From 6b8bc36c6d4e09d3b601c856322d9f178fe32350fdfeb3788ef4f091dafa896f Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Wed, 3 Jul 2019 06:15:39 +0000 Subject: [PATCH] Accepting request 713147 from home:michael-chang:bsc:1136601 - Use grub2-install to handle signed grub installation for UEFI secure boot and also provide options to override default (bsc#1136601) * grub2-secureboot-install-signed-grub.patch - Remove arm64 linuxefi patches as it's not needed for secure boot * 0001-efi-refactor-grub_efi_allocate_pages.patch * 0002-Remove-grub_efi_allocate_pages.patch * 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch * 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch * 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch * 0006-Add-support-for-EFI-handover-on-ARM64.patch OBS-URL: https://build.opensuse.org/request/show/713147 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=335 --- ...efi-refactor-grub_efi_allocate_pages.patch | 120 ----- 0002-Remove-grub_efi_allocate_pages.patch | 267 ---------- ...EFI_PAGE-definitions-to-efi-memory.h.patch | 90 ---- ...tral-copy-of-grub_efi_find_mmap_size.patch | 65 --- ..._efi_get_ram_base-function-for-arm64.patch | 75 --- ...dd-support-for-EFI-handover-on-ARM64.patch | 489 ------------------ grub2-secureboot-install-signed-grub.patch | 228 ++++++++ grub2.changes | 14 + grub2.spec | 14 +- 9 files changed, 244 insertions(+), 1118 deletions(-) delete mode 100644 0001-efi-refactor-grub_efi_allocate_pages.patch delete mode 100644 0002-Remove-grub_efi_allocate_pages.patch delete mode 100644 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch delete mode 100644 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch delete mode 100644 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch delete mode 100644 0006-Add-support-for-EFI-handover-on-ARM64.patch create mode 100644 grub2-secureboot-install-signed-grub.patch diff --git a/0001-efi-refactor-grub_efi_allocate_pages.patch b/0001-efi-refactor-grub_efi_allocate_pages.patch deleted file mode 100644 index 883954a..0000000 --- a/0001-efi-refactor-grub_efi_allocate_pages.patch +++ /dev/null @@ -1,120 +0,0 @@ -From f44433a343f4b10b8682f44937e929fb94dda642 Mon Sep 17 00:00:00 2001 -From: Leif Lindholm -Date: Thu, 3 Aug 2017 11:04:23 +0100 -Subject: [PATCH 1/6] efi: refactor grub_efi_allocate_pages - -Expose a new function, grub_efi_allocate_pages_real(), making it possible -to specify allocation type and memory type as supported by the UEFI -AllocatePages boot service. - -Make grub_efi_allocate_pages() a consumer of the new function, -maintaining its old functionality. - -Also delete some left-around #if 1/#else blocks in the affected -functions. - -Signed-off-by: Leif Lindholm ---- - grub-core/kern/efi/mm.c | 46 ++++++++++++++++++++++++---------------------- - include/grub/efi/efi.h | 5 +++++ - 2 files changed, 29 insertions(+), 22 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 04ad549f4..a03a44e71 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -147,36 +147,20 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max, - - /* Allocate pages. Return the pointer to the first of allocated pages. */ - void * --grub_efi_allocate_pages (grub_efi_physical_address_t address, -- grub_efi_uintn_t pages) -+grub_efi_allocate_pages_real (grub_efi_physical_address_t address, -+ grub_efi_uintn_t pages, -+ grub_efi_allocate_type_t alloctype, -+ grub_efi_memory_type_t memtype) - { -- grub_efi_allocate_type_t type; - grub_efi_status_t status; - grub_efi_boot_services_t *b; - --#if 1 - /* Limit the memory access to less than 4GB for 32-bit platforms. */ - if (address > GRUB_EFI_MAX_USABLE_ADDRESS) - return 0; --#endif -- --#if 1 -- if (address == 0) -- { -- type = GRUB_EFI_ALLOCATE_MAX_ADDRESS; -- address = GRUB_EFI_MAX_USABLE_ADDRESS; -- } -- else -- type = GRUB_EFI_ALLOCATE_ADDRESS; --#else -- if (address == 0) -- type = GRUB_EFI_ALLOCATE_ANY_PAGES; -- else -- type = GRUB_EFI_ALLOCATE_ADDRESS; --#endif - - b = grub_efi_system_table->boot_services; -- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address); -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); - if (status != GRUB_EFI_SUCCESS) - return 0; - -@@ -185,7 +169,7 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address, - /* Uggh, the address 0 was allocated... This is too annoying, - so reallocate another one. */ - address = GRUB_EFI_MAX_USABLE_ADDRESS; -- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address); -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); - grub_efi_free_pages (0, pages); - if (status != GRUB_EFI_SUCCESS) - return 0; -@@ -194,6 +178,24 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address, - return (void *) ((grub_addr_t) address); - } - -+void * -+grub_efi_allocate_pages (grub_efi_physical_address_t address, -+ grub_efi_uintn_t pages) -+{ -+ grub_efi_allocate_type_t alloctype; -+ -+ if (address == 0) -+ { -+ alloctype = GRUB_EFI_ALLOCATE_MAX_ADDRESS; -+ address = GRUB_EFI_MAX_USABLE_ADDRESS; -+ } -+ else -+ alloctype = GRUB_EFI_ALLOCATE_ADDRESS; -+ -+ return grub_efi_allocate_pages_real (address, pages, alloctype, -+ GRUB_EFI_LOADER_DATA); -+} -+ - /* Free pages starting from ADDRESS. */ - void - grub_efi_free_pages (grub_efi_physical_address_t address, -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index a4ea7831b..c7f2fe6c3 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -38,6 +38,11 @@ void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle, - int EXPORT_FUNC(grub_efi_set_text_mode) (int on); - void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds); - void * -+EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address, -+ grub_efi_uintn_t pages, -+ grub_efi_allocate_type_t alloctype, -+ grub_efi_memory_type_t memtype); -+void * - EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); - void * --- -2.16.4 - diff --git a/0002-Remove-grub_efi_allocate_pages.patch b/0002-Remove-grub_efi_allocate_pages.patch deleted file mode 100644 index f09905c..0000000 --- a/0002-Remove-grub_efi_allocate_pages.patch +++ /dev/null @@ -1,267 +0,0 @@ -From bb4cb6d374625d3716380affda56dc4c20da36db Mon Sep 17 00:00:00 2001 -From: Vladimir Serbinenko -Date: Mon, 7 Aug 2017 18:33:29 +0200 -Subject: [PATCH 2/6] Remove grub_efi_allocate_pages. - -grub_efi_allocate_pages Essentially does 2 unrelated things: -* Allocate at fixed address. -* Allocate at any address. - -To switch between 2 different functions it uses address == 0 as magic -value which is wrong as 0 is a perfectly valid fixed adress to allocate at. ---- - grub-core/kern/arm/efi/misc.c | 4 ++-- - grub-core/kern/efi/mm.c | 30 ++++++++++++++---------------- - grub-core/loader/arm64/fdt.c | 2 +- - grub-core/loader/arm64/linux.c | 7 +++---- - grub-core/loader/arm64/xen_boot.c | 7 +++---- - grub-core/loader/i386/efi/linux.c | 2 +- - grub-core/loader/ia64/efi/linux.c | 10 +++++----- - include/grub/autoefi.h | 2 +- - include/grub/efi/efi.h | 4 +++- - 9 files changed, 33 insertions(+), 35 deletions(-) - -diff --git a/grub-core/kern/arm/efi/misc.c b/grub-core/kern/arm/efi/misc.c -index 7cd41842a..c95e8299d 100644 ---- a/grub-core/kern/arm/efi/misc.c -+++ b/grub-core/kern/arm/efi/misc.c -@@ -146,7 +146,7 @@ grub_efi_allocate_loader_memory (grub_uint32_t min_offset, grub_uint32_t size) - continue; - grub_dprintf("mm", "%s: let's allocate some (0x%x) pages @ 0x%08x...\n", - __FUNCTION__, (size >> PAGE_SHIFT), (grub_addr_t) start); -- mem = grub_efi_allocate_pages (start, (size >> PAGE_SHIFT) + 1); -+ mem = grub_efi_allocate_fixed (start, (size >> PAGE_SHIFT) + 1); - grub_dprintf("mm", "%s: retval=0x%08x\n", - __FUNCTION__, (grub_addr_t) mem); - if (! mem) -@@ -189,7 +189,7 @@ grub_efi_prepare_platform (void) - mmap_size = find_mmap_size (); - if (! mmap_size) - return GRUB_ERR_OUT_OF_MEMORY; -- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12); -+ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12); - if (! mmap_buf) - return GRUB_ERR_OUT_OF_MEMORY; - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index a03a44e71..4226f34ec 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -179,20 +179,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - } - - void * --grub_efi_allocate_pages (grub_efi_physical_address_t address, -- grub_efi_uintn_t pages) -+grub_efi_allocate_any_pages (grub_efi_uintn_t pages) - { -- grub_efi_allocate_type_t alloctype; -- -- if (address == 0) -- { -- alloctype = GRUB_EFI_ALLOCATE_MAX_ADDRESS; -- address = GRUB_EFI_MAX_USABLE_ADDRESS; -- } -- else -- alloctype = GRUB_EFI_ALLOCATE_ADDRESS; -+ return grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS, -+ pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, -+ GRUB_EFI_LOADER_DATA); -+} - -- return grub_efi_allocate_pages_real (address, pages, alloctype, -+void * -+grub_efi_allocate_fixed (grub_efi_physical_address_t address, -+ grub_efi_uintn_t pages) -+{ -+ return grub_efi_allocate_pages_real (address, pages, -+ GRUB_EFI_ALLOCATE_ADDRESS, - GRUB_EFI_LOADER_DATA); - } - -@@ -501,7 +500,7 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - pages = required_pages; - } - -- addr = grub_efi_allocate_pages (start, pages); -+ addr = grub_efi_allocate_fixed (start, pages); - if (! addr) - grub_fatal ("cannot allocate conventional memory %p with %u pages", - (void *) ((grub_addr_t) start), -@@ -567,8 +566,7 @@ grub_efi_mm_init (void) - int mm_status; - - /* Prepare a memory region to store two memory maps. */ -- memory_map = grub_efi_allocate_pages (0, -- 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); -+ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); - if (! memory_map) - grub_fatal ("cannot allocate memory"); - -@@ -586,7 +584,7 @@ grub_efi_mm_init (void) - /* Freeing/allocating operations may increase memory map size. */ - map_size += desc_size * 32; - -- memory_map = grub_efi_allocate_pages (0, 2 * BYTES_TO_PAGES (map_size)); -+ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (map_size)); - if (! memory_map) - grub_fatal ("cannot allocate memory"); - -diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/arm64/fdt.c -index db49cf649..368001696 100644 ---- a/grub-core/loader/arm64/fdt.c -+++ b/grub-core/loader/arm64/fdt.c -@@ -50,7 +50,7 @@ grub_fdt_load (grub_size_t additional_size) - size += additional_size; - - grub_dprintf ("linux", "allocating %ld bytes for fdt\n", size); -- fdt = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (size)); -+ fdt = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (size)); - if (!fdt) - return NULL; - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 9519d2e4d..ee3fcaa86 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -148,8 +148,7 @@ grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args) - loaded_image->load_options_size = len = - (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); - loaded_image->load_options = -- grub_efi_allocate_pages (0, -- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); -+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); - if (!loaded_image->load_options) - return grub_errno; - -@@ -223,7 +222,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "Loading initrd\n"); - - initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size)); -- initrd_mem = grub_efi_allocate_pages (0, initrd_pages); -+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages); - if (!initrd_mem) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -@@ -277,7 +276,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_loader_unset(); - - grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size); -- kernel_addr = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size)); - grub_dprintf ("linux", "kernel numpages: %lld\n", - (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size)); - if (!kernel_addr) -diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c -index a914eb8e2..ab7c2f850 100644 ---- a/grub-core/loader/arm64/xen_boot.c -+++ b/grub-core/loader/arm64/xen_boot.c -@@ -324,10 +324,9 @@ xen_boot_binary_load (struct xen_boot_binary *binary, grub_file_t file, - grub_dprintf ("xen_loader", "Xen_boot file size: 0x%lx\n", binary->size); - - binary->start -- = (grub_addr_t) grub_efi_allocate_pages (0, -- GRUB_EFI_BYTES_TO_PAGES -- (binary->size + -- binary->align)); -+ = (grub_addr_t) grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES -+ (binary->size + -+ binary->align)); - if (!binary->start) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 549989d1d..27dea343c 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -295,7 +295,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - start = (lh.setup_sects + 1) * 512; - len = grub_file_size(file) - start; - -- kernel_mem = grub_efi_allocate_pages(lh.pref_address, -+ kernel_mem = grub_efi_allocate_fixed(lh.pref_address, - BYTES_TO_PAGES(lh.init_size)); - - if (!kernel_mem) -diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c -index efaa42ccd..750330d45 100644 ---- a/grub-core/loader/ia64/efi/linux.c -+++ b/grub-core/loader/ia64/efi/linux.c -@@ -252,7 +252,7 @@ allocate_pages (grub_uint64_t align, grub_uint64_t size_pages, - aligned_start += align; - if (aligned_start + size > end) - continue; -- mem = grub_efi_allocate_pages (aligned_start, size_pages); -+ mem = grub_efi_allocate_fixed (aligned_start, size_pages); - if (! mem) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory"); -@@ -326,7 +326,7 @@ grub_linux_boot (void) - mmap_size = find_mmap_size (); - if (! mmap_size) - return grub_errno; -- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12); -+ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12); - if (! mmap_buf) - return grub_error (GRUB_ERR_IO, "cannot allocate memory map"); - err = grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key, -@@ -422,7 +422,7 @@ grub_load_elf64 (grub_file_t file, void *buffer, const char *filename) - relocate = grub_env_get ("linux_relocate"); - if (!relocate || grub_strcmp (relocate, "force") != 0) - { -- kernel_mem = grub_efi_allocate_pages (low_addr, kernel_pages); -+ kernel_mem = grub_efi_allocate_fixed (low_addr, kernel_pages); - reloc_offset = 0; - } - /* Try to relocate. */ -@@ -524,7 +524,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - len += grub_strlen (argv[i]) + 1; - len += sizeof (struct ia64_boot_param) + 512; /* Room for extensions. */ - boot_param_pages = page_align (len) >> 12; -- boot_param = grub_efi_allocate_pages (0, boot_param_pages); -+ boot_param = grub_efi_allocate_any_pages (boot_param_pages); - if (boot_param == 0) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, -@@ -589,7 +589,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "Loading initrd\n"); - - initrd_pages = (page_align (initrd_size) >> 12); -- initrd_mem = grub_efi_allocate_pages (0, initrd_pages); -+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages); - if (! initrd_mem) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate pages"); -diff --git a/include/grub/autoefi.h b/include/grub/autoefi.h -index b75591176..b7a252e07 100644 ---- a/include/grub/autoefi.h -+++ b/include/grub/autoefi.h -@@ -55,7 +55,7 @@ static inline grub_err_t grub_autoefi_prepare (void) - # define SYSTEM_TABLE_PTR GRUB_EFIEMU_SYSTEM_TABLE_PTR - # define SIZEOF_OF_UINTN GRUB_EFIEMU_SIZEOF_OF_UINTN - # define SYSTEM_TABLE GRUB_EFIEMU_SYSTEM_TABLE --# define grub_efi_allocate_pages(x,y) (x) -+# define grub_efi_allocate_fixed(x,y) (x) - # define grub_efi_free_pages(x,y) GRUB_EFI_SUCCESS - # define grub_autoefi_finish_boot_services grub_efiemu_finish_boot_services - # define EFI_PRESENT 1 -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index c7f2fe6c3..f68a19de4 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -43,9 +43,11 @@ EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address, - grub_efi_allocate_type_t alloctype, - grub_efi_memory_type_t memtype); - void * --EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address, -+EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); - void * -+EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); -+void * - EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, - grub_efi_uintn_t pages); - void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, --- -2.16.4 - diff --git a/0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch b/0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch deleted file mode 100644 index 0240283..0000000 --- a/0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 8a84e87b34eeb2e7a8f4ea4036f124c1209c6026 Mon Sep 17 00:00:00 2001 -From: Leif Lindholm -Date: Thu, 1 Feb 2018 18:18:49 +0000 -Subject: [PATCH 3/6] arm64/efi: move EFI_PAGE definitions to efi/memory.h - -The EFI page definitions and macros are generic and should not be confined -to arm64 headers - so move to efi/memory.h. -Also add EFI_PAGE_SIZE macro. - -Update loader sources to reflect new header location. - -Signed-off-by: Leif Lindholm -Reviewed-by: Daniel Kiper ---- - grub-core/loader/arm64/fdt.c | 1 + - grub-core/loader/arm64/linux.c | 1 + - grub-core/loader/arm64/xen_boot.c | 1 + - include/grub/arm64/fdtload.h | 3 --- - include/grub/efi/memory.h | 7 +++++++ - 5 files changed, 10 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/arm64/fdt.c -index 368001696..c61adbe67 100644 ---- a/grub-core/loader/arm64/fdt.c -+++ b/grub-core/loader/arm64/fdt.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - static void *loaded_fdt; - static void *fdt; -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index ee3fcaa86..364fbb6e6 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - #include - #include - #include -diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c -index ab7c2f850..f1363024b 100644 ---- a/grub-core/loader/arm64/xen_boot.c -+++ b/grub-core/loader/arm64/xen_boot.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - #include /* required by struct xen_hypervisor_header */ - #include - #include -diff --git a/include/grub/arm64/fdtload.h b/include/grub/arm64/fdtload.h -index 7b9ddba91..713c9424d 100644 ---- a/include/grub/arm64/fdtload.h -+++ b/include/grub/arm64/fdtload.h -@@ -29,7 +29,4 @@ grub_fdt_unload (void); - grub_err_t - grub_fdt_install (void); - --#define GRUB_EFI_PAGE_SHIFT 12 --#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT) -- - #endif -diff --git a/include/grub/efi/memory.h b/include/grub/efi/memory.h -index 20526b146..08fe62277 100644 ---- a/include/grub/efi/memory.h -+++ b/include/grub/efi/memory.h -@@ -22,6 +22,13 @@ - #include - #include - -+/* The term "page" in UEFI refers only to a 4 KiB-aligned 4 KiB size region of -+ memory. It is not concerned with underlying translation management concepts, -+ but only used as the granule for memory allocations. */ -+#define GRUB_EFI_PAGE_SHIFT 12 -+#define GRUB_EFI_PAGE_SIZE (1 << GRUB_EFI_PAGE_SHIFT) -+#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT) -+ - #define GRUB_MMAP_REGISTER_BY_FIRMWARE 1 - - grub_err_t grub_machine_mmap_register (grub_uint64_t start, grub_uint64_t size, --- -2.16.4 - diff --git a/0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch b/0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch deleted file mode 100644 index 6af3dae..0000000 --- a/0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 6ca50ac741b8c826f953b0905d736006b895f912 Mon Sep 17 00:00:00 2001 -From: Leif Lindholm -Date: Mon, 9 Jul 2018 18:33:00 +0100 -Subject: [PATCH 4/6] efi: Add central copy of grub_efi_find_mmap_size - -There are several implementations of this function in the tree. -Add a central version in grub-core/efi/mm.c. - -Signed-off-by: Leif Lindholm -Reviewed-by: Daniel Kiper ---- - grub-core/kern/efi/mm.c | 24 ++++++++++++++++++++++++ - include/grub/efi/efi.h | 1 + - 2 files changed, 25 insertions(+) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 4226f34ec..021d750b6 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -315,6 +315,30 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf, - return GRUB_ERR_NONE; - } - -+/* -+ * To obtain the UEFI memory map, we must pass a buffer of sufficient size -+ * to hold the entire map. This function returns a sane start value for -+ * buffer size. -+ */ -+grub_efi_uintn_t -+grub_efi_find_mmap_size (void) -+{ -+ grub_efi_uintn_t mmap_size = 0; -+ grub_efi_uintn_t desc_size; -+ -+ if (grub_efi_get_memory_map (&mmap_size, NULL, NULL, &desc_size, 0) < 0) -+ { -+ grub_error (GRUB_ERR_IO, "cannot get EFI memory map size"); -+ return 0; -+ } -+ -+ /* -+ * Add an extra page, since UEFI can alter the memory map itself on -+ * callbacks or explicit calls, including console output. -+ */ -+ return ALIGN_UP (mmap_size + GRUB_EFI_PAGE_SIZE, GRUB_EFI_PAGE_SIZE); -+} -+ - /* Get the memory map as defined in the EFI spec. Return 1 if successful, - return 0 if partial, or return -1 if an error occurs. */ - int -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index f68a19de4..e8ae60931 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -52,6 +52,7 @@ EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, - grub_efi_uintn_t pages); - void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); -+grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); - int - EXPORT_FUNC(grub_efi_get_memory_map) (grub_efi_uintn_t *memory_map_size, - grub_efi_memory_descriptor_t *memory_map, --- -2.16.4 - diff --git a/0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch b/0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch deleted file mode 100644 index 1ebb443..0000000 --- a/0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 226e83d10e35d1a76e93114366740f994548fe04 Mon Sep 17 00:00:00 2001 -From: Leif Lindholm -Date: Mon, 9 Jul 2018 18:33:01 +0100 -Subject: [PATCH 5/6] efi: Add grub_efi_get_ram_base() function for arm64 - -Since ARM platforms do not have a common memory map, add a helper -function that finds the lowest address region with the EFI_MEMORY_WB -attribute set in the UEFI memory map. - -Required for the arm64 efi linux loader to restrict the initrd -location to where it will be accessible by the kernel at runtime. - -Signed-off-by: Leif Lindholm -Reviewed-by: Daniel Kiper ---- - grub-core/kern/efi/mm.c | 31 +++++++++++++++++++++++++++++++ - include/grub/efi/efi.h | 3 +++ - 2 files changed, 34 insertions(+) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 021d750b6..270d0b8cc 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -660,3 +660,34 @@ grub_efi_mm_init (void) - grub_efi_free_pages ((grub_addr_t) memory_map, - 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); - } -+ -+#if defined (__aarch64__) -+grub_err_t -+grub_efi_get_ram_base(grub_addr_t *base_addr) -+{ -+ grub_efi_memory_descriptor_t *memory_map, *desc; -+ grub_efi_uintn_t memory_map_size, desc_size; -+ int ret; -+ -+ memory_map_size = grub_efi_find_mmap_size(); -+ -+ memory_map = grub_malloc (memory_map_size); -+ if (! memory_map) -+ return GRUB_ERR_OUT_OF_MEMORY; -+ ret = grub_efi_get_memory_map (&memory_map_size, memory_map, NULL, -+ &desc_size, NULL); -+ -+ if (ret < 1) -+ return GRUB_ERR_BUG; -+ -+ for (desc = memory_map, *base_addr = GRUB_UINT_MAX; -+ (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); -+ desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) -+ if (desc->attribute & GRUB_EFI_MEMORY_WB) -+ *base_addr = grub_min (*base_addr, desc->physical_start); -+ -+ grub_free(memory_map); -+ -+ return GRUB_ERR_NONE; -+} -+#endif -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index e8ae60931..13bc67d57 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -97,6 +97,9 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd, - #if defined(__arm__) || defined(__aarch64__) - void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); - #endif -+#if defined(__aarch64__) -+grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); -+#endif - - grub_addr_t grub_efi_modules_addr (void); - --- -2.16.4 - diff --git a/0006-Add-support-for-EFI-handover-on-ARM64.patch b/0006-Add-support-for-EFI-handover-on-ARM64.patch deleted file mode 100644 index da89f5c..0000000 --- a/0006-Add-support-for-EFI-handover-on-ARM64.patch +++ /dev/null @@ -1,489 +0,0 @@ -From 17667c24295a4b105bf20a3bd5bb19ef0acaebba Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Fri, 21 Dec 2018 14:36:10 +0800 -Subject: [PATCH 6/6] Add support for EFI handover on ARM64 - -Add support for EFI handover on ARM64 for loading linux kernel. ---- - grub-core/Makefile.core.def | 9 +- - grub-core/loader/arm64/efi/linux.c | 448 +++++++++++++++++++++++++++++++++++++ - 2 files changed, 453 insertions(+), 4 deletions(-) - create mode 100644 grub-core/loader/arm64/efi/linux.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 1269f372c..f306311e6 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1761,10 +1761,11 @@ module = { - - module = { - name = linuxefi; -- efi = loader/i386/efi/linux.c; -- efi = lib/cmdline.c; -- enable = i386_efi; -- enable = x86_64_efi; -+ arm64 = loader/arm64/efi/linux.c; -+ x86_64 = loader/i386/efi/linux.c; -+ common = lib/cmdline.c; -+ enable = x86_64; -+ enable = arm64; - }; - - module = { -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -new file mode 100644 -index 000000000..4a5c70e4b ---- /dev/null -+++ b/grub-core/loader/arm64/efi/linux.c -@@ -0,0 +1,448 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2013 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static grub_dl_t my_mod; -+static int loaded; -+ -+static void *kernel_addr; -+static grub_uint64_t kernel_size; -+static grub_uint32_t handover_offset; -+ -+static char *linux_args; -+static grub_uint32_t cmdline_size; -+ -+static grub_addr_t initrd_start; -+static grub_addr_t initrd_end; -+ -+struct grub_arm64_linux_pe_header -+{ -+ grub_uint32_t magic; -+ struct grub_pe32_coff_header coff; -+ struct grub_pe64_optional_header opt; -+}; -+ -+#if defined(__aarch64__) -+# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_ARM64_LINUX_MAGIC -+# define linux_armxx_kernel_header grub_arm64_linux_kernel_header -+# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header -+#endif -+ -+#define SHIM_LOCK_GUID \ -+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -+ -+struct grub_efi_shim_lock -+{ -+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); -+}; -+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -+ -+static grub_efi_boolean_t -+grub_linuxefi_secure_validate (void *data, grub_uint32_t size) -+{ -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; -+ grub_efi_shim_lock_t *shim_lock; -+ -+ shim_lock = grub_efi_locate_protocol(&guid, NULL); -+ -+ if (!shim_lock) -+ return 1; -+ -+ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) -+ return 1; -+ -+ return 0; -+} -+ -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wcast-align" -+ -+typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); -+ -+static grub_err_t -+grub_efi_linux_boot (void *kernel_address, grub_off_t offset, -+ void *kernel_params) -+{ -+ handover_func hf; -+ -+ hf = (handover_func)((char *)kernel_address + offset); -+ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); -+ -+ return GRUB_ERR_BUG; -+} -+ -+#pragma GCC diagnostic pop -+static grub_err_t -+grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh) -+{ -+ if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) -+ return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); -+ -+ if ((lh->code0 & 0xffff) != GRUB_EFI_PE_MAGIC) -+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, -+ N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); -+ -+ grub_dprintf ("linux", "UEFI stub kernel:\n"); -+ grub_dprintf ("linux", "PE/COFF header @ %08x\n", lh->hdr_offset); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+finalize_params_linux (void) -+{ -+ grub_efi_loaded_image_t *loaded_image = NULL; -+ int node, retval, len; -+ -+ void *fdt; -+ -+ fdt = grub_fdt_load (0x400); -+ -+ if (!fdt) -+ goto failure; -+ -+ node = grub_fdt_find_subnode (fdt, 0, "chosen"); -+ if (node < 0) -+ node = grub_fdt_add_subnode (fdt, 0, "chosen"); -+ -+ if (node < 1) -+ goto failure; -+ -+ /* Set initrd info */ -+ if (initrd_start && initrd_end > initrd_start) -+ { -+ grub_dprintf ("linux", "Initrd @ %p-%p\n", -+ (void *) initrd_start, (void *) initrd_end); -+ -+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", -+ initrd_start); -+ if (retval) -+ goto failure; -+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end", -+ initrd_end); -+ if (retval) -+ goto failure; -+ } -+ -+ if (grub_fdt_install() != GRUB_ERR_NONE) -+ goto failure; -+ -+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", -+ fdt); -+ -+ /* Convert command line to UCS-2 */ -+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (!loaded_image) -+ goto failure; -+ -+ loaded_image->load_options_size = len = -+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); -+ loaded_image->load_options = -+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); -+ if (!loaded_image->load_options) -+ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); -+ -+ loaded_image->load_options_size = -+ 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, -+ (grub_uint8_t *) linux_args, len, NULL); -+ -+ return GRUB_ERR_NONE; -+ -+failure: -+ grub_fdt_unload(); -+ return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); -+} -+ -+static void -+free_params (void) -+{ -+ grub_efi_loaded_image_t *loaded_image = NULL; -+ -+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (loaded_image) -+ { -+ if (loaded_image->load_options) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options, -+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); -+ loaded_image->load_options = NULL; -+ loaded_image->load_options_size = 0; -+ } -+} -+ -+static grub_err_t -+grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args) -+{ -+ grub_err_t retval; -+ -+ retval = finalize_params_linux (); -+ if (retval != GRUB_ERR_NONE) -+ return grub_errno; -+ -+ grub_dprintf ("linux", "linux command line: '%s'\n", args); -+ -+ retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); -+ -+ /* Never reached... */ -+ free_params(); -+ return retval; -+} -+ -+static grub_err_t -+grub_linux_boot (void) -+{ -+ return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args); -+} -+ -+static grub_err_t -+grub_linux_unload (void) -+{ -+ grub_dl_unref (my_mod); -+ loaded = 0; -+ if (initrd_start) -+ grub_efi_free_pages ((grub_efi_physical_address_t) initrd_start, -+ GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start)); -+ initrd_start = initrd_end = 0; -+ grub_free (linux_args); -+ if (kernel_addr) -+ grub_efi_free_pages ((grub_addr_t) kernel_addr, -+ GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ grub_fdt_unload (); -+ return GRUB_ERR_NONE; -+} -+ -+/* -+ * As per linux/Documentation/arm/Booting -+ * ARM initrd needs to be covered by kernel linear mapping, -+ * so place it in the first 512MB of DRAM. -+ * -+ * As per linux/Documentation/arm64/booting.txt -+ * ARM64 initrd needs to be contained entirely within a 1GB aligned window -+ * of up to 32GB of size that covers the kernel image as well. -+ * Since the EFI stub loader will attempt to load the kernel near start of -+ * RAM, place the buffer in the first 32GB of RAM. -+ */ -+#ifdef __arm__ -+#define INITRD_MAX_ADDRESS_OFFSET (512U * 1024 * 1024) -+#else /* __aarch64__ */ -+#define INITRD_MAX_ADDRESS_OFFSET (32ULL * 1024 * 1024 * 1024) -+#endif -+ -+/* -+ * This function returns a pointer to a legally allocated initrd buffer, -+ * or NULL if unsuccessful -+ */ -+static void * -+allocate_initrd_mem (int initrd_pages) -+{ -+ grub_addr_t max_addr; -+ -+ if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE) -+ return NULL; -+ -+ max_addr += INITRD_MAX_ADDRESS_OFFSET - 1; -+ -+ return grub_efi_allocate_pages_real (max_addr, initrd_pages, -+ GRUB_EFI_ALLOCATE_MAX_ADDRESS, -+ GRUB_EFI_LOADER_DATA); -+} -+ -+static grub_err_t -+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 }; -+ int initrd_size, initrd_pages; -+ void *initrd_mem = NULL; -+ -+ if (argc == 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ goto fail; -+ } -+ -+ if (!loaded) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("you need to load the kernel first")); -+ goto fail; -+ } -+ -+ if (grub_initrd_init (argc, argv, &initrd_ctx)) -+ goto fail; -+ -+ initrd_size = grub_get_initrd_size (&initrd_ctx); -+ grub_dprintf ("linux", "Loading initrd\n"); -+ -+ initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size)); -+ initrd_mem = allocate_initrd_mem (initrd_pages); -+ -+ if (!initrd_mem) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto fail; -+ } -+ -+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem)) -+ goto fail; -+ -+ initrd_start = (grub_addr_t) initrd_mem; -+ initrd_end = initrd_start + initrd_size; -+ grub_dprintf ("linux", "[addr=%p, size=0x%x]\n", -+ (void *) initrd_start, initrd_size); -+ -+ fail: -+ grub_initrd_close (&initrd_ctx); -+ if (initrd_mem && !initrd_start) -+ grub_efi_free_pages ((grub_addr_t) initrd_mem, initrd_pages); -+ -+ return grub_errno; -+} -+ -+static grub_err_t -+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ grub_file_t file = 0; -+ struct linux_armxx_kernel_header lh; -+ struct grub_armxx_linux_pe_header *pe; -+ -+ grub_dl_ref (my_mod); -+ -+ if (argc == 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ goto fail; -+ } -+ -+ file = grub_file_open (argv[0]); -+ if (!file) -+ goto fail; -+ -+ kernel_size = grub_file_size (file); -+ -+ if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh)) -+ return grub_errno; -+ -+ if (grub_armxx_efi_linux_check_image (&lh) != GRUB_ERR_NONE) -+ goto fail; -+ -+ grub_loader_unset(); -+ -+ grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size); -+ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ grub_dprintf ("linux", "kernel numpages: %lld\n", -+ (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ if (!kernel_addr) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto fail; -+ } -+ -+ grub_file_seek (file, 0); -+ if (grub_file_read (file, kernel_addr, kernel_size) -+ < (grub_int64_t) kernel_size) -+ { -+ if (!grub_errno) -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]); -+ goto fail; -+ } -+ -+ grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); -+ -+ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) -+ { -+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); -+ goto fail; -+ } -+ -+ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); -+ handover_offset = pe->opt.entry_addr; -+ -+ cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); -+ linux_args = grub_malloc (cmdline_size); -+ if (!linux_args) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto fail; -+ } -+ grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE)); -+ grub_create_loader_cmdline (argc, argv, -+ linux_args + sizeof (LINUX_IMAGE) - 1, -+ cmdline_size); -+ -+ if (grub_errno == GRUB_ERR_NONE) -+ { -+ grub_loader_set (grub_linux_boot, grub_linux_unload, 0); -+ loaded = 1; -+ } -+ -+fail: -+ if (file) -+ grub_file_close (file); -+ -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_dl_unref (my_mod); -+ loaded = 0; -+ } -+ -+ if (linux_args && !loaded) -+ grub_free (linux_args); -+ -+ if (kernel_addr && !loaded) -+ grub_efi_free_pages ((grub_addr_t) kernel_addr, -+ GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ -+ return grub_errno; -+} -+ -+ -+static grub_command_t cmd_linux, cmd_initrd; -+ -+GRUB_MOD_INIT (linux) -+{ -+ cmd_linux = grub_register_command ("linuxefi", grub_cmd_linux, 0, -+ N_("Load Linux.")); -+ cmd_initrd = grub_register_command ("initrdefi", grub_cmd_initrd, 0, -+ N_("Load initrd.")); -+ my_mod = mod; -+} -+ -+GRUB_MOD_FINI (linux) -+{ -+ grub_unregister_command (cmd_linux); -+ grub_unregister_command (cmd_initrd); -+} --- -2.16.4 - diff --git a/grub2-secureboot-install-signed-grub.patch b/grub2-secureboot-install-signed-grub.patch new file mode 100644 index 0000000..09e19c1 --- /dev/null +++ b/grub2-secureboot-install-signed-grub.patch @@ -0,0 +1,228 @@ +From 1ff2f31d12f7235423a1eb8a117e0c6f8b2f41c7 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 4 Jun 2019 12:32:35 +0800 +Subject: [PATCH] grub-install: handle signed grub installation on arm64-efi + +Use grub2-install to handle signed grub installation for arm64 UEFI secure +boot, the default behavior is auto, which will install signed grub whenever +detected. + +Two options, --suse-force-signed and --suse-inhibit-signed, can be used to +override the default auto detecting behavior. The former will force to use +prebuilt signed image and thus will fail if missing, the latter will always use +'mkimage' to create unsigned core image per the user's running environment. + +Signed-off-by: Michael Chang +--- + util/grub-install.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 85 insertions(+), 1 deletion(-) + +Index: grub-2.02/util/grub-install.c +=================================================================== +--- grub-2.02.orig/util/grub-install.c ++++ grub-2.02/util/grub-install.c +@@ -84,6 +84,15 @@ static int suse_enable_tpm = 0; + + enum + { ++ SIGNED_GRUB_INHIBIT, ++ SIGNED_GRUB_AUTO, ++ SIGNED_GRUB_FORCE ++ }; ++ ++static int signed_grub_mode = SIGNED_GRUB_AUTO; ++ ++enum ++ { + OPTION_BOOT_DIRECTORY = 0x301, + OPTION_ROOT_DIRECTORY, + OPTION_TARGET, +@@ -108,6 +117,8 @@ enum + OPTION_NO_BOOTSECTOR, + OPTION_NO_RS_CODES, + OPTION_SUSE_ENABLE_TPM, ++ OPTION_SUSE_FORCE_SIGNED, ++ OPTION_SUSE_INHIBIT_SIGNED, + OPTION_MACPPC_DIRECTORY, + OPTION_ZIPL_DIRECTORY, + OPTION_LABEL_FONT, +@@ -237,6 +248,14 @@ argp_parser (int key, char *arg, struct + suse_enable_tpm = 1; + return 0; + ++ case OPTION_SUSE_FORCE_SIGNED: ++ signed_grub_mode = SIGNED_GRUB_FORCE; ++ return 0; ++ ++ case OPTION_SUSE_INHIBIT_SIGNED: ++ signed_grub_mode = SIGNED_GRUB_INHIBIT; ++ return 0; ++ + case OPTION_DEBUG: + verbosity++; + return 0; +@@ -299,7 +318,12 @@ static struct argp_option options[] = { + N_("Do not apply any reed-solomon codes when embedding core.img. " + "This option is only available on x86 BIOS targets."), 0}, + {"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0}, +- ++ {"suse-force-signed", OPTION_SUSE_FORCE_SIGNED, 0, 0, ++ N_("force installation of signed grub" "%s." ++ "This option is only available on ARM64 EFI targets."), 0}, ++ {"suse-inhibit-signed", OPTION_SUSE_INHIBIT_SIGNED, 0, 0, ++ N_("inhibit installation of signed grub. " ++ "This option is only available on ARM64 EFI targets."), 0}, + {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, + {"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2}, + {"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2}, +@@ -364,6 +388,22 @@ help_filter (int key, const char *text, + free (plats); + return ret; + } ++ case OPTION_SUSE_FORCE_SIGNED: ++ { ++ const char *t = get_default_platform (); ++ char *ret; ++ if (grub_strcmp (t, "arm64-efi") == 0) ++ { ++ char *s = grub_util_path_concat (3, grub_util_get_pkglibdir (), t, "grub.efi"); ++ char *text2 = xasprintf (" [default=%s]", s); ++ ret = xasprintf (text, text2); ++ free (text2); ++ free (s); ++ } ++ else ++ ret = xasprintf (text, ""); ++ return ret; ++ } + case ARGP_KEY_HELP_POST_DOC: + return xasprintf (text, program_name, GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME); + default: +@@ -1596,13 +1636,34 @@ main (int argc, char *argv[]) + + char mkimage_target[200]; + const char *core_name = NULL; ++ char *signed_imgfile = NULL; + + switch (platform) + { +- case GRUB_INSTALL_PLATFORM_I386_EFI: ++ case GRUB_INSTALL_PLATFORM_ARM64_EFI: ++ ++ if (signed_grub_mode > SIGNED_GRUB_INHIBIT) ++ { ++ signed_imgfile = grub_util_path_concat (2, grub_install_source_directory, "grub.efi"); ++ if (!grub_util_is_regular (signed_imgfile)) ++ { ++ if (signed_grub_mode >= SIGNED_GRUB_FORCE) ++ grub_util_error ("signed image `%s' does not exist\n", signed_imgfile); ++ else ++ { ++ free (signed_imgfile); ++ signed_imgfile = NULL; ++ } ++ } ++ } ++ ++ if (signed_imgfile) ++ fprintf (stderr, _("Use signed file in %s for installation.\n"), signed_imgfile); ++ ++ /* fallthrough. */ + case GRUB_INSTALL_PLATFORM_X86_64_EFI: ++ case GRUB_INSTALL_PLATFORM_I386_EFI: + case GRUB_INSTALL_PLATFORM_ARM_EFI: +- case GRUB_INSTALL_PLATFORM_ARM64_EFI: + case GRUB_INSTALL_PLATFORM_IA64_EFI: + core_name = "core.efi"; + snprintf (mkimage_target, sizeof (mkimage_target), +@@ -1678,13 +1739,75 @@ main (int argc, char *argv[]) + core_name); + char *prefix = xasprintf ("%s%s", prefix_drive ? : "", + relative_grubdir); +- if (core_name != mkimage_target) ++ char *grub_efi_cfg = NULL; ++ ++ if ((core_name != mkimage_target) && !signed_imgfile) + grub_install_make_image_wrap (/* source dir */ grub_install_source_directory, + /*prefix */ prefix, + /* output */ imgfile, + /* memdisk */ NULL, + have_load_cfg ? load_cfg : NULL, + /* image target */ mkimage_target, 0); ++ else if (signed_imgfile) ++ { ++ FILE *grub_cfg_f; ++ ++ grub_install_copy_file (signed_imgfile, imgfile, 1); ++ grub_efi_cfg = grub_util_path_concat (2, platdir, "grub.cfg"); ++ grub_cfg_f = grub_util_fopen (grub_efi_cfg, "wb"); ++ if (!grub_cfg_f) ++ grub_util_error (_("Can't create file: %s"), strerror (errno)); ++ ++ if (have_abstractions) ++ { ++ fprintf (grub_cfg_f, "set prefix=(%s)%s\n", grub_drives[0], relative_grubdir); ++ fprintf (grub_cfg_f, "set root=%s\n", grub_drives[0]); ++ } ++ else if (prefix_drive) ++ { ++ char *uuid = NULL; ++ if (grub_fs->uuid && grub_fs->uuid (grub_dev, &uuid)) ++ { ++ grub_print_error (); ++ grub_errno = 0; ++ uuid = NULL; ++ } ++ if (!uuid) ++ grub_util_error ("cannot find fs uuid for %s", grub_fs->name); ++ ++ fprintf (grub_cfg_f, "search --fs-uuid --set=root %s\n", uuid); ++ fprintf (grub_cfg_f, "set prefix=($root)%s\n", relative_grubdir); ++ } ++ ++ if (have_load_cfg) ++ { ++ size_t len; ++ char *buf; ++ ++ FILE *fp = grub_util_fopen (load_cfg, "rb"); ++ if (!fp) ++ grub_util_error (_("Can't read file: %s"), strerror (errno)); ++ ++ fseek (fp, 0, SEEK_END); ++ len = ftell (fp); ++ fseek (fp, 0, SEEK_SET); ++ buf = xmalloc (len); ++ ++ if (fread (buf, 1, len, fp) != len) ++ grub_util_error (_("cannot read `%s': %s"), load_cfg, strerror (errno)); ++ ++ if (fwrite (buf, 1, len, grub_cfg_f) != len) ++ grub_util_error (_("cannot write `%s': %s"), grub_efi_cfg, strerror (errno)); ++ ++ free (buf); ++ fclose (fp); ++ } ++ ++ fprintf (grub_cfg_f, "source ${prefix}/grub.cfg\n"); ++ fclose (grub_cfg_f); ++ free (signed_imgfile); ++ signed_imgfile = NULL; ++ } + /* Backward-compatibility kludges. */ + switch (platform) + { +@@ -1950,6 +2073,13 @@ main (int argc, char *argv[]) + char *dst = grub_util_path_concat (2, efidir, efi_file); + grub_install_copy_file (imgfile, dst, 1); + free (dst); ++ if (grub_efi_cfg) ++ { ++ dst = grub_util_path_concat (2, efidir, "grub.cfg"); ++ grub_install_copy_file (grub_efi_cfg, dst, 1); ++ free (dst); ++ free (grub_efi_cfg); ++ } + } + if (!removable && update_nvram) + { diff --git a/grub2.changes b/grub2.changes index dece89e..a87a3f5 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Jun 17 09:45:49 UTC 2019 - mchang@suse.com + +- Use grub2-install to handle signed grub installation for UEFI secure + boot and also provide options to override default (bsc#1136601) + * grub2-secureboot-install-signed-grub.patch +- Remove arm64 linuxefi patches as it's not needed for secure boot + * 0001-efi-refactor-grub_efi_allocate_pages.patch + * 0002-Remove-grub_efi_allocate_pages.patch + * 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch + * 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch + * 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch + * 0006-Add-support-for-EFI-handover-on-ARM64.patch + ------------------------------------------------------------------- Fri Jun 14 06:13:58 UTC 2019 - mchang@suse.com diff --git a/grub2.spec b/grub2.spec index d971e57..203ffdc 100644 --- a/grub2.spec +++ b/grub2.spec @@ -305,12 +305,7 @@ Patch421: 0002-AUDIT-0-http-boot-tracker-bug.patch Patch430: grub2-mkconfig-default-entry-correction.patch Patch431: grub2-s390x-10-keep-network-at-kexec.patch # Support for UEFI Secure Boot on AArch64 (FATE#326541) -Patch450: 0001-efi-refactor-grub_efi_allocate_pages.patch -Patch451: 0002-Remove-grub_efi_allocate_pages.patch -Patch452: 0003-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch -Patch453: 0004-efi-Add-central-copy-of-grub_efi_find_mmap_size.patch -Patch454: 0005-efi-Add-grub_efi_get_ram_base-function-for-arm64.patch -Patch455: 0006-Add-support-for-EFI-handover-on-ARM64.patch +Patch450: grub2-secureboot-install-signed-grub.patch # Use pkg-config to find Freetype2 Patch500: grub2-freetype-pkgconfig.patch Patch501: grub2-btrfs-help-on-snapper-rollback.patch @@ -618,11 +613,6 @@ swap partition while in resuming %patch430 -p1 %patch431 -p1 %patch450 -p1 -%patch451 -p1 -%patch452 -p1 -%patch453 -p1 -%patch454 -p1 -%patch455 -p1 %patch500 -p1 %patch501 -p1 %patch510 -p1 @@ -747,7 +737,7 @@ CD_MODULES=" all_video boot cat chain configfile echo true \ PXE_MODULES="efinet tftp http" CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256" -%ifarch x86_64 aarch64 +%ifarch x86_64 CD_MODULES="${CD_MODULES} linuxefi" %else CD_MODULES="${CD_MODULES} linux"