From 71fc1bf8e19c5cf87c81f698e45f3ff1137c12e054474499fdfcbc5eb9e6b636 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 12 Sep 2023 02:11:11 +0000
Subject: [PATCH 1/5] Accepting request 1110320 from home:clin:branches:X13S

- Correct the type of allocated EFI pages for ARM64 kernel from EFI_LOADER_DATA to EFI_LOADER_CODE since some Qualcomm CPUs do not allow kernel code execution on EFI_LOADER_DATA pages. (bsc#1215151)

OBS-URL: https://build.opensuse.org/request/show/1110320
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=460
---
 ...er-memory-type-for-kernel-allocation.patch | 51 +++++++++++++++++++
 grub2.changes                                 |  5 ++
 grub2.spec                                    |  1 +
 3 files changed, 57 insertions(+)
 create mode 100644 arm64-Use-proper-memory-type-for-kernel-allocation.patch

diff --git a/arm64-Use-proper-memory-type-for-kernel-allocation.patch b/arm64-Use-proper-memory-type-for-kernel-allocation.patch
new file mode 100644
index 0000000..561f106
--- /dev/null
+++ b/arm64-Use-proper-memory-type-for-kernel-allocation.patch
@@ -0,0 +1,51 @@
+From 4f9d3f4f8d7866c69e52ba7d81562daea38b22e6 Mon Sep 17 00:00:00 2001
+From: Maximilian Luz <luzmaximilian@gmail.com>
+Date: Tue, 28 Jun 2022 23:06:46 +0200
+Subject: [PATCH] arm64: Use proper memory type for kernel allocation
+References: bsc#1215151
+Patch-Mainline: no, it's a downstream fix based on Fedora/openSUSE grub2
+
+Currently, the kernel pages are allocated with type EFI_LOADER_DATA.
+While the vast majority of systems will happily execute code from those
+pages (i.e. don't care about memory protection), the Microsoft Surface
+Pro X stalls, as this memory is not designated as "executable".
+
+Therefore, allocate the kernel pages as EFI_LOADER_CODE to request
+memory that is actually executable.
+
+Link: https://github.com/rhboot/grub2/commit/4f9d3f4f8d7866c69e52ba7d81562daea38b22e6
+Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
+Signed-off-by: Chester Lin <clin@suse.com>
+---
+ grub-core/loader/arm64/linux.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c
+index 419f2201d..a3a193c25 100644
+--- a/grub-core/loader/arm64/efi/linux.c
++++ b/grub-core/loader/arm64/efi/linux.c
+@@ -26,7 +26,9 @@
+ #include <grub/mm.h>
+ #include <grub/types.h>
+ #include <grub/cpu/linux.h>
++#include <grub/efi/api.h>
+ #include <grub/efi/efi.h>
++#include <grub/cpu/efi/memory.h>
+ #include <grub/efi/fdtload.h>
+ #include <grub/efi/memory.h>
+ #include <grub/efi/pe32.h>
+@@ -403,7 +405,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+   grub_loader_unset();
+ 
+   kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1);
+-  kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages);
++  kernel_alloc_addr = grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS,
++						    kernel_alloc_pages,
++						    GRUB_EFI_ALLOCATE_MAX_ADDRESS,
++						    GRUB_EFI_LOADER_CODE);
+   grub_dprintf ("linux", "kernel numpages: %d\n", kernel_alloc_pages);
+   if (!kernel_alloc_addr)
+     {
+-- 
+2.40.0
+
diff --git a/grub2.changes b/grub2.changes
index 8cec8c4..52f0af4 100644
--- a/grub2.changes
+++ b/grub2.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Sep 11 13:17:20 UTC 2023 - Chester Lin <clin@suse.com>
+
+- Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151)
+
 -------------------------------------------------------------------
 Thu Aug 31 19:09:33 UTC 2023 - Andreas Schwab <schwab@suse.de>
 
diff --git a/grub2.spec b/grub2.spec
index c235ed6..33fa535 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -374,6 +374,7 @@ Patch186:       0002-cryptodisk-Fallback-to-passphrase.patch
 Patch187:       0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
 Patch188:       0004-diskfilter-look-up-cryptodisk-devices-first.patch
 Patch189:       grub2-mkconfig-riscv64.patch
+Patch190:       arm64-Use-proper-memory-type-for-kernel-allocation.patch
 
 Requires:       gettext-runtime
 %if 0%{?suse_version} >= 1140

From 0a700a17891d58dc47d7564b3b7fcbf5d1d50285b7dfeee659d4dd3d49d5ef80 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 20 Sep 2023 07:35:35 +0000
Subject: [PATCH 2/5] Accepting request 1112154 from
 home:gary_lin:branches:Base:System

- Add the new BuildRequires for EFI builds for the better FDE
  support: fde-tpm-helper-rpm-macros
  + Also add the the macros to %post and %posttrans

OBS-URL: https://build.opensuse.org/request/show/1112154
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=461
---
 grub2.changes | 7 +++++++
 grub2.spec    | 9 +++++++++
 2 files changed, 16 insertions(+)

diff --git a/grub2.changes b/grub2.changes
index 52f0af4..9ec964c 100644
--- a/grub2.changes
+++ b/grub2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Sep 19 06:31:43 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Add the new BuildRequires for EFI builds for the better FDE
+  support: fde-tpm-helper-rpm-macros
+  + Also add the the macros to %post and %posttrans
+
 -------------------------------------------------------------------
 Mon Sep 11 13:17:20 UTC 2023 - Chester Lin <clin@suse.com>
 
diff --git a/grub2.spec b/grub2.spec
index 33fa535..de382c0 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -157,6 +157,7 @@ BuildRequires:  update-bootloader-rpm-macros
 %endif
 
 %ifarch %{efi}
+BuildRequires:  fde-tpm-helper-rpm-macros
 BuildRequires:  grub2-branding
 BuildRequires:  squashfs
 %endif
@@ -444,6 +445,9 @@ Requires(post): %{name} = %{version}
 Requires:       perl-Bootloader
 Requires(post): perl-Bootloader
 %endif
+%if 0%{?fde_tpm_update_requires:1}
+%fde_tpm_update_requires
+%endif
 
 %description %{grubarch}
 The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
@@ -1148,6 +1152,10 @@ fi
 %ifarch %{efi}
 
 %post %{grubefiarch}
+%if 0%{?fde_tpm_update_post:1}
+%fde_tpm_update_post grub2-efi
+%endif
+
 %if 0%{?update_bootloader_check_type_reinit_post:1}
 %update_bootloader_check_type_reinit_post grub2-efi
 %else
@@ -1183,6 +1191,7 @@ exit 0
 
 %posttrans %{grubefiarch}
 %{?update_bootloader_posttrans}
+%{?fde_tpm_update_posttrans}
 
 %endif
 

From e51d4315a7770cd3b5ff8aa6f5479b47d5030cc4cd4777e076513920e6192e03 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 20 Sep 2023 09:38:55 +0000
Subject: [PATCH 3/5] Accepting request 1112505 from
 home:michael-chang:branches:Base:System

- Fix a boot delay regression in PowerPC PXE boot (bsc#1201300)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch

OBS-URL: https://build.opensuse.org/request/show/1112505
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=462
---
 ...fdisk-retry-on-open-and-read-failure.patch | 145 ++++++++++++------
 grub2.changes                                 |   6 +
 2 files changed, 104 insertions(+), 47 deletions(-)

diff --git a/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch b/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
index 230df6a..57875c0 100644
--- a/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
+++ b/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
@@ -1,6 +1,6 @@
-From b99c45820f228ff5b881700eda95a017abf2e198 Mon Sep 17 00:00:00 2001
-From: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com>
-Date: Wed, 1 Mar 2023 15:08:05 +0530
+From f4728ed5307b6be6377b7bdafcab55fd3676a761 Mon Sep 17 00:00:00 2001
+From: Mukesh Kumar Chaurasiya <mchauras@linux.ibm.com>
+Date: Mon, 17 Jul 2023 16:02:34 +0530
 Subject: [PATCH] ieee1275/ofdisk: retry on open and read failure
 
 Sometimes, when booting from a very busy SAN, the access to the
@@ -8,15 +8,48 @@ disk can fail and then grub will eventually drop to grub prompt.
 This scenario is more frequent when deploying many machines at
 the same time using the same SAN.
 This patch aims to force the ofdisk module to retry the open or
-read function after it fails. We use MAX_RETRIES to specify the
-amount of times it will try to access the disk before it
-definitely fails.
+read function for network disks excluding after it fails. We use
+DEFAULT_RETRY_TIMEOUT, which is 15 seconds to specify the time it'll
+retry to access the disk before it definitely fails. The timeout can be
+changed by setting the environment variable ofdisk_retry_timeout.
+If the environment variable fails to read, grub will consider the
+default value of 15 seconds.
 
-Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com>
+Signed-off-by: Diego Domingos <diegodo@linux.vnet.ibm.com>
+Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.ibm.com>
 ---
- grub-core/disk/ieee1275/ofdisk.c | 65 +++++++++++++++++++++++++++++++-
- 1 file changed, 63 insertions(+), 2 deletions(-)
+ docs/grub.texi                   |  8 ++++
+ grub-core/disk/ieee1275/ofdisk.c | 80 +++++++++++++++++++++++++++++++-
+ 2 files changed, 86 insertions(+), 2 deletions(-)
 
+diff --git a/docs/grub.texi b/docs/grub.texi
+index d3f0f6577..c8ebc083d 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -3315,6 +3315,7 @@ These variables have special meaning to GRUB.
+ * net_default_ip::
+ * net_default_mac::
+ * net_default_server::
++* ofdisk_retry_timeout::
+ * pager::
+ * prefix::
+ * pxe_blksize::
+@@ -3744,6 +3745,13 @@ The default is the value of @samp{color_normal} (@pxref{color_normal}).
+ @xref{Network}.
+ 
+ 
++@node ofdisk_retry_timeout
++@subsection ofdisk_retry_timeout
++
++The time in seconds till which the grub will retry to open or read a disk in
++case of failure to do so. This value defaults to 15 seconds.
++
++
+ @node pager
+ @subsection pager
+ 
+diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
+index 7197d5401..f96bbb58c 100644
 --- a/grub-core/disk/ieee1275/ofdisk.c
 +++ b/grub-core/disk/ieee1275/ofdisk.c
 @@ -24,6 +24,9 @@
@@ -25,11 +58,11 @@ Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com>
  #include <grub/time.h>
 +#include <grub/env.h>
 +
-+#define RETRY_DEFAULT_TIMEOUT 15000
++#define RETRY_DEFAULT_TIMEOUT 15
  
  static char *last_devpath;
  static grub_ieee1275_ihandle_t last_ihandle;
-@@ -783,7 +786,7 @@
+@@ -783,7 +786,7 @@ compute_dev_path (const char *name)
  }
  
  static grub_err_t
@@ -38,49 +71,64 @@ Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com>
  {
    grub_ieee1275_phandle_t dev;
    char *devpath;
-@@ -879,6 +882,41 @@
+@@ -879,6 +882,56 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
    return 0;
  }
  
 +static grub_uint64_t
-+grub_ofdisk_disk_timeout(void)
++grub_ofdisk_disk_timeout (grub_disk_t disk)
 +{
-+   if(grub_env_get("ofdisk_retry_timeout") != NULL)
-+     {
-+	grub_uint64_t retry = grub_strtoul(grub_env_get("ofdisk_retry_timeout"), 0, 10);
-+	if(retry)
-+	  return retry;
-+     }
++  grub_uint64_t retry;
++  const char *timeout = grub_env_get ("ofdisk_retry_timeout");
 +
-+   return RETRY_DEFAULT_TIMEOUT;
++  if (!(grub_strstr (disk->name, "fibre-channel@") ||
++      grub_strstr (disk->name, "vfc-client")) ||
++      grub_strstr(disk->name, "nvme-of"))
++    {
++      /* Do not retry in case of non network drives */
++      return 0;
++    }
++
++  if (timeout != NULL)
++    {
++       retry = grub_strtoul (timeout, 0, 10);
++       if (grub_errno != GRUB_ERR_NONE)
++         {
++           grub_errno = GRUB_ERR_NONE;
++           return RETRY_DEFAULT_TIMEOUT;
++         }
++       if (retry)
++         return retry;
++    }
++  return RETRY_DEFAULT_TIMEOUT;
 +}
 +
 +static grub_err_t
 +grub_ofdisk_open (const char *name, grub_disk_t disk)
 +{
 +  grub_err_t err;
-+  grub_uint64_t timeout = grub_get_time_ms () + grub_ofdisk_disk_timeout();
-+
-+ retry:
-+  err = grub_ofdisk_open_real (name, disk);
-+
-+  if (err == GRUB_ERR_UNKNOWN_DEVICE)
++  grub_uint64_t timeout = grub_get_time_ms () + (grub_ofdisk_disk_timeout (disk) * 1000);
++  _Bool cont;
++  do
 +    {
-+      if (grub_get_time_ms () < timeout)
++      err = grub_ofdisk_open_real (name, disk);
++      cont = grub_get_time_ms () < timeout;
++      if (err == GRUB_ERR_UNKNOWN_DEVICE && cont)
 +        {
 +          grub_dprintf ("ofdisk","Failed to open disk %s. Retrying...\n", name);
 +          grub_errno = GRUB_ERR_NONE;
-+          goto retry;
-+	}
-+    }
-+
++        }
++      else
++          break;
++      grub_millisleep (1000);
++    } while (cont);
 +  return err;
 +}
 +
  static void
  grub_ofdisk_close (grub_disk_t disk)
  {
-@@ -915,7 +953,7 @@
+@@ -915,7 +968,7 @@ grub_ofdisk_prepare (grub_disk_t disk, grub_disk_addr_t sector)
  }
  
  static grub_err_t
@@ -89,33 +137,36 @@ Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com>
  		  grub_size_t size, char *buf)
  {
    grub_err_t err;
-@@ -935,6 +973,29 @@
+@@ -934,6 +987,29 @@ grub_ofdisk_read (grub_disk_t disk, grub_disk_addr_t sector,
+   return 0;
  }
  
- static grub_err_t
++static grub_err_t
 +grub_ofdisk_read (grub_disk_t disk, grub_disk_addr_t sector,
 +		  grub_size_t size, char *buf)
 +{
 +  grub_err_t err;
-+  grub_uint64_t timeout = grub_get_time_ms () + grub_ofdisk_disk_timeout();
-+
-+ retry:
-+  err = grub_ofdisk_read_real (disk, sector, size, buf);
-+
-+  if (err == GRUB_ERR_READ_ERROR)
++  grub_uint64_t timeout = grub_get_time_ms () + (grub_ofdisk_disk_timeout (disk) * 1000);
++  _Bool cont;
++  do
 +    {
-+      if (grub_get_time_ms () < timeout)
++      err = grub_ofdisk_read_real (disk, sector, size, buf);
++      cont = grub_get_time_ms () < timeout;
++      if (err == GRUB_ERR_UNKNOWN_DEVICE && cont)
 +        {
 +          grub_dprintf ("ofdisk","Failed to read disk %s. Retrying...\n", (char*)disk->data);
 +          grub_errno = GRUB_ERR_NONE;
-+          goto retry;
-+	}
-+    }
-+
++        }
++      else
++          break;
++      grub_millisleep (1000);
++     } while (cont);
 +  return err;
 +}
 +
-+static grub_err_t
+ static grub_err_t
  grub_ofdisk_write (grub_disk_t disk, grub_disk_addr_t sector,
  		   grub_size_t size, const char *buf)
- {
+-- 
+2.41.0
+
diff --git a/grub2.changes b/grub2.changes
index 9ec964c..016c620 100644
--- a/grub2.changes
+++ b/grub2.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Sep 20 07:54:05 UTC 2023 - Michael Chang <mchang@suse.com>
+
+- Fix a boot delay regression in PowerPC PXE boot (bsc#1201300)
+  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
+
 -------------------------------------------------------------------
 Tue Sep 19 06:31:43 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 

From ed10ffe1d540dfd82196548005bff0f76369dc6d79ede3459742ad93ba2301f6 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 20 Sep 2023 09:52:42 +0000
Subject: [PATCH 4/5] Accepting request 1112517 from
 home:michael-chang:branches:Base:System

* arm64-Use-proper-memory-type-for-kernel-allocation.patch

OBS-URL: https://build.opensuse.org/request/show/1112517
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=463
---
 grub2.changes | 1 +
 1 file changed, 1 insertion(+)

diff --git a/grub2.changes b/grub2.changes
index 016c620..7ed7494 100644
--- a/grub2.changes
+++ b/grub2.changes
@@ -15,6 +15,7 @@ Tue Sep 19 06:31:43 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 Mon Sep 11 13:17:20 UTC 2023 - Chester Lin <clin@suse.com>
 
 - Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151)
+  * arm64-Use-proper-memory-type-for-kernel-allocation.patch
 
 -------------------------------------------------------------------
 Thu Aug 31 19:09:33 UTC 2023 - Andreas Schwab <schwab@suse.de>

From cd35f7c278616ebc6b933e1566eefd2fccf9a404917053e4682f894a9e0ffb4c Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 28 Sep 2023 03:04:29 +0000
Subject: [PATCH 5/5] Accepting request 1113901 from
 home:gary_lin:branches:Base:System

- Only build with fde-tpm-helper-rpm-macros for the architectures
  supporting the newer UEFI and TPM 2.0.
  * Also correct the location of %fde_tpm_update_requires

OBS-URL: https://build.opensuse.org/request/show/1113901
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=464
---
 grub2.changes |  7 +++++++
 grub2.spec    | 13 +++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/grub2.changes b/grub2.changes
index 7ed7494..6a6c424 100644
--- a/grub2.changes
+++ b/grub2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Sep 27 03:37:10 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Only build with fde-tpm-helper-rpm-macros for the architectures
+  supporting the newer UEFI and TPM 2.0.
+  * Also correct the location of %fde_tpm_update_requires
+
 -------------------------------------------------------------------
 Wed Sep 20 07:54:05 UTC 2023 - Michael Chang <mchang@suse.com>
 
diff --git a/grub2.spec b/grub2.spec
index de382c0..f35da99 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -157,11 +157,18 @@ BuildRequires:  update-bootloader-rpm-macros
 %endif
 
 %ifarch %{efi}
-BuildRequires:  fde-tpm-helper-rpm-macros
 BuildRequires:  grub2-branding
 BuildRequires:  squashfs
 %endif
 
+# For ALP and Tumbleweed
+%if 0%{?suse_version} >= 1600
+# Only include the macros for the architectures with the newer UEFI and TCG protocol
+%ifarch x86_64 aarch64 riscv64
+BuildRequires:  fde-tpm-helper-rpm-macros
+%endif
+%endif
+
 Version:        2.12~rc1
 Release:        0
 Summary:        Bootloader with support for Linux, Multiboot and more
@@ -445,9 +452,6 @@ Requires(post): %{name} = %{version}
 Requires:       perl-Bootloader
 Requires(post): perl-Bootloader
 %endif
-%if 0%{?fde_tpm_update_requires:1}
-%fde_tpm_update_requires
-%endif
 
 %description %{grubarch}
 The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
@@ -502,6 +506,7 @@ Requires(post): %{name} = %{version}
 Requires:       perl-Bootloader >= 0.706
 Requires(post): perl-Bootloader >= 0.706
 %endif
+%{?fde_tpm_update_requires}
 Provides:       %{name}-efi = %{version}-%{release}
 Obsoletes:      %{name}-efi < %{version}-%{release}