Accepting request 713147 from home:michael-chang:bsc:1136601
- Use grub2-install to handle signed grub installation for UEFI secure boot and also provide options to override default (bsc#1136601) * grub2-secureboot-install-signed-grub.patch - Remove arm64 linuxefi patches as it's not needed for secure boot * 0001-efi-refactor-grub_efi_allocate_pages.patch * 0002-Remove-grub_efi_allocate_pages.patch * 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch * 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch * 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch * 0006-Add-support-for-EFI-handover-on-ARM64.patch OBS-URL: https://build.opensuse.org/request/show/713147 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=335
This commit is contained in:
parent
98c7f34bed
commit
6b8bc36c6d
@ -1,120 +0,0 @@
|
||||
From f44433a343f4b10b8682f44937e929fb94dda642 Mon Sep 17 00:00:00 2001
|
||||
From: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Date: Thu, 3 Aug 2017 11:04:23 +0100
|
||||
Subject: [PATCH 1/6] efi: refactor grub_efi_allocate_pages
|
||||
|
||||
Expose a new function, grub_efi_allocate_pages_real(), making it possible
|
||||
to specify allocation type and memory type as supported by the UEFI
|
||||
AllocatePages boot service.
|
||||
|
||||
Make grub_efi_allocate_pages() a consumer of the new function,
|
||||
maintaining its old functionality.
|
||||
|
||||
Also delete some left-around #if 1/#else blocks in the affected
|
||||
functions.
|
||||
|
||||
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
---
|
||||
grub-core/kern/efi/mm.c | 46 ++++++++++++++++++++++++----------------------
|
||||
include/grub/efi/efi.h | 5 +++++
|
||||
2 files changed, 29 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
|
||||
index 04ad549f4..a03a44e71 100644
|
||||
--- a/grub-core/kern/efi/mm.c
|
||||
+++ b/grub-core/kern/efi/mm.c
|
||||
@@ -147,36 +147,20 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max,
|
||||
|
||||
/* Allocate pages. Return the pointer to the first of allocated pages. */
|
||||
void *
|
||||
-grub_efi_allocate_pages (grub_efi_physical_address_t address,
|
||||
- grub_efi_uintn_t pages)
|
||||
+grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
|
||||
+ grub_efi_uintn_t pages,
|
||||
+ grub_efi_allocate_type_t alloctype,
|
||||
+ grub_efi_memory_type_t memtype)
|
||||
{
|
||||
- grub_efi_allocate_type_t type;
|
||||
grub_efi_status_t status;
|
||||
grub_efi_boot_services_t *b;
|
||||
|
||||
-#if 1
|
||||
/* Limit the memory access to less than 4GB for 32-bit platforms. */
|
||||
if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
|
||||
return 0;
|
||||
-#endif
|
||||
-
|
||||
-#if 1
|
||||
- if (address == 0)
|
||||
- {
|
||||
- type = GRUB_EFI_ALLOCATE_MAX_ADDRESS;
|
||||
- address = GRUB_EFI_MAX_USABLE_ADDRESS;
|
||||
- }
|
||||
- else
|
||||
- type = GRUB_EFI_ALLOCATE_ADDRESS;
|
||||
-#else
|
||||
- if (address == 0)
|
||||
- type = GRUB_EFI_ALLOCATE_ANY_PAGES;
|
||||
- else
|
||||
- type = GRUB_EFI_ALLOCATE_ADDRESS;
|
||||
-#endif
|
||||
|
||||
b = grub_efi_system_table->boot_services;
|
||||
- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address);
|
||||
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
|
||||
if (status != GRUB_EFI_SUCCESS)
|
||||
return 0;
|
||||
|
||||
@@ -185,7 +169,7 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address,
|
||||
/* Uggh, the address 0 was allocated... This is too annoying,
|
||||
so reallocate another one. */
|
||||
address = GRUB_EFI_MAX_USABLE_ADDRESS;
|
||||
- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address);
|
||||
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
|
||||
grub_efi_free_pages (0, pages);
|
||||
if (status != GRUB_EFI_SUCCESS)
|
||||
return 0;
|
||||
@@ -194,6 +178,24 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address,
|
||||
return (void *) ((grub_addr_t) address);
|
||||
}
|
||||
|
||||
+void *
|
||||
+grub_efi_allocate_pages (grub_efi_physical_address_t address,
|
||||
+ grub_efi_uintn_t pages)
|
||||
+{
|
||||
+ grub_efi_allocate_type_t alloctype;
|
||||
+
|
||||
+ if (address == 0)
|
||||
+ {
|
||||
+ alloctype = GRUB_EFI_ALLOCATE_MAX_ADDRESS;
|
||||
+ address = GRUB_EFI_MAX_USABLE_ADDRESS;
|
||||
+ }
|
||||
+ else
|
||||
+ alloctype = GRUB_EFI_ALLOCATE_ADDRESS;
|
||||
+
|
||||
+ return grub_efi_allocate_pages_real (address, pages, alloctype,
|
||||
+ GRUB_EFI_LOADER_DATA);
|
||||
+}
|
||||
+
|
||||
/* Free pages starting from ADDRESS. */
|
||||
void
|
||||
grub_efi_free_pages (grub_efi_physical_address_t address,
|
||||
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
|
||||
index a4ea7831b..c7f2fe6c3 100644
|
||||
--- a/include/grub/efi/efi.h
|
||||
+++ b/include/grub/efi/efi.h
|
||||
@@ -38,6 +38,11 @@ void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle,
|
||||
int EXPORT_FUNC(grub_efi_set_text_mode) (int on);
|
||||
void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds);
|
||||
void *
|
||||
+EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address,
|
||||
+ grub_efi_uintn_t pages,
|
||||
+ grub_efi_allocate_type_t alloctype,
|
||||
+ grub_efi_memory_type_t memtype);
|
||||
+void *
|
||||
EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address,
|
||||
grub_efi_uintn_t pages);
|
||||
void *
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,267 +0,0 @@
|
||||
From bb4cb6d374625d3716380affda56dc4c20da36db Mon Sep 17 00:00:00 2001
|
||||
From: Vladimir Serbinenko <phcoder@gmail.com>
|
||||
Date: Mon, 7 Aug 2017 18:33:29 +0200
|
||||
Subject: [PATCH 2/6] Remove grub_efi_allocate_pages.
|
||||
|
||||
grub_efi_allocate_pages Essentially does 2 unrelated things:
|
||||
* Allocate at fixed address.
|
||||
* Allocate at any address.
|
||||
|
||||
To switch between 2 different functions it uses address == 0 as magic
|
||||
value which is wrong as 0 is a perfectly valid fixed adress to allocate at.
|
||||
---
|
||||
grub-core/kern/arm/efi/misc.c | 4 ++--
|
||||
grub-core/kern/efi/mm.c | 30 ++++++++++++++----------------
|
||||
grub-core/loader/arm64/fdt.c | 2 +-
|
||||
grub-core/loader/arm64/linux.c | 7 +++----
|
||||
grub-core/loader/arm64/xen_boot.c | 7 +++----
|
||||
grub-core/loader/i386/efi/linux.c | 2 +-
|
||||
grub-core/loader/ia64/efi/linux.c | 10 +++++-----
|
||||
include/grub/autoefi.h | 2 +-
|
||||
include/grub/efi/efi.h | 4 +++-
|
||||
9 files changed, 33 insertions(+), 35 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/arm/efi/misc.c b/grub-core/kern/arm/efi/misc.c
|
||||
index 7cd41842a..c95e8299d 100644
|
||||
--- a/grub-core/kern/arm/efi/misc.c
|
||||
+++ b/grub-core/kern/arm/efi/misc.c
|
||||
@@ -146,7 +146,7 @@ grub_efi_allocate_loader_memory (grub_uint32_t min_offset, grub_uint32_t size)
|
||||
continue;
|
||||
grub_dprintf("mm", "%s: let's allocate some (0x%x) pages @ 0x%08x...\n",
|
||||
__FUNCTION__, (size >> PAGE_SHIFT), (grub_addr_t) start);
|
||||
- mem = grub_efi_allocate_pages (start, (size >> PAGE_SHIFT) + 1);
|
||||
+ mem = grub_efi_allocate_fixed (start, (size >> PAGE_SHIFT) + 1);
|
||||
grub_dprintf("mm", "%s: retval=0x%08x\n",
|
||||
__FUNCTION__, (grub_addr_t) mem);
|
||||
if (! mem)
|
||||
@@ -189,7 +189,7 @@ grub_efi_prepare_platform (void)
|
||||
mmap_size = find_mmap_size ();
|
||||
if (! mmap_size)
|
||||
return GRUB_ERR_OUT_OF_MEMORY;
|
||||
- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12);
|
||||
+ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12);
|
||||
if (! mmap_buf)
|
||||
return GRUB_ERR_OUT_OF_MEMORY;
|
||||
|
||||
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
|
||||
index a03a44e71..4226f34ec 100644
|
||||
--- a/grub-core/kern/efi/mm.c
|
||||
+++ b/grub-core/kern/efi/mm.c
|
||||
@@ -179,20 +179,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
|
||||
}
|
||||
|
||||
void *
|
||||
-grub_efi_allocate_pages (grub_efi_physical_address_t address,
|
||||
- grub_efi_uintn_t pages)
|
||||
+grub_efi_allocate_any_pages (grub_efi_uintn_t pages)
|
||||
{
|
||||
- grub_efi_allocate_type_t alloctype;
|
||||
-
|
||||
- if (address == 0)
|
||||
- {
|
||||
- alloctype = GRUB_EFI_ALLOCATE_MAX_ADDRESS;
|
||||
- address = GRUB_EFI_MAX_USABLE_ADDRESS;
|
||||
- }
|
||||
- else
|
||||
- alloctype = GRUB_EFI_ALLOCATE_ADDRESS;
|
||||
+ return grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS,
|
||||
+ pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS,
|
||||
+ GRUB_EFI_LOADER_DATA);
|
||||
+}
|
||||
|
||||
- return grub_efi_allocate_pages_real (address, pages, alloctype,
|
||||
+void *
|
||||
+grub_efi_allocate_fixed (grub_efi_physical_address_t address,
|
||||
+ grub_efi_uintn_t pages)
|
||||
+{
|
||||
+ return grub_efi_allocate_pages_real (address, pages,
|
||||
+ GRUB_EFI_ALLOCATE_ADDRESS,
|
||||
GRUB_EFI_LOADER_DATA);
|
||||
}
|
||||
|
||||
@@ -501,7 +500,7 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map,
|
||||
pages = required_pages;
|
||||
}
|
||||
|
||||
- addr = grub_efi_allocate_pages (start, pages);
|
||||
+ addr = grub_efi_allocate_fixed (start, pages);
|
||||
if (! addr)
|
||||
grub_fatal ("cannot allocate conventional memory %p with %u pages",
|
||||
(void *) ((grub_addr_t) start),
|
||||
@@ -567,8 +566,7 @@ grub_efi_mm_init (void)
|
||||
int mm_status;
|
||||
|
||||
/* Prepare a memory region to store two memory maps. */
|
||||
- memory_map = grub_efi_allocate_pages (0,
|
||||
- 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
|
||||
+ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
|
||||
if (! memory_map)
|
||||
grub_fatal ("cannot allocate memory");
|
||||
|
||||
@@ -586,7 +584,7 @@ grub_efi_mm_init (void)
|
||||
/* Freeing/allocating operations may increase memory map size. */
|
||||
map_size += desc_size * 32;
|
||||
|
||||
- memory_map = grub_efi_allocate_pages (0, 2 * BYTES_TO_PAGES (map_size));
|
||||
+ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (map_size));
|
||||
if (! memory_map)
|
||||
grub_fatal ("cannot allocate memory");
|
||||
|
||||
diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/arm64/fdt.c
|
||||
index db49cf649..368001696 100644
|
||||
--- a/grub-core/loader/arm64/fdt.c
|
||||
+++ b/grub-core/loader/arm64/fdt.c
|
||||
@@ -50,7 +50,7 @@ grub_fdt_load (grub_size_t additional_size)
|
||||
size += additional_size;
|
||||
|
||||
grub_dprintf ("linux", "allocating %ld bytes for fdt\n", size);
|
||||
- fdt = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (size));
|
||||
+ fdt = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (size));
|
||||
if (!fdt)
|
||||
return NULL;
|
||||
|
||||
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
|
||||
index 9519d2e4d..ee3fcaa86 100644
|
||||
--- a/grub-core/loader/arm64/linux.c
|
||||
+++ b/grub-core/loader/arm64/linux.c
|
||||
@@ -148,8 +148,7 @@ grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args)
|
||||
loaded_image->load_options_size = len =
|
||||
(grub_strlen (args) + 1) * sizeof (grub_efi_char16_t);
|
||||
loaded_image->load_options =
|
||||
- grub_efi_allocate_pages (0,
|
||||
- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
|
||||
+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
|
||||
if (!loaded_image->load_options)
|
||||
return grub_errno;
|
||||
|
||||
@@ -223,7 +222,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_dprintf ("linux", "Loading initrd\n");
|
||||
|
||||
initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size));
|
||||
- initrd_mem = grub_efi_allocate_pages (0, initrd_pages);
|
||||
+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages);
|
||||
if (!initrd_mem)
|
||||
{
|
||||
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
|
||||
@@ -277,7 +276,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_loader_unset();
|
||||
|
||||
grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size);
|
||||
- kernel_addr = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
+ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
grub_dprintf ("linux", "kernel numpages: %lld\n",
|
||||
(long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
if (!kernel_addr)
|
||||
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
|
||||
index a914eb8e2..ab7c2f850 100644
|
||||
--- a/grub-core/loader/arm64/xen_boot.c
|
||||
+++ b/grub-core/loader/arm64/xen_boot.c
|
||||
@@ -324,10 +324,9 @@ xen_boot_binary_load (struct xen_boot_binary *binary, grub_file_t file,
|
||||
grub_dprintf ("xen_loader", "Xen_boot file size: 0x%lx\n", binary->size);
|
||||
|
||||
binary->start
|
||||
- = (grub_addr_t) grub_efi_allocate_pages (0,
|
||||
- GRUB_EFI_BYTES_TO_PAGES
|
||||
- (binary->size +
|
||||
- binary->align));
|
||||
+ = (grub_addr_t) grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES
|
||||
+ (binary->size +
|
||||
+ binary->align));
|
||||
if (!binary->start)
|
||||
{
|
||||
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
|
||||
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
|
||||
index 549989d1d..27dea343c 100644
|
||||
--- a/grub-core/loader/i386/efi/linux.c
|
||||
+++ b/grub-core/loader/i386/efi/linux.c
|
||||
@@ -295,7 +295,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
start = (lh.setup_sects + 1) * 512;
|
||||
len = grub_file_size(file) - start;
|
||||
|
||||
- kernel_mem = grub_efi_allocate_pages(lh.pref_address,
|
||||
+ kernel_mem = grub_efi_allocate_fixed(lh.pref_address,
|
||||
BYTES_TO_PAGES(lh.init_size));
|
||||
|
||||
if (!kernel_mem)
|
||||
diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c
|
||||
index efaa42ccd..750330d45 100644
|
||||
--- a/grub-core/loader/ia64/efi/linux.c
|
||||
+++ b/grub-core/loader/ia64/efi/linux.c
|
||||
@@ -252,7 +252,7 @@ allocate_pages (grub_uint64_t align, grub_uint64_t size_pages,
|
||||
aligned_start += align;
|
||||
if (aligned_start + size > end)
|
||||
continue;
|
||||
- mem = grub_efi_allocate_pages (aligned_start, size_pages);
|
||||
+ mem = grub_efi_allocate_fixed (aligned_start, size_pages);
|
||||
if (! mem)
|
||||
{
|
||||
grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory");
|
||||
@@ -326,7 +326,7 @@ grub_linux_boot (void)
|
||||
mmap_size = find_mmap_size ();
|
||||
if (! mmap_size)
|
||||
return grub_errno;
|
||||
- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12);
|
||||
+ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12);
|
||||
if (! mmap_buf)
|
||||
return grub_error (GRUB_ERR_IO, "cannot allocate memory map");
|
||||
err = grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key,
|
||||
@@ -422,7 +422,7 @@ grub_load_elf64 (grub_file_t file, void *buffer, const char *filename)
|
||||
relocate = grub_env_get ("linux_relocate");
|
||||
if (!relocate || grub_strcmp (relocate, "force") != 0)
|
||||
{
|
||||
- kernel_mem = grub_efi_allocate_pages (low_addr, kernel_pages);
|
||||
+ kernel_mem = grub_efi_allocate_fixed (low_addr, kernel_pages);
|
||||
reloc_offset = 0;
|
||||
}
|
||||
/* Try to relocate. */
|
||||
@@ -524,7 +524,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
len += grub_strlen (argv[i]) + 1;
|
||||
len += sizeof (struct ia64_boot_param) + 512; /* Room for extensions. */
|
||||
boot_param_pages = page_align (len) >> 12;
|
||||
- boot_param = grub_efi_allocate_pages (0, boot_param_pages);
|
||||
+ boot_param = grub_efi_allocate_any_pages (boot_param_pages);
|
||||
if (boot_param == 0)
|
||||
{
|
||||
grub_error (GRUB_ERR_OUT_OF_MEMORY,
|
||||
@@ -589,7 +589,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_dprintf ("linux", "Loading initrd\n");
|
||||
|
||||
initrd_pages = (page_align (initrd_size) >> 12);
|
||||
- initrd_mem = grub_efi_allocate_pages (0, initrd_pages);
|
||||
+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages);
|
||||
if (! initrd_mem)
|
||||
{
|
||||
grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate pages");
|
||||
diff --git a/include/grub/autoefi.h b/include/grub/autoefi.h
|
||||
index b75591176..b7a252e07 100644
|
||||
--- a/include/grub/autoefi.h
|
||||
+++ b/include/grub/autoefi.h
|
||||
@@ -55,7 +55,7 @@ static inline grub_err_t grub_autoefi_prepare (void)
|
||||
# define SYSTEM_TABLE_PTR GRUB_EFIEMU_SYSTEM_TABLE_PTR
|
||||
# define SIZEOF_OF_UINTN GRUB_EFIEMU_SIZEOF_OF_UINTN
|
||||
# define SYSTEM_TABLE GRUB_EFIEMU_SYSTEM_TABLE
|
||||
-# define grub_efi_allocate_pages(x,y) (x)
|
||||
+# define grub_efi_allocate_fixed(x,y) (x)
|
||||
# define grub_efi_free_pages(x,y) GRUB_EFI_SUCCESS
|
||||
# define grub_autoefi_finish_boot_services grub_efiemu_finish_boot_services
|
||||
# define EFI_PRESENT 1
|
||||
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
|
||||
index c7f2fe6c3..f68a19de4 100644
|
||||
--- a/include/grub/efi/efi.h
|
||||
+++ b/include/grub/efi/efi.h
|
||||
@@ -43,9 +43,11 @@ EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address,
|
||||
grub_efi_allocate_type_t alloctype,
|
||||
grub_efi_memory_type_t memtype);
|
||||
void *
|
||||
-EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address,
|
||||
+EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address,
|
||||
grub_efi_uintn_t pages);
|
||||
void *
|
||||
+EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages);
|
||||
+void *
|
||||
EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max,
|
||||
grub_efi_uintn_t pages);
|
||||
void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address,
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,90 +0,0 @@
|
||||
From 8a84e87b34eeb2e7a8f4ea4036f124c1209c6026 Mon Sep 17 00:00:00 2001
|
||||
From: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Date: Thu, 1 Feb 2018 18:18:49 +0000
|
||||
Subject: [PATCH 3/6] arm64/efi: move EFI_PAGE definitions to efi/memory.h
|
||||
|
||||
The EFI page definitions and macros are generic and should not be confined
|
||||
to arm64 headers - so move to efi/memory.h.
|
||||
Also add EFI_PAGE_SIZE macro.
|
||||
|
||||
Update loader sources to reflect new header location.
|
||||
|
||||
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
---
|
||||
grub-core/loader/arm64/fdt.c | 1 +
|
||||
grub-core/loader/arm64/linux.c | 1 +
|
||||
grub-core/loader/arm64/xen_boot.c | 1 +
|
||||
include/grub/arm64/fdtload.h | 3 ---
|
||||
include/grub/efi/memory.h | 7 +++++++
|
||||
5 files changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/arm64/fdt.c
|
||||
index 368001696..c61adbe67 100644
|
||||
--- a/grub-core/loader/arm64/fdt.c
|
||||
+++ b/grub-core/loader/arm64/fdt.c
|
||||
@@ -24,6 +24,7 @@
|
||||
#include <grub/command.h>
|
||||
#include <grub/file.h>
|
||||
#include <grub/efi/efi.h>
|
||||
+#include <grub/efi/memory.h>
|
||||
|
||||
static void *loaded_fdt;
|
||||
static void *fdt;
|
||||
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
|
||||
index ee3fcaa86..364fbb6e6 100644
|
||||
--- a/grub-core/loader/arm64/linux.c
|
||||
+++ b/grub-core/loader/arm64/linux.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <grub/cpu/linux.h>
|
||||
#include <grub/cpu/fdtload.h>
|
||||
#include <grub/efi/efi.h>
|
||||
+#include <grub/efi/memory.h>
|
||||
#include <grub/efi/pe32.h>
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/lib/cmdline.h>
|
||||
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
|
||||
index ab7c2f850..f1363024b 100644
|
||||
--- a/grub-core/loader/arm64/xen_boot.c
|
||||
+++ b/grub-core/loader/arm64/xen_boot.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <grub/cpu/fdtload.h>
|
||||
#include <grub/cpu/linux.h>
|
||||
#include <grub/efi/efi.h>
|
||||
+#include <grub/efi/memory.h>
|
||||
#include <grub/efi/pe32.h> /* required by struct xen_hypervisor_header */
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/lib/cmdline.h>
|
||||
diff --git a/include/grub/arm64/fdtload.h b/include/grub/arm64/fdtload.h
|
||||
index 7b9ddba91..713c9424d 100644
|
||||
--- a/include/grub/arm64/fdtload.h
|
||||
+++ b/include/grub/arm64/fdtload.h
|
||||
@@ -29,7 +29,4 @@ grub_fdt_unload (void);
|
||||
grub_err_t
|
||||
grub_fdt_install (void);
|
||||
|
||||
-#define GRUB_EFI_PAGE_SHIFT 12
|
||||
-#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT)
|
||||
-
|
||||
#endif
|
||||
diff --git a/include/grub/efi/memory.h b/include/grub/efi/memory.h
|
||||
index 20526b146..08fe62277 100644
|
||||
--- a/include/grub/efi/memory.h
|
||||
+++ b/include/grub/efi/memory.h
|
||||
@@ -22,6 +22,13 @@
|
||||
#include <grub/err.h>
|
||||
#include <grub/types.h>
|
||||
|
||||
+/* The term "page" in UEFI refers only to a 4 KiB-aligned 4 KiB size region of
|
||||
+ memory. It is not concerned with underlying translation management concepts,
|
||||
+ but only used as the granule for memory allocations. */
|
||||
+#define GRUB_EFI_PAGE_SHIFT 12
|
||||
+#define GRUB_EFI_PAGE_SIZE (1 << GRUB_EFI_PAGE_SHIFT)
|
||||
+#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT)
|
||||
+
|
||||
#define GRUB_MMAP_REGISTER_BY_FIRMWARE 1
|
||||
|
||||
grub_err_t grub_machine_mmap_register (grub_uint64_t start, grub_uint64_t size,
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,65 +0,0 @@
|
||||
From 6ca50ac741b8c826f953b0905d736006b895f912 Mon Sep 17 00:00:00 2001
|
||||
From: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Date: Mon, 9 Jul 2018 18:33:00 +0100
|
||||
Subject: [PATCH 4/6] efi: Add central copy of grub_efi_find_mmap_size
|
||||
|
||||
There are several implementations of this function in the tree.
|
||||
Add a central version in grub-core/efi/mm.c.
|
||||
|
||||
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
---
|
||||
grub-core/kern/efi/mm.c | 24 ++++++++++++++++++++++++
|
||||
include/grub/efi/efi.h | 1 +
|
||||
2 files changed, 25 insertions(+)
|
||||
|
||||
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
|
||||
index 4226f34ec..021d750b6 100644
|
||||
--- a/grub-core/kern/efi/mm.c
|
||||
+++ b/grub-core/kern/efi/mm.c
|
||||
@@ -315,6 +315,30 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf,
|
||||
return GRUB_ERR_NONE;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * To obtain the UEFI memory map, we must pass a buffer of sufficient size
|
||||
+ * to hold the entire map. This function returns a sane start value for
|
||||
+ * buffer size.
|
||||
+ */
|
||||
+grub_efi_uintn_t
|
||||
+grub_efi_find_mmap_size (void)
|
||||
+{
|
||||
+ grub_efi_uintn_t mmap_size = 0;
|
||||
+ grub_efi_uintn_t desc_size;
|
||||
+
|
||||
+ if (grub_efi_get_memory_map (&mmap_size, NULL, NULL, &desc_size, 0) < 0)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_IO, "cannot get EFI memory map size");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Add an extra page, since UEFI can alter the memory map itself on
|
||||
+ * callbacks or explicit calls, including console output.
|
||||
+ */
|
||||
+ return ALIGN_UP (mmap_size + GRUB_EFI_PAGE_SIZE, GRUB_EFI_PAGE_SIZE);
|
||||
+}
|
||||
+
|
||||
/* Get the memory map as defined in the EFI spec. Return 1 if successful,
|
||||
return 0 if partial, or return -1 if an error occurs. */
|
||||
int
|
||||
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
|
||||
index f68a19de4..e8ae60931 100644
|
||||
--- a/include/grub/efi/efi.h
|
||||
+++ b/include/grub/efi/efi.h
|
||||
@@ -52,6 +52,7 @@ EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max,
|
||||
grub_efi_uintn_t pages);
|
||||
void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address,
|
||||
grub_efi_uintn_t pages);
|
||||
+grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void);
|
||||
int
|
||||
EXPORT_FUNC(grub_efi_get_memory_map) (grub_efi_uintn_t *memory_map_size,
|
||||
grub_efi_memory_descriptor_t *memory_map,
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,75 +0,0 @@
|
||||
From 226e83d10e35d1a76e93114366740f994548fe04 Mon Sep 17 00:00:00 2001
|
||||
From: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Date: Mon, 9 Jul 2018 18:33:01 +0100
|
||||
Subject: [PATCH 5/6] efi: Add grub_efi_get_ram_base() function for arm64
|
||||
|
||||
Since ARM platforms do not have a common memory map, add a helper
|
||||
function that finds the lowest address region with the EFI_MEMORY_WB
|
||||
attribute set in the UEFI memory map.
|
||||
|
||||
Required for the arm64 efi linux loader to restrict the initrd
|
||||
location to where it will be accessible by the kernel at runtime.
|
||||
|
||||
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
---
|
||||
grub-core/kern/efi/mm.c | 31 +++++++++++++++++++++++++++++++
|
||||
include/grub/efi/efi.h | 3 +++
|
||||
2 files changed, 34 insertions(+)
|
||||
|
||||
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
|
||||
index 021d750b6..270d0b8cc 100644
|
||||
--- a/grub-core/kern/efi/mm.c
|
||||
+++ b/grub-core/kern/efi/mm.c
|
||||
@@ -660,3 +660,34 @@ grub_efi_mm_init (void)
|
||||
grub_efi_free_pages ((grub_addr_t) memory_map,
|
||||
2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
|
||||
}
|
||||
+
|
||||
+#if defined (__aarch64__)
|
||||
+grub_err_t
|
||||
+grub_efi_get_ram_base(grub_addr_t *base_addr)
|
||||
+{
|
||||
+ grub_efi_memory_descriptor_t *memory_map, *desc;
|
||||
+ grub_efi_uintn_t memory_map_size, desc_size;
|
||||
+ int ret;
|
||||
+
|
||||
+ memory_map_size = grub_efi_find_mmap_size();
|
||||
+
|
||||
+ memory_map = grub_malloc (memory_map_size);
|
||||
+ if (! memory_map)
|
||||
+ return GRUB_ERR_OUT_OF_MEMORY;
|
||||
+ ret = grub_efi_get_memory_map (&memory_map_size, memory_map, NULL,
|
||||
+ &desc_size, NULL);
|
||||
+
|
||||
+ if (ret < 1)
|
||||
+ return GRUB_ERR_BUG;
|
||||
+
|
||||
+ for (desc = memory_map, *base_addr = GRUB_UINT_MAX;
|
||||
+ (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size);
|
||||
+ desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size))
|
||||
+ if (desc->attribute & GRUB_EFI_MEMORY_WB)
|
||||
+ *base_addr = grub_min (*base_addr, desc->physical_start);
|
||||
+
|
||||
+ grub_free(memory_map);
|
||||
+
|
||||
+ return GRUB_ERR_NONE;
|
||||
+}
|
||||
+#endif
|
||||
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
|
||||
index e8ae60931..13bc67d57 100644
|
||||
--- a/include/grub/efi/efi.h
|
||||
+++ b/include/grub/efi/efi.h
|
||||
@@ -97,6 +97,9 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd,
|
||||
#if defined(__arm__) || defined(__aarch64__)
|
||||
void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void);
|
||||
#endif
|
||||
+#if defined(__aarch64__)
|
||||
+grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *);
|
||||
+#endif
|
||||
|
||||
grub_addr_t grub_efi_modules_addr (void);
|
||||
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,489 +0,0 @@
|
||||
From 17667c24295a4b105bf20a3bd5bb19ef0acaebba Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <mjg@redhat.com>
|
||||
Date: Fri, 21 Dec 2018 14:36:10 +0800
|
||||
Subject: [PATCH 6/6] Add support for EFI handover on ARM64
|
||||
|
||||
Add support for EFI handover on ARM64 for loading linux kernel.
|
||||
---
|
||||
grub-core/Makefile.core.def | 9 +-
|
||||
grub-core/loader/arm64/efi/linux.c | 448 +++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 453 insertions(+), 4 deletions(-)
|
||||
create mode 100644 grub-core/loader/arm64/efi/linux.c
|
||||
|
||||
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
|
||||
index 1269f372c..f306311e6 100644
|
||||
--- a/grub-core/Makefile.core.def
|
||||
+++ b/grub-core/Makefile.core.def
|
||||
@@ -1761,10 +1761,11 @@ module = {
|
||||
|
||||
module = {
|
||||
name = linuxefi;
|
||||
- efi = loader/i386/efi/linux.c;
|
||||
- efi = lib/cmdline.c;
|
||||
- enable = i386_efi;
|
||||
- enable = x86_64_efi;
|
||||
+ arm64 = loader/arm64/efi/linux.c;
|
||||
+ x86_64 = loader/i386/efi/linux.c;
|
||||
+ common = lib/cmdline.c;
|
||||
+ enable = x86_64;
|
||||
+ enable = arm64;
|
||||
};
|
||||
|
||||
module = {
|
||||
diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c
|
||||
new file mode 100644
|
||||
index 000000000..4a5c70e4b
|
||||
--- /dev/null
|
||||
+++ b/grub-core/loader/arm64/efi/linux.c
|
||||
@@ -0,0 +1,448 @@
|
||||
+/*
|
||||
+ * GRUB -- GRand Unified Bootloader
|
||||
+ * Copyright (C) 2013 Free Software Foundation, Inc.
|
||||
+ *
|
||||
+ * GRUB is free software: you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation, either version 3 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * GRUB is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License
|
||||
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||
+ */
|
||||
+
|
||||
+#include <grub/charset.h>
|
||||
+#include <grub/command.h>
|
||||
+#include <grub/err.h>
|
||||
+#include <grub/file.h>
|
||||
+#include <grub/fdt.h>
|
||||
+#include <grub/linux.h>
|
||||
+#include <grub/loader.h>
|
||||
+#include <grub/mm.h>
|
||||
+#include <grub/types.h>
|
||||
+#include <grub/cpu/linux.h>
|
||||
+#include <grub/efi/efi.h>
|
||||
+#include <grub/cpu/fdtload.h>
|
||||
+#include <grub/efi/memory.h>
|
||||
+#include <grub/efi/pe32.h>
|
||||
+#include <grub/i18n.h>
|
||||
+#include <grub/lib/cmdline.h>
|
||||
+
|
||||
+GRUB_MOD_LICENSE ("GPLv3+");
|
||||
+
|
||||
+static grub_dl_t my_mod;
|
||||
+static int loaded;
|
||||
+
|
||||
+static void *kernel_addr;
|
||||
+static grub_uint64_t kernel_size;
|
||||
+static grub_uint32_t handover_offset;
|
||||
+
|
||||
+static char *linux_args;
|
||||
+static grub_uint32_t cmdline_size;
|
||||
+
|
||||
+static grub_addr_t initrd_start;
|
||||
+static grub_addr_t initrd_end;
|
||||
+
|
||||
+struct grub_arm64_linux_pe_header
|
||||
+{
|
||||
+ grub_uint32_t magic;
|
||||
+ struct grub_pe32_coff_header coff;
|
||||
+ struct grub_pe64_optional_header opt;
|
||||
+};
|
||||
+
|
||||
+#if defined(__aarch64__)
|
||||
+# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_ARM64_LINUX_MAGIC
|
||||
+# define linux_armxx_kernel_header grub_arm64_linux_kernel_header
|
||||
+# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header
|
||||
+#endif
|
||||
+
|
||||
+#define SHIM_LOCK_GUID \
|
||||
+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
|
||||
+
|
||||
+struct grub_efi_shim_lock
|
||||
+{
|
||||
+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
|
||||
+};
|
||||
+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
|
||||
+
|
||||
+static grub_efi_boolean_t
|
||||
+grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
|
||||
+{
|
||||
+ grub_efi_guid_t guid = SHIM_LOCK_GUID;
|
||||
+ grub_efi_shim_lock_t *shim_lock;
|
||||
+
|
||||
+ shim_lock = grub_efi_locate_protocol(&guid, NULL);
|
||||
+
|
||||
+ if (!shim_lock)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
|
||||
+ return 1;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#pragma GCC diagnostic push
|
||||
+#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
+
|
||||
+typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *);
|
||||
+
|
||||
+static grub_err_t
|
||||
+grub_efi_linux_boot (void *kernel_address, grub_off_t offset,
|
||||
+ void *kernel_params)
|
||||
+{
|
||||
+ handover_func hf;
|
||||
+
|
||||
+ hf = (handover_func)((char *)kernel_address + offset);
|
||||
+ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
|
||||
+
|
||||
+ return GRUB_ERR_BUG;
|
||||
+}
|
||||
+
|
||||
+#pragma GCC diagnostic pop
|
||||
+static grub_err_t
|
||||
+grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh)
|
||||
+{
|
||||
+ if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE)
|
||||
+ return grub_error(GRUB_ERR_BAD_OS, "invalid magic number");
|
||||
+
|
||||
+ if ((lh->code0 & 0xffff) != GRUB_EFI_PE_MAGIC)
|
||||
+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
|
||||
+ N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled"));
|
||||
+
|
||||
+ grub_dprintf ("linux", "UEFI stub kernel:\n");
|
||||
+ grub_dprintf ("linux", "PE/COFF header @ %08x\n", lh->hdr_offset);
|
||||
+
|
||||
+ return GRUB_ERR_NONE;
|
||||
+}
|
||||
+
|
||||
+static grub_err_t
|
||||
+finalize_params_linux (void)
|
||||
+{
|
||||
+ grub_efi_loaded_image_t *loaded_image = NULL;
|
||||
+ int node, retval, len;
|
||||
+
|
||||
+ void *fdt;
|
||||
+
|
||||
+ fdt = grub_fdt_load (0x400);
|
||||
+
|
||||
+ if (!fdt)
|
||||
+ goto failure;
|
||||
+
|
||||
+ node = grub_fdt_find_subnode (fdt, 0, "chosen");
|
||||
+ if (node < 0)
|
||||
+ node = grub_fdt_add_subnode (fdt, 0, "chosen");
|
||||
+
|
||||
+ if (node < 1)
|
||||
+ goto failure;
|
||||
+
|
||||
+ /* Set initrd info */
|
||||
+ if (initrd_start && initrd_end > initrd_start)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "Initrd @ %p-%p\n",
|
||||
+ (void *) initrd_start, (void *) initrd_end);
|
||||
+
|
||||
+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start",
|
||||
+ initrd_start);
|
||||
+ if (retval)
|
||||
+ goto failure;
|
||||
+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end",
|
||||
+ initrd_end);
|
||||
+ if (retval)
|
||||
+ goto failure;
|
||||
+ }
|
||||
+
|
||||
+ if (grub_fdt_install() != GRUB_ERR_NONE)
|
||||
+ goto failure;
|
||||
+
|
||||
+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
|
||||
+ fdt);
|
||||
+
|
||||
+ /* Convert command line to UCS-2 */
|
||||
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
|
||||
+ if (!loaded_image)
|
||||
+ goto failure;
|
||||
+
|
||||
+ loaded_image->load_options_size = len =
|
||||
+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t);
|
||||
+ loaded_image->load_options =
|
||||
+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
|
||||
+ if (!loaded_image->load_options)
|
||||
+ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
|
||||
+
|
||||
+ loaded_image->load_options_size =
|
||||
+ 2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
|
||||
+ (grub_uint8_t *) linux_args, len, NULL);
|
||||
+
|
||||
+ return GRUB_ERR_NONE;
|
||||
+
|
||||
+failure:
|
||||
+ grub_fdt_unload();
|
||||
+ return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+free_params (void)
|
||||
+{
|
||||
+ grub_efi_loaded_image_t *loaded_image = NULL;
|
||||
+
|
||||
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
|
||||
+ if (loaded_image)
|
||||
+ {
|
||||
+ if (loaded_image->load_options)
|
||||
+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options,
|
||||
+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
|
||||
+ loaded_image->load_options = NULL;
|
||||
+ loaded_image->load_options_size = 0;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static grub_err_t
|
||||
+grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args)
|
||||
+{
|
||||
+ grub_err_t retval;
|
||||
+
|
||||
+ retval = finalize_params_linux ();
|
||||
+ if (retval != GRUB_ERR_NONE)
|
||||
+ return grub_errno;
|
||||
+
|
||||
+ grub_dprintf ("linux", "linux command line: '%s'\n", args);
|
||||
+
|
||||
+ retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr);
|
||||
+
|
||||
+ /* Never reached... */
|
||||
+ free_params();
|
||||
+ return retval;
|
||||
+}
|
||||
+
|
||||
+static grub_err_t
|
||||
+grub_linux_boot (void)
|
||||
+{
|
||||
+ return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args);
|
||||
+}
|
||||
+
|
||||
+static grub_err_t
|
||||
+grub_linux_unload (void)
|
||||
+{
|
||||
+ grub_dl_unref (my_mod);
|
||||
+ loaded = 0;
|
||||
+ if (initrd_start)
|
||||
+ grub_efi_free_pages ((grub_efi_physical_address_t) initrd_start,
|
||||
+ GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start));
|
||||
+ initrd_start = initrd_end = 0;
|
||||
+ grub_free (linux_args);
|
||||
+ if (kernel_addr)
|
||||
+ grub_efi_free_pages ((grub_addr_t) kernel_addr,
|
||||
+ GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
+ grub_fdt_unload ();
|
||||
+ return GRUB_ERR_NONE;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * As per linux/Documentation/arm/Booting
|
||||
+ * ARM initrd needs to be covered by kernel linear mapping,
|
||||
+ * so place it in the first 512MB of DRAM.
|
||||
+ *
|
||||
+ * As per linux/Documentation/arm64/booting.txt
|
||||
+ * ARM64 initrd needs to be contained entirely within a 1GB aligned window
|
||||
+ * of up to 32GB of size that covers the kernel image as well.
|
||||
+ * Since the EFI stub loader will attempt to load the kernel near start of
|
||||
+ * RAM, place the buffer in the first 32GB of RAM.
|
||||
+ */
|
||||
+#ifdef __arm__
|
||||
+#define INITRD_MAX_ADDRESS_OFFSET (512U * 1024 * 1024)
|
||||
+#else /* __aarch64__ */
|
||||
+#define INITRD_MAX_ADDRESS_OFFSET (32ULL * 1024 * 1024 * 1024)
|
||||
+#endif
|
||||
+
|
||||
+/*
|
||||
+ * This function returns a pointer to a legally allocated initrd buffer,
|
||||
+ * or NULL if unsuccessful
|
||||
+ */
|
||||
+static void *
|
||||
+allocate_initrd_mem (int initrd_pages)
|
||||
+{
|
||||
+ grub_addr_t max_addr;
|
||||
+
|
||||
+ if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE)
|
||||
+ return NULL;
|
||||
+
|
||||
+ max_addr += INITRD_MAX_ADDRESS_OFFSET - 1;
|
||||
+
|
||||
+ return grub_efi_allocate_pages_real (max_addr, initrd_pages,
|
||||
+ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
|
||||
+ GRUB_EFI_LOADER_DATA);
|
||||
+}
|
||||
+
|
||||
+static grub_err_t
|
||||
+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
+ int argc, char *argv[])
|
||||
+{
|
||||
+ struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 };
|
||||
+ int initrd_size, initrd_pages;
|
||||
+ void *initrd_mem = NULL;
|
||||
+
|
||||
+ if (argc == 0)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ if (!loaded)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
|
||||
+ N_("you need to load the kernel first"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ if (grub_initrd_init (argc, argv, &initrd_ctx))
|
||||
+ goto fail;
|
||||
+
|
||||
+ initrd_size = grub_get_initrd_size (&initrd_ctx);
|
||||
+ grub_dprintf ("linux", "Loading initrd\n");
|
||||
+
|
||||
+ initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size));
|
||||
+ initrd_mem = allocate_initrd_mem (initrd_pages);
|
||||
+
|
||||
+ if (!initrd_mem)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem))
|
||||
+ goto fail;
|
||||
+
|
||||
+ initrd_start = (grub_addr_t) initrd_mem;
|
||||
+ initrd_end = initrd_start + initrd_size;
|
||||
+ grub_dprintf ("linux", "[addr=%p, size=0x%x]\n",
|
||||
+ (void *) initrd_start, initrd_size);
|
||||
+
|
||||
+ fail:
|
||||
+ grub_initrd_close (&initrd_ctx);
|
||||
+ if (initrd_mem && !initrd_start)
|
||||
+ grub_efi_free_pages ((grub_addr_t) initrd_mem, initrd_pages);
|
||||
+
|
||||
+ return grub_errno;
|
||||
+}
|
||||
+
|
||||
+static grub_err_t
|
||||
+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
+ int argc, char *argv[])
|
||||
+{
|
||||
+ grub_file_t file = 0;
|
||||
+ struct linux_armxx_kernel_header lh;
|
||||
+ struct grub_armxx_linux_pe_header *pe;
|
||||
+
|
||||
+ grub_dl_ref (my_mod);
|
||||
+
|
||||
+ if (argc == 0)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ file = grub_file_open (argv[0]);
|
||||
+ if (!file)
|
||||
+ goto fail;
|
||||
+
|
||||
+ kernel_size = grub_file_size (file);
|
||||
+
|
||||
+ if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh))
|
||||
+ return grub_errno;
|
||||
+
|
||||
+ if (grub_armxx_efi_linux_check_image (&lh) != GRUB_ERR_NONE)
|
||||
+ goto fail;
|
||||
+
|
||||
+ grub_loader_unset();
|
||||
+
|
||||
+ grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size);
|
||||
+ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
+ grub_dprintf ("linux", "kernel numpages: %lld\n",
|
||||
+ (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
+ if (!kernel_addr)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ grub_file_seek (file, 0);
|
||||
+ if (grub_file_read (file, kernel_addr, kernel_size)
|
||||
+ < (grub_int64_t) kernel_size)
|
||||
+ {
|
||||
+ if (!grub_errno)
|
||||
+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]);
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
|
||||
+
|
||||
+ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size))
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset);
|
||||
+ handover_offset = pe->opt.entry_addr;
|
||||
+
|
||||
+ cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
|
||||
+ linux_args = grub_malloc (cmdline_size);
|
||||
+ if (!linux_args)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
|
||||
+ grub_create_loader_cmdline (argc, argv,
|
||||
+ linux_args + sizeof (LINUX_IMAGE) - 1,
|
||||
+ cmdline_size);
|
||||
+
|
||||
+ if (grub_errno == GRUB_ERR_NONE)
|
||||
+ {
|
||||
+ grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
|
||||
+ loaded = 1;
|
||||
+ }
|
||||
+
|
||||
+fail:
|
||||
+ if (file)
|
||||
+ grub_file_close (file);
|
||||
+
|
||||
+ if (grub_errno != GRUB_ERR_NONE)
|
||||
+ {
|
||||
+ grub_dl_unref (my_mod);
|
||||
+ loaded = 0;
|
||||
+ }
|
||||
+
|
||||
+ if (linux_args && !loaded)
|
||||
+ grub_free (linux_args);
|
||||
+
|
||||
+ if (kernel_addr && !loaded)
|
||||
+ grub_efi_free_pages ((grub_addr_t) kernel_addr,
|
||||
+ GRUB_EFI_BYTES_TO_PAGES (kernel_size));
|
||||
+
|
||||
+ return grub_errno;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static grub_command_t cmd_linux, cmd_initrd;
|
||||
+
|
||||
+GRUB_MOD_INIT (linux)
|
||||
+{
|
||||
+ cmd_linux = grub_register_command ("linuxefi", grub_cmd_linux, 0,
|
||||
+ N_("Load Linux."));
|
||||
+ cmd_initrd = grub_register_command ("initrdefi", grub_cmd_initrd, 0,
|
||||
+ N_("Load initrd."));
|
||||
+ my_mod = mod;
|
||||
+}
|
||||
+
|
||||
+GRUB_MOD_FINI (linux)
|
||||
+{
|
||||
+ grub_unregister_command (cmd_linux);
|
||||
+ grub_unregister_command (cmd_initrd);
|
||||
+}
|
||||
--
|
||||
2.16.4
|
||||
|
228
grub2-secureboot-install-signed-grub.patch
Normal file
228
grub2-secureboot-install-signed-grub.patch
Normal file
@ -0,0 +1,228 @@
|
||||
From 1ff2f31d12f7235423a1eb8a117e0c6f8b2f41c7 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Chang <mchang@suse.com>
|
||||
Date: Tue, 4 Jun 2019 12:32:35 +0800
|
||||
Subject: [PATCH] grub-install: handle signed grub installation on arm64-efi
|
||||
|
||||
Use grub2-install to handle signed grub installation for arm64 UEFI secure
|
||||
boot, the default behavior is auto, which will install signed grub whenever
|
||||
detected.
|
||||
|
||||
Two options, --suse-force-signed and --suse-inhibit-signed, can be used to
|
||||
override the default auto detecting behavior. The former will force to use
|
||||
prebuilt signed image and thus will fail if missing, the latter will always use
|
||||
'mkimage' to create unsigned core image per the user's running environment.
|
||||
|
||||
Signed-off-by: Michael Chang <mchang@suse.com>
|
||||
---
|
||||
util/grub-install.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 85 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: grub-2.02/util/grub-install.c
|
||||
===================================================================
|
||||
--- grub-2.02.orig/util/grub-install.c
|
||||
+++ grub-2.02/util/grub-install.c
|
||||
@@ -84,6 +84,15 @@ static int suse_enable_tpm = 0;
|
||||
|
||||
enum
|
||||
{
|
||||
+ SIGNED_GRUB_INHIBIT,
|
||||
+ SIGNED_GRUB_AUTO,
|
||||
+ SIGNED_GRUB_FORCE
|
||||
+ };
|
||||
+
|
||||
+static int signed_grub_mode = SIGNED_GRUB_AUTO;
|
||||
+
|
||||
+enum
|
||||
+ {
|
||||
OPTION_BOOT_DIRECTORY = 0x301,
|
||||
OPTION_ROOT_DIRECTORY,
|
||||
OPTION_TARGET,
|
||||
@@ -108,6 +117,8 @@ enum
|
||||
OPTION_NO_BOOTSECTOR,
|
||||
OPTION_NO_RS_CODES,
|
||||
OPTION_SUSE_ENABLE_TPM,
|
||||
+ OPTION_SUSE_FORCE_SIGNED,
|
||||
+ OPTION_SUSE_INHIBIT_SIGNED,
|
||||
OPTION_MACPPC_DIRECTORY,
|
||||
OPTION_ZIPL_DIRECTORY,
|
||||
OPTION_LABEL_FONT,
|
||||
@@ -237,6 +248,14 @@ argp_parser (int key, char *arg, struct
|
||||
suse_enable_tpm = 1;
|
||||
return 0;
|
||||
|
||||
+ case OPTION_SUSE_FORCE_SIGNED:
|
||||
+ signed_grub_mode = SIGNED_GRUB_FORCE;
|
||||
+ return 0;
|
||||
+
|
||||
+ case OPTION_SUSE_INHIBIT_SIGNED:
|
||||
+ signed_grub_mode = SIGNED_GRUB_INHIBIT;
|
||||
+ return 0;
|
||||
+
|
||||
case OPTION_DEBUG:
|
||||
verbosity++;
|
||||
return 0;
|
||||
@@ -299,7 +318,12 @@ static struct argp_option options[] = {
|
||||
N_("Do not apply any reed-solomon codes when embedding core.img. "
|
||||
"This option is only available on x86 BIOS targets."), 0},
|
||||
{"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0},
|
||||
-
|
||||
+ {"suse-force-signed", OPTION_SUSE_FORCE_SIGNED, 0, 0,
|
||||
+ N_("force installation of signed grub" "%s."
|
||||
+ "This option is only available on ARM64 EFI targets."), 0},
|
||||
+ {"suse-inhibit-signed", OPTION_SUSE_INHIBIT_SIGNED, 0, 0,
|
||||
+ N_("inhibit installation of signed grub. "
|
||||
+ "This option is only available on ARM64 EFI targets."), 0},
|
||||
{"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2},
|
||||
{"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2},
|
||||
{"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2},
|
||||
@@ -364,6 +388,22 @@ help_filter (int key, const char *text,
|
||||
free (plats);
|
||||
return ret;
|
||||
}
|
||||
+ case OPTION_SUSE_FORCE_SIGNED:
|
||||
+ {
|
||||
+ const char *t = get_default_platform ();
|
||||
+ char *ret;
|
||||
+ if (grub_strcmp (t, "arm64-efi") == 0)
|
||||
+ {
|
||||
+ char *s = grub_util_path_concat (3, grub_util_get_pkglibdir (), t, "grub.efi");
|
||||
+ char *text2 = xasprintf (" [default=%s]", s);
|
||||
+ ret = xasprintf (text, text2);
|
||||
+ free (text2);
|
||||
+ free (s);
|
||||
+ }
|
||||
+ else
|
||||
+ ret = xasprintf (text, "");
|
||||
+ return ret;
|
||||
+ }
|
||||
case ARGP_KEY_HELP_POST_DOC:
|
||||
return xasprintf (text, program_name, GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME);
|
||||
default:
|
||||
@@ -1596,13 +1636,34 @@ main (int argc, char *argv[])
|
||||
|
||||
char mkimage_target[200];
|
||||
const char *core_name = NULL;
|
||||
+ char *signed_imgfile = NULL;
|
||||
|
||||
switch (platform)
|
||||
{
|
||||
- case GRUB_INSTALL_PLATFORM_I386_EFI:
|
||||
+ case GRUB_INSTALL_PLATFORM_ARM64_EFI:
|
||||
+
|
||||
+ if (signed_grub_mode > SIGNED_GRUB_INHIBIT)
|
||||
+ {
|
||||
+ signed_imgfile = grub_util_path_concat (2, grub_install_source_directory, "grub.efi");
|
||||
+ if (!grub_util_is_regular (signed_imgfile))
|
||||
+ {
|
||||
+ if (signed_grub_mode >= SIGNED_GRUB_FORCE)
|
||||
+ grub_util_error ("signed image `%s' does not exist\n", signed_imgfile);
|
||||
+ else
|
||||
+ {
|
||||
+ free (signed_imgfile);
|
||||
+ signed_imgfile = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (signed_imgfile)
|
||||
+ fprintf (stderr, _("Use signed file in %s for installation.\n"), signed_imgfile);
|
||||
+
|
||||
+ /* fallthrough. */
|
||||
case GRUB_INSTALL_PLATFORM_X86_64_EFI:
|
||||
+ case GRUB_INSTALL_PLATFORM_I386_EFI:
|
||||
case GRUB_INSTALL_PLATFORM_ARM_EFI:
|
||||
- case GRUB_INSTALL_PLATFORM_ARM64_EFI:
|
||||
case GRUB_INSTALL_PLATFORM_IA64_EFI:
|
||||
core_name = "core.efi";
|
||||
snprintf (mkimage_target, sizeof (mkimage_target),
|
||||
@@ -1678,13 +1739,75 @@ main (int argc, char *argv[])
|
||||
core_name);
|
||||
char *prefix = xasprintf ("%s%s", prefix_drive ? : "",
|
||||
relative_grubdir);
|
||||
- if (core_name != mkimage_target)
|
||||
+ char *grub_efi_cfg = NULL;
|
||||
+
|
||||
+ if ((core_name != mkimage_target) && !signed_imgfile)
|
||||
grub_install_make_image_wrap (/* source dir */ grub_install_source_directory,
|
||||
/*prefix */ prefix,
|
||||
/* output */ imgfile,
|
||||
/* memdisk */ NULL,
|
||||
have_load_cfg ? load_cfg : NULL,
|
||||
/* image target */ mkimage_target, 0);
|
||||
+ else if (signed_imgfile)
|
||||
+ {
|
||||
+ FILE *grub_cfg_f;
|
||||
+
|
||||
+ grub_install_copy_file (signed_imgfile, imgfile, 1);
|
||||
+ grub_efi_cfg = grub_util_path_concat (2, platdir, "grub.cfg");
|
||||
+ grub_cfg_f = grub_util_fopen (grub_efi_cfg, "wb");
|
||||
+ if (!grub_cfg_f)
|
||||
+ grub_util_error (_("Can't create file: %s"), strerror (errno));
|
||||
+
|
||||
+ if (have_abstractions)
|
||||
+ {
|
||||
+ fprintf (grub_cfg_f, "set prefix=(%s)%s\n", grub_drives[0], relative_grubdir);
|
||||
+ fprintf (grub_cfg_f, "set root=%s\n", grub_drives[0]);
|
||||
+ }
|
||||
+ else if (prefix_drive)
|
||||
+ {
|
||||
+ char *uuid = NULL;
|
||||
+ if (grub_fs->uuid && grub_fs->uuid (grub_dev, &uuid))
|
||||
+ {
|
||||
+ grub_print_error ();
|
||||
+ grub_errno = 0;
|
||||
+ uuid = NULL;
|
||||
+ }
|
||||
+ if (!uuid)
|
||||
+ grub_util_error ("cannot find fs uuid for %s", grub_fs->name);
|
||||
+
|
||||
+ fprintf (grub_cfg_f, "search --fs-uuid --set=root %s\n", uuid);
|
||||
+ fprintf (grub_cfg_f, "set prefix=($root)%s\n", relative_grubdir);
|
||||
+ }
|
||||
+
|
||||
+ if (have_load_cfg)
|
||||
+ {
|
||||
+ size_t len;
|
||||
+ char *buf;
|
||||
+
|
||||
+ FILE *fp = grub_util_fopen (load_cfg, "rb");
|
||||
+ if (!fp)
|
||||
+ grub_util_error (_("Can't read file: %s"), strerror (errno));
|
||||
+
|
||||
+ fseek (fp, 0, SEEK_END);
|
||||
+ len = ftell (fp);
|
||||
+ fseek (fp, 0, SEEK_SET);
|
||||
+ buf = xmalloc (len);
|
||||
+
|
||||
+ if (fread (buf, 1, len, fp) != len)
|
||||
+ grub_util_error (_("cannot read `%s': %s"), load_cfg, strerror (errno));
|
||||
+
|
||||
+ if (fwrite (buf, 1, len, grub_cfg_f) != len)
|
||||
+ grub_util_error (_("cannot write `%s': %s"), grub_efi_cfg, strerror (errno));
|
||||
+
|
||||
+ free (buf);
|
||||
+ fclose (fp);
|
||||
+ }
|
||||
+
|
||||
+ fprintf (grub_cfg_f, "source ${prefix}/grub.cfg\n");
|
||||
+ fclose (grub_cfg_f);
|
||||
+ free (signed_imgfile);
|
||||
+ signed_imgfile = NULL;
|
||||
+ }
|
||||
/* Backward-compatibility kludges. */
|
||||
switch (platform)
|
||||
{
|
||||
@@ -1950,6 +2073,13 @@ main (int argc, char *argv[])
|
||||
char *dst = grub_util_path_concat (2, efidir, efi_file);
|
||||
grub_install_copy_file (imgfile, dst, 1);
|
||||
free (dst);
|
||||
+ if (grub_efi_cfg)
|
||||
+ {
|
||||
+ dst = grub_util_path_concat (2, efidir, "grub.cfg");
|
||||
+ grub_install_copy_file (grub_efi_cfg, dst, 1);
|
||||
+ free (dst);
|
||||
+ free (grub_efi_cfg);
|
||||
+ }
|
||||
}
|
||||
if (!removable && update_nvram)
|
||||
{
|
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 17 09:45:49 UTC 2019 - mchang@suse.com
|
||||
|
||||
- Use grub2-install to handle signed grub installation for UEFI secure
|
||||
boot and also provide options to override default (bsc#1136601)
|
||||
* grub2-secureboot-install-signed-grub.patch
|
||||
- Remove arm64 linuxefi patches as it's not needed for secure boot
|
||||
* 0001-efi-refactor-grub_efi_allocate_pages.patch
|
||||
* 0002-Remove-grub_efi_allocate_pages.patch
|
||||
* 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
|
||||
* 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch
|
||||
* 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch
|
||||
* 0006-Add-support-for-EFI-handover-on-ARM64.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 14 06:13:58 UTC 2019 - mchang@suse.com
|
||||
|
||||
|
14
grub2.spec
14
grub2.spec
@ -305,12 +305,7 @@ Patch421: 0002-AUDIT-0-http-boot-tracker-bug.patch
|
||||
Patch430: grub2-mkconfig-default-entry-correction.patch
|
||||
Patch431: grub2-s390x-10-keep-network-at-kexec.patch
|
||||
# Support for UEFI Secure Boot on AArch64 (FATE#326541)
|
||||
Patch450: 0001-efi-refactor-grub_efi_allocate_pages.patch
|
||||
Patch451: 0002-Remove-grub_efi_allocate_pages.patch
|
||||
Patch452: 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
|
||||
Patch453: 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch
|
||||
Patch454: 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch
|
||||
Patch455: 0006-Add-support-for-EFI-handover-on-ARM64.patch
|
||||
Patch450: grub2-secureboot-install-signed-grub.patch
|
||||
# Use pkg-config to find Freetype2
|
||||
Patch500: grub2-freetype-pkgconfig.patch
|
||||
Patch501: grub2-btrfs-help-on-snapper-rollback.patch
|
||||
@ -618,11 +613,6 @@ swap partition while in resuming
|
||||
%patch430 -p1
|
||||
%patch431 -p1
|
||||
%patch450 -p1
|
||||
%patch451 -p1
|
||||
%patch452 -p1
|
||||
%patch453 -p1
|
||||
%patch454 -p1
|
||||
%patch455 -p1
|
||||
%patch500 -p1
|
||||
%patch501 -p1
|
||||
%patch510 -p1
|
||||
@ -747,7 +737,7 @@ CD_MODULES=" all_video boot cat chain configfile echo true \
|
||||
PXE_MODULES="efinet tftp http"
|
||||
CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256"
|
||||
|
||||
%ifarch x86_64 aarch64
|
||||
%ifarch x86_64
|
||||
CD_MODULES="${CD_MODULES} linuxefi"
|
||||
%else
|
||||
CD_MODULES="${CD_MODULES} linux"
|
||||
|
Loading…
Reference in New Issue
Block a user