Accepting request 1229183 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1229183 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=344
2024-12-10 22:42:57 +00:00
parent 5f9867f98c 9b87c1a6f8
commit 301279becb
5 changed files with 140 additions and 92 deletions
--- a/0007-grub-mkimage-Create-new-ELF-note-for-SBAT.patch
+++ b/0007-grub-mkimage-Create-new-ELF-note-for-SBAT.patch
@@ -1,19 +1,21 @@
-From 77316f09f133e9c7c5e1026b2b4f5749daac644a Mon Sep 17 00:00:00 2001
+From 6701b4a9e1994c8a05c87a7167694bc3dd71e7d6 Mon Sep 17 00:00:00 2001
 From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
-Date: Wed, 17 Apr 2024 23:48:51 +0530
-Subject: [PATCH 7/8] mkimage: create new ELF Note for SBAT
+Date: Wed, 23 Oct 2024 17:54:32 +0530
+Subject: [PATCH 7/8] grub-mkimage: Create new ELF note for SBAT

-we add a new ELF note for SBAT which store the SBAT data.
-The name field of shall be the string "Secure-Boot-Advanced-Targeting", zero-padded
-to 4 byte alignment. The type field shall be 0x41536967 (the ASCII values
-for the string "sbat").
+In order to store the SBAT data we create a new ELF note. The string
+".sbat", zero-padded to 4 byte alignment, shall be entered in the name
+field. The string "SBAT"'s ASCII values, 0x53424154, should be entered
+in the type field.

+Signed-off-by: Daniel Axtens <dja@axtens.net>
 Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
-Co-authored-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 ---
 include/grub/util/mkimage.h |  4 +-
 util/grub-mkimagexx.c       | 92 +++++++++++++++++++++++++++----------
- 2 files changed, 71 insertions(+), 25 deletions(-)
+ util/mkimage.c              |  5 +-
+ 3 files changed, 74 insertions(+), 27 deletions(-)

 diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h
 index 6f1da89b9..881e3031f 100644
@@ -35,24 +37,24 @@ index 6f1da89b9..881e3031f 100644
 			     struct grub_mkimage_layout *layout);
 
 diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
-index 9488f0525..0041b2d0b 100644
+index 9488f0525..b507d4ade 100644
 --- a/util/grub-mkimagexx.c
 +++ b/util/grub-mkimagexx.c
-@@ -85,6 +85,14 @@ struct grub_ieee1275_note
-   struct grub_ieee1275_note_desc descriptor;
+@@ -116,6 +116,14 @@ struct section_metadata
+   const char *strtab;
 };
 
-+#define GRUB_SBAT_NOTE_NAME "Secure-Boot-Advanced-Targeting"
-+#define GRUB_SBAT_NOTE_TYPE 0x73626174 /* "sbat" */
+#define GRUB_SBAT_NOTE_NAME ".sbat"
+#define GRUB_SBAT_NOTE_TYPE 0x53424154 /* "SBAT" */
 +
 +struct grub_sbat_note {
 +  Elf32_Nhdr header;
 +  char name[ALIGN_UP(sizeof(GRUB_SBAT_NOTE_NAME), 4)];
 +};
 +
- #define GRUB_APPENDED_SIGNATURE_NOTE_NAME "Appended-Signature"
- #define GRUB_APPENDED_SIGNATURE_NOTE_TYPE 0x41536967 /* "ASig" */
- 
+ static int
+ is_relocatable (const struct grub_install_image_target_desc *image_target)
+ {
@@ -217,7 +225,7 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr)
 
 void
@@ -138,8 +140,8 @@ index 9488f0525..0041b2d0b 100644
 -  }
 +  if (sbat)
 +    {
-+      int note_size = ALIGN_UP(sizeof (struct grub_sbat_note) + layout->sbat_size, 4);
-+      struct grub_sbat_note *note_ptr = (struct grub_sbat_note *)footer;
+      int note_size = ALIGN_UP (sizeof (struct grub_sbat_note) + layout->sbat_size, 4);
+      struct grub_sbat_note *note_ptr = (struct grub_sbat_note *) footer;
 +
 +      note_ptr->header.n_namesz = grub_host_to_target32 (sizeof (GRUB_SBAT_NOTE_NAME));
 +      note_ptr->header.n_descsz = grub_host_to_target32 (ALIGN_UP(layout->sbat_size, 4));
@@ -184,6 +186,31 @@ index 9488f0525..0041b2d0b 100644
 
   {
     char *str_start = (elf_img + sizeof (*ehdr) + phnum * sizeof (*phdr)
+diff --git a/util/mkimage.c b/util/mkimage.c
+index 0737935fd..be7f02c5c 100644
+--- a/util/mkimage.c
+++ b/util/mkimage.c
+@@ -1835,6 +1835,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
+     case IMAGE_I386_IEEE1275:
+       {
+ 	grub_uint64_t target_addr;
+	char *sbat = NULL;
+ 	if (image_target->id == IMAGE_LOONGSON_ELF)
+ 	  {
+ 	    if (comp == GRUB_COMPRESSION_NONE)
+@@ -1846,10 +1847,10 @@ grub_install_generate_image (const char *dir, const char *prefix,
+ 	else
+ 	  target_addr = image_target->link_addr;
+ 	if (image_target->voidp_sizeof == 4)
+-	  grub_mkimage_generate_elf32 (image_target, note, appsig_size, &core_img,
+	  grub_mkimage_generate_elf32 (image_target, note, appsig_size, sbat, &core_img,
+ 				       &core_size, target_addr, &layout);
+ 	else
+-	  grub_mkimage_generate_elf64 (image_target, note, appsig_size, &core_img,
+	  grub_mkimage_generate_elf64 (image_target, note, appsig_size, sbat, &core_img,
+ 				       &core_size, target_addr, &layout);
+       }
+       break;
 -- 
-2.47.0
+2.47.1

--- a/0008-grub-mkimage-Add-SBAT-metadata-into-ELF-note-for-Pow.patch
+++ b/0008-grub-mkimage-Add-SBAT-metadata-into-ELF-note-for-Pow.patch
@@ -0,0 +1,48 @@
+From 312edf1f0ebaebba72e348ae88d95b29fa24c09c Mon Sep 17 00:00:00 2001
+From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
+Date: Wed, 23 Oct 2024 17:54:33 +0530
+Subject: [PATCH 8/8] grub-mkimage: Add SBAT metadata into ELF note for PowerPC
+ targets
+
+The SBAT metadata is read from CSV file and transformed into an ELF note
+with the -s option.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ util/mkimage.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/util/mkimage.c b/util/mkimage.c
+index be7f02c5c..d3948937b 100644
+--- a/util/mkimage.c
+++ b/util/mkimage.c
+@@ -958,8 +958,8 @@ grub_install_generate_image (const char *dir, const char *prefix,
+       total_module_size += dtb_size + sizeof (struct grub_module_header);
+     }
+ 
+-  if (sbat_path != NULL && image_target->id != IMAGE_EFI)
+-    grub_util_error (_(".sbat section can be embedded into EFI images only"));
+  if (sbat_path != NULL && (image_target->id != IMAGE_EFI && image_target->id != IMAGE_PPC))
+    grub_util_error (_("SBAT data can be added only to EFI or powerpc-ieee1275 images"));
+ 
+   if (disable_shim_lock)
+     total_module_size += sizeof (struct grub_module_header);
+@@ -1836,6 +1836,13 @@ grub_install_generate_image (const char *dir, const char *prefix,
+       {
+ 	grub_uint64_t target_addr;
+ 	char *sbat = NULL;
+	if (sbat_path != NULL)
+	  {
+	    sbat_size = grub_util_get_image_size (sbat_path);
+	    sbat = xmalloc (sbat_size);
+	    grub_util_load_image (sbat_path, sbat);
+	    layout.sbat_size = sbat_size;
+	  }
+ 	if (image_target->id == IMAGE_LOONGSON_ELF)
+ 	  {
+ 	    if (comp == GRUB_COMPRESSION_NONE)
+-- 
+2.47.1
+
--- a/0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch
+++ b/0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch
@@ -1,66 +0,0 @@
-From 32d4823762e5a0e7f8bfc5a878d39e1a019392fe Mon Sep 17 00:00:00 2001
-From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
-Date: Thu, 18 Apr 2024 00:00:55 +0530
-Subject: [PATCH 8/8] mkimage: adding sbat data into sbat ELF Note on powerpc
-
-it reads the SBAT data from sbat.csv and create the ELF Note for it then
-store the SBAT data on it while generate image with -s option
-
-Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
-Co-authored-by: Daniel Axtens <dja@axtens.net>
---
- util/mkimage.c | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/util/mkimage.c b/util/mkimage.c
-index 0737935fd..136e4a90c 100644
--- a/util/mkimage.c
-+++ b/util/mkimage.c
-@@ -958,8 +958,9 @@ grub_install_generate_image (const char *dir, const char *prefix,
-       total_module_size += dtb_size + sizeof (struct grub_module_header);
-     }
- 
-  if (sbat_path != NULL && image_target->id != IMAGE_EFI)
-    grub_util_error (_(".sbat section can be embedded into EFI images only"));
-+  if (sbat_path != NULL && (image_target->id != IMAGE_EFI && image_target->id != IMAGE_PPC))
-+    grub_util_error (_(".sbat section can be embedded into EFI images/"
-+                       "sbat ELF Note cab be added into powerpc-ieee1275 images only"));
- 
-   if (disable_shim_lock)
-     total_module_size += sizeof (struct grub_module_header);
-@@ -1835,6 +1836,16 @@ grub_install_generate_image (const char *dir, const char *prefix,
-     case IMAGE_I386_IEEE1275:
-       {
- 	grub_uint64_t target_addr;
-+       char *sbat = NULL;
-+
-+	if (sbat_path != NULL)
-+	  {
-+	    sbat_size = grub_util_get_image_size (sbat_path);
-+            sbat = xmalloc (sbat_size);
-+	    grub_util_load_image (sbat_path, sbat);
-+            layout.sbat_size = sbat_size;
-+	  }
-+
- 	if (image_target->id == IMAGE_LOONGSON_ELF)
- 	  {
- 	    if (comp == GRUB_COMPRESSION_NONE)
-@@ -1846,11 +1857,11 @@ grub_install_generate_image (const char *dir, const char *prefix,
- 	else
- 	  target_addr = image_target->link_addr;
- 	if (image_target->voidp_sizeof == 4)
-	  grub_mkimage_generate_elf32 (image_target, note, appsig_size, &core_img,
-				       &core_size, target_addr, &layout);
-+	  grub_mkimage_generate_elf32 (image_target, note, appsig_size, sbat, &core_img, &core_size,
-+				       target_addr, &layout);
- 	else
-	  grub_mkimage_generate_elf64 (image_target, note, appsig_size, &core_img,
-				       &core_size, target_addr, &layout);
-+	  grub_mkimage_generate_elf64 (image_target, note, appsig_size, sbat, &core_img, &core_size,
-+				       target_addr, &layout);
-       }
-       break;
-     }
-- 
-2.47.0
-
--- a/grub2.changes
+++ b/grub2.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sun Dec  8 10:22:43 UTC 2024 - Michael Chang <mchang@suse.com>
+
+- Update PowerPC SBAT patches to upstream (bsc#1233730)
+  * 0007-grub-mkimage-Create-new-ELF-note-for-SBAT.patch
+  * 0008-grub-mkimage-Add-SBAT-metadata-into-ELF-note-for-Pow.patch
+- Replaced patches
+  * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch
+  * 0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch
+
+-------------------------------------------------------------------
+Fri Dec  6 16:40:54 UTC 2024 - Michael Chang <mchang@suse.com>
+
+- Fix missing requires in SLE package (bsc#1234264) (bsc#1234272)
+
 -------------------------------------------------------------------
 Tue Dec  3 07:18:32 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>

--- a/grub2.spec
+++ b/grub2.spec
@@ -408,8 +408,8 @@ Patch226:       0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch
 Patch227:       0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch
 Patch228:       0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch
 Patch229:       0006-appendedsig-documentation.patch
-Patch230:       0007-mkimage-create-new-ELF-Note-for-SBAT.patch
-Patch231:       0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch
+Patch230:       0007-grub-mkimage-Create-new-ELF-note-for-SBAT.patch
+Patch231:       0008-grub-mkimage-Add-SBAT-metadata-into-ELF-note-for-Pow.patch
 Patch232:       0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch
 Patch233:       0001-kern-ieee1275-init-Add-IEEE-1275-Radix-support-for-K.patch
 Patch234:       0001-cli_lock-Add-build-option-to-block-command-line-inte.patch
@@ -417,6 +417,34 @@ Patch235:       0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
 Patch236:       0001-kern-main-Fix-cmdpath-in-root-directory.patch
 Patch237:       grub2-s390x-secure-execution-support.patch

+%if 0%{?suse_version} <= 1600
+Requires:       gettext-runtime
+%if 0%{?suse_version} >= 1140
+%ifnarch s390x
+Recommends:     os-prober
+%endif
+# xorriso not available using grub2-mkrescue (bnc#812681)
+# downgrade to suggest as minimal system can't afford pulling in tcl/tk and half of the x11 stack (bsc#1102515)
+Suggests:       libburnia-tools
+Suggests:       mtools
+%endif
+%ifarch s390x
+# required utilities by grub2-s390x-04-grub2-install.patch
+# use 'showconsole' to determine console device. (bnc#876743)
+Requires:       kexec-tools
+Requires:       (/sbin/showconsole or /usr/sbin/showconsole)
+# for /sbin/zipl used by grub2-zipl-setup
+Requires:       s390-tools
+%endif
+%ifarch ppc64 ppc64le
+Requires:       powerpc-utils
+%endif
+%ifarch %{ix86}
+# meanwhile, memtest is available as EFI executable
+Recommends:     memtest86+
+%endif
+%endif
+
 %if 0%{?suse_version} > 1600
 # Always requires a default cpu-platform package
 Requires:       grub2-%{grubarch} = %{version}-%{release}
@@ -442,9 +470,7 @@ computer architectures and hardware devices.
 %package common
 Summary:        Utilies to manage grub
 Group:          System/Boot
-%endif
 Requires:       gettext-runtime
-%if 0%{?suse_version} >= 1140
 %ifnarch s390x
 Recommends:     os-prober
 %endif
@@ -452,7 +478,6 @@ Recommends:     os-prober
 # downgrade to suggest as minimal system can't afford pulling in tcl/tk and half of the x11 stack (bsc#1102515)
 Suggests:       libburnia-tools
 Suggests:       mtools
-%endif
 %ifarch s390x
 # required utilities by grub2-s390x-04-grub2-install.patch
 # use 'showconsole' to determine console device. (bnc#876743)
@@ -469,7 +494,6 @@ Requires:       powerpc-utils
 Recommends:     memtest86+
 %endif

-%if 0%{?suse_version} > 1600
 %description common
 This package includes user space utlities to manage GRUB on your system.
 %endif