.bak
@@ -58,19 +55,80 @@ arch="$(uname -m)"
export TEXTDOMAIN=@PACKAGE@
export TEXTDOMAINDIR="@localedir@"
+# shellcheck source=/usr/share/grub2/grub-mkconfig_lib
. "${pkgdatadir}/grub-mkconfig_lib"
+# FIXME: Abort if grub_probe fails
+
+GRUB_DEVICE="`${grub_probe} --target=device /`"
+GRUB_DEVICE_UUID="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true
+GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2> /dev/null`" || true
+GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`"
+
+# loop-AES arranges things so that /dev/loop/X can be our root device, but
+# the initrds that Linux uses don't like that.
+case ${GRUB_DEVICE} in
+ /dev/loop/*|/dev/loop[0-9])
+ GRUB_DEVICE=$(losetup "${GRUB_DEVICE}" | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/")
+ ;;
+esac
+
+# Default to disabling partition uuid support to maintian compatibility with
+# older kernels.
+GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true}
+
+# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
+# and mounting btrfs requires user space scanning, so force UUID in this case.
+if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \
+ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
+ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \
+ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
+ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \
+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
+ LINUX_ROOT_DEVICE=${GRUB_DEVICE}
+elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \
+ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then
+ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID}
+else
+ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
+fi
+
+if [ "x$GRUB_CONMODE" != "x" ]; then
+ GRUB_CMDLINE_LINUX="conmode=${GRUB_CONMODE} ${GRUB_CMDLINE_LINUX}"
+fi
+
+case x"$GRUB_FS" in
+ xbtrfs)
+ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" != "xtrue" ]; then
+ rootsubvol="`make_system_path_relative_to_its_root /`"
+ rootsubvol="${rootsubvol#/}"
+ if [ "x${rootsubvol}" != x ] && [ "x$SUSE_REMOVE_LINUX_ROOT_PARAM" != "xtrue" ]; then
+ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
+ fi
+ fi
+ ;;
+ xzfs)
+ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
+ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
+ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}"
+ ;;
+esac
+
+if [ "x$SUSE_REMOVE_LINUX_ROOT_PARAM" = "xtrue" ]; then
+ LINUX_ROOT_DEVICE=""
+fi
+
# Usage: usage
# Print the usage.
usage () {
gettext_printf "Usage: %s\n" "$self"
- gettext "Switch to BLS config files.\n"; echo
+ gettext "Switch to BLS config files. Only for testing purpose !!!\n"; echo
echo
print_option_help "-h, --help" "$(gettext "print this message and exit")"
print_option_help "-V, --version" "$(gettext "print the version information and exit")"
echo
print_option_help "--backup-suffix=$(gettext "SUFFIX")" "$backupsuffix"
- print_option_help "--bls-directory=$(gettext "DIR")" "$blsdir"
+ print_option_help "--bls-directory=$(gettext "DIR")" "Noop, always $blsdir"
print_option_help "--config-file=$(gettext "FILE")" "$startlink"
print_option_help "--grub-defaults=$(gettext "FILE")" "$etcdefaultgrub"
print_option_help "--grub-directory=$(gettext "DIR")" "$grubdir"
@@ -112,11 +170,15 @@ do
;;
--bls-directory)
- blsdir=`argument $option "$@"`
+ # blsdir=`argument $option "$@"`
+ gettext_printf "WARN: --bls-directory is currently disabled, it's always $blsdir !!!\n"
+ gettext_printf "WARN: use kernel-install instead if you want to test bls directory on ESP !!!\n"
shift
;;
--bls-directory=*)
- blsdir=`echo "$option" | sed 's/--bls-directory=//'`
+ # blsdir=`echo "$option" | sed 's/--bls-directory=//'`
+ gettext_printf "WARN: --bls-directory is currently disabled, it's always $blsdir !!!\n"
+ gettext_printf "WARN: use kernel-install instead if you want to test bls directory on ESP !!!\n"
;;
--config-file)
@@ -172,7 +234,7 @@ find_grub_cfg() {
return 1
}
-if ! find_grub_cfg ${startlink} ${grubdir}/grub.cfg ; then
+if ! find_grub_cfg "${startlink}" ; then
gettext_printf "Couldn't find config file\n" 1>&2
exit 1
fi
@@ -190,27 +252,22 @@ fi
mkbls() {
local kernelver=$1 && shift
local datetime=$1 && shift
+ local prefix=$1 && shift
local kernelopts=$1 && shift
- local debugname=""
- local debugid=""
local flavor=""
if [ "$kernelver" == *\+* ] ; then
local flavor=-"${kernelver##*+}"
- if [ "${flavor}" == "-debug" ]; then
- local debugname=" with debugging"
- local debugid="-debug"
- fi
fi
(
source /etc/os-release
cat <<EOF
-title ${NAME} (${kernelver}) ${VERSION}${debugname}
-version ${kernelver}${debugid}
-linux /vmlinuz-${kernelver}
-initrd /initramfs-${kernelver}.img
+title ${NAME} (${kernelver}) ${VERSION}
+version ${kernelver}$
+linux ${prefix}/vmlinuz-${kernelver}
+initrd ${prefix}/initrd-${kernelver}
options ${kernelopts}
grub_users \$grub_users
grub_arg --unrestricted
@@ -233,42 +290,15 @@ copy_bls() {
continue
fi
- linux_relpath="$("${grub_mkrelpath}" "${linux_path}")"
- bootprefix="${linux_relpath%%"${linux}"}"
+ bootprefix="$(make_system_path_relative_to_its_root /boot)"
cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
mkbls "${kernelver}" \
"$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
"${bootprefix}" "${cmdline}" >"${bls_target}"
-
- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
- bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
- cp -aT "${bls_target}" "${bls_debug}"
- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
- options="$(echo "${cmdline} ${GRUB_CMDLINE_LINUX_DEBUG}" | sed -e 's/\//\\\//g')"
- sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}"
- sed -i -e "s/^options.*/options ${options}/" "${bls_debug}"
- fi
done
-
- if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then
- mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf"
- fi
}
-# The grub2 EFI binary is not copied to the ESP as a part of an ostree
-# transaction. Make sure a grub2 version with BLS support is installed
-# but only do this if the blsdir is not set, to make sure that the BLS
-# parsing module will search for the BLS snippets in the default path.
-if test -f /run/ostree-booted && test -d /sys/firmware/efi/efivars && \
- ! ${grub_editenv} - list | grep -q blsdir && \
- mountpoint -q /boot; then
- grub_binary="$(find /usr/lib/ostree-boot/efi/EFI/${EFIDIR}/ -name grub*.efi)"
- install -m 700 ${grub_binary} ${grubdir} || exit 1
- # Create a hidden file to indicate that grub2 now has BLS support.
- touch /boot/grub2/.grub2-blscfg-supported
-fi
-
GENERATE=0
if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \
| grep -vq '^GRUB_ENABLE_BLSCFG="*true"*\s*$' ; then
@@ -297,9 +327,7 @@ if [ "${GENERATE}" -eq 1 ] ; then
fi
if [ -n "${mod_dir}" ]; then
- for mod in blscfg increment; do
- install -m 700 ${prefix}/lib/grub/${mod_dir}/${mod}.mod ${grubdir}/$mod_dir/ || exit 1
- done
+ install -m 700 "${pkgdatadir}/${mod_dir}/blscfg.mod" "${grubdir}/$mod_dir/" || exit 1
fi
cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}"
@@ -311,6 +339,8 @@ if [ "${GENERATE}" -eq 1 ] ; then
gettext_printf "Updating %s failed\n" "${GRUB_CONFIG_FILE}"
exit 1
fi
+else
+ gettext_printf "Do nothing because \$GRUB_ENABLE_BLSCFG is already true in %s\n" "${GRUB_CONFIG_FILE}"
fi
# Bye.
--
2.44.0

75
0008-blscfg-reading-bls-fragments-if-boot-present.patch Normal file
View File

@ -0,0 +1,75 @@
From 2b0e6effc31ec166bbbe35a3cd2b4c73051f38bb Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 16 Jun 2023 15:54:50 +0800
Subject: [PATCH 8/9] blscfg: reading bls fragments if boot present
The Boot Loader Specification (BLS) designates the EFI System Partition
(ESP) as a primary location for $BOOT, where boot menu entries can be
stored. The specification encourages boot loaders to retrieve menu
entries from the ESP, even when XBOOTLDR is present.
This commit aligns with the BLS specification by introducing the
capability to search for the ESP in addition to the default root
partition or any specified location via blscfg's command line. The $boot
environment variable is utilized as a reference to the ESP device for
the blscfg command. Initialization of $boot in grub.cfg is demonstrated
as follows:
insmod part_gpt
insmod fat
search --no-floppy --fs-uuid --set=boot F414-5A9F
If $boot is unset, no additional search for the BLS location will be
performed.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/commands/blscfg.c | 10 ++++++++++
util/grub.d/10_linux.in | 3 ++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index c872bcef0..cbe2a289e 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -1186,6 +1186,7 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED,
char *entry_id = NULL;
bool show_default = true;
bool show_non_default = true;
+ const char *boot = NULL;
if (argc == 1) {
if (grub_strcmp (args[0], "default") == 0) {
@@ -1205,6 +1206,15 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED,
if (r)
return r;
+ boot = grub_env_get("boot");
+ path = (boot) ? grub_xasprintf("(%s)" GRUB_BLS_CONFIG_PATH, boot) : NULL;
+ if (path)
+ {
+ bls_load_entries(path);
+ grub_print_error();
+ }
+ grub_free(path);
+
return bls_create_entries(show_default, show_non_default, entry_id);
}
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 45eefb332..edf0fca55 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -201,7 +201,8 @@ populate_menu()
}
# Make BLS the default if GRUB_ENABLE_BLSCFG was not set and grubby is not installed.
-if [ -z "${GRUB_ENABLE_BLSCFG}" ] && ! command -v new-kernel-pkg >/dev/null; then
+# FIXME: The test should be aligned to openSUSE, grubby is not our default tool
+if [ -z "${GRUB_ENABLE_BLSCFG}" ] && ! command -v new-kernel-pkg >/dev/null && false; then
GRUB_ENABLE_BLSCFG="true"
fi
--
2.44.0

78
0009-10_linux-Some-refinement-for-BLS.patch Normal file
View File

@ -0,0 +1,78 @@
From 72a72facc6cbaf58fda136286af78bbbd48bd88c Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 13 Mar 2024 15:26:42 +0800
Subject: [PATCH 9/9] 10_linux: Some refinement for BLS
Remove BLS_POPULATE_MENU as it is not being used currently and removing
kernelopts assignment in the grub boot config itself to fully delegate
the responsibility of generating kernel options to a functioning BLS
generator.
Signed-off-by: Michael Chang <mchang@suse.com>
---
util/grub.d/10_linux.in | 29 -----------------------------
1 file changed, 29 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index edf0fca55..7cbff7466 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -93,11 +93,7 @@ fi
populate_header_warn()
{
-if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
- bls_parser="10_linux script"
-else
bls_parser="blscfg command"
-fi
cat <<EOF
# This section was generated by a script. Do not modify the generated file - all changes
@@ -200,11 +196,6 @@ populate_menu()
printf "$menu"
}
-# Make BLS the default if GRUB_ENABLE_BLSCFG was not set and grubby is not installed.
-# FIXME: The test should be aligned to openSUSE, grubby is not our default tool
-if [ -z "${GRUB_ENABLE_BLSCFG}" ] && ! command -v new-kernel-pkg >/dev/null && false; then
- GRUB_ENABLE_BLSCFG="true"
-fi
if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
if [ x$dirname = x/ ]; then
@@ -252,31 +243,11 @@ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
populate_header_warn
- cat << EOF
-# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
-# entries populated from BootLoaderSpec files that use this variable work correctly even
-# without a grubenv file, define a fallback kernelopts variable if this has not been set.
-#
-# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
-# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
-# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
-# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
-if [ -z "\${kernelopts}" ]; then
- set kernelopts="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
-fi
-EOF
-
- update_bls_cmdline
-
- if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
- populate_menu
- else
cat << EOF
insmod blscfg
blscfg
EOF
- fi
if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
blsdir="/boot/loader/entries"
--
2.44.0

16
0016-grub-install-support-embedding-x509-certificates.patch
View File

@ -89,18 +89,18 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
case GRUB_INSTALL_OPTIONS_VERBOSITY:
verbosity++;
@@ -632,6 +640,9 @@
@@ -636,6 +644,9 @@
for (pk = pubkeys; pk < pubkeys + npubkeys; pk++)
slen += 20 + grub_strlen (*pk);
slen += sizeof (" --pubkey ''") + grub_strlen (*pk);
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++)
+ slen += 10 + grub_strlen (*pk);
+
for (md = modules.entries; *md; md++)
{
slen += 10 + grub_strlen (*md);
@@ -660,6 +671,14 @@
*p++ = ' ';
slen += sizeof (" ''") + grub_strlen (*md);
@@ -676,6 +687,14 @@
*p++ = '\'';
}
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++)
@ -113,8 +113,8 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
+
for (md = modules.entries; *md; md++)
{
*p++ = '\'';
@@ -688,7 +707,8 @@
*p++ = ' ';
@@ -702,7 +721,8 @@
grub_install_generate_image (dir, prefix, fp, outname,
modules.entries, memdisk_path,

34
0021-appended-signatures-documentation.patch
View File

@ -18,7 +18,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -3278,6 +3278,7 @@
@@ -3270,6 +3270,7 @@
@menu
* biosnum::
@ -26,7 +26,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
* check_signatures::
* chosen::
* cmdpath::
@@ -3342,11 +3343,18 @@
@@ -3334,11 +3335,18 @@
chain-loaded system, @pxref{drivemap}.
@ -47,7 +47,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node chosen
@subsection chosen
@@ -4322,6 +4330,7 @@
@@ -4357,6 +4365,7 @@
* date:: Display or set current date and time
* devicetree:: Load a device tree blob
* distrust:: Remove a pubkey from trusted keys
@ -55,15 +55,15 @@ v2: fix a grammar issue, thanks Stefan Berger.
* drivemap:: Map a drive to another
* echo:: Display a line of text
* efitextmode:: Set/Get text output mode resolution
@@ -4337,6 +4346,7 @@
* help:: Show help messages
@@ -4373,6 +4382,7 @@
* hexdump:: Show raw contents of a file or memory
* insmod:: Insert a module
* keystatus:: Check key modifier status
+* list_certificates:: List trusted certificates
* list_env:: List variables in environment block
* list_trusted:: List trusted public keys
* load_env:: Load variables from environment block
@@ -4375,8 +4385,10 @@
@@ -4411,8 +4421,10 @@
* test:: Check file types and compare values
* true:: Do nothing, successfully
* trust:: Add public key to list of trusted keys
@ -74,7 +74,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
* verify_detached:: Verify detached digital signature
* videoinfo:: List available video modes
* wrmsr:: Write values to model-specific registers
@@ -4710,9 +4722,28 @@
@@ -4752,9 +4764,28 @@
@code{check_signatures} is set to @code{enforce}
(@pxref{check_signatures}), and by some invocations of
@command{verify_detached} (@pxref{verify_detached}). @xref{Using
@ -104,7 +104,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node drivemap
@subsection drivemap
@@ -4975,6 +5006,21 @@
@@ -5031,6 +5062,21 @@
@end deffn
@ -126,7 +126,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node list_env
@subsection list_env
@@ -4994,7 +5040,7 @@
@@ -5050,7 +5096,7 @@
@code{gpg --fingerprint}). The least significant four bytes (last
eight hexadecimal digits) can be used as an argument to
@command{distrust} (@pxref{distrust}).
@ -135,7 +135,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
these keys.
@end deffn
@@ -5029,8 +5075,12 @@
@@ -5085,8 +5131,12 @@
administrator to configure a system to boot only signed
configurations, but to allow the user to select from among multiple
configurations, and to enable ``one-shot'' boot attempts and
@ -149,7 +149,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end deffn
@@ -5401,7 +5451,7 @@
@@ -5457,7 +5507,7 @@
file from within GRUB using this command, such that its signature will
no longer be valid on subsequent boots. Care should be taken in such
advanced configurations to avoid rendering the system
@ -158,7 +158,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end deffn
@@ -5817,11 +5867,31 @@
@@ -5873,11 +5923,31 @@
must itself be properly signed. The @option{--skip-sig} option can be
used to disable signature-checking when reading @var{pubkey_file}
itself. It is expected that @option{--skip-sig} is useful for testing
@ -191,7 +191,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node unset
@subsection unset
@@ -5840,6 +5910,18 @@
@@ -5896,6 +5966,18 @@
@end deffn
@end ignore
@ -210,7 +210,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node verify_detached
@subsection verify_detached
@@ -5858,7 +5940,7 @@
@@ -5914,7 +5996,7 @@
Exit code @code{$?} is set to 0 if the signature validates
successfully. If validation fails, it is set to a non-zero value.
@ -219,7 +219,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end deffn
@node videoinfo
@@ -6339,13 +6421,14 @@
@@ -6394,13 +6476,14 @@
@chapter Security
@menu
@ -241,7 +241,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end menu
@node Authentication and authorisation
@@ -6419,8 +6502,8 @@
@@ -6474,8 +6557,8 @@
adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
commands.
@ -252,7 +252,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
GRUB's @file{core.img} can optionally provide enforcement that all files
subsequently read from disk are covered by a valid digital signature.
@@ -6503,6 +6586,82 @@
@@ -6558,6 +6641,82 @@
(attacker-controlled) device. GRUB is at best only one link in a
secure boot chain.

12
0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
View File

@ -16,7 +16,7 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -6740,8 +6740,8 @@
@@ -6795,8 +6795,8 @@
@section Lockdown when booting on a secure setup
The GRUB can be locked down when booted on a secure boot environment, for example
@ -39,15 +39,15 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
sparc64_ieee1275 = kern/sparc64/dl.c;
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -44,6 +44,7 @@
#ifdef __sparc__
#include <grub/machine/kernel.h>
@@ -49,6 +49,7 @@
#if defined(__powerpc__) || defined(__i386__)
#include <grub/ieee1275/alloc.h>
#endif
+#include <grub/lockdown.h>
/* The maximum heap size we're going to claim at boot. Not used by sparc. */
#ifdef __i386__
@@ -708,6 +709,30 @@
@@ -893,6 +894,30 @@
}
}
@ -78,7 +78,7 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
grub_addr_t grub_modbase;
void
@@ -733,6 +758,8 @@
@@ -918,6 +943,8 @@
#else
grub_install_get_time_ms (grub_rtc_get_time_ms);
#endif

32
20_memtest86+
View File

@ -19,6 +19,14 @@ set -e
# You should have received a copy of the GNU General Public License
# along with the script. If not, see <http://www.gnu.org/licenses/>.
# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
# This file is deprecated, it is going to be removed soon
# and it's functionality has been disabled.
# The package memtest86+ is going to provide a similar file.
# Until that happens, you can reenable this file by
# adding to it the execute permission.
# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
. "$pkgdatadir/grub-mkconfig_lib"
export TEXTDOMAIN=grub2
@ -35,17 +43,31 @@ fi
# memtest86+ comes in two flavours, one EFI and one suitable for x86 real mode.
# The EFI module requires security disabled in BIOS (Boot Mode: Other OS)
if [ -d /sys/firmware/efi -a -f /boot/efi/EFI/memtest86/memtest.efi ]; then
memtest=/boot/efi/EFI/memtest86/memtest.efi
if [ -d /sys/firmware/efi ]; then
if [ -f /boot/efi/EFI/memtest86/memtest.efi ]; then
memtest=/boot/efi/EFI/memtest86/memtest.efi
elif [ -f /usr/lib/memtest86+/memtest.efi ]; then
memtest=/usr/lib/memtest86+/memtest.efi
else
#memtest.efi not found
exit 0
fi
loader='linux '
message="$(gettext_printf "Loading EFI memtest ...\n" | grub_quote)"
# locate the real EFI partition
GRUB_DEVICE_BOOT=$(grub2-probe -t device "$memtest")
else
memtest=/boot/memtest.bin
if [ -f /boot/memtest.bin ]; then
memtest=/boot/memtest.bin
elif [ -f /usr/lib/memtest86+/memtest.bin ]; then
memtest=/usr/lib/memtest86+/memtest.bin
else
#memtest.bin not found
exit 0
fi
loader='linux16'
message="$(gettext_printf "Loading x86 memtest ...\n" | grub_quote)"
fi
# locate the real partition
GRUB_DEVICE_BOOT=$(grub2-probe -t device "$memtest")
if grub_file_is_not_garbage "$memtest" ; then
gettext_printf "Found memtest image: %s\n" "$memtest" >&2

4
fix_no_extra_deps_in_release_tarball.patch Normal file
View File

@ -0,0 +1,4 @@
--- /dev/null
+++ b/grub-core/extra_deps.lst
@@ -0,0 +1 @@
+depends bli part_gpt

BIN
grub-2.12.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
grub-2.12~rc1.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

93
grub2-bsc1220338-key_protector-implement-the-blocklist.patch Normal file
View File

@ -0,0 +1,93 @@
From 139dc1c2590683cb8c0c1c13424d2436b81bffb7 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 18 Mar 2024 14:53:11 +0800
Subject: [PATCH] key_protector: implement the blocklist
Some architectures may need to do the additional check to avoid leaking
the recovered key. This commit adds an additional check for the EFI
system to detect the deprecated SystemdOptions variable. Once the
variable is spotted, key_protector just returns without the further
action for the key recovery.
Signed-off-by: Gary Lin <glin@suse.com>
---
grub-core/kern/protectors.c | 31 +++++++++++++++++++++++++++++++
include/grub/efi/api.h | 5 +++++
2 files changed, 36 insertions(+)
Index: grub-2.12/grub-core/kern/protectors.c
===================================================================
--- grub-2.12.orig/grub-core/kern/protectors.c
+++ grub-2.12/grub-core/kern/protectors.c
@@ -21,6 +21,10 @@
#include <grub/mm.h>
#include <grub/protector.h>
+#ifdef GRUB_MACHINE_EFI
+#include <grub/efi/efi.h>
+#endif
+
struct grub_key_protector *grub_key_protectors = NULL;
grub_err_t
@@ -51,11 +55,34 @@ grub_key_protector_unregister (struct gr
return GRUB_ERR_NONE;
}
+static grub_err_t
+grub_key_protector_check_blocklist (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ static grub_guid_t systemd_guid = GRUB_EFI_SYSTEMD_GUID;
+ grub_efi_status_t status;
+ grub_size_t size = 0;
+ grub_uint8_t *systemdoptions = NULL;
+
+ /* SystemdOptions may contain malicious kernel command lines. */
+ status = grub_efi_get_variable ("SystemdOptions", &systemd_guid,
+ &size, (void **) &systemdoptions);
+ if (status != GRUB_EFI_NOT_FOUND)
+ {
+ grub_free (systemdoptions);
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("SystemdOptions detected"));
+ }
+#endif
+
+ return GRUB_ERR_NONE;
+}
+
grub_err_t
grub_key_protector_recover_key (const char *protector, grub_uint8_t **key,
grub_size_t *key_size)
{
struct grub_key_protector *kp = NULL;
+ grub_err_t err;
if (grub_key_protectors == NULL)
return GRUB_ERR_OUT_OF_RANGE;
@@ -71,5 +98,9 @@ grub_key_protector_recover_key (const ch
"Is the name spelled correctly and is the "
"corresponding module loaded?"), protector);
+ err = grub_key_protector_check_blocklist ();
+ if (err != GRUB_ERR_NONE)
+ return err;
+
return kp->recover_key (key, key_size);
}
Index: grub-2.12/include/grub/efi/api.h
===================================================================
--- grub-2.12.orig/include/grub/efi/api.h
+++ grub-2.12/include/grub/efi/api.h
@@ -389,6 +389,11 @@
{ 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \
}
+#define GRUB_EFI_SYSTEMD_GUID \
+ { 0x8cf2644b, 0x4b0b, 0x428f, \
+ { 0x93, 0x87, 0x6d, 0x87, 0x60, 0x50, 0xdc, 0x67 } \
+ }
+
struct grub_efi_sal_system_table
{
grub_uint32_t signature;

13
grub2-btrfs-04-grub2-install.patch
View File

@ -81,11 +81,10 @@
if (!bootloader_id && config.grub_distributor)
{
char *ptr;
@@ -1426,6 +1431,16 @@
fprintf (load_cfg_f, "set debug='%s'\n",
debug_image);
@@ -1451,6 +1456,15 @@
debug_image);
}
+
+ if (config.is_suse_btrfs_snapshot_enabled
+ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0)
+ {
@ -95,9 +94,9 @@
+ fprintf (load_cfg_f, "set btrfs_relative_path='y'\n");
+ }
+
char *prefix_drive = NULL;
char *install_drive = NULL;
if (!have_abstractions)
{
if ((disk_module && grub_strcmp (disk_module, "biosdisk") != 0)
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -373,6 +373,7 @@

856
grub2-change-bash-completion-dir.patch
View File

@ -1,13 +1,859 @@
From 9c033a0d4c8ec3e845e0b426dcacb369342beff4 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 29 Jan 2024 14:30:24 +0800
Subject: [PATCH] util/bash-completion: Load scripts on demand
There are two system directories for bash-completion scripts. One is
/usr/share/bash-completion/completions and the other is
/etc/bash_completion.d/. The 'etc' scripts are loaded in advance and
for backward compatibility while the 'usr' scripts are loaded on demand.
To load scripts on demand, it requires the corresponding script to
every command, so the main bash-completion script is split into several
subscripts for different grub commands. To share the code, the real
completion functions are still implemented in 'grub', and each
subscript sources 'grub' and invokes the corresponding function.
Signed-off-by: Gary Lin <glin@suse.com>
---
util/bash-completion.d/Makefile.am | 114 +++++++++++++++++-
.../bash-completion.d/grub-bios-setup.bash.in | 30 +++++
.../bash-completion.d/grub-completion.bash.in | 89 ++------------
util/bash-completion.d/grub-editenv.bash.in | 30 +++++
util/bash-completion.d/grub-install.bash.in | 30 +++++
util/bash-completion.d/grub-mkconfig.bash.in | 30 +++++
util/bash-completion.d/grub-mkfont.bash.in | 30 +++++
util/bash-completion.d/grub-mkimage.bash.in | 30 +++++
.../grub-mkpasswd-pbkdf2.bash.in | 30 +++++
util/bash-completion.d/grub-mkrescue.bash.in | 30 +++++
util/bash-completion.d/grub-probe.bash.in | 30 +++++
util/bash-completion.d/grub-reboot.bash.in | 30 +++++
.../grub-script-check.bash.in | 30 +++++
.../grub-set-default.bash.in | 30 +++++
.../grub-sparc64-setup.bash.in | 30 +++++
15 files changed, 510 insertions(+), 83 deletions(-)
create mode 100644 util/bash-completion.d/grub-bios-setup.bash.in
create mode 100644 util/bash-completion.d/grub-editenv.bash.in
create mode 100644 util/bash-completion.d/grub-install.bash.in
create mode 100644 util/bash-completion.d/grub-mkconfig.bash.in
create mode 100644 util/bash-completion.d/grub-mkfont.bash.in
create mode 100644 util/bash-completion.d/grub-mkimage.bash.in
create mode 100644 util/bash-completion.d/grub-mkpasswd-pbkdf2.bash.in
create mode 100644 util/bash-completion.d/grub-mkrescue.bash.in
create mode 100644 util/bash-completion.d/grub-probe.bash.in
create mode 100644 util/bash-completion.d/grub-reboot.bash.in
create mode 100644 util/bash-completion.d/grub-script-check.bash.in
create mode 100644 util/bash-completion.d/grub-set-default.bash.in
create mode 100644 util/bash-completion.d/grub-sparc64-setup.bash.in
diff --git a/util/bash-completion.d/Makefile.am b/util/bash-completion.d/Makefile.am
index 136287c..2123a3c 100644
index 136287cf1..33fff9546 100644
--- a/util/bash-completion.d/Makefile.am
+++ b/util/bash-completion.d/Makefile.am
@@ -6,7 +6,7 @@ EXTRA_DIST = $(bash_completion_source)
@@ -1,13 +1,117 @@
-
bash_completion_source = grub-completion.bash.in
bash_completion_script = grub
+grub_bios_setup_source = grub-bios-setup.bash.in
+grub_bios_setup_script = @grub_bios_setup@
+grub_editenv_source = grub-editenv.bash.in
+grub_editenv_script = @grub_editenv@
+grub_install_source = grub-install.bash.in
+grub_install_script = @grub_install@
+grub_mkconfig_source = grub-mkconfig.bash.in
+grub_mkconfig_script = @grub_mkconfig@
+grub_mkfont_source = grub-mkfont.bash.in
+grub_mkfont_script = @grub_mkfont@
+grub_mkimage_source = grub-mkimage.bash.in
+grub_mkimage_script = @grub_mkimage@
+grub_mkpasswd_pbkdf2_source = grub-mkpasswd-pbkdf2.bash.in
+grub_mkpasswd_pbkdf2_script = @grub_mkpasswd_pbkdf2@
+grub_mkrescue_source = grub-mkrescue.bash.in
+grub_mkrescue_script = @grub_mkrescue@
+grub_probe_source = grub-probe.bash.in
+grub_probe_script = @grub_probe@
+grub_reboot_source = grub-reboot.bash.in
+grub_reboot_script = @grub_reboot@
+grub_script_check_source = grub-script-check.bash.in
+grub_script_check_script = @grub_script_check@
+grub_set_default_source = grub-set-default.bash.in
+grub_set_default_script = @grub_set_default@
+grub_sparc64_setup_source = grub-sparc64-setup.bash.in
+grub_sparc64_setup_script = @grub_sparc64_setup@
CLEANFILES = $(bash_completion_script) config.log
-EXTRA_DIST = $(bash_completion_source)
+EXTRA_DIST = $(bash_completion_source) \
+ $(grub_bios_setup_source) \
+ $(grub_editenv_source) \
+ $(grub_install_source) \
+ $(grub_mkconfig_source) \
+ $(grub_mkfont_source) \
+ $(grub_mkimage_source) \
+ $(grub_mkpasswd_pbkdf2_source) \
+ $(grub_mkrescue_source) \
+ $(grub_probe_source) \
+ $(grub_reboot_source) \
+ $(grub_script_check_source) \
+ $(grub_set_default_source) \
+ $(grub_sparc64_setup_source)
-CLEANFILES = $(bash_completion_script) config.log
+CLEANFILES = $(bash_completion_script) \
+ $(grub_bios_setup_script) \
+ $(grub_editenv_script) \
+ $(grub_install_script) \
+ $(grub_mkconfig_script) \
+ $(grub_mkfont_script) \
+ $(grub_mkimage_script) \
+ $(grub_mkpasswd_pbkdf2_script) \
+ $(grub_mkrescure_script) \
+ $(grub_probe_script) \
+ $(grub_reboot_script) \
+ $(grub_script_check_script) \
+ $(grub_set_default_script) \
+ $(grub_sparc64_setup_script) \
+ config.log
-bashcompletiondir = $(sysconfdir)/bash_completion.d
+bashcompletiondir = $(datadir)/bash-completion/completions
bashcompletion_DATA = $(bash_completion_script)
-bashcompletion_DATA = $(bash_completion_script)
+bashcompletiondir = $(datarootdir)/bash-completion/completions
+bashcompletion_DATA = $(bash_completion_script) \
+ $(grub_bios_setup_script) \
+ $(grub_editenv_script) \
+ $(grub_install_script) \
+ $(grub_mkconfig_script) \
+ $(grub_mkfont_script) \
+ $(grub_mkimage_script) \
+ $(grub_mkpasswd_pbkdf2_script) \
+ $(grub_mkrescure_script) \
+ $(grub_probe_script) \
+ $(grub_reboot_script) \
+ $(grub_script_check_script) \
+ $(grub_set_default_script) \
+ $(grub_sparc64_setup_script)
$(bash_completion_script): $(bash_completion_source) $(top_builddir)/config.status
$(top_builddir)/config.status --file=$@:$<
+
+$(grub_bios_setup_script): $(grub_bios_setup_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_editenv_script): $(grub_editenv_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_install_script): $(grub_install_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_mkconfig_script): $(grub_mkconfig_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_mkfont_script): $(grub_mkfont_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_mkimage_script): $(grub_mkimage_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_mkpasswd_pbkdf2_script): $(grub_mkpasswd_pbkdf2_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_mkrescue_script): $(grub_mkrescue_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_probe_script): $(grub_probe_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_reboot_script): $(grub_reboot_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_script_check_script): $(grub_script_check_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_set_default_script): $(grub_set_default_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
+
+$(grub_sparc64_setup_script): $(grub_sparc64_setup_source) $(top_builddir)/config.status
+ $(top_builddir)/config.status --file=$@:$<
diff --git a/util/bash-completion.d/grub-bios-setup.bash.in b/util/bash-completion.d/grub-bios-setup.bash.in
new file mode 100644
index 000000000..2d362b5e2
--- /dev/null
+++ b/util/bash-completion.d/grub-bios-setup.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-bios-setup@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_bios_setup () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_setup
+}
+complete -F _grub_bios_setup -o filenames @grub_bios_setup@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in
index 213ce1e57..4c88ee901 100644
--- a/util/bash-completion.d/grub-completion.bash.in
+++ b/util/bash-completion.d/grub-completion.bash.in
@@ -150,7 +150,7 @@ __grub_list_modules () {
#
# grub-set-default & grub-reboot
#
-_grub_set_entry () {
+__grub_set_entry () {
local cur prev split=false
COMPREPLY=()
@@ -176,21 +176,10 @@ _grub_set_entry () {
fi
}
-__grub_set_default_program="@grub_set_default@"
-have ${__grub_set_default_program} && \
- complete -F _grub_set_entry -o filenames ${__grub_set_default_program}
-unset __grub_set_default_program
-
-__grub_reboot_program="@grub_reboot@"
-have ${__grub_reboot_program} && \
- complete -F _grub_set_entry -o filenames ${__grub_reboot_program}
-unset __grub_reboot_program
-
-
#
# grub-editenv
#
-_grub_editenv () {
+__grub_editenv () {
local cur prev
COMPREPLY=()
@@ -208,16 +197,10 @@ _grub_editenv () {
create list set unset"
}
-__grub_editenv_program="@grub_editenv@"
-have ${__grub_editenv_program} && \
- complete -F _grub_editenv -o filenames ${__grub_editenv_program}
-unset __grub_editenv_program
-
-
#
# grub-mkconfig
#
-_grub_mkconfig () {
+__grub_mkconfig () {
local cur prev
COMPREPLY=()
@@ -229,16 +212,11 @@ _grub_mkconfig () {
_filedir
fi
}
-__grub_mkconfig_program="@grub_mkconfig@"
-have ${__grub_mkconfig_program} && \
- complete -F _grub_mkconfig -o filenames ${__grub_mkconfig_program}
-unset __grub_mkconfig_program
-
#
# grub-setup
#
-_grub_setup () {
+__grub_setup () {
local cur prev split=false
COMPREPLY=()
@@ -264,21 +242,10 @@ _grub_setup () {
fi
}
-__grub_bios_setup_program="@grub_bios_setup@"
-have ${__grub_bios_setup_program} && \
- complete -F _grub_setup -o filenames ${__grub_bios_setup_program}
-unset __grub_bios_setup_program
-
-__grub_sparc64_setup_program="@grub_sparc64_setup@"
-have ${__grub_sparc64_setup_program} && \
- complete -F _grub_setup -o filenames ${__grub_sparc64_setup_program}
-unset __grub_sparc64_setup_program
-
-
#
# grub-install
#
-_grub_install () {
+__grub_install () {
local cur prev last split=false
COMPREPLY=()
@@ -315,16 +282,11 @@ _grub_install () {
_filedir
fi
}
-__grub_install_program="@grub_install@"
-have ${__grub_install_program} && \
- complete -F _grub_install -o filenames ${__grub_install_program}
-unset __grub_install_program
-
#
# grub-mkfont
#
-_grub_mkfont () {
+__grub_mkfont () {
local cur
COMPREPLY=()
@@ -337,16 +299,11 @@ _grub_mkfont () {
_filedir
fi
}
-__grub_mkfont_program="@grub_mkfont@"
-have ${__grub_mkfont_program} && \
- complete -F _grub_mkfont -o filenames ${__grub_mkfont_program}
-unset __grub_mkfont_program
-
#
# grub-mkrescue
#
-_grub_mkrescue () {
+__grub_mkrescue () {
local cur prev last
COMPREPLY=()
@@ -368,16 +325,11 @@ _grub_mkrescue () {
_filedir
fi
}
-__grub_mkrescue_program="@grub_mkrescue@"
-have ${__grub_mkrescue_program} && \
- complete -F _grub_mkrescue -o filenames ${__grub_mkrescue_program}
-unset __grub_mkrescue_program
-
#
# grub-mkimage
#
-_grub_mkimage () {
+__grub_mkimage () {
local cur prev split=false
COMPREPLY=()
@@ -410,16 +362,11 @@ _grub_mkimage () {
_filedir
fi
}
-__grub_mkimage_program="@grub_mkimage@"
-have ${__grub_mkimage_program} && \
- complete -F _grub_mkimage -o filenames ${__grub_mkimage_program}
-unset __grub_mkimage_program
-
#
# grub-mkpasswd-pbkdf2
#
-_grub_mkpasswd_pbkdf2 () {
+__grub_mkpasswd_pbkdf2 () {
local cur
COMPREPLY=()
@@ -432,16 +379,11 @@ _grub_mkpasswd_pbkdf2 () {
_filedir
fi
}
-__grub_mkpasswd_pbkdf2_program="@grub_mkpasswd_pbkdf2@"
-have ${__grub_mkpasswd_pbkdf2_program} && \
- complete -F _grub_mkpasswd_pbkdf2 -o filenames ${__grub_mkpasswd_pbkdf2_program}
-unset __grub_mkpasswd_pbkdf2_program
-
#
# grub-probe
#
-_grub_probe () {
+__grub_probe () {
local cur prev split=false
COMPREPLY=()
@@ -470,16 +412,11 @@ _grub_probe () {
_filedir
fi
}
-__grub_probe_program="@grub_probe@"
-have ${__grub_probe_program} && \
- complete -F _grub_probe -o filenames ${__grub_probe_program}
-unset __grub_probe_program
-
#
# grub-script-check
#
-_grub_script_check () {
+__grub_script_check () {
local cur
COMPREPLY=()
@@ -492,10 +429,6 @@ _grub_script_check () {
_filedir
fi
}
-__grub_script_check_program="@grub_script_check@"
-have ${__grub_script_check_program} && \
- complete -F _grub_script_check -o filenames ${__grub_script_check_program}
-
# Local variables:
# mode: shell-script
diff --git a/util/bash-completion.d/grub-editenv.bash.in b/util/bash-completion.d/grub-editenv.bash.in
new file mode 100644
index 000000000..29b1333ea
--- /dev/null
+++ b/util/bash-completion.d/grub-editenv.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-editenv@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_editenv () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_editenv
+}
+complete -F _grub_editenv -o filenames @grub_editenv@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-install.bash.in b/util/bash-completion.d/grub-install.bash.in
new file mode 100644
index 000000000..a89fc614a
--- /dev/null
+++ b/util/bash-completion.d/grub-install.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-install@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_install () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_install
+}
+complete -F _grub_install -o filenames @grub_install@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-mkconfig.bash.in b/util/bash-completion.d/grub-mkconfig.bash.in
new file mode 100644
index 000000000..862e0c58f
--- /dev/null
+++ b/util/bash-completion.d/grub-mkconfig.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-mkconfig@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_mkconfig () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_mkconfig
+}
+complete -F _grub_mkconfig -o filenames @grub_mkconfig@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-mkfont.bash.in b/util/bash-completion.d/grub-mkfont.bash.in
new file mode 100644
index 000000000..17baccdf5
--- /dev/null
+++ b/util/bash-completion.d/grub-mkfont.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-mkfont@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_mkfont () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_mkfont
+}
+complete -F _grub_mkfont -o filenames @grub_mkfont@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-mkimage.bash.in b/util/bash-completion.d/grub-mkimage.bash.in
new file mode 100644
index 000000000..a383ed3e9
--- /dev/null
+++ b/util/bash-completion.d/grub-mkimage.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-mkimage@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_mkimage () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_mkimage
+}
+complete -F _grub_mkimage -o filenames @grub_mkimage@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-mkpasswd-pbkdf2.bash.in b/util/bash-completion.d/grub-mkpasswd-pbkdf2.bash.in
new file mode 100644
index 000000000..32b8fd6eb
--- /dev/null
+++ b/util/bash-completion.d/grub-mkpasswd-pbkdf2.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-mkpasswd-pbkdf2@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_mkpasswd_pbkdf2 () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_mkpasswd_pbkdf2
+}
+complete -F _grub_mkpasswd_pbkdf2 -o filenames @grub_mkpasswd_pbkdf2@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-mkrescue.bash.in b/util/bash-completion.d/grub-mkrescue.bash.in
new file mode 100644
index 000000000..5968ba00e
--- /dev/null
+++ b/util/bash-completion.d/grub-mkrescue.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-mkresue@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_mkrescue () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_mkrescue
+}
+complete -F _grub_mkrescue -o filenames @grub_mkrescue@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-probe.bash.in b/util/bash-completion.d/grub-probe.bash.in
new file mode 100644
index 000000000..08400f2f1
--- /dev/null
+++ b/util/bash-completion.d/grub-probe.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-probe@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_probe () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_probe
+}
+complete -F _grub_probe -o filenames @grub_probe@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-reboot.bash.in b/util/bash-completion.d/grub-reboot.bash.in
new file mode 100644
index 000000000..154aecea9
--- /dev/null
+++ b/util/bash-completion.d/grub-reboot.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-reboot@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_reboot () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_set_entry
+}
+complete -F _grub_reboot -o filenames @grub_reboot@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-script-check.bash.in b/util/bash-completion.d/grub-script-check.bash.in
new file mode 100644
index 000000000..22d376832
--- /dev/null
+++ b/util/bash-completion.d/grub-script-check.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-script-check@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_script_check () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_script_check
+}
+complete -F _grub_script_check -o filenames @grub_script_check@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-set-default.bash.in b/util/bash-completion.d/grub-set-default.bash.in
new file mode 100644
index 000000000..14501b4fb
--- /dev/null
+++ b/util/bash-completion.d/grub-set-default.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-set-default@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_set_default () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_set_entry
+}
+complete -F _grub_set_default -o filenames @grub_set_default@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/util/bash-completion.d/grub-sparc64-setup.bash.in b/util/bash-completion.d/grub-sparc64-setup.bash.in
new file mode 100644
index 000000000..6123d7b7c
--- /dev/null
+++ b/util/bash-completion.d/grub-sparc64-setup.bash.in
@@ -0,0 +1,30 @@
+#
+# Bash completion for @grub-sparc64-setup@
+#
+# Copyright (C) 2024 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+_grub_sparc64_setup () {
+ . @datarootdir@/bash-completion/completions/grub && __grub_setup
+}
+complete -F _grub_sparc64_setup -o filenames @grub_sparc64_setup@
+
+# Local variables:
+# mode: shell-script
+# sh-basic-offset: 4
+# sh-indent-comment: t
+# indent-tabs-mode: nil
+# End:
+# ex: ts=4 sw=4 et filetype=sh
--
2.35.3

8
grub2-ppc64le-disable-video.patch
View File

@ -32,10 +32,10 @@
GRUB_MOD_FINI(ieee1275_fb)
--- a/include/grub/ieee1275/ieee1275.h
+++ b/include/grub/ieee1275/ieee1275.h
@@ -141,6 +141,8 @@
*/
GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY,
#endif
@@ -145,6 +145,8 @@
GRUB_IEEE1275_FLAG_POWER_VM,
GRUB_IEEE1275_FLAG_POWER_KVM,
+
+ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT
};

32
grub2-s390x-04-grub2-install.patch
View File

@ -163,7 +163,7 @@ V20:
name = grub-mkconfig_lib;
common = util/grub-mkconfig_lib.in;
installdir = noinst;
@@ -1375,6 +1420,7 @@
@@ -1381,6 +1426,7 @@
ldadd = libgrubkern.a;
ldadd = grub-core/lib/gnulib/libgnu.a;
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
@ -186,7 +186,7 @@ V20:
case "$target_os" in
windows* | mingw32*) target_os=cygwin ;;
@@ -2093,6 +2093,9 @@
@@ -2158,6 +2158,9 @@
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen])
@ -198,7 +198,7 @@ V20:
AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux])
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1183,6 +1183,7 @@
@@ -1186,6 +1186,7 @@
module = {
name = videotest;
common = commands/videotest.c;
@ -206,7 +206,7 @@ V20:
};
module = {
@@ -1637,6 +1638,7 @@
@@ -1640,6 +1641,7 @@
common = gfxmenu/gui_progress_bar.c;
common = gfxmenu/gui_util.c;
common = gfxmenu/gui_string_util.c;
@ -214,7 +214,7 @@ V20:
};
module = {
@@ -2075,11 +2077,13 @@
@@ -2078,11 +2080,13 @@
name = gfxterm;
common = term/gfxterm.c;
enable = videomodules;
@ -228,7 +228,7 @@ V20:
};
module = {
@@ -2202,6 +2206,7 @@
@@ -2205,6 +2209,7 @@
enable = x86_64_efi;
enable = emu;
enable = xen;
@ -236,7 +236,7 @@ V20:
};
module = {
@@ -2248,6 +2253,7 @@
@@ -2251,6 +2256,7 @@
module = {
name = gfxterm_menu;
common = tests/gfxterm_menu.c;
@ -244,7 +244,7 @@ V20:
};
module = {
@@ -2409,6 +2415,7 @@
@@ -2412,6 +2418,7 @@
enable = x86_64_efi;
enable = emu;
enable = xen;
@ -316,7 +316,7 @@ V20:
int
--- a/util/grub-install-common.c
+++ b/util/grub-install-common.c
@@ -911,6 +911,7 @@
@@ -924,6 +924,7 @@
[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" },
[GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" },
[GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" },
@ -415,10 +415,10 @@ V20:
+ }
+ }
+
grub_install_copy_files (grub_install_source_directory,
grubdir, platform);
size_t ndev = 0;
@@ -1541,6 +1570,7 @@
/* Write device to a variable so we don't have to traverse /dev every time. */
@@ -1543,6 +1572,7 @@
case GRUB_INSTALL_PLATFORM_I386_XEN:
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
@ -426,7 +426,7 @@ V20:
grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance"));
break;
/* pacify warning. */
@@ -1659,6 +1689,10 @@
@@ -1661,6 +1691,10 @@
strcpy (mkimage_target, "sparc64-ieee1275-raw");
core_name = "core.img";
break;
@ -437,7 +437,7 @@ V20:
/* pacify warning. */
case GRUB_INSTALL_PLATFORM_MAX:
break;
@@ -1674,6 +1708,7 @@
@@ -1676,6 +1710,7 @@
core_name);
char *prefix = xasprintf ("%s%s", prefix_drive ? : "",
relative_grubdir);
@ -445,7 +445,7 @@ V20:
grub_install_make_image_wrap (/* source dir */ grub_install_source_directory,
/*prefix */ prefix,
/* output */ imgfile,
@@ -1712,6 +1747,10 @@
@@ -1714,6 +1749,10 @@
/* image target */ mkimage_target, 0);
}
break;
@ -456,7 +456,7 @@ V20:
case GRUB_INSTALL_PLATFORM_ARM_EFI:
case GRUB_INSTALL_PLATFORM_ARM64_EFI:
case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
@@ -2011,6 +2050,10 @@
@@ -2013,6 +2052,10 @@
}
break;

4
grub2-xen-pv-firmware.cfg
View File

@ -55,7 +55,9 @@ fi
set hdcfg_list="\
/boot/grub2/grub.cfg \
/grub2/grub.cfg\
/grub2/grub.cfg \
/boot/grub/grub.cfg \
/grub/grub.cfg\
"
set hdlst_list="\

144
grub2.changes
View File

@ -1,3 +1,147 @@
-------------------------------------------------------------------
Tue Mar 19 07:08:02 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
- Add grub2-bsc1220338-key_protector-implement-the-blocklist.patch
to implement a blocklist in the key protector and check the
unwanted UEFI variables (bsc#1220338)
-------------------------------------------------------------------
Tue Mar 5 06:53:25 UTC 2024 - Michael Chang <mchang@suse.com>
- Add blscfg support
* 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
* 0002-Add-BLS-support-to-grub-mkconfig.patch
* 0003-Add-grub2-switch-to-blscfg.patch
* 0004-blscfg-Don-t-root-device-in-emu-builds.patch
* 0005-blscfg-check-for-mounted-boot-in-emu.patch
* 0006-Follow-the-device-where-blscfg-is-discovered.patch
* 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
* 0008-blscfg-reading-bls-fragments-if-boot-present.patch
* 0009-10_linux-Some-refinement-for-BLS.patch
-------------------------------------------------------------------
Mon Mar 4 08:57:36 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
- Update grub2-change-bash-completion-dir.patch to support bash
completion correctly (bsc#1218875)
- Drop grub2-bash-completion-2.12.patch since the have() function
is not used in those scripts anymore
-------------------------------------------------------------------
Fri Mar 1 12:44:37 UTC 2024 - Giacomo Comes <gcomes.obs@gmail.com>
- disable the file 20_memtest86+
* added a deprecation note in the header
-------------------------------------------------------------------
Thu Feb 29 10:12:12 UTC 2024 - Dr. Werner Fink <werner@suse.de>
- Add patch grub2-bash-completion-2.12.patch
The shell function have() had become deprecated with 2.11
and had been removed from 2.12 which is now providing
the shell function _comp_have_command() (boo#1220626)
-------------------------------------------------------------------
Thu Feb 22 04:19:21 UTC 2024 - Michael Chang <mchang@suse.com>
- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
(bsc#1219248) (bsc#1181762)
* grub2-xen-pv-firmware.cfg
* 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
-------------------------------------------------------------------
Sat Feb 17 06:59:55 UTC 2024 - Michael Chang <mchang@suse.com>
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
-------------------------------------------------------------------
Wed Feb 7 18:33:58 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
- Sort tar file order for reproducible builds
-------------------------------------------------------------------
Tue Feb 6 07:19:27 UTC 2024 - Michael Chang <mchang@suse.com>
- Fix build error on gcc-14 (bsc#1218949)
* 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch
-------------------------------------------------------------------
Mon Jan 29 06:24:11 UTC 2024 - Michael Chang <mchang@suse.com>
- Remove magic number header field check on arm64 (bsc#1218783)
* 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
-------------------------------------------------------------------
Tue Jan 23 04:56:58 UTC 2024 - Michael Chang <mchang@suse.com>
- Reinstate the verification for a non-zero total entry count to skip unmapped
data blocks (bsc#1218864)
* 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch
- Removed temporary fix as reverting it will cause a different XFS parser bug
* 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch
-------------------------------------------------------------------
Sat Jan 20 20:08:34 UTC 2024 - Giacomo Comes <gcomes.obs@gmail.com>
- allow to boot memtest86 if stored in /usr/lib/memtest86+
* SR#1071109 can then work
-------------------------------------------------------------------
Wed Jan 17 03:32:48 UTC 2024 - Michael Chang <mchang@suse.com>
- Resolved XFS regression leading to the "not a correct XFS inode" error by
temporarily reverting the problematic commit (bsc#1218864)
* 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch
-------------------------------------------------------------------
Wed Jan 10 08:13:00 UTC 2024 - Michael Chang <mchang@suse.com>
- Version bump to 2.12 (PED-5589)
* Added:
- grub-2.12.tar.xz
- fix_no_extra_deps_in_release_tarball.patch
* Removed:
- grub-2.12~rc1.tar.xz
* Patch dropped as it merged into new version:
- 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
- 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
- 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
- 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
- 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
- 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
- 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
- 0006-fs-ntfs-Make-code-more-readable.patch
- 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
- 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
- 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
- 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
- 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
- 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
* Patch adjusted for the updated base version:
- use-grub2-as-a-package-name.patch
- grub2-s390x-04-grub2-install.patch
- grub2-btrfs-04-grub2-install.patch
- grub2-ppc64le-disable-video.patch
- 0002-AUDIT-0-http-boot-tracker-bug.patch
- 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
- 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
- 0016-grub-install-support-embedding-x509-certificates.patch
- 0021-appended-signatures-documentation.patch
- 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
- safe_tpm_pcr_snapshot.patch
-------------------------------------------------------------------
Wed Jan 3 10:05:50 UTC 2024 - Michael Chang <mchang@suse.com>
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
-------------------------------------------------------------------
Thu Nov 30 09:41:10 UTC 2023 - Michael Chang <mchang@suse.com>

86
grub2.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package grub2
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -166,13 +166,13 @@ BuildRequires: fde-tpm-helper-rpm-macros
%endif
%endif
Version: 2.12~rc1
Version: 2.12
Release: 0
Summary: Bootloader with support for Linux, Multiboot and more
License: GPL-3.0-or-later
Group: System/Boot
URL: http://www.gnu.org/software/grub/
Source0: https://alpha.gnu.org/gnu/grub/grub-%{version}.tar.xz
Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz
Source1: 90_persistent
Source2: grub.default
Source4: grub2.rpmlintrc
@ -372,33 +372,37 @@ Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch
Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch
Patch183: 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
Patch184: grub2-change-bash-completion-dir.patch
Patch185: 0001-protectors-Implement-NV-index.patch
Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch
Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
Patch189: grub2-mkconfig-riscv64.patch
Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch
Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
Patch192: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
Patch193: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
Patch194: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch197: 0006-fs-ntfs-Make-code-more-readable.patch
Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch
Patch200: 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
Patch201: 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
Patch202: 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
Patch203: 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
Patch204: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
Patch205: 0002-Restrict-file-access-on-cryptodisk-print.patch
Patch206: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
Patch207: 0004-Key-revocation-on-out-of-bound-file-access.patch
Patch208: 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
Patch209: 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
Patch183: grub2-change-bash-completion-dir.patch
Patch184: 0001-protectors-Implement-NV-index.patch
Patch185: 0002-cryptodisk-Fallback-to-passphrase.patch
Patch186: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
Patch187: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
Patch188: grub2-mkconfig-riscv64.patch
Patch189: arm64-Use-proper-memory-type-for-kernel-allocation.patch
Patch190: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Patch191: Fix-the-size-calculation-for-the-synthesized-initrd.patch
Patch192: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
Patch193: 0002-Restrict-file-access-on-cryptodisk-print.patch
Patch194: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
Patch195: 0004-Key-revocation-on-out-of-bound-file-access.patch
# Workaround for 2.12 tarball
Patch196: fix_no_extra_deps_in_release_tarball.patch
Patch197: 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch
Patch198: 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
Patch199: 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch
Patch200: 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
Patch201: 0002-ofdisk-add-early_log-support.patch
Patch202: 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
Patch203: 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
Patch204: 0002-Add-BLS-support-to-grub-mkconfig.patch
Patch205: 0003-Add-grub2-switch-to-blscfg.patch
Patch206: 0004-blscfg-Don-t-root-device-in-emu-builds.patch
Patch207: 0005-blscfg-check-for-mounted-boot-in-emu.patch
Patch208: 0006-Follow-the-device-where-blscfg-is-discovered.patch
Patch209: 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
Patch210: 0008-blscfg-reading-bls-fragments-if-boot-present.patch
Patch211: 0009-10_linux-Some-refinement-for-BLS.patch
Patch212: grub2-bsc1220338-key_protector-implement-the-blocklist.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@ -711,11 +715,11 @@ CD_MODULES="all_video boot cat configfile echo true \
PXE_MODULES="tftp http"
CRYPTO_MODULES="luks luks2 gcry_rijndael gcry_sha1 gcry_sha256 gcry_sha512 crypttab"
%ifarch %{efi}
CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar squash4 xzio"
CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar squash4 xzio blscfg"
PXE_MODULES="${PXE_MODULES} efinet"
%else
CD_MODULES="${CD_MODULES} net"
PXE_MODULES="${PXE_MODULES} net"
CD_MODULES="${CD_MODULES} net ofnet"
PXE_MODULES="${PXE_MODULES} net ofnet"
%endif
%ifarch x86_64
@ -751,7 +755,7 @@ mkdir -p ./fonts
cp %{_datadir}/%{name}/themes/*/*.pf2 ./fonts
cp ./unicode.pf2 ./fonts
%if 0%{?suse_version} > 1500
tar -cf - ./fonts | mksquashfs - memdisk.sqsh -tar -comp xz -quiet -no-progress
tar --sort=name -cf - ./fonts | mksquashfs - memdisk.sqsh -tar -comp xz -quiet -no-progress
%else
mksquashfs ./fonts memdisk.sqsh -keep-as-directory -comp xz -quiet -no-progress
%endif
@ -831,7 +835,13 @@ echo "bdev=$bdev"
echo "bpart=$bpart"
echo "bpath=$bpath"
if [ -z "$ENV_FS_UUID" ]; then
if regexp '^(tftp|http)$' "$bdev"; then
if [ -z "$bpath" ]; then
echo "network booting via $bdev but firmware didn't provide loaded path from sever root"
bpath="/boot/grub2/powerpc-ieee1275"
echo "using bpath=$bpath as fallback path"
fi
elif [ -z "$ENV_FS_UUID" ]; then
echo "Reading vars from ($bdev)"
prep_load_env "($bdev)"
fi
@ -1016,7 +1026,7 @@ find %{buildroot}/%{_datadir}/%{name} \
install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/grub.d/
# Script to generate memtest86+ menu entry
install -m 755 %{SOURCE7} %{buildroot}/%{_sysconfdir}/grub.d/
install -m 644 %{SOURCE7} %{buildroot}/%{_sysconfdir}/grub.d/
# Ghost config file
install -d %{buildroot}/boot/%{name}
@ -1273,7 +1283,7 @@ fi
%endif
%dir /boot/%{name}
%ghost %attr(600, root, root) /boot/%{name}/grub.cfg
%{_datadir}/bash-completion/completions/grub
%{_datadir}/bash-completion/completions/grub*
%config(noreplace) %{_sysconfdir}/default/grub
%dir %{_sysconfdir}/grub.d
%{_sysconfdir}/grub.d/README
@ -1307,6 +1317,7 @@ fi
%{_sbindir}/%{name}-probe
%{_sbindir}/%{name}-reboot
%{_sbindir}/%{name}-set-default
%{_sbindir}/%{name}-switch-to-blscfg
%{_sbindir}/%{name}-check-default
%{_bindir}/%{name}-editenv
%{_bindir}/%{name}-file
@ -1359,6 +1370,7 @@ fi
%{_mandir}/man8/%{name}-probe.8.*
%{_mandir}/man8/%{name}-reboot.8.*
%{_mandir}/man8/%{name}-set-default.8.*
%{_mandir}/man8/%{name}-switch-to-blscfg.8.*
%if %{emu}
%{_bindir}/%{name}-emu
%{_mandir}/man1/%{name}-emu.1.*

6
safe_tpm_pcr_snapshot.patch
View File

@ -76,7 +76,7 @@
GRUB_MOD_INIT (tpm)
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -1501,8 +1501,9 @@
@@ -1560,8 +1560,9 @@
grub_util_unlink (load_cfg);
@ -87,7 +87,7 @@
load_cfg_f = grub_util_fopen (load_cfg, "wb");
have_load_cfg = 1;
fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n");
@@ -1510,7 +1511,8 @@
@@ -1569,7 +1570,8 @@
if (debug_image && debug_image[0])
{
@ -96,4 +96,4 @@
+ load_cfg_f = grub_util_fopen (load_cfg, "wb");
have_load_cfg = 1;
fprintf (load_cfg_f, "set debug='%s'\n",
debug_image);
debug_image);

4
use-grub2-as-a-package-name.patch
View File

@ -18,8 +18,8 @@ Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
dnl the target type. See INSTALL for full list of variables and
dnl description of the relationships between them.
-AC_INIT([GRUB],[2.12~rc1],[bug-grub@gnu.org])
+AC_INIT([GRUB2],[2.12~rc1],[bug-grub@gnu.org])
-AC_INIT([GRUB],[2.12],[bug-grub@gnu.org])
+AC_INIT([GRUB2],[2.12],[bug-grub@gnu.org])
AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"],
[n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],