Accepting request 713147 from home:michael-chang:bsc:1136601

- Use grub2-install to handle signed grub installation for UEFI secure
  boot and also provide options to override default (bsc#1136601)
  * grub2-secureboot-install-signed-grub.patch
- Remove arm64 linuxefi patches as it's not needed for secure boot
  * 0001-efi-refactor-grub_efi_allocate_pages.patch
  * 0002-Remove-grub_efi_allocate_pages.patch
  * 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
  * 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch
  * 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch
  * 0006-Add-support-for-EFI-handover-on-ARM64.patch

OBS-URL: https://build.opensuse.org/request/show/713147
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=335
This commit is contained in:
Michael Chang 2019-07-03 06:15:39 +00:00 committed by Git OBS Bridge
parent 98c7f34bed
commit 6b8bc36c6d
9 changed files with 244 additions and 1118 deletions

View File

@ -1,120 +0,0 @@
From f44433a343f4b10b8682f44937e929fb94dda642 Mon Sep 17 00:00:00 2001
From: Leif Lindholm <leif.lindholm@linaro.org>
Date: Thu, 3 Aug 2017 11:04:23 +0100
Subject: [PATCH 1/6] efi: refactor grub_efi_allocate_pages
Expose a new function, grub_efi_allocate_pages_real(), making it possible
to specify allocation type and memory type as supported by the UEFI
AllocatePages boot service.
Make grub_efi_allocate_pages() a consumer of the new function,
maintaining its old functionality.
Also delete some left-around #if 1/#else blocks in the affected
functions.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
grub-core/kern/efi/mm.c | 46 ++++++++++++++++++++++++----------------------
include/grub/efi/efi.h | 5 +++++
2 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 04ad549f4..a03a44e71 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -147,36 +147,20 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max,
/* Allocate pages. Return the pointer to the first of allocated pages. */
void *
-grub_efi_allocate_pages (grub_efi_physical_address_t address,
- grub_efi_uintn_t pages)
+grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
+ grub_efi_uintn_t pages,
+ grub_efi_allocate_type_t alloctype,
+ grub_efi_memory_type_t memtype)
{
- grub_efi_allocate_type_t type;
grub_efi_status_t status;
grub_efi_boot_services_t *b;
-#if 1
/* Limit the memory access to less than 4GB for 32-bit platforms. */
if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
return 0;
-#endif
-
-#if 1
- if (address == 0)
- {
- type = GRUB_EFI_ALLOCATE_MAX_ADDRESS;
- address = GRUB_EFI_MAX_USABLE_ADDRESS;
- }
- else
- type = GRUB_EFI_ALLOCATE_ADDRESS;
-#else
- if (address == 0)
- type = GRUB_EFI_ALLOCATE_ANY_PAGES;
- else
- type = GRUB_EFI_ALLOCATE_ADDRESS;
-#endif
b = grub_efi_system_table->boot_services;
- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address);
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
if (status != GRUB_EFI_SUCCESS)
return 0;
@@ -185,7 +169,7 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address,
/* Uggh, the address 0 was allocated... This is too annoying,
so reallocate another one. */
address = GRUB_EFI_MAX_USABLE_ADDRESS;
- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address);
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
grub_efi_free_pages (0, pages);
if (status != GRUB_EFI_SUCCESS)
return 0;
@@ -194,6 +178,24 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address,
return (void *) ((grub_addr_t) address);
}
+void *
+grub_efi_allocate_pages (grub_efi_physical_address_t address,
+ grub_efi_uintn_t pages)
+{
+ grub_efi_allocate_type_t alloctype;
+
+ if (address == 0)
+ {
+ alloctype = GRUB_EFI_ALLOCATE_MAX_ADDRESS;
+ address = GRUB_EFI_MAX_USABLE_ADDRESS;
+ }
+ else
+ alloctype = GRUB_EFI_ALLOCATE_ADDRESS;
+
+ return grub_efi_allocate_pages_real (address, pages, alloctype,
+ GRUB_EFI_LOADER_DATA);
+}
+
/* Free pages starting from ADDRESS. */
void
grub_efi_free_pages (grub_efi_physical_address_t address,
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index a4ea7831b..c7f2fe6c3 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -38,6 +38,11 @@ void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle,
int EXPORT_FUNC(grub_efi_set_text_mode) (int on);
void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds);
void *
+EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address,
+ grub_efi_uintn_t pages,
+ grub_efi_allocate_type_t alloctype,
+ grub_efi_memory_type_t memtype);
+void *
EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address,
grub_efi_uintn_t pages);
void *
--
2.16.4

View File

@ -1,267 +0,0 @@
From bb4cb6d374625d3716380affda56dc4c20da36db Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko <phcoder@gmail.com>
Date: Mon, 7 Aug 2017 18:33:29 +0200
Subject: [PATCH 2/6] Remove grub_efi_allocate_pages.
grub_efi_allocate_pages Essentially does 2 unrelated things:
* Allocate at fixed address.
* Allocate at any address.
To switch between 2 different functions it uses address == 0 as magic
value which is wrong as 0 is a perfectly valid fixed adress to allocate at.
---
grub-core/kern/arm/efi/misc.c | 4 ++--
grub-core/kern/efi/mm.c | 30 ++++++++++++++----------------
grub-core/loader/arm64/fdt.c | 2 +-
grub-core/loader/arm64/linux.c | 7 +++----
grub-core/loader/arm64/xen_boot.c | 7 +++----
grub-core/loader/i386/efi/linux.c | 2 +-
grub-core/loader/ia64/efi/linux.c | 10 +++++-----
include/grub/autoefi.h | 2 +-
include/grub/efi/efi.h | 4 +++-
9 files changed, 33 insertions(+), 35 deletions(-)
diff --git a/grub-core/kern/arm/efi/misc.c b/grub-core/kern/arm/efi/misc.c
index 7cd41842a..c95e8299d 100644
--- a/grub-core/kern/arm/efi/misc.c
+++ b/grub-core/kern/arm/efi/misc.c
@@ -146,7 +146,7 @@ grub_efi_allocate_loader_memory (grub_uint32_t min_offset, grub_uint32_t size)
continue;
grub_dprintf("mm", "%s: let's allocate some (0x%x) pages @ 0x%08x...\n",
__FUNCTION__, (size >> PAGE_SHIFT), (grub_addr_t) start);
- mem = grub_efi_allocate_pages (start, (size >> PAGE_SHIFT) + 1);
+ mem = grub_efi_allocate_fixed (start, (size >> PAGE_SHIFT) + 1);
grub_dprintf("mm", "%s: retval=0x%08x\n",
__FUNCTION__, (grub_addr_t) mem);
if (! mem)
@@ -189,7 +189,7 @@ grub_efi_prepare_platform (void)
mmap_size = find_mmap_size ();
if (! mmap_size)
return GRUB_ERR_OUT_OF_MEMORY;
- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12);
+ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12);
if (! mmap_buf)
return GRUB_ERR_OUT_OF_MEMORY;
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index a03a44e71..4226f34ec 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -179,20 +179,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
}
void *
-grub_efi_allocate_pages (grub_efi_physical_address_t address,
- grub_efi_uintn_t pages)
+grub_efi_allocate_any_pages (grub_efi_uintn_t pages)
{
- grub_efi_allocate_type_t alloctype;
-
- if (address == 0)
- {
- alloctype = GRUB_EFI_ALLOCATE_MAX_ADDRESS;
- address = GRUB_EFI_MAX_USABLE_ADDRESS;
- }
- else
- alloctype = GRUB_EFI_ALLOCATE_ADDRESS;
+ return grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS,
+ pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS,
+ GRUB_EFI_LOADER_DATA);
+}
- return grub_efi_allocate_pages_real (address, pages, alloctype,
+void *
+grub_efi_allocate_fixed (grub_efi_physical_address_t address,
+ grub_efi_uintn_t pages)
+{
+ return grub_efi_allocate_pages_real (address, pages,
+ GRUB_EFI_ALLOCATE_ADDRESS,
GRUB_EFI_LOADER_DATA);
}
@@ -501,7 +500,7 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map,
pages = required_pages;
}
- addr = grub_efi_allocate_pages (start, pages);
+ addr = grub_efi_allocate_fixed (start, pages);
if (! addr)
grub_fatal ("cannot allocate conventional memory %p with %u pages",
(void *) ((grub_addr_t) start),
@@ -567,8 +566,7 @@ grub_efi_mm_init (void)
int mm_status;
/* Prepare a memory region to store two memory maps. */
- memory_map = grub_efi_allocate_pages (0,
- 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
+ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
if (! memory_map)
grub_fatal ("cannot allocate memory");
@@ -586,7 +584,7 @@ grub_efi_mm_init (void)
/* Freeing/allocating operations may increase memory map size. */
map_size += desc_size * 32;
- memory_map = grub_efi_allocate_pages (0, 2 * BYTES_TO_PAGES (map_size));
+ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (map_size));
if (! memory_map)
grub_fatal ("cannot allocate memory");
diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/arm64/fdt.c
index db49cf649..368001696 100644
--- a/grub-core/loader/arm64/fdt.c
+++ b/grub-core/loader/arm64/fdt.c
@@ -50,7 +50,7 @@ grub_fdt_load (grub_size_t additional_size)
size += additional_size;
grub_dprintf ("linux", "allocating %ld bytes for fdt\n", size);
- fdt = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (size));
+ fdt = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (size));
if (!fdt)
return NULL;
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index 9519d2e4d..ee3fcaa86 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -148,8 +148,7 @@ grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args)
loaded_image->load_options_size = len =
(grub_strlen (args) + 1) * sizeof (grub_efi_char16_t);
loaded_image->load_options =
- grub_efi_allocate_pages (0,
- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
if (!loaded_image->load_options)
return grub_errno;
@@ -223,7 +222,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "Loading initrd\n");
initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size));
- initrd_mem = grub_efi_allocate_pages (0, initrd_pages);
+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages);
if (!initrd_mem)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
@@ -277,7 +276,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_loader_unset();
grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size);
- kernel_addr = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size));
grub_dprintf ("linux", "kernel numpages: %lld\n",
(long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size));
if (!kernel_addr)
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
index a914eb8e2..ab7c2f850 100644
--- a/grub-core/loader/arm64/xen_boot.c
+++ b/grub-core/loader/arm64/xen_boot.c
@@ -324,10 +324,9 @@ xen_boot_binary_load (struct xen_boot_binary *binary, grub_file_t file,
grub_dprintf ("xen_loader", "Xen_boot file size: 0x%lx\n", binary->size);
binary->start
- = (grub_addr_t) grub_efi_allocate_pages (0,
- GRUB_EFI_BYTES_TO_PAGES
- (binary->size +
- binary->align));
+ = (grub_addr_t) grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES
+ (binary->size +
+ binary->align));
if (!binary->start)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 549989d1d..27dea343c 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -295,7 +295,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
start = (lh.setup_sects + 1) * 512;
len = grub_file_size(file) - start;
- kernel_mem = grub_efi_allocate_pages(lh.pref_address,
+ kernel_mem = grub_efi_allocate_fixed(lh.pref_address,
BYTES_TO_PAGES(lh.init_size));
if (!kernel_mem)
diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c
index efaa42ccd..750330d45 100644
--- a/grub-core/loader/ia64/efi/linux.c
+++ b/grub-core/loader/ia64/efi/linux.c
@@ -252,7 +252,7 @@ allocate_pages (grub_uint64_t align, grub_uint64_t size_pages,
aligned_start += align;
if (aligned_start + size > end)
continue;
- mem = grub_efi_allocate_pages (aligned_start, size_pages);
+ mem = grub_efi_allocate_fixed (aligned_start, size_pages);
if (! mem)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory");
@@ -326,7 +326,7 @@ grub_linux_boot (void)
mmap_size = find_mmap_size ();
if (! mmap_size)
return grub_errno;
- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12);
+ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12);
if (! mmap_buf)
return grub_error (GRUB_ERR_IO, "cannot allocate memory map");
err = grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key,
@@ -422,7 +422,7 @@ grub_load_elf64 (grub_file_t file, void *buffer, const char *filename)
relocate = grub_env_get ("linux_relocate");
if (!relocate || grub_strcmp (relocate, "force") != 0)
{
- kernel_mem = grub_efi_allocate_pages (low_addr, kernel_pages);
+ kernel_mem = grub_efi_allocate_fixed (low_addr, kernel_pages);
reloc_offset = 0;
}
/* Try to relocate. */
@@ -524,7 +524,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
len += grub_strlen (argv[i]) + 1;
len += sizeof (struct ia64_boot_param) + 512; /* Room for extensions. */
boot_param_pages = page_align (len) >> 12;
- boot_param = grub_efi_allocate_pages (0, boot_param_pages);
+ boot_param = grub_efi_allocate_any_pages (boot_param_pages);
if (boot_param == 0)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY,
@@ -589,7 +589,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "Loading initrd\n");
initrd_pages = (page_align (initrd_size) >> 12);
- initrd_mem = grub_efi_allocate_pages (0, initrd_pages);
+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages);
if (! initrd_mem)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate pages");
diff --git a/include/grub/autoefi.h b/include/grub/autoefi.h
index b75591176..b7a252e07 100644
--- a/include/grub/autoefi.h
+++ b/include/grub/autoefi.h
@@ -55,7 +55,7 @@ static inline grub_err_t grub_autoefi_prepare (void)
# define SYSTEM_TABLE_PTR GRUB_EFIEMU_SYSTEM_TABLE_PTR
# define SIZEOF_OF_UINTN GRUB_EFIEMU_SIZEOF_OF_UINTN
# define SYSTEM_TABLE GRUB_EFIEMU_SYSTEM_TABLE
-# define grub_efi_allocate_pages(x,y) (x)
+# define grub_efi_allocate_fixed(x,y) (x)
# define grub_efi_free_pages(x,y) GRUB_EFI_SUCCESS
# define grub_autoefi_finish_boot_services grub_efiemu_finish_boot_services
# define EFI_PRESENT 1
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index c7f2fe6c3..f68a19de4 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -43,9 +43,11 @@ EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address,
grub_efi_allocate_type_t alloctype,
grub_efi_memory_type_t memtype);
void *
-EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address,
+EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address,
grub_efi_uintn_t pages);
void *
+EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages);
+void *
EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max,
grub_efi_uintn_t pages);
void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address,
--
2.16.4

View File

@ -1,90 +0,0 @@
From 8a84e87b34eeb2e7a8f4ea4036f124c1209c6026 Mon Sep 17 00:00:00 2001
From: Leif Lindholm <leif.lindholm@linaro.org>
Date: Thu, 1 Feb 2018 18:18:49 +0000
Subject: [PATCH 3/6] arm64/efi: move EFI_PAGE definitions to efi/memory.h
The EFI page definitions and macros are generic and should not be confined
to arm64 headers - so move to efi/memory.h.
Also add EFI_PAGE_SIZE macro.
Update loader sources to reflect new header location.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/arm64/fdt.c | 1 +
grub-core/loader/arm64/linux.c | 1 +
grub-core/loader/arm64/xen_boot.c | 1 +
include/grub/arm64/fdtload.h | 3 ---
include/grub/efi/memory.h | 7 +++++++
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/arm64/fdt.c
index 368001696..c61adbe67 100644
--- a/grub-core/loader/arm64/fdt.c
+++ b/grub-core/loader/arm64/fdt.c
@@ -24,6 +24,7 @@
#include <grub/command.h>
#include <grub/file.h>
#include <grub/efi/efi.h>
+#include <grub/efi/memory.h>
static void *loaded_fdt;
static void *fdt;
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index ee3fcaa86..364fbb6e6 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -28,6 +28,7 @@
#include <grub/cpu/linux.h>
#include <grub/cpu/fdtload.h>
#include <grub/efi/efi.h>
+#include <grub/efi/memory.h>
#include <grub/efi/pe32.h>
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
index ab7c2f850..f1363024b 100644
--- a/grub-core/loader/arm64/xen_boot.c
+++ b/grub-core/loader/arm64/xen_boot.c
@@ -30,6 +30,7 @@
#include <grub/cpu/fdtload.h>
#include <grub/cpu/linux.h>
#include <grub/efi/efi.h>
+#include <grub/efi/memory.h>
#include <grub/efi/pe32.h> /* required by struct xen_hypervisor_header */
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
diff --git a/include/grub/arm64/fdtload.h b/include/grub/arm64/fdtload.h
index 7b9ddba91..713c9424d 100644
--- a/include/grub/arm64/fdtload.h
+++ b/include/grub/arm64/fdtload.h
@@ -29,7 +29,4 @@ grub_fdt_unload (void);
grub_err_t
grub_fdt_install (void);
-#define GRUB_EFI_PAGE_SHIFT 12
-#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT)
-
#endif
diff --git a/include/grub/efi/memory.h b/include/grub/efi/memory.h
index 20526b146..08fe62277 100644
--- a/include/grub/efi/memory.h
+++ b/include/grub/efi/memory.h
@@ -22,6 +22,13 @@
#include <grub/err.h>
#include <grub/types.h>
+/* The term "page" in UEFI refers only to a 4 KiB-aligned 4 KiB size region of
+ memory. It is not concerned with underlying translation management concepts,
+ but only used as the granule for memory allocations. */
+#define GRUB_EFI_PAGE_SHIFT 12
+#define GRUB_EFI_PAGE_SIZE (1 << GRUB_EFI_PAGE_SHIFT)
+#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT)
+
#define GRUB_MMAP_REGISTER_BY_FIRMWARE 1
grub_err_t grub_machine_mmap_register (grub_uint64_t start, grub_uint64_t size,
--
2.16.4

View File

@ -1,65 +0,0 @@
From 6ca50ac741b8c826f953b0905d736006b895f912 Mon Sep 17 00:00:00 2001
From: Leif Lindholm <leif.lindholm@linaro.org>
Date: Mon, 9 Jul 2018 18:33:00 +0100
Subject: [PATCH 4/6] efi: Add central copy of grub_efi_find_mmap_size
There are several implementations of this function in the tree.
Add a central version in grub-core/efi/mm.c.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/mm.c | 24 ++++++++++++++++++++++++
include/grub/efi/efi.h | 1 +
2 files changed, 25 insertions(+)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 4226f34ec..021d750b6 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -315,6 +315,30 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf,
return GRUB_ERR_NONE;
}
+/*
+ * To obtain the UEFI memory map, we must pass a buffer of sufficient size
+ * to hold the entire map. This function returns a sane start value for
+ * buffer size.
+ */
+grub_efi_uintn_t
+grub_efi_find_mmap_size (void)
+{
+ grub_efi_uintn_t mmap_size = 0;
+ grub_efi_uintn_t desc_size;
+
+ if (grub_efi_get_memory_map (&mmap_size, NULL, NULL, &desc_size, 0) < 0)
+ {
+ grub_error (GRUB_ERR_IO, "cannot get EFI memory map size");
+ return 0;
+ }
+
+ /*
+ * Add an extra page, since UEFI can alter the memory map itself on
+ * callbacks or explicit calls, including console output.
+ */
+ return ALIGN_UP (mmap_size + GRUB_EFI_PAGE_SIZE, GRUB_EFI_PAGE_SIZE);
+}
+
/* Get the memory map as defined in the EFI spec. Return 1 if successful,
return 0 if partial, or return -1 if an error occurs. */
int
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index f68a19de4..e8ae60931 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -52,6 +52,7 @@ EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max,
grub_efi_uintn_t pages);
void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address,
grub_efi_uintn_t pages);
+grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void);
int
EXPORT_FUNC(grub_efi_get_memory_map) (grub_efi_uintn_t *memory_map_size,
grub_efi_memory_descriptor_t *memory_map,
--
2.16.4

View File

@ -1,75 +0,0 @@
From 226e83d10e35d1a76e93114366740f994548fe04 Mon Sep 17 00:00:00 2001
From: Leif Lindholm <leif.lindholm@linaro.org>
Date: Mon, 9 Jul 2018 18:33:01 +0100
Subject: [PATCH 5/6] efi: Add grub_efi_get_ram_base() function for arm64
Since ARM platforms do not have a common memory map, add a helper
function that finds the lowest address region with the EFI_MEMORY_WB
attribute set in the UEFI memory map.
Required for the arm64 efi linux loader to restrict the initrd
location to where it will be accessible by the kernel at runtime.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/mm.c | 31 +++++++++++++++++++++++++++++++
include/grub/efi/efi.h | 3 +++
2 files changed, 34 insertions(+)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 021d750b6..270d0b8cc 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -660,3 +660,34 @@ grub_efi_mm_init (void)
grub_efi_free_pages ((grub_addr_t) memory_map,
2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
}
+
+#if defined (__aarch64__)
+grub_err_t
+grub_efi_get_ram_base(grub_addr_t *base_addr)
+{
+ grub_efi_memory_descriptor_t *memory_map, *desc;
+ grub_efi_uintn_t memory_map_size, desc_size;
+ int ret;
+
+ memory_map_size = grub_efi_find_mmap_size();
+
+ memory_map = grub_malloc (memory_map_size);
+ if (! memory_map)
+ return GRUB_ERR_OUT_OF_MEMORY;
+ ret = grub_efi_get_memory_map (&memory_map_size, memory_map, NULL,
+ &desc_size, NULL);
+
+ if (ret < 1)
+ return GRUB_ERR_BUG;
+
+ for (desc = memory_map, *base_addr = GRUB_UINT_MAX;
+ (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size);
+ desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size))
+ if (desc->attribute & GRUB_EFI_MEMORY_WB)
+ *base_addr = grub_min (*base_addr, desc->physical_start);
+
+ grub_free(memory_map);
+
+ return GRUB_ERR_NONE;
+}
+#endif
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index e8ae60931..13bc67d57 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -97,6 +97,9 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd,
#if defined(__arm__) || defined(__aarch64__)
void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void);
#endif
+#if defined(__aarch64__)
+grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *);
+#endif
grub_addr_t grub_efi_modules_addr (void);
--
2.16.4

View File

@ -1,489 +0,0 @@
From 17667c24295a4b105bf20a3bd5bb19ef0acaebba Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Fri, 21 Dec 2018 14:36:10 +0800
Subject: [PATCH 6/6] Add support for EFI handover on ARM64
Add support for EFI handover on ARM64 for loading linux kernel.
---
grub-core/Makefile.core.def | 9 +-
grub-core/loader/arm64/efi/linux.c | 448 +++++++++++++++++++++++++++++++++++++
2 files changed, 453 insertions(+), 4 deletions(-)
create mode 100644 grub-core/loader/arm64/efi/linux.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 1269f372c..f306311e6 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1761,10 +1761,11 @@ module = {
module = {
name = linuxefi;
- efi = loader/i386/efi/linux.c;
- efi = lib/cmdline.c;
- enable = i386_efi;
- enable = x86_64_efi;
+ arm64 = loader/arm64/efi/linux.c;
+ x86_64 = loader/i386/efi/linux.c;
+ common = lib/cmdline.c;
+ enable = x86_64;
+ enable = arm64;
};
module = {
diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c
new file mode 100644
index 000000000..4a5c70e4b
--- /dev/null
+++ b/grub-core/loader/arm64/efi/linux.c
@@ -0,0 +1,448 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2013 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/charset.h>
+#include <grub/command.h>
+#include <grub/err.h>
+#include <grub/file.h>
+#include <grub/fdt.h>
+#include <grub/linux.h>
+#include <grub/loader.h>
+#include <grub/mm.h>
+#include <grub/types.h>
+#include <grub/cpu/linux.h>
+#include <grub/efi/efi.h>
+#include <grub/cpu/fdtload.h>
+#include <grub/efi/memory.h>
+#include <grub/efi/pe32.h>
+#include <grub/i18n.h>
+#include <grub/lib/cmdline.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static grub_dl_t my_mod;
+static int loaded;
+
+static void *kernel_addr;
+static grub_uint64_t kernel_size;
+static grub_uint32_t handover_offset;
+
+static char *linux_args;
+static grub_uint32_t cmdline_size;
+
+static grub_addr_t initrd_start;
+static grub_addr_t initrd_end;
+
+struct grub_arm64_linux_pe_header
+{
+ grub_uint32_t magic;
+ struct grub_pe32_coff_header coff;
+ struct grub_pe64_optional_header opt;
+};
+
+#if defined(__aarch64__)
+# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_ARM64_LINUX_MAGIC
+# define linux_armxx_kernel_header grub_arm64_linux_kernel_header
+# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header
+#endif
+
+#define SHIM_LOCK_GUID \
+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
+
+struct grub_efi_shim_lock
+{
+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
+};
+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
+
+static grub_efi_boolean_t
+grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
+{
+ grub_efi_guid_t guid = SHIM_LOCK_GUID;
+ grub_efi_shim_lock_t *shim_lock;
+
+ shim_lock = grub_efi_locate_protocol(&guid, NULL);
+
+ if (!shim_lock)
+ return 1;
+
+ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
+ return 1;
+
+ return 0;
+}
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
+typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *);
+
+static grub_err_t
+grub_efi_linux_boot (void *kernel_address, grub_off_t offset,
+ void *kernel_params)
+{
+ handover_func hf;
+
+ hf = (handover_func)((char *)kernel_address + offset);
+ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
+
+ return GRUB_ERR_BUG;
+}
+
+#pragma GCC diagnostic pop
+static grub_err_t
+grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh)
+{
+ if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE)
+ return grub_error(GRUB_ERR_BAD_OS, "invalid magic number");
+
+ if ((lh->code0 & 0xffff) != GRUB_EFI_PE_MAGIC)
+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled"));
+
+ grub_dprintf ("linux", "UEFI stub kernel:\n");
+ grub_dprintf ("linux", "PE/COFF header @ %08x\n", lh->hdr_offset);
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+finalize_params_linux (void)
+{
+ grub_efi_loaded_image_t *loaded_image = NULL;
+ int node, retval, len;
+
+ void *fdt;
+
+ fdt = grub_fdt_load (0x400);
+
+ if (!fdt)
+ goto failure;
+
+ node = grub_fdt_find_subnode (fdt, 0, "chosen");
+ if (node < 0)
+ node = grub_fdt_add_subnode (fdt, 0, "chosen");
+
+ if (node < 1)
+ goto failure;
+
+ /* Set initrd info */
+ if (initrd_start && initrd_end > initrd_start)
+ {
+ grub_dprintf ("linux", "Initrd @ %p-%p\n",
+ (void *) initrd_start, (void *) initrd_end);
+
+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start",
+ initrd_start);
+ if (retval)
+ goto failure;
+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end",
+ initrd_end);
+ if (retval)
+ goto failure;
+ }
+
+ if (grub_fdt_install() != GRUB_ERR_NONE)
+ goto failure;
+
+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
+ fdt);
+
+ /* Convert command line to UCS-2 */
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (!loaded_image)
+ goto failure;
+
+ loaded_image->load_options_size = len =
+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t);
+ loaded_image->load_options =
+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
+ if (!loaded_image->load_options)
+ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
+
+ loaded_image->load_options_size =
+ 2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
+ (grub_uint8_t *) linux_args, len, NULL);
+
+ return GRUB_ERR_NONE;
+
+failure:
+ grub_fdt_unload();
+ return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
+}
+
+static void
+free_params (void)
+{
+ grub_efi_loaded_image_t *loaded_image = NULL;
+
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (loaded_image)
+ {
+ if (loaded_image->load_options)
+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options,
+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
+ loaded_image->load_options = NULL;
+ loaded_image->load_options_size = 0;
+ }
+}
+
+static grub_err_t
+grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args)
+{
+ grub_err_t retval;
+
+ retval = finalize_params_linux ();
+ if (retval != GRUB_ERR_NONE)
+ return grub_errno;
+
+ grub_dprintf ("linux", "linux command line: '%s'\n", args);
+
+ retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr);
+
+ /* Never reached... */
+ free_params();
+ return retval;
+}
+
+static grub_err_t
+grub_linux_boot (void)
+{
+ return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args);
+}
+
+static grub_err_t
+grub_linux_unload (void)
+{
+ grub_dl_unref (my_mod);
+ loaded = 0;
+ if (initrd_start)
+ grub_efi_free_pages ((grub_efi_physical_address_t) initrd_start,
+ GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start));
+ initrd_start = initrd_end = 0;
+ grub_free (linux_args);
+ if (kernel_addr)
+ grub_efi_free_pages ((grub_addr_t) kernel_addr,
+ GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ grub_fdt_unload ();
+ return GRUB_ERR_NONE;
+}
+
+/*
+ * As per linux/Documentation/arm/Booting
+ * ARM initrd needs to be covered by kernel linear mapping,
+ * so place it in the first 512MB of DRAM.
+ *
+ * As per linux/Documentation/arm64/booting.txt
+ * ARM64 initrd needs to be contained entirely within a 1GB aligned window
+ * of up to 32GB of size that covers the kernel image as well.
+ * Since the EFI stub loader will attempt to load the kernel near start of
+ * RAM, place the buffer in the first 32GB of RAM.
+ */
+#ifdef __arm__
+#define INITRD_MAX_ADDRESS_OFFSET (512U * 1024 * 1024)
+#else /* __aarch64__ */
+#define INITRD_MAX_ADDRESS_OFFSET (32ULL * 1024 * 1024 * 1024)
+#endif
+
+/*
+ * This function returns a pointer to a legally allocated initrd buffer,
+ * or NULL if unsuccessful
+ */
+static void *
+allocate_initrd_mem (int initrd_pages)
+{
+ grub_addr_t max_addr;
+
+ if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE)
+ return NULL;
+
+ max_addr += INITRD_MAX_ADDRESS_OFFSET - 1;
+
+ return grub_efi_allocate_pages_real (max_addr, initrd_pages,
+ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
+ GRUB_EFI_LOADER_DATA);
+}
+
+static grub_err_t
+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[])
+{
+ struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 };
+ int initrd_size, initrd_pages;
+ void *initrd_mem = NULL;
+
+ if (argc == 0)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ goto fail;
+ }
+
+ if (!loaded)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("you need to load the kernel first"));
+ goto fail;
+ }
+
+ if (grub_initrd_init (argc, argv, &initrd_ctx))
+ goto fail;
+
+ initrd_size = grub_get_initrd_size (&initrd_ctx);
+ grub_dprintf ("linux", "Loading initrd\n");
+
+ initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size));
+ initrd_mem = allocate_initrd_mem (initrd_pages);
+
+ if (!initrd_mem)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto fail;
+ }
+
+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem))
+ goto fail;
+
+ initrd_start = (grub_addr_t) initrd_mem;
+ initrd_end = initrd_start + initrd_size;
+ grub_dprintf ("linux", "[addr=%p, size=0x%x]\n",
+ (void *) initrd_start, initrd_size);
+
+ fail:
+ grub_initrd_close (&initrd_ctx);
+ if (initrd_mem && !initrd_start)
+ grub_efi_free_pages ((grub_addr_t) initrd_mem, initrd_pages);
+
+ return grub_errno;
+}
+
+static grub_err_t
+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[])
+{
+ grub_file_t file = 0;
+ struct linux_armxx_kernel_header lh;
+ struct grub_armxx_linux_pe_header *pe;
+
+ grub_dl_ref (my_mod);
+
+ if (argc == 0)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ goto fail;
+ }
+
+ file = grub_file_open (argv[0]);
+ if (!file)
+ goto fail;
+
+ kernel_size = grub_file_size (file);
+
+ if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh))
+ return grub_errno;
+
+ if (grub_armxx_efi_linux_check_image (&lh) != GRUB_ERR_NONE)
+ goto fail;
+
+ grub_loader_unset();
+
+ grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size);
+ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ grub_dprintf ("linux", "kernel numpages: %lld\n",
+ (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ if (!kernel_addr)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto fail;
+ }
+
+ grub_file_seek (file, 0);
+ if (grub_file_read (file, kernel_addr, kernel_size)
+ < (grub_int64_t) kernel_size)
+ {
+ if (!grub_errno)
+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]);
+ goto fail;
+ }
+
+ grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
+
+ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size))
+ {
+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
+ goto fail;
+ }
+
+ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset);
+ handover_offset = pe->opt.entry_addr;
+
+ cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
+ linux_args = grub_malloc (cmdline_size);
+ if (!linux_args)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto fail;
+ }
+ grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
+ grub_create_loader_cmdline (argc, argv,
+ linux_args + sizeof (LINUX_IMAGE) - 1,
+ cmdline_size);
+
+ if (grub_errno == GRUB_ERR_NONE)
+ {
+ grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
+ loaded = 1;
+ }
+
+fail:
+ if (file)
+ grub_file_close (file);
+
+ if (grub_errno != GRUB_ERR_NONE)
+ {
+ grub_dl_unref (my_mod);
+ loaded = 0;
+ }
+
+ if (linux_args && !loaded)
+ grub_free (linux_args);
+
+ if (kernel_addr && !loaded)
+ grub_efi_free_pages ((grub_addr_t) kernel_addr,
+ GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+
+ return grub_errno;
+}
+
+
+static grub_command_t cmd_linux, cmd_initrd;
+
+GRUB_MOD_INIT (linux)
+{
+ cmd_linux = grub_register_command ("linuxefi", grub_cmd_linux, 0,
+ N_("Load Linux."));
+ cmd_initrd = grub_register_command ("initrdefi", grub_cmd_initrd, 0,
+ N_("Load initrd."));
+ my_mod = mod;
+}
+
+GRUB_MOD_FINI (linux)
+{
+ grub_unregister_command (cmd_linux);
+ grub_unregister_command (cmd_initrd);
+}
--
2.16.4

View File

@ -0,0 +1,228 @@
From 1ff2f31d12f7235423a1eb8a117e0c6f8b2f41c7 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 4 Jun 2019 12:32:35 +0800
Subject: [PATCH] grub-install: handle signed grub installation on arm64-efi
Use grub2-install to handle signed grub installation for arm64 UEFI secure
boot, the default behavior is auto, which will install signed grub whenever
detected.
Two options, --suse-force-signed and --suse-inhibit-signed, can be used to
override the default auto detecting behavior. The former will force to use
prebuilt signed image and thus will fail if missing, the latter will always use
'mkimage' to create unsigned core image per the user's running environment.
Signed-off-by: Michael Chang <mchang@suse.com>
---
util/grub-install.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 85 insertions(+), 1 deletion(-)
Index: grub-2.02/util/grub-install.c
===================================================================
--- grub-2.02.orig/util/grub-install.c
+++ grub-2.02/util/grub-install.c
@@ -84,6 +84,15 @@ static int suse_enable_tpm = 0;
enum
{
+ SIGNED_GRUB_INHIBIT,
+ SIGNED_GRUB_AUTO,
+ SIGNED_GRUB_FORCE
+ };
+
+static int signed_grub_mode = SIGNED_GRUB_AUTO;
+
+enum
+ {
OPTION_BOOT_DIRECTORY = 0x301,
OPTION_ROOT_DIRECTORY,
OPTION_TARGET,
@@ -108,6 +117,8 @@ enum
OPTION_NO_BOOTSECTOR,
OPTION_NO_RS_CODES,
OPTION_SUSE_ENABLE_TPM,
+ OPTION_SUSE_FORCE_SIGNED,
+ OPTION_SUSE_INHIBIT_SIGNED,
OPTION_MACPPC_DIRECTORY,
OPTION_ZIPL_DIRECTORY,
OPTION_LABEL_FONT,
@@ -237,6 +248,14 @@ argp_parser (int key, char *arg, struct
suse_enable_tpm = 1;
return 0;
+ case OPTION_SUSE_FORCE_SIGNED:
+ signed_grub_mode = SIGNED_GRUB_FORCE;
+ return 0;
+
+ case OPTION_SUSE_INHIBIT_SIGNED:
+ signed_grub_mode = SIGNED_GRUB_INHIBIT;
+ return 0;
+
case OPTION_DEBUG:
verbosity++;
return 0;
@@ -299,7 +318,12 @@ static struct argp_option options[] = {
N_("Do not apply any reed-solomon codes when embedding core.img. "
"This option is only available on x86 BIOS targets."), 0},
{"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0},
-
+ {"suse-force-signed", OPTION_SUSE_FORCE_SIGNED, 0, 0,
+ N_("force installation of signed grub" "%s."
+ "This option is only available on ARM64 EFI targets."), 0},
+ {"suse-inhibit-signed", OPTION_SUSE_INHIBIT_SIGNED, 0, 0,
+ N_("inhibit installation of signed grub. "
+ "This option is only available on ARM64 EFI targets."), 0},
{"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2},
{"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2},
{"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2},
@@ -364,6 +388,22 @@ help_filter (int key, const char *text,
free (plats);
return ret;
}
+ case OPTION_SUSE_FORCE_SIGNED:
+ {
+ const char *t = get_default_platform ();
+ char *ret;
+ if (grub_strcmp (t, "arm64-efi") == 0)
+ {
+ char *s = grub_util_path_concat (3, grub_util_get_pkglibdir (), t, "grub.efi");
+ char *text2 = xasprintf (" [default=%s]", s);
+ ret = xasprintf (text, text2);
+ free (text2);
+ free (s);
+ }
+ else
+ ret = xasprintf (text, "");
+ return ret;
+ }
case ARGP_KEY_HELP_POST_DOC:
return xasprintf (text, program_name, GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME);
default:
@@ -1596,13 +1636,34 @@ main (int argc, char *argv[])
char mkimage_target[200];
const char *core_name = NULL;
+ char *signed_imgfile = NULL;
switch (platform)
{
- case GRUB_INSTALL_PLATFORM_I386_EFI:
+ case GRUB_INSTALL_PLATFORM_ARM64_EFI:
+
+ if (signed_grub_mode > SIGNED_GRUB_INHIBIT)
+ {
+ signed_imgfile = grub_util_path_concat (2, grub_install_source_directory, "grub.efi");
+ if (!grub_util_is_regular (signed_imgfile))
+ {
+ if (signed_grub_mode >= SIGNED_GRUB_FORCE)
+ grub_util_error ("signed image `%s' does not exist\n", signed_imgfile);
+ else
+ {
+ free (signed_imgfile);
+ signed_imgfile = NULL;
+ }
+ }
+ }
+
+ if (signed_imgfile)
+ fprintf (stderr, _("Use signed file in %s for installation.\n"), signed_imgfile);
+
+ /* fallthrough. */
case GRUB_INSTALL_PLATFORM_X86_64_EFI:
+ case GRUB_INSTALL_PLATFORM_I386_EFI:
case GRUB_INSTALL_PLATFORM_ARM_EFI:
- case GRUB_INSTALL_PLATFORM_ARM64_EFI:
case GRUB_INSTALL_PLATFORM_IA64_EFI:
core_name = "core.efi";
snprintf (mkimage_target, sizeof (mkimage_target),
@@ -1678,13 +1739,75 @@ main (int argc, char *argv[])
core_name);
char *prefix = xasprintf ("%s%s", prefix_drive ? : "",
relative_grubdir);
- if (core_name != mkimage_target)
+ char *grub_efi_cfg = NULL;
+
+ if ((core_name != mkimage_target) && !signed_imgfile)
grub_install_make_image_wrap (/* source dir */ grub_install_source_directory,
/*prefix */ prefix,
/* output */ imgfile,
/* memdisk */ NULL,
have_load_cfg ? load_cfg : NULL,
/* image target */ mkimage_target, 0);
+ else if (signed_imgfile)
+ {
+ FILE *grub_cfg_f;
+
+ grub_install_copy_file (signed_imgfile, imgfile, 1);
+ grub_efi_cfg = grub_util_path_concat (2, platdir, "grub.cfg");
+ grub_cfg_f = grub_util_fopen (grub_efi_cfg, "wb");
+ if (!grub_cfg_f)
+ grub_util_error (_("Can't create file: %s"), strerror (errno));
+
+ if (have_abstractions)
+ {
+ fprintf (grub_cfg_f, "set prefix=(%s)%s\n", grub_drives[0], relative_grubdir);
+ fprintf (grub_cfg_f, "set root=%s\n", grub_drives[0]);
+ }
+ else if (prefix_drive)
+ {
+ char *uuid = NULL;
+ if (grub_fs->uuid && grub_fs->uuid (grub_dev, &uuid))
+ {
+ grub_print_error ();
+ grub_errno = 0;
+ uuid = NULL;
+ }
+ if (!uuid)
+ grub_util_error ("cannot find fs uuid for %s", grub_fs->name);
+
+ fprintf (grub_cfg_f, "search --fs-uuid --set=root %s\n", uuid);
+ fprintf (grub_cfg_f, "set prefix=($root)%s\n", relative_grubdir);
+ }
+
+ if (have_load_cfg)
+ {
+ size_t len;
+ char *buf;
+
+ FILE *fp = grub_util_fopen (load_cfg, "rb");
+ if (!fp)
+ grub_util_error (_("Can't read file: %s"), strerror (errno));
+
+ fseek (fp, 0, SEEK_END);
+ len = ftell (fp);
+ fseek (fp, 0, SEEK_SET);
+ buf = xmalloc (len);
+
+ if (fread (buf, 1, len, fp) != len)
+ grub_util_error (_("cannot read `%s': %s"), load_cfg, strerror (errno));
+
+ if (fwrite (buf, 1, len, grub_cfg_f) != len)
+ grub_util_error (_("cannot write `%s': %s"), grub_efi_cfg, strerror (errno));
+
+ free (buf);
+ fclose (fp);
+ }
+
+ fprintf (grub_cfg_f, "source ${prefix}/grub.cfg\n");
+ fclose (grub_cfg_f);
+ free (signed_imgfile);
+ signed_imgfile = NULL;
+ }
/* Backward-compatibility kludges. */
switch (platform)
{
@@ -1950,6 +2073,13 @@ main (int argc, char *argv[])
char *dst = grub_util_path_concat (2, efidir, efi_file);
grub_install_copy_file (imgfile, dst, 1);
free (dst);
+ if (grub_efi_cfg)
+ {
+ dst = grub_util_path_concat (2, efidir, "grub.cfg");
+ grub_install_copy_file (grub_efi_cfg, dst, 1);
+ free (dst);
+ free (grub_efi_cfg);
+ }
}
if (!removable && update_nvram)
{

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jun 17 09:45:49 UTC 2019 - mchang@suse.com
- Use grub2-install to handle signed grub installation for UEFI secure
boot and also provide options to override default (bsc#1136601)
* grub2-secureboot-install-signed-grub.patch
- Remove arm64 linuxefi patches as it's not needed for secure boot
* 0001-efi-refactor-grub_efi_allocate_pages.patch
* 0002-Remove-grub_efi_allocate_pages.patch
* 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
* 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch
* 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch
* 0006-Add-support-for-EFI-handover-on-ARM64.patch
-------------------------------------------------------------------
Fri Jun 14 06:13:58 UTC 2019 - mchang@suse.com

View File

@ -305,12 +305,7 @@ Patch421: 0002-AUDIT-0-http-boot-tracker-bug.patch
Patch430: grub2-mkconfig-default-entry-correction.patch
Patch431: grub2-s390x-10-keep-network-at-kexec.patch
# Support for UEFI Secure Boot on AArch64 (FATE#326541)
Patch450: 0001-efi-refactor-grub_efi_allocate_pages.patch
Patch451: 0002-Remove-grub_efi_allocate_pages.patch
Patch452: 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
Patch453: 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch
Patch454: 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch
Patch455: 0006-Add-support-for-EFI-handover-on-ARM64.patch
Patch450: grub2-secureboot-install-signed-grub.patch
# Use pkg-config to find Freetype2
Patch500: grub2-freetype-pkgconfig.patch
Patch501: grub2-btrfs-help-on-snapper-rollback.patch
@ -618,11 +613,6 @@ swap partition while in resuming
%patch430 -p1
%patch431 -p1
%patch450 -p1
%patch451 -p1
%patch452 -p1
%patch453 -p1
%patch454 -p1
%patch455 -p1
%patch500 -p1
%patch501 -p1
%patch510 -p1
@ -747,7 +737,7 @@ CD_MODULES=" all_video boot cat chain configfile echo true \
PXE_MODULES="efinet tftp http"
CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256"
%ifarch x86_64 aarch64
%ifarch x86_64
CD_MODULES="${CD_MODULES} linuxefi"
%else
CD_MODULES="${CD_MODULES} linux"