Optimize PBKDF2 to reduce the decryption time (bsc#1248516)

- 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
- 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
- 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch

0001-getroot-Skip-mount-points-in-grub_find_device.patch

@@ -0,0 +1,66 @@
+From ff3165a3e519892ec4bf9a31f4f1132668f83394 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Tue, 15 Jul 2025 14:15:22 +0800
+Subject: [PATCH] getroot: Skip mount points in grub_find_device
+
+The grub_find_device function scans a starting directory, typically
+/dev, for device files with matching major and minor numbers. During
+this process, it recursively descends into subdirectories.
+
+However, this can significantly slow down the scan if a subdirectory is
+a mount point not related to devtmpfs, especially if it contains a large
+number of files.
+
+This patch modifies grub_find_device() to skip subdirectories that are
+mount points. A mount point is detected by comparing the st_dev of the
+subdirectory against that of the parent or starting directory. While
+this method does not catch all types of mounts, for eg bind mounts, it
+is a practical solution that avoids the need to parse /proc/self/mounts.
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+---
+ grub-core/osdep/unix/getroot.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c
+index dce94b52e..9759cc59b 100644
+--- a/grub-core/osdep/unix/getroot.c
++++ b/grub-core/osdep/unix/getroot.c
+@@ -353,6 +353,7 @@ grub_find_device (const char *dir, dev_t dev)
+   DIR *dp;
+   struct saved_cwd saved_cwd;
+   struct dirent *ent;
++  struct stat st_dir;
+ 
+   if (! dir)
+     dir = "/dev";
+@@ -361,6 +362,12 @@ grub_find_device (const char *dir, dev_t dev)
+   if (! dp)
+     return 0;
+ 
++  if (stat (dir, &st_dir) < 0)
++    {
++      closedir (dp);
++      return 0;
++    }
++
+   if (save_cwd (&saved_cwd) < 0)
+     {
+       grub_util_error ("%s", _("cannot save the original directory"));
+@@ -410,6 +417,13 @@ grub_find_device (const char *dir, dev_t dev)
+ 	  /* Find it recursively.  */
+ 	  char *res;
+ 
++	  /* Skip mount point */
++	  if (st.st_dev != st_dir.st_dev)
++	    {
++	      grub_util_info ("skip mount point %s/%s", dir, ent->d_name);
++	      continue;
++	    }
++
+ 	  res = grub_find_device (ent->d_name, dev);
+ 
+ 	  if (res)
+-- 
+2.50.0
+

0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch

@@ -0,0 +1,113 @@
+From eae4fc64a16cb58733afca09e70a09e51d405a9d Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Tue, 30 Sep 2025 14:44:02 +0800
+Subject: [PATCH] ieee1275: Use net config for boot location instead of
+ firmware bootpath
+
+On network boots, grub_ieee1275_net_config() is used to determine the
+boot device, but the path continues to be taken from the Open Firmware
+/chosen/bootpath property. This assumes the device node follows the
+generic IEEE-1275 syntax, which is not always the case. Different
+drivers may extend or redefine the format, and GRUB may then
+misinterpret the argument as a filename and set $prefix incorrectly.
+
+The generic Open Firmware device path format is:
+
+  device-name[:device-argument]
+  device-argument := [partition][,[filename]]
+
+For example, a bootpath such as:
+
+  /vdevice/l-lan@30000002:speed=auto,duplex=auto,1.2.243.345,,9.8.76.543,1.2.34.5,5,5,255.255.255.0,512
+
+does not follow this form. The section after the colon (the
+device-argument) contains driver-specific options and network
+parameters, not a valid filename. GRUB interprets this string as a
+filename, which results in $prefix being set to "/", effectively losing
+the intended boot directory.
+
+The firmware is not at fault here, since interpretation of device nodes
+is driver-specific. Instead, GRUB should use the filename provided in
+the cached DHCP packet, which is consistent and reliable. This is also
+the same mechanism already used on UEFI and legacy BIOS platforms.
+
+This patch updates grub_machine_get_bootlocation() to prefer the result
+from grub_ieee1275_net_config() when complete, and only fall back to the
+firmware bootpath otherwise.
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+---
+ grub-core/kern/ieee1275/init.c | 28 +++++++++++++++++++++-------
+ 1 file changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
+index 45f787eff..802a34f07 100644
+--- a/grub-core/kern/ieee1275/init.c
++++ b/grub-core/kern/ieee1275/init.c
+@@ -153,9 +153,11 @@ void (*grub_ieee1275_net_config) (const char *dev, char **device, char **path,
+ void
+ grub_machine_get_bootlocation (char **device, char **path)
+ {
+-  char *bootpath;
++  char *bootpath = NULL;
+   char *filename;
+-  char *type;
++  char *type = NULL;
++  char *ret_device = NULL;
++  char *ret_path = NULL;
+ 
+   bootpath = grub_ieee1275_get_boot_dev ();
+   if (! bootpath)
+@@ -171,7 +173,7 @@ grub_machine_get_bootlocation (char **device, char **path)
+       dev = grub_ieee1275_get_aliasdevname (bootpath);
+       canon = grub_ieee1275_canonicalise_devname (dev);
+       if (! canon)
+-        return;
++	goto done;
+       ptr = canon + grub_strlen (canon) - 1;
+       while (ptr > canon && (*ptr == ',' || *ptr == ':'))
+ 	ptr--;
+@@ -179,13 +181,17 @@ grub_machine_get_bootlocation (char **device, char **path)
+       *ptr = 0;
+ 
+       if (grub_ieee1275_net_config)
+-	grub_ieee1275_net_config (canon, device, path, bootpath);
++	grub_ieee1275_net_config (canon, &ret_device, &ret_path, bootpath);
+       grub_free (dev);
+       grub_free (canon);
++
++      /* Use path from net config if it is provided by cached DHCP info */
++      if (ret_path != NULL)
++	goto done;
++      /* Fall through to use firmware bootpath */
+     }
+   else
+-    *device = grub_ieee1275_encode_devname (bootpath);
+-  grub_free (type);
++    ret_device = grub_ieee1275_encode_devname (bootpath);
+ 
+   filename = grub_ieee1275_get_filename (bootpath);
+   if (filename)
+@@ -198,10 +204,18 @@ grub_machine_get_bootlocation (char **device, char **path)
+ 	  *lastslash = '\0';
+ 	  grub_translate_ieee1275_path (filename);
+ 
+-	  *path = filename;
++	  ret_path = filename;
+ 	}
+     }
++
++ done:
++  grub_free (type);
+   grub_free (bootpath);
++
++  if (device != NULL)
++    *device = ret_device;
++  if (path != NULL)
++    *path = ret_path;
+ }
+ 
+ /* Claim some available memory in the first /memory node. */
+-- 
+2.51.0
+

0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch

@@ -0,0 +1,45 @@
+From 12d518fd50ed4787d3cc4bafcc11e14139dc5d76 Mon Sep 17 00:00:00 2001
+From: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Date: Wed, 7 May 2025 16:15:22 +0200
+Subject: [PATCH 1/7] kern/file: Call grub_dl_unref() after fs->fs_close()
+
+With commit 16f196874 (kern/file: Implement filesystem reference
+counting) files hold a reference to their file systems.
+
+When closing a file in grub_file_close() we should not expect
+file->fs to stay valid after calling grub_dl_unref() on file->fs->mod.
+So, grub_dl_unref() should be called after file->fs->fs_close().
+
+Fixes: CVE-2025-54771
+Fixes: 16f196874 (kern/file: Implement filesystem reference counting)
+
+Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/kern/file.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
+index 7217a6ea7..dce29bedd 100644
+--- a/grub-core/kern/file.c
++++ b/grub-core/kern/file.c
+@@ -201,12 +201,12 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
+ grub_err_t
+ grub_file_close (grub_file_t file)
+ {
+-  if (file->fs->mod)
+-    grub_dl_unref (file->fs->mod);
+-
+   if (file->fs->fs_close)
+     (file->fs->fs_close) (file);
+ 
++  if (file->fs->mod)
++    grub_dl_unref (file->fs->mod);
++
+   if (file->device)
+     grub_device_close (file->device);
+   grub_free (file->name);
+-- 
+2.51.1
+

0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch

@@ -0,0 +1,116 @@
+From 1fbd2a278cfc645adc45c0e1357e58bcd1909f8d Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Thu, 28 Aug 2025 15:03:35 +0800
+Subject: [PATCH] kern/misc: Implement faster grub_memcpy() for aligned buffers
+
+When both "dest" and "src" are aligned, copying the data in chunks
+(unsigned long) is more efficient than a byte-by-byte copy.
+
+Also tweak '__aeabi_memcpy()', '__aeabi_memcpy4()', and
+'__aeabi_memcpy8()', since 'grub_memcpy()' is not inline anymore.
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ grub-core/kern/compiler-rt.c |  8 ++++----
+ grub-core/kern/misc.c        | 30 ++++++++++++++++++++++++++++++
+ include/grub/misc.h          |  8 +-------
+ 3 files changed, 35 insertions(+), 11 deletions(-)
+
+diff --git a/grub-core/kern/compiler-rt.c b/grub-core/kern/compiler-rt.c
+index eda689a0c..8f3865e95 100644
+--- a/grub-core/kern/compiler-rt.c
++++ b/grub-core/kern/compiler-rt.c
+@@ -24,7 +24,7 @@
+ void * GRUB_BUILTIN_ATTR
+ memcpy (void *dest, const void *src, grub_size_t n)
+ {
+-	return grub_memmove (dest, src, n);
++	return grub_memcpy (dest, src, n);
+ }
+ void * GRUB_BUILTIN_ATTR
+ memmove (void *dest, const void *src, grub_size_t n)
+@@ -372,11 +372,11 @@ grub_int32_t
+ __aeabi_idiv (grub_int32_t a, grub_int32_t b)
+   __attribute__ ((alias ("__divsi3")));
+ void *__aeabi_memcpy (void *dest, const void *src, grub_size_t n)
+-  __attribute__ ((alias ("grub_memcpy")));
++  __attribute__ ((alias ("memcpy")));
+ void *__aeabi_memcpy4 (void *dest, const void *src, grub_size_t n)
+-  __attribute__ ((alias ("grub_memcpy")));
++  __attribute__ ((alias ("memcpy")));
+ void *__aeabi_memcpy8 (void *dest, const void *src, grub_size_t n)
+-  __attribute__ ((alias ("grub_memcpy")));
++  __attribute__ ((alias ("memcpy")));
+ void *__aeabi_memset (void *s, int c, grub_size_t n)
+   __attribute__ ((alias ("memset")));
+ 
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index 2b7922393..016932583 100644
+--- a/grub-core/kern/misc.c
++++ b/grub-core/kern/misc.c
+@@ -99,6 +99,36 @@ grub_memmove (void *dest, const void *src, grub_size_t n)
+   return dest;
+ }
+ 
++static void *
++__memcpy_aligned (void *dest, const void *src, grub_size_t n)
++{
++  unsigned long *dw = (unsigned long *) dest;
++  const unsigned long *sw = (const unsigned long *) src;
++  grub_uint8_t *d;
++  const grub_uint8_t *s;
++
++  for (; n >= sizeof (unsigned long); n -= sizeof (unsigned long))
++    *dw++ = *sw++;
++
++  d = (grub_uint8_t *) dw;
++  s = (const grub_uint8_t *) sw;
++  for (; n > 0; n--)
++    *d++ = *s++;
++
++  return dest;
++}
++
++void *
++grub_memcpy (void *dest, const void *src, grub_size_t n)
++{
++  /* Check if 'dest' and 'src' are aligned */
++  if (((grub_addr_t) dest & (sizeof (unsigned long) - 1)) == 0 &&
++      ((grub_addr_t) src & (sizeof (unsigned long) - 1)) == 0)
++    return __memcpy_aligned (dest, src, n);
++
++  return grub_memmove (dest, src, n);
++}
++
+ char *
+ grub_strcpy (char *dest, const char *src)
+ {
+diff --git a/include/grub/misc.h b/include/grub/misc.h
+index e087e7b3e..b6b14ca55 100644
+--- a/include/grub/misc.h
++++ b/include/grub/misc.h
+@@ -38,6 +38,7 @@
+ #define grub_dprintf(condition, ...) grub_real_dprintf(GRUB_FILE, __LINE__, condition, __VA_ARGS__)
+ 
+ void *EXPORT_FUNC(grub_memmove) (void *dest, const void *src, grub_size_t n);
++void *EXPORT_FUNC(grub_memcpy) (void *dest, const void *src, grub_size_t n);
+ char *EXPORT_FUNC(grub_strcpy) (char *dest, const char *src);
+ 
+ static inline char *
+@@ -103,13 +104,6 @@ grub_strlcpy (char *dest, const char *src, grub_size_t size)
+   return res;
+ }
+ 
+-/* XXX: If grub_memmove is too slow, we must implement grub_memcpy.  */
+-static inline void *
+-grub_memcpy (void *dest, const void *src, grub_size_t n)
+-{
+-  return grub_memmove (dest, src, n);
+-}
+-
+ #if defined(__x86_64__) && !defined (GRUB_UTIL)
+ #if defined (__MINGW32__) || defined (__CYGWIN__) || defined (__MINGW64__)
+ #define GRUB_ASM_ATTR __attribute__ ((sysv_abi))
+-- 
+2.51.0
+

0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch

@@ -0,0 +1,234 @@
+From e98e880b67be178f3a5951fb345ded8c002eb6e5 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Wed, 13 Aug 2025 11:43:40 +0800
+Subject: [PATCH 1/2] lib/crypto: Introduce new HMAC functions to reuse buffers
+
+To enable more efficient buffer reuse for HMAC operations, three new
+functions have been introduced. This change prevents the need to
+reallocate memory for each HMAC operation.
+
+* grub_crypto_hmac_reset(): Reinitializes the hash contexts in the HMAC
+  handle.
+
+* grub_crypto_hmac_final(): Provides the final HMAC result without
+  freeing the handle, allowing it to be reused immediately.
+
+* grub_crypto_hmac_free(): Deallocates the HMAC handle and its
+  associated memory.
+
+To further facilitate buffer reuse, 'ctx2' is now included within the HMAC
+handle struct, and the initialization of 'ctx2' is moved to
+grub_crypto_hmac_init().
+
+The intermediate hash states ('ctx' and 'ctx2') for the inner and outer
+padded keys are now cached. grub_crypto_hmac_reset() restores these cached
+states for new operations, which avoids redundant hashing of the keys.
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ grub-core/disk/geli.c  |  4 +-
+ grub-core/lib/crypto.c | 91 ++++++++++++++++++++++++++++++------------
+ include/grub/crypto.h  |  8 +++-
+ 3 files changed, 74 insertions(+), 29 deletions(-)
+
+Index: grub-2.12/grub-core/disk/geli.c
+===================================================================
+--- grub-2.12.orig/grub-core/disk/geli.c
++++ grub-2.12/grub-core/disk/geli.c
+@@ -464,9 +464,7 @@ geli_recover_key (grub_disk_t source, gr
+       grub_crypto_hmac_write (hnd, header.salt, sizeof (header.salt));
+       grub_crypto_hmac_write (hnd, cargs->key_data, cargs->key_len);
+ 
+-      gcry_err = grub_crypto_hmac_fini (hnd, geomkey);
+-      if (gcry_err)
+-	return grub_crypto_gcry_error (gcry_err);
++      grub_crypto_hmac_fini (hnd, geomkey);
+     }
+ 
+   gcry_err = grub_crypto_hmac_buffer (dev->hash, geomkey,
+Index: grub-2.12/grub-core/lib/crypto.c
+===================================================================
+--- grub-2.12.orig/grub-core/lib/crypto.c
++++ grub-2.12/grub-core/lib/crypto.c
+@@ -31,7 +31,9 @@ struct grub_crypto_hmac_handle
+ {
+   const struct gcry_md_spec *md;
+   void *ctx;
+-  void *opad;
++  void *ctx2;
++  void *ctx_cache;
++  void *ctx2_cache;
+ };
+ 
+ static gcry_cipher_spec_t *grub_ciphers = NULL;
+@@ -307,7 +309,8 @@ grub_crypto_hmac_init (const struct gcry
+ {
+   grub_uint8_t *helpkey = NULL;
+   grub_uint8_t *ipad = NULL, *opad = NULL;
+-  void *ctx = NULL;
++  void *ctx = NULL, *ctx2 = NULL;
++  void *ctx_cache = NULL, *ctx2_cache = NULL;
+   struct grub_crypto_hmac_handle *ret = NULL;
+   unsigned i;
+ 
+@@ -318,6 +321,18 @@ grub_crypto_hmac_init (const struct gcry
+   if (!ctx)
+     goto err;
+ 
++  ctx2 = grub_malloc (md->contextsize);
++  if (!ctx2)
++    goto err;
++
++  ctx_cache = grub_malloc (md->contextsize);
++  if (!ctx_cache)
++    goto err;
++
++  ctx2_cache = grub_malloc (md->contextsize);
++  if (!ctx2_cache)
++    goto err;
++
+   if ( keylen > md->blocksize )
+     {
+       helpkey = grub_malloc (md->mdlen);
+@@ -347,26 +362,40 @@ grub_crypto_hmac_init (const struct gcry
+   grub_free (helpkey);
+   helpkey = NULL;
+ 
++  /* inner pad */
+   md->init (ctx);
+-
+-  md->write (ctx, ipad, md->blocksize); /* inner pad */
++  md->write (ctx, ipad, md->blocksize);
++  grub_memcpy (ctx_cache, ctx, md->contextsize);
+   grub_memset (ipad, 0, md->blocksize);
+   grub_free (ipad);
+   ipad = NULL;
+ 
++  /* outer pad */
++  md->init (ctx2);
++  md->write (ctx2, opad, md->blocksize);
++  grub_memcpy (ctx2_cache, ctx2, md->contextsize);
++  grub_memset (opad, 0, md->blocksize);
++  grub_free (opad);
++  opad = NULL;
++
+   ret = grub_malloc (sizeof (*ret));
+   if (!ret)
+     goto err;
+ 
+   ret->md = md;
+   ret->ctx = ctx;
+-  ret->opad = opad;
++  ret->ctx2 = ctx2;
++  ret->ctx_cache = ctx_cache;
++  ret->ctx2_cache = ctx2_cache;
+ 
+   return ret;
+ 
+  err:
+   grub_free (helpkey);
+   grub_free (ctx);
++  grub_free (ctx2);
++  grub_free (ctx_cache);
++  grub_free (ctx2_cache);
+   grub_free (ipad);
+   grub_free (opad);
+   return NULL;
+@@ -380,37 +409,48 @@ grub_crypto_hmac_write (struct grub_cryp
+   hnd->md->write (hnd->ctx, data, datalen);
+ }
+ 
+-gcry_err_code_t
++void
+ grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out)
+ {
+-  grub_uint8_t *p;
+-  grub_uint8_t *ctx2;
++  grub_crypto_hmac_final (hnd, out);
++  grub_crypto_hmac_free (hnd);
++}
+ 
+-  ctx2 = grub_malloc (hnd->md->contextsize);
+-  if (!ctx2)
+-    return GPG_ERR_OUT_OF_MEMORY;
++void
++grub_crypto_hmac_reset (struct grub_crypto_hmac_handle *hnd)
++{
++  grub_memcpy (hnd->ctx, hnd->ctx_cache, hnd->md->contextsize);
++  grub_memcpy (hnd->ctx2, hnd->ctx2_cache, hnd->md->contextsize);
++}
++
++void
++grub_crypto_hmac_final (struct grub_crypto_hmac_handle *hnd, void *out)
++{
++  grub_uint8_t *p;
+ 
+   hnd->md->final (hnd->ctx);
+   hnd->md->read (hnd->ctx);
+   p = hnd->md->read (hnd->ctx);
+ 
+-  hnd->md->init (ctx2);
+-  hnd->md->write (ctx2, hnd->opad, hnd->md->blocksize);
+-  hnd->md->write (ctx2, p, hnd->md->mdlen);
+-  hnd->md->final (ctx2);
+-  grub_memset (hnd->opad, 0, hnd->md->blocksize);
+-  grub_free (hnd->opad);
+-  grub_memset (hnd->ctx, 0, hnd->md->contextsize);
+-  grub_free (hnd->ctx);
++  hnd->md->write (hnd->ctx2, p, hnd->md->mdlen);
++  hnd->md->final (hnd->ctx2);
+ 
+-  grub_memcpy (out, hnd->md->read (ctx2), hnd->md->mdlen);
+-  grub_memset (ctx2, 0, hnd->md->contextsize);
+-  grub_free (ctx2);
++  grub_memcpy (out, hnd->md->read (hnd->ctx2), hnd->md->mdlen);
++}
+ 
++void
++grub_crypto_hmac_free (struct grub_crypto_hmac_handle *hnd)
++{
++  grub_memset (hnd->ctx, 0, hnd->md->contextsize);
++  grub_free (hnd->ctx);
++  grub_memset (hnd->ctx2, 0, hnd->md->contextsize);
++  grub_free (hnd->ctx2);
++  grub_memset (hnd->ctx_cache, 0, hnd->md->contextsize);
++  grub_free (hnd->ctx_cache);
++  grub_memset (hnd->ctx2_cache, 0, hnd->md->contextsize);
++  grub_free (hnd->ctx2_cache);
+   grub_memset (hnd, 0, sizeof (*hnd));
+   grub_free (hnd);
+-
+-  return GPG_ERR_NO_ERROR;
+ }
+ 
+ gcry_err_code_t
+@@ -425,7 +465,8 @@ grub_crypto_hmac_buffer (const struct gc
+     return GPG_ERR_OUT_OF_MEMORY;
+ 
+   grub_crypto_hmac_write (hnd, data, datalen);
+-  return grub_crypto_hmac_fini (hnd, out);
++  grub_crypto_hmac_fini (hnd, out);
++  return GPG_ERR_NO_ERROR;
+ }
+ 
+ 
+Index: grub-2.12/include/grub/crypto.h
+===================================================================
+--- grub-2.12.orig/include/grub/crypto.h
++++ grub-2.12/include/grub/crypto.h
+@@ -358,8 +358,14 @@ void
+ grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
+ 			const void *data,
+ 			grub_size_t datalen);
+-gcry_err_code_t
++void
+ grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out);
++void
++grub_crypto_hmac_reset (struct grub_crypto_hmac_handle *hnd);
++void
++grub_crypto_hmac_final (struct grub_crypto_hmac_handle *hnd, void *out);
++void
++grub_crypto_hmac_free (struct grub_crypto_hmac_handle *hnd);
+ 
+ gcry_err_code_t
+ grub_crypto_hmac_buffer (const struct gcry_md_spec *md,

0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch

@@ -0,0 +1,116 @@
+From 468a37601083ef3352ff6e5d4f40ec8b1cebc4ef Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Tue, 8 Jul 2025 11:57:42 +0800
+Subject: [PATCH] tcp: Fix TCP port number reused on reboot
+
+GRUB's TCP stack assigns source ports for outgoing connections starting
+at 21550 and increments sequentially by 1 (e.g., 21550, 21551, ...).
+While this generally works, it can lead to failures if the system
+reboots rapidly and reuses the same source port too soon.
+
+This issue was observed on powerpc-ieee1275 platforms using CAS (Client
+Architecture Support) reboot. In such cases, loading the initrd over
+HTTP may fail with connection timeouts. Packet captures show the failed
+connections are flagged as "TCP Port Number Reused" by Wireshark.
+
+The root cause is that GRUB reuses the same port shortly after reboot,
+while the server may still be tracking the previous connection in
+TIME_WAIT. This can result in the server rejecting the connection
+attempt or responding with a stale ACK or RST, leading to handshake
+failure.
+
+This patch fixes the issue by introducing a time based source port
+selection strategy. Instead of always starting from port 21550, GRUB now
+computes an initial base port based on the current RTC time, divided
+into 5 minute windows. The purpose of this time based strategy is to
+ensure that GRUB avoids reusing the same source port within a 5 minute
+window, thereby preventing collisions with stale server side connection
+tracking that could interfere with a new TCP handshake.
+
+A step size of 8 ensures that the same port will not be reused across
+reboots unless GRUB opens more than 8 TCP connections per second on
+average, something that is highly unlikely. In typical usage, a GRUB
+boot cycle lasts about 15 seconds and may open fewer than 100
+connections total, well below the reuse threshold. This makes the
+approach robust against short reboot intervals while keeping the logic
+simple and deterministic.
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
+---
+ grub-core/net/tcp.c | 39 ++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 38 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c
+index 93dee0caa..d0cc602dc 100644
+--- a/grub-core/net/tcp.c
++++ b/grub-core/net/tcp.c
+@@ -22,6 +22,7 @@
+ #include <grub/net/netbuff.h>
+ #include <grub/time.h>
+ #include <grub/priority_queue.h>
++#include <grub/datetime.h>
+ 
+ #define TCP_SYN_RETRANSMISSION_TIMEOUT GRUB_NET_INTERVAL
+ #define TCP_SYN_RETRANSMISSION_COUNT GRUB_NET_TRIES
+@@ -552,6 +553,36 @@ grub_net_tcp_accept (grub_net_tcp_socket_t sock,
+   return GRUB_ERR_NONE;
+ }
+ 
++/*
++ * Derive a time-based source port to avoid reusing the same port across
++ * reboots. This helps prevent failures caused by server side TCP state (e.g.
++ * TIME_WAIT) from interfering with new connections using the same socket.
++ *
++ * The base port starts at 21550 and increments every second by 8 across a 5
++ * minute window (300 seconds), giving 2400 possible distinct base ports per
++ * window. In typical GRUB usage, the number of connections per boot is small,
++ * so reuse is effectively avoided.
++ */
++static grub_uint16_t
++get_initial_base_port (void)
++{
++  grub_err_t err;
++  struct grub_datetime date;
++  grub_int64_t t = 0;
++  grub_uint64_t r = 0;
++
++  err = grub_get_datetime (&date);
++  if (err != GRUB_ERR_NONE || !grub_datetime2unixtime (&date, &t))
++    {
++      grub_errno = GRUB_ERR_NONE;
++      return 21550;
++    }
++
++  grub_divmod64 (t, 300, &r);
++
++  return 21550 + (r << 3);
++}
++
+ grub_net_tcp_socket_t
+ grub_net_tcp_open (char *server,
+ 		   grub_uint16_t out_port,
+@@ -569,13 +600,19 @@ grub_net_tcp_open (char *server,
+   struct grub_net_network_level_interface *inf;
+   grub_net_network_level_address_t gateway;
+   grub_net_tcp_socket_t socket;
+-  static grub_uint16_t in_port = 21550;
++  static grub_uint16_t in_port;
+   struct grub_net_buff *nb;
+   struct tcphdr *tcph;
+   int i;
+   grub_uint8_t *nbd;
+   grub_net_link_level_address_t ll_target_addr;
+ 
++  if (!in_port)
++    {
++      in_port = get_initial_base_port ();
++      grub_dprintf ("net", "base port: %d\n", in_port);
++    }
++
+   err = grub_net_resolve_address (server, &addr);
+   if (err)
+     return NULL;
+-- 
+2.50.1
+

0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch

@@ -0,0 +1,38 @@
+From f0a08324d0f923527ba611887a3780c1f2cb1578 Mon Sep 17 00:00:00 2001
+From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Date: Tue, 21 Jan 2025 11:01:26 -0600
+Subject: [PATCH] term/ns8250-spcr: Return if redirection is disabled
+
+The Microsoft spec for SPCR says "The base address of the Serial Port
+register set described using the ACPI Generic Address Structure, or
+0 if console redirection is disabled". So, return early if redirection
+is disabled (base address = 0). If this check is not done we may get
+invalid ports on machines with redirection disabled and boot may hang
+when reading the grub.cfg file.
+
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Reviewed-by: Leo Sandoval <lsandova@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/term/ns8250-spcr.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/term/ns8250-spcr.c b/grub-core/term/ns8250-spcr.c
+index 4efaaf768..428b2d59a 100644
+--- a/grub-core/term/ns8250-spcr.c
++++ b/grub-core/term/ns8250-spcr.c
+@@ -76,6 +76,11 @@ grub_ns8250_spcr_init (void)
+         config.speed = 115200;
+         break;
+     };
++
++  /* If base address is 0 it means redirection is disabled. */
++  if (spcr->base_addr.addr == 0)
++    return NULL;
++
+   switch (spcr->base_addr.space_id)
+     {
+       case GRUB_ACPI_GENADDR_MEM_SPACE:
+-- 
+2.51.0
+

0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch

@@ -0,0 +1,91 @@
+From 7126da87f17ff41334b9fa6969ad032ff9940979 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Wed, 13 Aug 2025 09:57:04 +0800
+Subject: [PATCH 2/2] lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle
+
+The previous PBKDF2 implementation used grub_crypto_hmac_buffer(), which
+allocates and frees an HMAC handle on every call. This approach caused
+significant performance overhead, slowing down the boot process
+considerably.
+
+This commit refactors the PBKDF2 code to use the new HMAC functions,
+allowing the HMAC handle and its buffers to be allocated once and reused
+across multiple operations. This change significantly reduces disk
+unlocking time.
+
+In a QEMU/OVMF test environment, this patch reduced the time to unlock a
+LUKS2(*) partition from approximately 15 seconds to 4 seconds.
+
+(*) PBKDF2 SHA256 with 3454944 iterations
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ grub-core/lib/pbkdf2.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/lib/pbkdf2.c b/grub-core/lib/pbkdf2.c
+index 28aa96c46..410eff580 100644
+--- a/grub-core/lib/pbkdf2.c
++++ b/grub-core/lib/pbkdf2.c
+@@ -39,6 +39,7 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
+ 		    unsigned int c,
+ 		    grub_uint8_t *DK, grub_size_t dkLen)
+ {
++  struct grub_crypto_hmac_handle *hnd = NULL;
+   unsigned int hLen = md->mdlen;
+   grub_uint8_t U[GRUB_CRYPTO_MAX_MDLEN];
+   grub_uint8_t T[GRUB_CRYPTO_MAX_MDLEN];
+@@ -47,7 +48,6 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
+   unsigned int r;
+   unsigned int i;
+   unsigned int k;
+-  gcry_err_code_t rc;
+   grub_uint8_t *tmp;
+   grub_size_t tmplen = Slen + 4;
+ 
+@@ -72,6 +72,13 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
+ 
+   grub_memcpy (tmp, S, Slen);
+ 
++  hnd = grub_crypto_hmac_init (md, P, Plen);
++  if (hnd == NULL)
++    {
++      grub_free (tmp);
++      return GPG_ERR_OUT_OF_MEMORY;
++    }
++
+   for (i = 1; i - 1 < l; i++)
+     {
+       grub_memset (T, 0, hLen);
+@@ -85,16 +92,13 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
+ 	      tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ 	      tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+ 
+-	      rc = grub_crypto_hmac_buffer (md, P, Plen, tmp, tmplen, U);
++	      grub_crypto_hmac_write (hnd, tmp, tmplen);
+ 	    }
+ 	  else
+-	    rc = grub_crypto_hmac_buffer (md, P, Plen, U, hLen, U);
++	    grub_crypto_hmac_write (hnd, U, hLen);
+ 
+-	  if (rc != GPG_ERR_NO_ERROR)
+-	    {
+-	      grub_free (tmp);
+-	      return rc;
+-	    }
++	  grub_crypto_hmac_final (hnd, U);
++	  grub_crypto_hmac_reset (hnd);
+ 
+ 	  for (k = 0; k < hLen; k++)
+ 	    T[k] ^= U[k];
+@@ -103,6 +107,7 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
+       grub_memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
+     }
+ 
++  grub_crypto_hmac_free (hnd);
+   grub_free (tmp);
+ 
+   return GPG_ERR_NO_ERROR;
+-- 
+2.51.0
+

0002-net-net-Unregister-net_set_vlan-command-on-unload.patch

@@ -0,0 +1,35 @@
+From c9af7dfdd068beb1f47b1837bcc143118a87fbb1 Mon Sep 17 00:00:00 2001
+From: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Date: Fri, 9 May 2025 14:20:47 +0200
+Subject: [PATCH 2/7] net/net: Unregister net_set_vlan command on unload
+
+The commit 954c48b9c (net/net: Add net_set_vlan command) added command
+net_set_vlan to the net module. Unfortunately the commit only added the
+grub_register_command() call on module load but missed the
+grub_unregister_command() on unload. Let's fix this.
+
+Fixes: CVE-2025-54770
+Fixes: 954c48b9c (net/net: Add net_set_vlan command)
+
+Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/net/net.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index df13c3aaa..7bd8f1bf7 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -2151,6 +2151,7 @@ GRUB_MOD_FINI(net)
+   grub_unregister_command (cmd_deladdr);
+   grub_unregister_command (cmd_addroute);
+   grub_unregister_command (cmd_delroute);
++  grub_unregister_command (cmd_setvlan);
+   grub_unregister_command (cmd_lsroutes);
+   grub_unregister_command (cmd_lscards);
+   grub_unregister_command (cmd_lsaddr);
+-- 
+2.51.1
+

0003-gettext-gettext-Unregister-gettext-command-on-module.patch

@@ -0,0 +1,66 @@
+From 04f3a7beebd029c10e80e9cbea5c1d8452b066ce Mon Sep 17 00:00:00 2001
+From: Alec Brown <alec.r.brown@oracle.com>
+Date: Thu, 21 Aug 2025 21:14:06 +0000
+Subject: [PATCH 3/7] gettext/gettext: Unregister gettext command on module
+ unload
+
+When the gettext module is loaded, the gettext command is registered but
+isn't unregistered when the module is unloaded. We need to add a call to
+grub_unregister_command() when unloading the module.
+
+Fixes: CVE-2025-61662
+
+Reported-by: Alec Brown <alec.r.brown@oracle.com>
+Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/gettext/gettext.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 9ffc73428..edebed998 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -502,6 +502,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)),
+   return 0;
+ }
+ 
++static grub_command_t cmd;
++
+ GRUB_MOD_INIT (gettext)
+ {
+   const char *lang;
+@@ -521,13 +523,14 @@ GRUB_MOD_INIT (gettext)
+   grub_register_variable_hook ("locale_dir", NULL, read_main);
+   grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary);
+ 
+-  grub_register_command_p1 ("gettext", grub_cmd_translate,
+-			    N_("STRING"),
+-			    /* TRANSLATORS: It refers to passing the string through gettext.
+-			       So it's "translate" in the same meaning as in what you're
+-			       doing now.
+-			     */
+-			    N_("Translates the string with the current settings."));
++  cmd = grub_register_command_p1 ("gettext", grub_cmd_translate,
++				  N_("STRING"),
++				  /*
++				   * TRANSLATORS: It refers to passing the string through gettext.
++				   * So it's "translate" in the same meaning as in what you're
++				   * doing now.
++				   */
++				  N_("Translates the string with the current settings."));
+ 
+   /* Reload .mo file information if lang changes.  */
+   grub_register_variable_hook ("lang", NULL, grub_gettext_env_write_lang);
+@@ -544,6 +547,8 @@ GRUB_MOD_FINI (gettext)
+   grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
+   grub_register_variable_hook ("lang", NULL, NULL);
+ 
++  grub_unregister_command (cmd);
++
+   grub_gettext_delete_list (&main_context);
+   grub_gettext_delete_list (&secondary_context);
+ 
+-- 
+2.51.1
+

0004-normal-main-Unregister-commands-on-module-unload.patch

@@ -0,0 +1,58 @@
+From 41330d7fafe122d79d7a9ec28884c0771eb4fdf3 Mon Sep 17 00:00:00 2001
+From: Alec Brown <alec.r.brown@oracle.com>
+Date: Thu, 21 Aug 2025 21:14:07 +0000
+Subject: [PATCH 4/7] normal/main: Unregister commands on module unload
+
+When the normal module is loaded, the normal and normal_exit commands
+are registered but aren't unregistered when the module is unloaded. We
+need to add calls to grub_unregister_command() when unloading the module
+for these commands.
+
+Fixes: CVE-2025-61663
+Fixes: CVE-2025-61664
+
+Reported-by: Alec Brown <alec.r.brown@oracle.com>
+Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/normal/main.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 398169299..b77d55eb3 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -639,7 +639,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)),
+   return 0;
+ }
+ 
+-static grub_command_t cmd_clear;
++static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit;
+ 
+ static void (*grub_xputs_saved) (const char *str);
+ static const char *features[] = {
+@@ -682,10 +682,10 @@ GRUB_MOD_INIT(normal)
+   grub_env_export ("pager");
+ 
+   /* Register a command "normal" for the rescue mode.  */
+-  grub_register_command ("normal", grub_cmd_normal,
+-			 0, N_("Enter normal mode."));
+-  grub_register_command ("normal_exit", grub_cmd_normal_exit,
+-			 0, N_("Exit from normal mode."));
++  cmd_normal = grub_register_command ("normal", grub_cmd_normal,
++				      0, N_("Enter normal mode."));
++  cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit,
++					   0, N_("Exit from normal mode."));
+ 
+   /* Reload terminal colors when these variables are written to.  */
+   grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal);
+@@ -727,4 +727,6 @@ GRUB_MOD_FINI(normal)
+   grub_register_variable_hook ("color_highlight", NULL, NULL);
+   grub_fs_autoload_hook = 0;
+   grub_unregister_command (cmd_clear);
++  grub_unregister_command (cmd_normal);
++  grub_unregister_command (cmd_normal_exit);
+ }
+-- 
+2.51.1
+

0005-tests-lib-functional_test-Unregister-commands-on-mod.patch

@@ -0,0 +1,47 @@
+From 0289adccc2127a1179fea9da0c787fab04a831f7 Mon Sep 17 00:00:00 2001
+From: Alec Brown <alec.r.brown@oracle.com>
+Date: Thu, 21 Aug 2025 21:14:08 +0000
+Subject: [PATCH 5/7] tests/lib/functional_test: Unregister commands on module
+ unload
+
+When the functional_test module is loaded, both the functional_test and
+all_functional_test commands are registered but only the all_functional_test
+command is being unregistered since it was the last to set the cmd variable
+that gets unregistered when the module is unloaded. To unregister both
+commands, we need to create an additional grub_extcmd_t variable.
+
+Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/tests/lib/functional_test.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c
+index 403fa5c78..31b6b5dab 100644
+--- a/grub-core/tests/lib/functional_test.c
++++ b/grub-core/tests/lib/functional_test.c
+@@ -90,17 +90,18 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)),
+   return GRUB_ERR_NONE;
+ }
+ 
+-static grub_extcmd_t cmd;
++static grub_extcmd_t cmd, cmd_all;
+ 
+ GRUB_MOD_INIT (functional_test)
+ {
+   cmd = grub_register_extcmd ("functional_test", grub_functional_test, 0, 0,
+ 			      "Run all loaded functional tests.", 0);
+-  cmd = grub_register_extcmd ("all_functional_test", grub_functional_all_tests, 0, 0,
+-			      "Run all functional tests.", 0);
++  cmd_all = grub_register_extcmd ("all_functional_test", grub_functional_all_tests, 0, 0,
++				  "Run all functional tests.", 0);
+ }
+ 
+ GRUB_MOD_FINI (functional_test)
+ {
+   grub_unregister_extcmd (cmd);
++  grub_unregister_extcmd (cmd_all);
+ }
+-- 
+2.51.1
+

0006-commands-usbtest-Use-correct-string-length-field.patch

@@ -0,0 +1,34 @@
+From 8dd7026738fb445abd811bb6bd98ff297676329e Mon Sep 17 00:00:00 2001
+From: Jamie <volticks@gmail.com>
+Date: Mon, 14 Jul 2025 09:52:59 +0100
+Subject: [PATCH 6/7] commands/usbtest: Use correct string length field
+
+An incorrect length field is used for buffer allocation. This leads to
+grub_utf16_to_utf8() receiving an incorrect/different length and possibly
+causing OOB write. This makes sure to use the correct length.
+
+Fixes: CVE-2025-61661
+
+Reported-by: Jamie <volticks@gmail.com>
+Signed-off-by: Jamie <volticks@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/commands/usbtest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
+index 2c6d93fe6..8ef187a9a 100644
+--- a/grub-core/commands/usbtest.c
++++ b/grub-core/commands/usbtest.c
+@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
+       return GRUB_USB_ERR_NONE;
+     }
+ 
+-  *string = grub_malloc (descstr.length * 2 + 1);
++  *string = grub_malloc (descstrp->length * 2 + 1);
+   if (! *string)
+     {
+       grub_free (descstrp);
+-- 
+2.51.1
+

0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch

@@ -0,0 +1,32 @@
+From 5b375fcf38550c59f869dca8356ce71c92c8cf6a Mon Sep 17 00:00:00 2001
+From: Jamie <volticks@gmail.com>
+Date: Mon, 14 Jul 2025 10:07:47 +0100
+Subject: [PATCH 7/7] commands/usbtest: Ensure string length is sufficient in
+ usb string processing
+
+If descstrp->length is less than 2 this will result in underflow in
+"descstrp->length / 2 - 1" math. Let's fix the check to make sure the
+value is sufficient.
+
+Signed-off-by: Jamie <volticks@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/commands/usbtest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
+index 8ef187a9a..3184ac9af 100644
+--- a/grub-core/commands/usbtest.c
++++ b/grub-core/commands/usbtest.c
+@@ -90,7 +90,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
+ 			      0x06, (3 << 8) | index,
+ 			      langid, descstr.length, (char *) descstrp);
+ 
+-  if (descstrp->length == 0)
++  if (descstrp->length < 2)
+     {
+       grub_free (descstrp);
+       *string = grub_strdup ("");
+-- 
+2.51.1
+

grub2-constant-time-grub_crypto_memcmp.patch

@@ -0,0 +1,59 @@
+From be4670936bc86a14f20a8c9c40d34c45aad0d0b2 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Fri, 25 Jul 2025 13:50:23 +0800
+Subject: [PATCH] Constant-time grub_crypto_memcmp()
+
+Use the constant-time algorithm to compare the given memory blocks.
+The code is extracted from the upstream commit:
+0739d24cd1648531d0708d1079ff6bbfa6140268
+
+Fix: bsc#1234959
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ grub-core/lib/crypto.c | 23 ++++++++++++++++-------
+ 1 file changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
+index 396f764..19db787 100644
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -433,19 +433,28 @@ grub_crypto_gcry_error (gcry_err_code_t in)
+   return GRUB_ACCESS_DENIED;
+ }
+ 
++/*
++ * Compare byte arrays of length LEN, return 1 if it's not same,
++ * 0, otherwise.
++ */
+ int
+-grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
++grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len)
+ {
+-  register grub_size_t counter = 0;
+-  const grub_uint8_t *pa, *pb;
++  const grub_uint8_t *a = b1;
++  const grub_uint8_t *b = b2;
++  int ab, ba;
++  grub_size_t i;
+ 
+-  for (pa = a, pb = b; n; pa++, pb++, n--)
++  /* Constant-time compare. */
++  for (i = 0, ab = 0, ba = 0; i < len; i++)
+     {
+-      if (*pa != *pb)
+-	counter++;
++      /* If a[i] != b[i], either ab or ba will be negative. */
++      ab |= a[i] - b[i];
++      ba |= b[i] - a[i];
+     }
+ 
+-  return !!counter;
++  /* 'ab | ba' is negative when buffers are not equal, extract sign bit.  */
++  return ((unsigned int)(ab | ba) >> (sizeof(unsigned int) * 8 - 1)) & 1;
+ }
+ 
+ #ifndef GRUB_UTIL
+-- 
+2.43.0
+

grub2-grubenv-in-btrfs-header.patch

@@ -475,27 +475,33 @@ v4:
  EOF
  if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then
      cat <<EOF
-@@ -55,6 +62,9 @@
+@@ -54,7 +61,11 @@
+ elif [ "\${next_entry}" ] ; then
     set default="\${next_entry}"
     set next_entry=
-    save_env next_entry
+-   save_env next_entry
 +   if [ "\${env_block}" ] ; then
 +     save_env -f "\${env_block}" next_entry
++   else
++     save_env next_entry
 +   fi
     set boot_once=true
  else
     set default="${GRUB_DEFAULT}"
-@@ -66,6 +76,9 @@
+@@ -65,7 +76,11 @@
+ if [ "\${next_entry}" ] ; then
     set default="\${next_entry}"
     set next_entry=
-    save_env next_entry
+-   save_env next_entry
 +   if [ "\${env_block}" ] ; then
 +     save_env -f "\${env_block}" next_entry
++   else
++     save_env next_entry
 +   fi
     set boot_once=true
  else
     set default="${GRUB_DEFAULT}"
-@@ -93,7 +106,12 @@
+@@ -93,7 +108,12 @@
  function savedefault {
    if [ -z "\${boot_once}" ]; then
      saved_entry="\${chosen}"

grub2-i386-pc-no-pageflipping.patch

@@ -0,0 +1,20 @@
+In x86 Legacy BIOS mode, on some Lenovo machines, the grub menu is not
+visible, although it demonstrably has been drawn (bsc#1245636).
+
+A workaround to avoid this is to not use page flipping mode.
+
+This patch enforces that no page flipping is used in the VBE framebuffer
+backend for i386-pc.
+
+--- a/grub-core/video/i386/pc/vbe.c
++++ b/grub-core/video/i386/pc/vbe.c
+@@ -1137,7 +1137,8 @@ grub_video_vbe_setup (unsigned int width, unsigned int height,
+ 
+ 	page_size = framebuffer.mode_info.pitch * framebuffer.mode_info.height;
+ 
+-	if (vram_size >= 2 * page_size)
++	/* avoid page flipping mode (bsc#1245636) */
++	if (0 && vram_size >= 2 * page_size)
+ 	  err = grub_video_fb_setup (mode_type, mode_mask,
+ 				     &framebuffer.mode_info,
+ 				     framebuffer.ptr,

grub2.changes

@@ -1,3 +1,73 @@
+-------------------------------------------------------------------
+Tue Jan 20 02:25:34 UTC 2026 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Optimize PBKDF2 to reduce the decryption time (bsc#1248516)
+  * 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
+  * 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
+  * 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
+
+-------------------------------------------------------------------
+Wed Nov 12 08:24:35 UTC 2025 - Michael Chang <mchang@suse.com>
+
+- Fix CVE-2025-54771 (bsc#1252931)
+  * 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
+- Fix CVE-2025-54770 (bsc#1252930)
+  * 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
+- Fix CVE-2025-61662 (bsc#1252933)
+  * 0003-gettext-gettext-Unregister-gettext-command-on-module.patch
+- Fix CVE-2025-61663 (bsc#1252934)
+- Fix CVE-2025-61664 (bsc#1252935)
+  * 0004-normal-main-Unregister-commands-on-module-unload.patch
+  * 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
+- Fix CVE-2025-61661 (bsc#1252932)
+  * 0006-commands-usbtest-Use-correct-string-length-field.patch
+  * 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
+- Bump upstream SBAT generation to 6
+
+-------------------------------------------------------------------
+Mon Oct 13 09:45:07 UTC 2025 - Michael Chang <mchang@suse.com>
+
+- Fix "sparse file not allowed" error after grub2-reboot (bsc#1245738)
+  * grub2-grubenv-in-btrfs-header.patch
+
+-------------------------------------------------------------------
+Mon Oct 13 09:36:02 UTC 2025 - Michael Chang <mchang@suse.com>
+
+- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
+  * 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
+
+-------------------------------------------------------------------
+Tue Sep 23 08:47:49 UTC 2025 - Steffen Winterfeldt <snwint@suse.com>
+
+- turn off page flipping for i386-pc using VBE video backend (bsc#1245636)
+  * grub2-i386-pc-no-pageflipping.patch
+
+-------------------------------------------------------------------
+Mon Sep 22 07:15:00 UTC 2025 - Michael Chang <mchang@suse.com>
+
+- Fix boot hangs in setting up serial console when ACPI SPCR table is present
+  and redirection is disabled (bsc#1249088)
+  * 0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch
+
+-------------------------------------------------------------------
+Thu Aug  7 06:19:53 UTC 2025 - Michael Chang <mchang@suse.com>
+
+- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
+  * 0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch
+
+-------------------------------------------------------------------
+Mon Aug  4 06:44:01 UTC 2025 - Michael Chang <mchang@suse.com>
+
+- Skip mount point in grub_find_device function (bsc#1246231)
+  * 0001-getroot-Skip-mount-points-in-grub_find_device.patch
+
+-------------------------------------------------------------------
+Fri Jul 25 05:56:26 UTC 2025 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Fix CVE-2024-56738: side-channel attack due to not constant-time
+  algorithm in grub_crypto_memcmp (bsc#1234959)
+  * grub2-constant-time-grub_crypto_memcmp.patch
+
 -------------------------------------------------------------------
 Wed Jul 16 11:19:21 UTC 2025 - Michael Chang <mchang@suse.com>
 
@@ -168,7 +238,7 @@ Mon Mar 17 08:27:29 UTC 2025 - Michael Chang <mchang@suse.com>
 Thu Mar 13 06:50:37 UTC 2025 - Gary Ching-Pang Lin <glin@suse.com>
 
 - Update the patch to fix "SRK not matched" errors when unsealing
-  the key (bsc#1232411)
+  the key (bsc#1232411) (bsc#1247242)
   * 0001-tpm2-Add-extra-RSA-SRK-types.patch
 
 -------------------------------------------------------------------

grub2.spec

@@ -22,7 +22,7 @@
 %if %{defined sbat_distro}
 # SBAT metadata
 %define sbat_generation 1
-%define sbat_generation_grub 5
+%define sbat_generation_grub 6
 %else
 %{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
 %endif
@@ -493,6 +493,22 @@ Patch315:       0001-test-Fix-f-test-on-files-over-network.patch
 Patch316:       0002-http-Return-HTTP-status-code-in-http_establish.patch
 Patch317:       0003-docs-Clarify-test-for-files-on-TFTP-and-HTTP.patch
 Patch318:       0004-tftp-Fix-hang-when-file-is-a-directory.patch
+Patch319:       grub2-constant-time-grub_crypto_memcmp.patch
+Patch320:       0001-getroot-Skip-mount-points-in-grub_find_device.patch
+Patch321:       0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch
+Patch343:       0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch
+Patch344:       grub2-i386-pc-no-pageflipping.patch
+Patch345:       0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
+Patch346:       0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
+Patch347:       0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
+Patch348:       0003-gettext-gettext-Unregister-gettext-command-on-module.patch
+Patch349:       0004-normal-main-Unregister-commands-on-module-unload.patch
+Patch350:       0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
+Patch351:       0006-commands-usbtest-Use-correct-string-length-field.patch
+Patch352:       0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
+Patch353:       0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
+Patch354:       0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
+Patch355:       0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
 
 %if 0%{?suse_version} < 1600
 Requires:       gettext-runtime