pool/grub2
SHA256
18
1
Fork 4
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

22 Commits
slfo-1.2 ... slfo-main

Author SHA256 Message Date
Dominique Leuenberger
7bebe4975c Accepting request 1310602 from openSUSE:Factory 
https://bugzilla.opensuse.org/show_bug.cgi?id=1251862

OBS-URL: https://build.opensuse.org/request/show/1310602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=375
 2025-10-10 15:10:13 +00:00
Dominique Leuenberger
2947cf51fa Accepting request 1310602 from openSUSE:Factory 
https://bugzilla.opensuse.org/show_bug.cgi?id=1251862

OBS-URL: https://build.opensuse.org/request/show/1310602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=375
 2025-10-10 15:10:13 +00:00
Dominique Leuenberger
6ae9de2829 Accepting request 1309413 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1309413
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=374
 2025-10-08 16:12:32 +00:00
Michael Chang
65b3a4a414 - make grub plugin compatible with snapper's plugin API (bsc#1246172) 
- clean up some unused code

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=567
 2025-10-07 05:06:55 +00:00
Ana Guerrero
928faeb505 Accepting request 1306728 from Base:System 
- turn off page flipping for i386-pc using VBE video backend (bsc#1245636)
  * grub2-i386-pc-no-pageflipping.patch

- Fix boot hangs in setting up serial console when ACPI SPCR table is present
  and redirection is disabled (bsc#1249088)
  * 0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch

OBS-URL: https://build.opensuse.org/request/show/1306728
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=373
 2025-09-23 18:47:08 +00:00
Steffen Winterfeldt
462262e6ea - turn off page flipping for i386-pc using VBE video backend (bsc#1245636) 
* grub2-i386-pc-no-pageflipping.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=566
 2025-09-23 12:32:51 +00:00
Steffen Winterfeldt
3872727a8d - Fix boot hangs in setting up serial console when ACPI SPCR table is present 
and redirection is disabled (bsc#1249088)
  * 0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=565
 2025-09-23 12:29:27 +00:00
Steffen Winterfeldt
8c20cdcab0 osc copypac from project:Base:System package:grub2 revision:562 
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=564
 2025-09-23 12:29:12 +00:00
Steffen Winterfeldt
4085ef8f96 - turn off page flipping for i386-pc using VBE video backend (bsc#1245636) 
* grub2-i386-pc-no-pageflipping.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=563
 2025-09-23 09:32:53 +00:00
Ana Guerrero
7437f32a34 Accepting request 1304184 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1304184
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=372
 2025-09-12 19:09:17 +00:00
Michael Chang
3db63b85e2 - Add support for LoaderEntryDefault EFI variable 
* grub2-bls-loader-entry-default.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=562
 2025-09-12 04:09:11 +00:00
Ana Guerrero
f509f29f48 Accepting request 1303110 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1303110
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=371
 2025-09-08 11:05:03 +00:00
Michael Chang
c90e5054ec - Optimize PBKDF2 to reduce the decryption time 
* 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
  * 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
  * 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=561
 2025-09-08 04:52:47 +00:00
Dominique Leuenberger
ef9fe84701 Accepting request 1299305 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1299305
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=370
 2025-08-15 19:51:02 +00:00
Michael Chang
29e0b8290c - UEFI NX support and NX Linux loader using shim loader protocol (bsc#1205588) 
(jsc#PED-13361)
  * 0001-modules-Make-.module_license-read-only.patch
  * 0002-modules-Strip-.llvm_addrsig-sections-and-similar.patch
  * 0003-modules-Don-t-allocate-space-for-non-allocable-secti.patch
  * 0004-modules-Load-module-sections-at-page-aligned-address.patch
  * 0005-nx-Add-memory-attribute-get-set-API.patch
  * 0006-nx-Set-page-permissions-for-loaded-modules.patch
  * 0007-nx-Set-the-NX-compatible-flag-for-the-GRUB-EFI-image.patch
  * 0008-efi-Provide-wrappers-for-load_image-start_image-and-.patch
  * 0009-efi-sb-Add-support-for-the-shim-loader-protocol.patch
  * 0010-efi-sb-Add-API-for-retrieving-shim-loader-image-hand.patch
  * 0011-loader-efi-chainloader-Use-shim-loader-image-handle-.patch
  * 0012-loader-efi-linux-Use-shim-loader-image-handle-where-.patch
  * 0013-nx-Rename-GRUB_DL_ALIGN-to-DL_ALIGN.patch
- Fallback for legacy shim lock protocol while secure boot is enabled
  * 0001-linux-fallback-to-EFI-handover-on-x86_64.patch
  * 0002-linux-fallback-to-direct-PE-entry-boot-on-arm64.patch
  * 0003-efi-chainloader-fallback-to-direct-image-execution.patch
  * 0004-efi-chainloader-fix-missing-file_path-in-loaded_imag.patch
- Removed patch
  * 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=560
 2025-08-14 02:40:02 +00:00
Dominique Leuenberger
0108c5290e Accepting request 1298703 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1298703
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=369
 2025-08-12 15:03:08 +00:00
Michael Chang
4962b71520 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) 
* 0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=559
 2025-08-11 02:50:27 +00:00
Dominique Leuenberger
e3c4848fca Accepting request 1297414 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1297414
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=368
 2025-08-07 14:48:22 +00:00
Michael Chang
575dbfe9e9 - Skip mount point in grub_find_device function (bsc#1246231) 
* 0001-getroot-Skip-mount-points-in-grub_find_device.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=558
 2025-08-04 07:44:31 +00:00
Dominique Leuenberger
0f03cac870 Accepting request 1296922 from Base:System 
- Fix CVE-2024-56738: side-channel attack due to not constant-time
  algorithm in grub_crypto_memcmp (bsc#1234959)
  * grub2-constant-time-grub_crypto_memcmp.patch

- Update the bug tag for 0001-tpm2-Add-extra-RSA-SRK-types.patch

OBS-URL: https://build.opensuse.org/request/show/1296922
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=367
 2025-08-03 11:36:23 +00:00
Gary Ching-Pang Lin
03767e119a Update the bug tag for 0001-tpm2-Add-extra-RSA-SRK-types.patch 
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=557
 2025-08-01 03:01:52 +00:00
Gary Ching-Pang Lin
5bb0fbd333 - Fix CVE-2024-56738: side-channel attack due to not constant-time 
algorithm in grub_crypto_memcmp (bsc#1234959)
  * grub2-constant-time-grub_crypto_memcmp.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=556
 2025-08-01 02:45:33 +00:00
30 changed files with 1956 additions and 575 deletions
Expand all files Collapse all files

113
0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
View File

@@ -1,113 +0,0 @@
From eae4fc64a16cb58733afca09e70a09e51d405a9d Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 30 Sep 2025 14:44:02 +0800
Subject: [PATCH] ieee1275: Use net config for boot location instead of
firmware bootpath
On network boots, grub_ieee1275_net_config() is used to determine the
boot device, but the path continues to be taken from the Open Firmware
/chosen/bootpath property. This assumes the device node follows the
generic IEEE-1275 syntax, which is not always the case. Different
drivers may extend or redefine the format, and GRUB may then
misinterpret the argument as a filename and set $prefix incorrectly.
The generic Open Firmware device path format is:
device-name[:device-argument]
device-argument := [partition][,[filename]]
For example, a bootpath such as:
/vdevice/l-lan@30000002:speed=auto,duplex=auto,1.2.243.345,,9.8.76.543,1.2.34.5,5,5,255.255.255.0,512
does not follow this form. The section after the colon (the
device-argument) contains driver-specific options and network
parameters, not a valid filename. GRUB interprets this string as a
filename, which results in $prefix being set to "/", effectively losing
the intended boot directory.
The firmware is not at fault here, since interpretation of device nodes
is driver-specific. Instead, GRUB should use the filename provided in
the cached DHCP packet, which is consistent and reliable. This is also
the same mechanism already used on UEFI and legacy BIOS platforms.
This patch updates grub_machine_get_bootlocation() to prefer the result
from grub_ieee1275_net_config() when complete, and only fall back to the
firmware bootpath otherwise.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/kern/ieee1275/init.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 45f787eff..802a34f07 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -153,9 +153,11 @@ void (*grub_ieee1275_net_config) (const char *dev, char **device, char **path,
void
grub_machine_get_bootlocation (char **device, char **path)
{
- char *bootpath;
+ char *bootpath = NULL;
char *filename;
- char *type;
+ char *type = NULL;
+ char *ret_device = NULL;
+ char *ret_path = NULL;
bootpath = grub_ieee1275_get_boot_dev ();
if (! bootpath)
@@ -171,7 +173,7 @@ grub_machine_get_bootlocation (char **device, char **path)
dev = grub_ieee1275_get_aliasdevname (bootpath);
canon = grub_ieee1275_canonicalise_devname (dev);
if (! canon)
- return;
+ goto done;
ptr = canon + grub_strlen (canon) - 1;
while (ptr > canon && (*ptr == ',' || *ptr == ':'))
ptr--;
@@ -179,13 +181,17 @@ grub_machine_get_bootlocation (char **device, char **path)
*ptr = 0;
if (grub_ieee1275_net_config)
- grub_ieee1275_net_config (canon, device, path, bootpath);
+ grub_ieee1275_net_config (canon, &ret_device, &ret_path, bootpath);
grub_free (dev);
grub_free (canon);
+
+ /* Use path from net config if it is provided by cached DHCP info */
+ if (ret_path != NULL)
+ goto done;
+ /* Fall through to use firmware bootpath */
}
else
- *device = grub_ieee1275_encode_devname (bootpath);
- grub_free (type);
+ ret_device = grub_ieee1275_encode_devname (bootpath);
filename = grub_ieee1275_get_filename (bootpath);
if (filename)
@@ -198,10 +204,18 @@ grub_machine_get_bootlocation (char **device, char **path)
*lastslash = '\0';
grub_translate_ieee1275_path (filename);
- *path = filename;
+ ret_path = filename;
}
}
+
+ done:
+ grub_free (type);
grub_free (bootpath);
+
+ if (device != NULL)
+ *device = ret_device;
+ if (path != NULL)
+ *path = ret_path;
}
/* Claim some available memory in the first /memory node. */
--
2.51.0

45
0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
View File

@@ -1,45 +0,0 @@
From 12d518fd50ed4787d3cc4bafcc11e14139dc5d76 Mon Sep 17 00:00:00 2001
From: Thomas Frauendorfer | Miray Software <tf@miray.de>
Date: Wed, 7 May 2025 16:15:22 +0200
Subject: [PATCH 1/7] kern/file: Call grub_dl_unref() after fs->fs_close()
With commit 16f196874 (kern/file: Implement filesystem reference
counting) files hold a reference to their file systems.
When closing a file in grub_file_close() we should not expect
file->fs to stay valid after calling grub_dl_unref() on file->fs->mod.
So, grub_dl_unref() should be called after file->fs->fs_close().
Fixes: CVE-2025-54771
Fixes: 16f196874 (kern/file: Implement filesystem reference counting)
Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/file.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index 7217a6ea7..dce29bedd 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -201,12 +201,12 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
grub_err_t
grub_file_close (grub_file_t file)
{
- if (file->fs->mod)
- grub_dl_unref (file->fs->mod);
-
if (file->fs->fs_close)
(file->fs->fs_close) (file);
+ if (file->fs->mod)
+ grub_dl_unref (file->fs->mod);
+
if (file->device)
grub_device_close (file->device);
grub_free (file->name);
--
2.51.1

119
0001-linux-fallback-to-EFI-handover-on-x86_64.patch Normal file
View File

@@ -0,0 +1,119 @@
From f770cc82c3d65c65d812e96e006c17861d357d99 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Sat, 26 Apr 2025 15:07:36 +0800
Subject: [PATCH 1/4] linux: fallback to EFI handover on x86_64
On the x86_64 platform, when the shim loader protocol is unavailable and
UEFI Secure Boot is enabled, fall back to the Linux EFI handover boot
protocol. This legacy method supports the in-kernel EFI stub and is used
instead of the 32-bit boot entry.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/Makefile.core.def | 2 ++
grub-core/loader/efi/linux.c | 13 +++++++------
grub-core/loader/i386/efi/linux.c | 30 ++++--------------------------
3 files changed, 13 insertions(+), 32 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 80ea6656a..1811661c3 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1902,6 +1902,8 @@ module = {
loongarch64 = loader/efi/linux.c;
riscv32 = loader/efi/linux.c;
riscv64 = loader/efi/linux.c;
+ i386_efi = loader/efi/linux.c;
+ x86_64_efi = loader/efi/linux.c;
emu = loader/emu/linux.c;
common = loader/linux.c;
i386_efi = loader/efi/linux_boot.c;
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 394df6039..b20dec404 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -71,10 +71,10 @@ static initrd_media_device_path_t initrd_lf2_device_path = {
};
extern grub_err_t
-grub_cmd_linux_x86_legacy (grub_command_t cmd, int argc, char *argv[]);
+grub_cmd_linux_efi_fallback (grub_command_t cmd, int argc, char *argv[]);
extern grub_err_t
-grub_cmd_initrd_x86_legacy (grub_command_t cmd, int argc, char *argv[]);
+grub_cmd_initrd_efi_fallback (grub_command_t cmd, int argc, char *argv[]);
static grub_efi_status_t __grub_efi_api
grub_efi_initrd_load_file2 (grub_efi_load_file2_t *this,
@@ -389,8 +389,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
}
#if defined(__i386__) || defined(__x86_64__)
- if (!initrd_use_loadfile2)
- return grub_cmd_initrd_x86_legacy (cmd, argc, argv);
+ if (grub_is_using_legacy_shim_lock_protocol () == true ||
+ !initrd_use_loadfile2)
+ return grub_cmd_initrd_efi_fallback (cmd, argc, argv);
#endif
if (!loaded)
@@ -474,7 +475,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
#if defined(__i386__) || defined(__x86_64__)
grub_dprintf ("linux", "using legacy shim_lock protocol, falling back to legacy Linux kernel loader\n");
- err = grub_cmd_linux_x86_legacy (cmd, argc, argv);
+ err = grub_cmd_linux_efi_fallback (cmd, argc, argv);
if (err == GRUB_ERR_NONE)
return GRUB_ERR_NONE;
@@ -513,7 +514,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
*/
fallback:
grub_file_close (file);
- return grub_cmd_linux_x86_legacy (cmd, argc, argv);
+ return grub_cmd_linux_efi_fallback (cmd, argc, argv);
}
#endif
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index ca3435a88..49e4a3f19 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -421,30 +421,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
return grub_errno;
}
-static grub_command_t cmd_linux, cmd_initrd;
-static grub_command_t cmd_linuxefi, cmd_initrdefi;
+extern grub_err_t __attribute__((alias("grub_cmd_linux")))
+grub_cmd_linux_efi_fallback (grub_command_t cmd, int argc, char *argv[]);
-GRUB_MOD_INIT(linux)
-{
- cmd_linuxefi =
- grub_register_command ("linuxefi", grub_cmd_linux,
- 0, N_("Load Linux."));
- cmd_initrdefi =
- grub_register_command ("initrdefi", grub_cmd_initrd,
- 0, N_("Load initrd."));
- cmd_linux =
- grub_register_command ("linux", grub_cmd_linux,
- 0, N_("Load Linux."));
- cmd_initrd =
- grub_register_command ("initrd", grub_cmd_initrd,
- 0, N_("Load initrd."));
- my_mod = mod;
-}
-
-GRUB_MOD_FINI(linux)
-{
- grub_unregister_command (cmd_linuxefi);
- grub_unregister_command (cmd_initrdefi);
- grub_unregister_command (cmd_linux);
- grub_unregister_command (cmd_initrd);
-}
+extern grub_err_t __attribute__((alias("grub_cmd_initrd")))
+grub_cmd_initrd_efi_fallback (grub_command_t cmd, int argc, char *argv[]);
--
2.50.1

35
0001-modules-Make-.module_license-read-only.patch Normal file
View File

@@ -0,0 +1,35 @@
From a05d4896327e87b2986ddb44ef0947bbc9010da6 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 9 Oct 2024 09:16:36 +0100
Subject: [PATCH 01/13] modules: Make .module_license read-only
Currently .module_license is set writable, that is, the section has the
SHF_WRITE flag set, in the module's ELF headers. This probably never
actually matters but it can't possibly be correct. The patch sets that
data as "const" which causes that flag not to be set.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-By: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
include/grub/dl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index c5ab18cb1..fb4476797 100644
--- a/include/grub/dl.h
+++ b/include/grub/dl.h
@@ -119,7 +119,7 @@ grub_mod_fini (void)
#define ATTRIBUTE_USED __unused__
#endif
#define GRUB_MOD_LICENSE(license) \
- static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license;
+ static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license;
#define GRUB_MOD_DEP(name) \
static const char grub_module_depend_##name[] \
__attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name
--
2.50.1

83
0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
View File

@@ -1,83 +0,0 @@
From 6c06378c1bf6ae21788427e62ab0011b7f1bc2f0 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 25 Nov 2022 16:11:24 +0800
Subject: [PATCH] xen_boot: add missing grub_arch_efi_linux_load_image_header
The new xen_boot module has used grub_arch_efi_linux_load_image_header
exported by grub-core/loader/arm64/linux.c. It is not a problem for
upstream but many downstream projects may not use it and take
grub-core/loader/arm64/efi/linux.c as a replacement as PE entry is the
preferred way in combination with shim loader.
This patch did a trivial workaround just adding back the dropped
defintion to the xen_boot itself.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/loader/arm64/xen_boot.c | 50 +++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
index 26e1472c9..b82a2db89 100644
--- a/grub-core/loader/arm64/xen_boot.c
+++ b/grub-core/loader/arm64/xen_boot.c
@@ -84,6 +84,56 @@ static int loaded;
static struct xen_boot_binary *xen_hypervisor;
static struct xen_boot_binary *module_head;
+/* The function is exported by grub-core/loader/arm64/linux.c that is not built
+ * because we use PE entry provided by grub-core/loader/arm64/efi/linux.c
+ */
+static bool initrd_use_loadfile2 = false;
+
+grub_err_t
+grub_arch_efi_linux_load_image_header (grub_file_t file,
+ struct linux_arch_kernel_header * lh)
+{
+ grub_file_seek (file, 0);
+ if (grub_file_read (file, lh, sizeof (*lh)) < (grub_ssize_t) sizeof (*lh))
+ return grub_error(GRUB_ERR_FILE_READ_ERROR, "failed to read Linux image header");
+
+ if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC)
+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled"));
+
+ grub_dprintf ("linux", "UEFI stub kernel:\n");
+ grub_dprintf ("linux", "PE/COFF header @ %08x\n", lh->hdr_offset);
+
+ /*
+ * The PE/COFF spec permits the COFF header to appear anywhere in the file, so
+ * we need to double check whether it was where we expected it, and if not, we
+ * must load it from the correct offset into the pe_image_header field of
+ * struct linux_arch_kernel_header.
+ */
+ if ((grub_uint8_t *) lh + lh->hdr_offset != (grub_uint8_t *) &lh->pe_image_header)
+ {
+ if (grub_file_seek (file, lh->hdr_offset) == (grub_off_t) -1
+ || grub_file_read (file, &lh->pe_image_header,
+ sizeof (struct grub_pe_image_header))
+ != sizeof (struct grub_pe_image_header))
+ return grub_error (GRUB_ERR_FILE_READ_ERROR, "failed to read COFF image header");
+ }
+
+ /*
+ * Linux kernels built for any architecture are guaranteed to support the
+ * LoadFile2 based initrd loading protocol if the image version is >= 1.
+ */
+ if (lh->pe_image_header.optional_header.major_image_version >= 1)
+ initrd_use_loadfile2 = true;
+ else
+ initrd_use_loadfile2 = false;
+
+ grub_dprintf ("linux", "LoadFile2 initrd loading %sabled\n",
+ initrd_use_loadfile2 ? "en" : "dis");
+
+ return GRUB_ERR_NONE;
+}
+
static __inline grub_addr_t
xen_boot_address_align (grub_addr_t start, grub_size_t align)
{
--
2.41.0

113
0002-linux-fallback-to-direct-PE-entry-boot-on-arm64.patch Normal file
View File

@@ -0,0 +1,113 @@
From 1e5d19972bb64b0fcb39083042a69cf05e0cb783 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Sat, 26 Apr 2025 15:33:28 +0800
Subject: [PATCH 2/4] linux: fallback to direct PE entry boot on arm64
On the arm64 platform, when the shim loader protocol is unavailable and
UEFI Secure Boot is enabled, fall back to booting via the direct PE/COFF
image entry point instead of requesting UEFI to load and start the
image. This fallback allows booting binaries validated by shim's vendor
DB, even if they are not listed in the UEFI DB.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/Makefile.core.def | 1 +
grub-core/loader/arm64/efi/linux.c | 26 +++++++-------------------
grub-core/loader/efi/linux.c | 6 +++---
3 files changed, 11 insertions(+), 22 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 1811661c3..2100d7ff2 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1898,6 +1898,7 @@ module = {
arm_coreboot = loader/arm/linux.c;
arm_efi = loader/efi/linux.c;
arm_uboot = loader/arm/linux.c;
+ arm64 = loader/efi/linux.c;
arm64 = loader/arm64/efi/linux.c;
loongarch64 = loader/efi/linux.c;
riscv32 = loader/efi/linux.c;
diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c
index a9f5e05e4..8eab1dc86 100644
--- a/grub-core/loader/arm64/efi/linux.c
+++ b/grub-core/loader/arm64/efi/linux.c
@@ -190,8 +190,8 @@ free_params (void)
}
}
-grub_err_t
-grub_arch_efi_linux_boot_image (grub_addr_t addr,
+static grub_err_t
+grub_arm64_efi_linux_boot_image (grub_addr_t addr,
grub_size_t size __attribute__ ((unused)),
char *args)
{
@@ -213,7 +213,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr,
static grub_err_t
grub_linux_boot (void)
{
- return (grub_arch_efi_linux_boot_image ((grub_addr_t)kernel_addr, kernel_size, linux_args));
+ return (grub_arm64_efi_linux_boot_image ((grub_addr_t)kernel_addr, kernel_size, linux_args));
}
static grub_err_t
@@ -464,20 +464,8 @@ fail:
return grub_errno;
}
+extern grub_err_t __attribute__((alias("grub_cmd_linux")))
+grub_cmd_linux_efi_fallback (grub_command_t cmd, int argc, char *argv[]);
-static grub_command_t cmd_linux, cmd_initrd;
-
-GRUB_MOD_INIT (linux)
-{
- cmd_linux = grub_register_command ("linux", grub_cmd_linux, 0,
- N_("Load Linux."));
- cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0,
- N_("Load initrd."));
- my_mod = mod;
-}
-
-GRUB_MOD_FINI (linux)
-{
- grub_unregister_command (cmd_linux);
- grub_unregister_command (cmd_initrd);
-}
+extern grub_err_t __attribute__((alias("grub_cmd_initrd")))
+grub_cmd_initrd_efi_fallback (grub_command_t cmd, int argc, char *argv[]);
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index b20dec404..d29e32cba 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -388,7 +388,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
-#if defined(__i386__) || defined(__x86_64__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__aarch64__)
if (grub_is_using_legacy_shim_lock_protocol () == true ||
!initrd_use_loadfile2)
return grub_cmd_initrd_efi_fallback (cmd, argc, argv);
@@ -472,7 +472,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (grub_is_using_legacy_shim_lock_protocol () == true)
{
-#if defined(__i386__) || defined(__x86_64__)
+#if defined(__i386__) || defined(__x86_64__) || defined (__aarch64__)
grub_dprintf ("linux", "using legacy shim_lock protocol, falling back to legacy Linux kernel loader\n");
err = grub_cmd_linux_efi_fallback (cmd, argc, argv);
@@ -499,7 +499,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
kernel_size = grub_file_size (file);
if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
-#if !defined(__i386__) && !defined(__x86_64__)
+#if !defined(__i386__) && !defined(__x86_64__) && !defined (__aarch64__)
goto fail;
#else
goto fallback;
--
2.50.1

44
0002-modules-Strip-.llvm_addrsig-sections-and-similar.patch Normal file
View File

@@ -0,0 +1,44 @@
From 5407ea9241aae78a724f00126e4e6b49dd08e92b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 9 Oct 2024 09:16:37 +0100
Subject: [PATCH 02/13] modules: Strip .llvm_addrsig sections and similar
Currently GRUB modules built with Clang or GCC have several sections
which we don't actually need or support. We already have a list of
sections to skip in genmod.sh and this patch adds the following
sections to that list (as well as a few newlines):
- .note.gnu.property
- .llvm*
Note that the glob there won't work without a new enough linker but the
failure is just reversion to the status quo. So, that's not a big problem.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-By: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/genmod.sh.in | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in
index e57c4d920..337753c57 100644
--- a/grub-core/genmod.sh.in
+++ b/grub-core/genmod.sh.in
@@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then
@TARGET_STRIP@ --strip-unneeded \
-K grub_mod_init -K grub_mod_fini \
-K _grub_mod_init -K _grub_mod_fini \
- -R .note.gnu.gold-version -R .note.GNU-stack \
+ -R .note.GNU-stack \
+ -R .note.gnu.gold-version \
+ -R .note.gnu.property \
-R .gnu.build.attributes \
+ -R '.llvm*' \
-R .rel.gnu.build.attributes \
-R .rela.gnu.build.attributes \
-R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \
--
2.50.1

35
0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
View File

@@ -1,35 +0,0 @@
From c9af7dfdd068beb1f47b1837bcc143118a87fbb1 Mon Sep 17 00:00:00 2001
From: Thomas Frauendorfer | Miray Software <tf@miray.de>
Date: Fri, 9 May 2025 14:20:47 +0200
Subject: [PATCH 2/7] net/net: Unregister net_set_vlan command on unload
The commit 954c48b9c (net/net: Add net_set_vlan command) added command
net_set_vlan to the net module. Unfortunately the commit only added the
grub_register_command() call on module load but missed the
grub_unregister_command() on unload. Let's fix this.
Fixes: CVE-2025-54770
Fixes: 954c48b9c (net/net: Add net_set_vlan command)
Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/net.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index df13c3aaa..7bd8f1bf7 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -2151,6 +2151,7 @@ GRUB_MOD_FINI(net)
grub_unregister_command (cmd_deladdr);
grub_unregister_command (cmd_addroute);
grub_unregister_command (cmd_delroute);
+ grub_unregister_command (cmd_setvlan);
grub_unregister_command (cmd_lsroutes);
grub_unregister_command (cmd_lscards);
grub_unregister_command (cmd_lsaddr);
--
2.51.1

43
0003-efi-chainloader-fallback-to-direct-image-execution.patch Normal file
View File

@@ -0,0 +1,43 @@
From 43b0319936f51dc6b4cba3518449195924e83dc8 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Sat, 26 Apr 2025 15:39:43 +0800
Subject: [PATCH 3/4] efi/chainloader: fallback to direct image execution
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When the shim loader protocol is unavailable and UEFI Secure Boot is
enabled, fall back to chainloading the PE/COFF image by manually
relocating it to the loaded memory address and jumping to its entry
point, rather than invoking UEFI to load and start the image. This
fallback supports booting binaries validated by shims vendor DB, even
if they are not present in the UEFI DB.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/loader/efi/chainloader.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 1830de223..7e2847217 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -805,10 +805,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
#ifdef SUPPORT_SECURE_BOOT
/* FIXME is secure boot possible also with universal binaries? */
- if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, size)))
+ if (debug_secureboot ||
+ (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED &&
+ grub_is_using_legacy_shim_lock_protocol () == true &&
+ grub_secure_validate ((void *)address, size)))
{
struct grub_secureboot_chainloader_context *sb_context;
+ grub_dprintf ("chain", "Falling back to PE loader\n");
sb_context = grub_malloc (sizeof (*sb_context));
if (!sb_context)
goto fail;
--
2.50.1

66
0003-gettext-gettext-Unregister-gettext-command-on-module.patch
View File

@@ -1,66 +0,0 @@
From 04f3a7beebd029c10e80e9cbea5c1d8452b066ce Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Thu, 21 Aug 2025 21:14:06 +0000
Subject: [PATCH 3/7] gettext/gettext: Unregister gettext command on module
unload
When the gettext module is loaded, the gettext command is registered but
isn't unregistered when the module is unloaded. We need to add a call to
grub_unregister_command() when unloading the module.
Fixes: CVE-2025-61662
Reported-by: Alec Brown <alec.r.brown@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/gettext/gettext.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index 9ffc73428..edebed998 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -502,6 +502,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)),
return 0;
}
+static grub_command_t cmd;
+
GRUB_MOD_INIT (gettext)
{
const char *lang;
@@ -521,13 +523,14 @@ GRUB_MOD_INIT (gettext)
grub_register_variable_hook ("locale_dir", NULL, read_main);
grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary);
- grub_register_command_p1 ("gettext", grub_cmd_translate,
- N_("STRING"),
- /* TRANSLATORS: It refers to passing the string through gettext.
- So it's "translate" in the same meaning as in what you're
- doing now.
- */
- N_("Translates the string with the current settings."));
+ cmd = grub_register_command_p1 ("gettext", grub_cmd_translate,
+ N_("STRING"),
+ /*
+ * TRANSLATORS: It refers to passing the string through gettext.
+ * So it's "translate" in the same meaning as in what you're
+ * doing now.
+ */
+ N_("Translates the string with the current settings."));
/* Reload .mo file information if lang changes. */
grub_register_variable_hook ("lang", NULL, grub_gettext_env_write_lang);
@@ -544,6 +547,8 @@ GRUB_MOD_FINI (gettext)
grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
grub_register_variable_hook ("lang", NULL, NULL);
+ grub_unregister_command (cmd);
+
grub_gettext_delete_list (&main_context);
grub_gettext_delete_list (&secondary_context);
--
2.51.1

41
0003-modules-Don-t-allocate-space-for-non-allocable-secti.patch Normal file
View File

@@ -0,0 +1,41 @@
From 5696bf9bebb17b6a7837163149287586b90dc14c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 9 Oct 2024 09:16:38 +0100
Subject: [PATCH 03/13] modules: Don't allocate space for non-allocable
sections
Currently when loading GRUB modules we allocate space for all sections
including those without SHF_ALLOC set. We then copy the sections that
/do/ have SHF_ALLOC set into the allocated memory leaving some of our
allocation untouched forever. Additionally, on platforms with GOT fixups
and trampolines we currently compute alignment round-ups for the
sections and sections with sh_size = 0. This patch removes the extra
space from the allocation computation and makes the allocation
computation loop skip empty sections as the loading loop does.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-By: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 73a5b9e0f..6af031072 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -241,6 +241,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
i < e->e_shnum;
i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
{
+ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC))
+ continue;
+
tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size;
if (talign < s->sh_addralign)
talign = s->sh_addralign;
--
2.50.1

97
0004-efi-chainloader-fix-missing-file_path-in-loaded_imag.patch Normal file
View File

@@ -0,0 +1,97 @@
From e2a6f238920ab547d216ce96283bca6faf36378b Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 30 Apr 2025 21:16:50 +0800
Subject: [PATCH 4/4] efi/chainloader: fix missing file_path in loaded_image
The file_path field in the loaded_image protocol may be unset for
chainloaded target images. When this occurs, populate the file_path to
ensure the target image can use the loaded_image protocol for location
dependent operations, such as reading configuration files from its
directory. Without this, the chainloaded image may fail to start due to
an inability to reconfigure itself properly.
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/loader/efi/chainloader.c | 52 +++++++++++++++++-------------
1 file changed, 29 insertions(+), 23 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 7e2847217..9b70e1e61 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -222,6 +222,29 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
return file_path;
}
+static grub_efi_device_path_t *
+grub_efi_get_media_file_path (grub_efi_device_path_t *dp)
+{
+ while (1)
+ {
+ grub_efi_uint8_t type;
+ grub_efi_uint8_t subtype;
+
+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
+ break;
+
+ type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+ subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+
+ if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
+ return dp;
+
+ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
+ }
+
+ return NULL;
+}
+
#ifdef SUPPORT_SECURE_BOOT
#define SHIM_LOCK_GUID \
{ 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
@@ -461,29 +484,6 @@ relocate_coff (pe_coff_loader_image_context_t *context, void *data)
return GRUB_EFI_SUCCESS;
}
-static grub_efi_device_path_t *
-grub_efi_get_media_file_path (grub_efi_device_path_t *dp)
-{
- while (1)
- {
- grub_efi_uint8_t type;
- grub_efi_uint8_t subtype;
-
- if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
- break;
-
- type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
- subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
-
- if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
- return dp;
-
- dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
- }
-
- return NULL;
-}
-
static grub_efi_boolean_t
handle_image (struct grub_secureboot_chainloader_context *load_context)
{
@@ -881,6 +881,12 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
loaded_image->device_handle = dev_handle;
+ if (! loaded_image->file_path)
+ {
+ grub_dprintf ("chain", "bailout file_path\n");
+ loaded_image->file_path = grub_efi_get_media_file_path (file_path);
+ }
+
/* Build load options with arguments from chainloader command line. */
if (cmdline)
{
--
2.50.1

170
0004-modules-Load-module-sections-at-page-aligned-address.patch Normal file
View File

@@ -0,0 +1,170 @@
From db7bee2f67310219f7431b28a4b6c1385ac211d3 Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Wed, 9 Oct 2024 09:16:39 +0100
Subject: [PATCH 04/13] modules: Load module sections at page-aligned addresses
Currently we load module sections at whatever alignment gcc+ld happened
to dump into the ELF section header which is often less then the page
size. Since NX protections are page based this alignment must be rounded
up to page size on platforms supporting NX protections. This patch
switches EFI platforms to load module sections at 4 KiB page-aligned
addresses. It then changes the allocation size computation and the
loader code in grub_dl_load_segments() to align the locations and sizes
up to these boundaries and fills any added padding with zeros. All of
this happens before relocations are applied, so the relocations factor
that in with no change.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/dl.c | 54 ++++++++++++++++++++++++++++++---------------
1 file changed, 36 insertions(+), 18 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 6af031072..b384412d1 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -33,6 +33,10 @@
#include <grub/cache.h>
#include <grub/i18n.h>
+#ifdef GRUB_MACHINE_EFI
+#include <grub/efi/memory.h>
+#endif
+
/* Platforms where modules are in a readonly area of memory. */
#if defined(GRUB_MACHINE_QEMU)
#define GRUB_MODULES_MACHINE_READONLY
@@ -40,10 +44,11 @@
#ifdef GRUB_MACHINE_EFI
#include <grub/efi/sb.h>
+#define DL_ALIGN GRUB_EFI_PAGE_SIZE
+#else
+#define DL_ALIGN 1
#endif
-
-
#pragma GCC diagnostic ignored "-Wcast-align"
grub_dl_t grub_dl_head = 0;
@@ -228,25 +233,34 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
{
unsigned i;
const Elf_Shdr *s;
- grub_size_t tsize = 0, talign = 1;
+ grub_size_t tsize = 0, talign = 1, arch_addralign = 1;
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
!defined (__loongarch__) && !defined (__s390x__)
grub_size_t tramp;
+ grub_size_t tramp_align;
grub_size_t got;
+ grub_size_t got_align;
grub_err_t err;
#endif
char *ptr;
+ arch_addralign = DL_ALIGN;
+
for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff);
i < e->e_shnum;
i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
{
+ grub_size_t sh_addralign;
+ grub_size_t sh_size;
+
if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC))
continue;
- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size;
- if (talign < s->sh_addralign)
- talign = s->sh_addralign;
+ sh_addralign = ALIGN_UP (s->sh_addralign, arch_addralign);
+ sh_size = ALIGN_UP (s->sh_size, sh_addralign);
+
+ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size;
+ talign = grub_max (talign, sh_addralign);
}
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
@@ -254,12 +268,12 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
err = grub_arch_dl_get_tramp_got_size (e, &tramp, &got);
if (err)
return err;
- tsize += ALIGN_UP (tramp, GRUB_ARCH_DL_TRAMP_ALIGN);
- if (talign < GRUB_ARCH_DL_TRAMP_ALIGN)
- talign = GRUB_ARCH_DL_TRAMP_ALIGN;
- tsize += ALIGN_UP (got, GRUB_ARCH_DL_GOT_ALIGN);
- if (talign < GRUB_ARCH_DL_GOT_ALIGN)
- talign = GRUB_ARCH_DL_GOT_ALIGN;
+ tramp_align = grub_max (GRUB_ARCH_DL_TRAMP_ALIGN, arch_addralign);
+ tsize += ALIGN_UP (tramp, tramp_align);
+ talign = grub_max (talign, tramp_align);
+ got_align = grub_max (GRUB_ARCH_DL_GOT_ALIGN, arch_addralign);
+ tsize += ALIGN_UP (got, got_align);
+ talign = grub_max (talign, got_align);
#endif
#ifdef GRUB_MACHINE_EMU
@@ -276,6 +290,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
i < e->e_shnum;
i++, s = (Elf_Shdr *)((char *) s + e->e_shentsize))
{
+ grub_size_t sh_addralign = ALIGN_UP (s->sh_addralign, arch_addralign);
+ grub_size_t sh_size = ALIGN_UP (s->sh_size, sh_addralign);
+
if (s->sh_flags & SHF_ALLOC)
{
grub_dl_segment_t seg;
@@ -288,17 +305,18 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
{
void *addr;
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, s->sh_addralign);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, sh_addralign);
addr = ptr;
- ptr += s->sh_size;
+ ptr += sh_size;
switch (s->sh_type)
{
case SHT_PROGBITS:
grub_memcpy (addr, (char *) e + s->sh_offset, s->sh_size);
+ grub_memset ((char *) addr + s->sh_size, 0, sh_size - s->sh_size);
break;
case SHT_NOBITS:
- grub_memset (addr, 0, s->sh_size);
+ grub_memset (addr, 0, sh_size);
break;
}
@@ -307,7 +325,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
else
seg->addr = 0;
- seg->size = s->sh_size;
+ seg->size = sh_size;
seg->section = i;
seg->next = mod->segment;
mod->segment = seg;
@@ -315,11 +333,11 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
}
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
!defined (__loongarch__) && !defined (__s390x__)
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_TRAMP_ALIGN);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, tramp_align);
mod->tramp = ptr;
mod->trampptr = ptr;
ptr += tramp;
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_GOT_ALIGN);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, got_align);
mod->got = ptr;
mod->gotptr = ptr;
ptr += got;
--
2.50.1

58
0004-normal-main-Unregister-commands-on-module-unload.patch
View File

@@ -1,58 +0,0 @@
From 41330d7fafe122d79d7a9ec28884c0771eb4fdf3 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Thu, 21 Aug 2025 21:14:07 +0000
Subject: [PATCH 4/7] normal/main: Unregister commands on module unload
When the normal module is loaded, the normal and normal_exit commands
are registered but aren't unregistered when the module is unloaded. We
need to add calls to grub_unregister_command() when unloading the module
for these commands.
Fixes: CVE-2025-61663
Fixes: CVE-2025-61664
Reported-by: Alec Brown <alec.r.brown@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/normal/main.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 398169299..b77d55eb3 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -639,7 +639,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)),
return 0;
}
-static grub_command_t cmd_clear;
+static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit;
static void (*grub_xputs_saved) (const char *str);
static const char *features[] = {
@@ -682,10 +682,10 @@ GRUB_MOD_INIT(normal)
grub_env_export ("pager");
/* Register a command "normal" for the rescue mode. */
- grub_register_command ("normal", grub_cmd_normal,
- 0, N_("Enter normal mode."));
- grub_register_command ("normal_exit", grub_cmd_normal_exit,
- 0, N_("Exit from normal mode."));
+ cmd_normal = grub_register_command ("normal", grub_cmd_normal,
+ 0, N_("Enter normal mode."));
+ cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit,
+ 0, N_("Exit from normal mode."));
/* Reload terminal colors when these variables are written to. */
grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal);
@@ -727,4 +727,6 @@ GRUB_MOD_FINI(normal)
grub_register_variable_hook ("color_highlight", NULL, NULL);
grub_fs_autoload_hook = 0;
grub_unregister_command (cmd_clear);
+ grub_unregister_command (cmd_normal);
+ grub_unregister_command (cmd_normal_exit);
}
--
2.51.1

236
0005-nx-Add-memory-attribute-get-set-API.patch Normal file
View File

@@ -0,0 +1,236 @@
From ae9bf340b0ae7b0b8f968e89468d7eac13583a8d Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Wed, 9 Oct 2024 09:16:40 +0100
Subject: [PATCH 05/13] nx: Add memory attribute get/set API
For NX we need to set the page access permission attributes for write
and execute permissions. This patch adds two new primitives, grub_set_mem_attrs()
and grub_clear_mem_attrs(), and associated constants definitions used
for that purpose. For most platforms it adds a dummy implementation.
On EFI platforms it implements the primitives using the EFI Memory
Attribute Protocol, defined in UEFI 2.10 specification.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/mm.c | 109 ++++++++++++++++++++++++++++++++++++++++
include/grub/efi/api.h | 25 +++++++++
include/grub/mm.h | 35 +++++++++++++
3 files changed, 169 insertions(+)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 9b1d3add7..93566e916 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -736,3 +736,112 @@ grub_efi_get_ram_base(grub_addr_t *base_addr)
return GRUB_ERR_NONE;
}
#endif
+
+static grub_uint64_t
+grub_mem_attrs_to_uefi_mem_attrs (grub_mem_attr_t attrs)
+{
+ grub_efi_uint64_t ret = GRUB_EFI_MEMORY_RP | GRUB_EFI_MEMORY_RO | GRUB_EFI_MEMORY_XP;
+
+ if (attrs & GRUB_MEM_ATTR_R)
+ ret &= ~GRUB_EFI_MEMORY_RP;
+
+ if (attrs & GRUB_MEM_ATTR_W)
+ ret &= ~GRUB_EFI_MEMORY_RO;
+
+ if (attrs & GRUB_MEM_ATTR_X)
+ ret &= ~GRUB_EFI_MEMORY_XP;
+
+ return ret;
+}
+
+static grub_mem_attr_t
+uefi_mem_attrs_to_grub_mem_attrs (grub_efi_uint64_t attrs)
+{
+ grub_mem_attr_t ret = GRUB_MEM_ATTR_R | GRUB_MEM_ATTR_W | GRUB_MEM_ATTR_X;
+
+ if (attrs & GRUB_EFI_MEMORY_RP)
+ ret &= ~GRUB_MEM_ATTR_R;
+
+ if (attrs & GRUB_EFI_MEMORY_RO)
+ ret &= ~GRUB_MEM_ATTR_W;
+
+ if (attrs & GRUB_EFI_MEMORY_XP)
+ ret &= ~GRUB_MEM_ATTR_X;
+
+ return ret;
+}
+
+grub_err_t
+grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_mem_attr_t *attrs)
+{
+ grub_efi_memory_attribute_protocol_t *proto;
+ grub_efi_physical_address_t physaddr = addr;
+ static grub_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
+ grub_efi_status_t efi_status;
+ grub_efi_uint64_t efi_attrs;
+
+ if (physaddr & (GRUB_EFI_PAGE_SIZE - 1) || size & (GRUB_EFI_PAGE_SIZE - 1) || size == 0 || attrs == NULL)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "%s() called with invalid arguments", __FUNCTION__);
+
+ proto = grub_efi_locate_protocol (&protocol_guid, 0);
+ if (proto == NULL)
+ {
+ /* No protocol -> do nothing, all memory is RWX in boot services */
+ *attrs = GRUB_MEM_ATTR_R | GRUB_MEM_ATTR_W | GRUB_MEM_ATTR_X;
+ return GRUB_ERR_NONE;
+ }
+
+ efi_status = proto->get_memory_attributes (proto, physaddr, size, &efi_attrs);
+ if (efi_status != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "%s() called with invalid arguments", __FUNCTION__);
+
+ *attrs = uefi_mem_attrs_to_grub_mem_attrs (efi_attrs);
+
+ grub_dprintf ("nx", "get 0x%" PRIxGRUB_ADDR "-0x%" PRIxGRUB_ADDR ":%c%c%c\n",
+ addr, addr + size - 1,
+ (*attrs & GRUB_MEM_ATTR_R) ? 'r' : '-',
+ (*attrs & GRUB_MEM_ATTR_W) ? 'w' : '-',
+ (*attrs & GRUB_MEM_ATTR_X) ? 'x' : '-');
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_update_mem_attrs (grub_addr_t addr, grub_size_t size,
+ grub_mem_attr_t set_attrs, grub_mem_attr_t clear_attrs)
+{
+ grub_efi_memory_attribute_protocol_t *proto;
+ grub_efi_physical_address_t physaddr = addr;
+ static grub_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
+ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS;
+ grub_efi_uint64_t uefi_set_attrs, uefi_clear_attrs;
+
+ if (physaddr & (GRUB_EFI_PAGE_SIZE - 1) || size & (GRUB_EFI_PAGE_SIZE - 1) || size == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "%s() called with invalid arguments", __FUNCTION__);
+
+ proto = grub_efi_locate_protocol (&protocol_guid, 0);
+ if (proto == NULL)
+ /* No protocol -> do nothing, all memory is RWX in boot services */
+ return GRUB_ERR_NONE;
+
+ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs);
+ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs);
+ if (uefi_set_attrs)
+ efi_status = proto->set_memory_attributes (proto, physaddr, size, uefi_set_attrs);
+ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs)
+ efi_status = proto->clear_memory_attributes (proto, physaddr, size, uefi_clear_attrs);
+
+ if (efi_status != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "%s() called with invalid arguments", __FUNCTION__);
+
+ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%" PRIxGRUB_ADDR "-0x%" PRIxGRUB_ADDR "\n",
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ addr, addr + size - 1);
+
+ return GRUB_ERR_NONE;
+}
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index 975b90b09..5d1aada34 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -394,6 +394,11 @@
{ 0x93, 0x87, 0x6d, 0x87, 0x60, 0x50, 0xdc, 0x67 } \
}
+#define GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \
+ { 0xf4560cf6, 0x40ec, 0x4b4a, \
+ { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 } \
+ }
+
struct grub_efi_sal_system_table
{
grub_uint32_t signature;
@@ -2105,4 +2110,24 @@ struct grub_efi_ip6_config_manual_address {
};
typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t;
+struct grub_efi_memory_attribute_protocol
+{
+ grub_efi_status_t (__grub_efi_api *get_memory_attributes) (
+ struct grub_efi_memory_attribute_protocol *this,
+ grub_efi_physical_address_t base_address,
+ grub_efi_uint64_t length,
+ grub_efi_uint64_t *attributes);
+ grub_efi_status_t (__grub_efi_api *set_memory_attributes) (
+ struct grub_efi_memory_attribute_protocol *this,
+ grub_efi_physical_address_t base_address,
+ grub_efi_uint64_t length,
+ grub_efi_uint64_t attributes);
+ grub_efi_status_t (__grub_efi_api *clear_memory_attributes) (
+ struct grub_efi_memory_attribute_protocol *this,
+ grub_efi_physical_address_t base_address,
+ grub_efi_uint64_t length,
+ grub_efi_uint64_t attributes);
+};
+typedef struct grub_efi_memory_attribute_protocol grub_efi_memory_attribute_protocol_t;
+
#endif /* ! GRUB_EFI_API_HEADER */
diff --git a/include/grub/mm.h b/include/grub/mm.h
index 75894dbbe..494133b4c 100644
--- a/include/grub/mm.h
+++ b/include/grub/mm.h
@@ -23,6 +23,7 @@
#include <grub/err.h>
#include <grub/types.h>
#include <grub/symbol.h>
+#include <grub/err.h>
#include <config.h>
#ifndef NULL
@@ -86,6 +87,40 @@ grub_calloc (grub_size_t nmemb, grub_size_t size)
void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
#endif
+typedef grub_uint64_t grub_mem_attr_t;
+
+#define GRUB_MEM_ATTR_R ((grub_mem_attr_t) 0x0000000000000004)
+#define GRUB_MEM_ATTR_W ((grub_mem_attr_t) 0x0000000000000002)
+#define GRUB_MEM_ATTR_X ((grub_mem_attr_t) 0x0000000000000001)
+
+#ifdef GRUB_MACHINE_EFI
+grub_err_t EXPORT_FUNC(grub_get_mem_attrs) (grub_addr_t addr,
+ grub_size_t size,
+ grub_mem_attr_t *attrs);
+grub_err_t EXPORT_FUNC(grub_update_mem_attrs) (grub_addr_t addr,
+ grub_size_t size,
+ grub_mem_attr_t set_attrs,
+ grub_mem_attr_t clear_attrs);
+#else /* !GRUB_MACHINE_EFI */
+static inline grub_err_t
+grub_get_mem_attrs (grub_addr_t addr __attribute__((__unused__)),
+ grub_size_t size __attribute__((__unused__)),
+ grub_mem_attr_t *attrs)
+{
+ *attrs = GRUB_MEM_ATTR_R | GRUB_MEM_ATTR_W | GRUB_MEM_ATTR_X;
+ return GRUB_ERR_NONE;
+}
+
+static inline grub_err_t
+grub_update_mem_attrs (grub_addr_t addr __attribute__((__unused__)),
+ grub_size_t size __attribute__((__unused__)),
+ grub_mem_attr_t set_attrs __attribute__((__unused__)),
+ grub_mem_attr_t clear_attrs __attribute__((__unused__)))
+{
+ return GRUB_ERR_NONE;
+}
+#endif /* GRUB_MACHINE_EFI */
+
void grub_mm_check_real (const char *file, int line);
#define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__);
--
2.50.1

47
0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
View File

@@ -1,47 +0,0 @@
From 0289adccc2127a1179fea9da0c787fab04a831f7 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Thu, 21 Aug 2025 21:14:08 +0000
Subject: [PATCH 5/7] tests/lib/functional_test: Unregister commands on module
unload
When the functional_test module is loaded, both the functional_test and
all_functional_test commands are registered but only the all_functional_test
command is being unregistered since it was the last to set the cmd variable
that gets unregistered when the module is unloaded. To unregister both
commands, we need to create an additional grub_extcmd_t variable.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/tests/lib/functional_test.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c
index 403fa5c78..31b6b5dab 100644
--- a/grub-core/tests/lib/functional_test.c
+++ b/grub-core/tests/lib/functional_test.c
@@ -90,17 +90,18 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)),
return GRUB_ERR_NONE;
}
-static grub_extcmd_t cmd;
+static grub_extcmd_t cmd, cmd_all;
GRUB_MOD_INIT (functional_test)
{
cmd = grub_register_extcmd ("functional_test", grub_functional_test, 0, 0,
"Run all loaded functional tests.", 0);
- cmd = grub_register_extcmd ("all_functional_test", grub_functional_all_tests, 0, 0,
- "Run all functional tests.", 0);
+ cmd_all = grub_register_extcmd ("all_functional_test", grub_functional_all_tests, 0, 0,
+ "Run all functional tests.", 0);
}
GRUB_MOD_FINI (functional_test)
{
grub_unregister_extcmd (cmd);
+ grub_unregister_extcmd (cmd_all);
}
--
2.51.1

34
0006-commands-usbtest-Use-correct-string-length-field.patch
View File

@@ -1,34 +0,0 @@
From 8dd7026738fb445abd811bb6bd98ff297676329e Mon Sep 17 00:00:00 2001
From: Jamie <volticks@gmail.com>
Date: Mon, 14 Jul 2025 09:52:59 +0100
Subject: [PATCH 6/7] commands/usbtest: Use correct string length field
An incorrect length field is used for buffer allocation. This leads to
grub_utf16_to_utf8() receiving an incorrect/different length and possibly
causing OOB write. This makes sure to use the correct length.
Fixes: CVE-2025-61661
Reported-by: Jamie <volticks@gmail.com>
Signed-off-by: Jamie <volticks@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/usbtest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
index 2c6d93fe6..8ef187a9a 100644
--- a/grub-core/commands/usbtest.c
+++ b/grub-core/commands/usbtest.c
@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
return GRUB_USB_ERR_NONE;
}
- *string = grub_malloc (descstr.length * 2 + 1);
+ *string = grub_malloc (descstrp->length * 2 + 1);
if (! *string)
{
grub_free (descstrp);
--
2.51.1

135
0006-nx-Set-page-permissions-for-loaded-modules.patch Normal file
View File

@@ -0,0 +1,135 @@
From 12e6c0f3ca23481a552cf3acd5365b1356add5c0 Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Wed, 9 Oct 2024 09:16:41 +0100
Subject: [PATCH 06/13] nx: Set page permissions for loaded modules
For NX we need to set write and executable permissions on the sections
of GRUB modules when we load them. All allocatable sections are marked
readable. In addition:
- SHF_WRITE sections are marked as writable,
- and SHF_EXECINSTR sections are marked as executable.
Where relevant for the platform the tramp and GOT areas are marked non-writable.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/dl.c | 91 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 90 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index b384412d1..da31db218 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -636,6 +636,94 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
return GRUB_ERR_NONE;
}
+/* Only define this on EFI to save space in core. */
+#ifdef GRUB_MACHINE_EFI
+static grub_err_t
+grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
+{
+ unsigned i;
+ const Elf_Shdr *s;
+ const Elf_Ehdr *e = ehdr;
+ grub_err_t err;
+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
+ !defined (__loongarch__)
+ grub_size_t arch_addralign = GRUB_DL_ALIGN;
+ grub_addr_t tgaddr;
+ grub_size_t tgsz;
+#endif
+
+ for (i = 0, s = (const Elf_Shdr *) ((const char *) e + e->e_shoff);
+ i < e->e_shnum;
+ i++, s = (const Elf_Shdr *) ((const char *) s + e->e_shentsize))
+ {
+ grub_dl_segment_t seg;
+ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R;
+ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W | GRUB_MEM_ATTR_X;
+
+ for (seg = mod->segment; seg; seg = seg->next)
+ /* Does this ELF section's index match GRUB DL segment? */
+ if (seg->section == s->sh_info)
+ break;
+
+ /* No GRUB DL segment found for this ELF section, skip it. */
+ if (!seg)
+ continue;
+
+ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC))
+ continue;
+
+ if (s->sh_flags & SHF_WRITE)
+ {
+ set_attrs |= GRUB_MEM_ATTR_W;
+ clear_attrs &= ~GRUB_MEM_ATTR_W;
+ }
+
+ if (s->sh_flags & SHF_EXECINSTR)
+ {
+ set_attrs |= GRUB_MEM_ATTR_X;
+ clear_attrs &= ~GRUB_MEM_ATTR_X;
+ }
+
+ err = grub_update_mem_attrs ((grub_addr_t) seg->addr, seg->size,
+ set_attrs, clear_attrs);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
+
+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
+ !defined (__loongarch__)
+ tgaddr = grub_min ((grub_addr_t) mod->tramp, (grub_addr_t) mod->got);
+ tgsz = grub_max ((grub_addr_t) mod->trampptr, (grub_addr_t) mod->gotptr) - tgaddr;
+
+ if (tgsz)
+ {
+ tgsz = ALIGN_UP (tgsz, arch_addralign);
+
+ if (tgaddr < (grub_addr_t) mod->base ||
+ tgsz > (grub_addr_t) -1 - tgaddr ||
+ tgaddr + tgsz > (grub_addr_t) mod->base + mod->sz)
+ return grub_error (GRUB_ERR_BUG,
+ "BUG: trying to protect pages outside of module "
+ "allocation (\"%s\"): module base %p, size 0x%"
+ PRIxGRUB_SIZE "; tramp/GOT base 0x%" PRIxGRUB_ADDR
+ ", size 0x%" PRIxGRUB_SIZE,
+ mod->name, mod->base, mod->sz, tgaddr, tgsz);
+ err = grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R | GRUB_MEM_ATTR_X, GRUB_MEM_ATTR_W);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
+#endif
+
+ return GRUB_ERR_NONE;
+}
+#else
+static grub_err_t
+grub_dl_set_mem_attrs (grub_dl_t mod __attribute__ ((unused)), void *ehdr __attribute__ ((unused)))
+{
+ return GRUB_ERR_NONE;
+}
+#endif
+
/* Load a module from core memory. */
grub_dl_t
grub_dl_load_core_noinit (void *addr, grub_size_t size)
@@ -682,7 +770,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
|| grub_dl_resolve_dependencies (mod, e)
|| grub_dl_load_segments (mod, e)
|| grub_dl_resolve_symbols (mod, e)
- || grub_dl_relocate_symbols (mod, e))
+ || grub_dl_relocate_symbols (mod, e)
+ || grub_dl_set_mem_attrs (mod, e))
{
mod->fini = 0;
grub_dl_unload (mod);
--
2.50.1

32
0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
View File

@@ -1,32 +0,0 @@
From 5b375fcf38550c59f869dca8356ce71c92c8cf6a Mon Sep 17 00:00:00 2001
From: Jamie <volticks@gmail.com>
Date: Mon, 14 Jul 2025 10:07:47 +0100
Subject: [PATCH 7/7] commands/usbtest: Ensure string length is sufficient in
usb string processing
If descstrp->length is less than 2 this will result in underflow in
"descstrp->length / 2 - 1" math. Let's fix the check to make sure the
value is sufficient.
Signed-off-by: Jamie <volticks@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/usbtest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
index 8ef187a9a..3184ac9af 100644
--- a/grub-core/commands/usbtest.c
+++ b/grub-core/commands/usbtest.c
@@ -90,7 +90,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
0x06, (3 << 8) | index,
langid, descstr.length, (char *) descstrp);
- if (descstrp->length == 0)
+ if (descstrp->length < 2)
{
grub_free (descstrp);
*string = grub_strdup ("");
--
2.51.1

54
0007-nx-Set-the-NX-compatible-flag-for-the-GRUB-EFI-image.patch Normal file
View File

@@ -0,0 +1,54 @@
From fad957c68f157ae0c30cab52d69d0dc4e74b9909 Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Wed, 9 Oct 2024 09:16:42 +0100
Subject: [PATCH 07/13] nx: Set the NX compatible flag for the GRUB EFI images
For NX the GRUB binary has to announce that it is compatible with the
NX feature. This implies that when loading the executable GRUB image
several attributes are true:
- the binary doesn't need an executable stack,
- the binary doesn't need sections to be both executable and writable,
- the binary knows how to use the EFI Memory Attributes Protocol on code
it is loading.
This patch:
- adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT,
- changes grub-mkimage to set that flag.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
include/grub/efi/pe32.h | 2 ++
util/mkimage.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 4e6e9d254..9887e14b2 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -231,6 +231,8 @@ struct grub_pe64_optional_header
#define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION 10
+#define GRUB_PE32_NX_COMPAT 0x0100
+
#define GRUB_PE32_NUM_DATA_DIRECTORIES 16
struct grub_pe32_section_table
diff --git a/util/mkimage.c b/util/mkimage.c
index 6c0581836..5d7a47e70 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1453,6 +1453,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdangling-pointer"
#endif
+ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT);
PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address);
PE_OHDR (o32, o64, image_base) = 0;
--
2.50.1

233
0008-efi-Provide-wrappers-for-load_image-start_image-and-.patch Normal file
View File

@@ -0,0 +1,233 @@
From 24187b38b89d011f748e462b9ae684316c5e4d57 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 8 Jul 2025 21:21:13 +0100
Subject: [PATCH 08/13] efi: Provide wrappers for load_image, start_image and
unload_image
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/efi.c | 57 ++++++++++++++++++++++++++++++
grub-core/loader/efi/chainloader.c | 13 +++----
grub-core/loader/efi/linux.c | 12 +++----
include/grub/efi/efi.h | 42 ++++++++++++++++++++++
4 files changed, 109 insertions(+), 15 deletions(-)
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index b674816aa..1e330a2cc 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -1109,3 +1109,60 @@ grub_efi_find_configuration_table (const grub_guid_t *target_guid)
return 0;
}
+
+static const grub_efi_loader_t *override_loader = NULL;
+
+grub_err_t
+grub_efi_register_loader (const grub_efi_loader_t *loader)
+{
+ if (override_loader != NULL)
+ return grub_error (GRUB_ERR_BUG, "trying to register different loader");
+ override_loader = loader;
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_efi_unregister_loader (const grub_efi_loader_t *loader)
+{
+ if (loader != override_loader)
+ return grub_error (GRUB_ERR_BUG, "trying to unregister different loader");
+
+ override_loader = NULL;
+ return GRUB_ERR_NONE;
+}
+
+grub_efi_status_t
+grub_efi_load_image (grub_efi_boolean_t boot_policy,
+ grub_efi_handle_t parent_image_handle,
+ grub_efi_device_path_t *file_path, void *source_buffer,
+ grub_efi_uintn_t source_size,
+ grub_efi_handle_t *image_handle)
+{
+ if (override_loader != NULL)
+ return override_loader->load_image (boot_policy, parent_image_handle,
+ file_path, source_buffer, source_size,
+ image_handle);
+ return grub_efi_system_table->boot_services->load_image (
+ boot_policy, parent_image_handle, file_path, source_buffer, source_size,
+ image_handle);
+}
+
+grub_efi_status_t
+grub_efi_start_image (grub_efi_handle_t image_handle,
+ grub_efi_uintn_t *exit_data_size,
+ grub_efi_char16_t **exit_data)
+{
+ if (override_loader != NULL)
+ return override_loader->start_image (image_handle, exit_data_size,
+ exit_data);
+ return grub_efi_system_table->boot_services->start_image (
+ image_handle, exit_data_size, exit_data);
+}
+
+grub_efi_status_t
+grub_efi_unload_image (grub_efi_handle_t image_handle)
+{
+ if (override_loader != NULL)
+ return override_loader->unload_image (image_handle);
+ return grub_efi_system_table->boot_services->unload_image (image_handle);
+}
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 655aaad9d..04b9e3553 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -64,14 +64,12 @@ grub_chainloader_unload (void *context)
{
grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
grub_efi_loaded_image_t *loaded_image;
- grub_efi_boot_services_t *b;
loaded_image = grub_efi_get_loaded_image (image_handle);
if (loaded_image != NULL)
grub_free (loaded_image->load_options);
- b = grub_efi_system_table->boot_services;
- b->unload_image (image_handle);
+ grub_efi_unload_image (image_handle);
grub_dl_unref (my_mod);
return GRUB_ERR_NONE;
@@ -87,7 +85,7 @@ grub_chainloader_boot (void *context)
grub_efi_char16_t *exit_data = NULL;
b = grub_efi_system_table->boot_services;
- status = b->start_image (image_handle, &exit_data_size, &exit_data);
+ status = grub_efi_start_image (image_handle, &exit_data_size, &exit_data);
if (status != GRUB_EFI_SUCCESS)
{
if (exit_data)
@@ -826,9 +824,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
#endif
- status = b->load_image (0, grub_efi_image_handle, file_path,
- boot_image, size,
- &image_handle);
+ status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
+ boot_image, size, &image_handle);
#ifdef SUPPORT_SECURE_BOOT
if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
{
@@ -907,7 +904,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
b->free_pages (address, pages);
if (image_handle != NULL)
- b->unload_image (image_handle);
+ grub_efi_unload_image (image_handle);
grub_dl_unref (my_mod);
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index bfbd95aee..58be3c9f8 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -187,7 +187,6 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
{
grub_efi_memory_mapped_device_path_t *mempath;
grub_efi_handle_t image_handle;
- grub_efi_boot_services_t *b;
grub_efi_status_t status;
grub_efi_loaded_image_t *loaded_image;
int len;
@@ -207,10 +206,9 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE;
mempath[1].header.length = sizeof (grub_efi_device_path_t);
- b = grub_efi_system_table->boot_services;
- status = b->load_image (0, grub_efi_image_handle,
- (grub_efi_device_path_t *) mempath,
- (void *) addr, size, &image_handle);
+ status = grub_efi_load_image (0, grub_efi_image_handle,
+ (grub_efi_device_path_t *)mempath,
+ (void *)addr, size, &image_handle);
if (status != GRUB_EFI_SUCCESS)
return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
@@ -235,14 +233,14 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
(grub_uint8_t *) args, len, NULL);
grub_dprintf ("linux", "starting image %p\n", image_handle);
- status = b->start_image (image_handle, 0, NULL);
+ status = grub_efi_start_image (image_handle, 0, NULL);
/* When successful, not reached */
grub_error (GRUB_ERR_BAD_OS, "start_image() returned 0x%" PRIxGRUB_EFI_UINTN_T, status);
grub_efi_free_pages ((grub_addr_t) loaded_image->load_options,
GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
unload:
- b->unload_image (image_handle);
+ grub_efi_unload_image (image_handle);
return grub_errno;
}
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 87aa1ce25..6c7bfc865 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -135,6 +135,48 @@ grub_err_t grub_arch_efi_linux_load_image_header(grub_file_t file,
grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size,
char *args);
+grub_efi_status_t
+EXPORT_FUNC (grub_efi_load_image) (grub_efi_boolean_t boot_policy,
+ grub_efi_handle_t parent_image_handle,
+ grub_efi_device_path_t *file_path,
+ void *source_buffer, grub_efi_uintn_t source_size,
+ grub_efi_handle_t *image_handle);
+
+grub_efi_status_t
+EXPORT_FUNC (grub_efi_start_image) (grub_efi_handle_t image_handle,
+ grub_efi_uintn_t *exit_data_size,
+ grub_efi_char16_t **exit_data);
+
+grub_efi_status_t
+EXPORT_FUNC (grub_efi_unload_image) (grub_efi_handle_t image_handle);
+
+typedef struct grub_efi_loader
+{
+ grub_efi_status_t (__grub_efi_api *load_image) (grub_efi_boolean_t boot_policy,
+ grub_efi_handle_t parent_image_handle,
+ grub_efi_device_path_t *file_path,
+ void *source_buffer,
+ grub_efi_uintn_t source_size,
+ grub_efi_handle_t *image_handle);
+
+ grub_efi_status_t (__grub_efi_api *start_image) (grub_efi_handle_t image_handle,
+ grub_efi_uintn_t *exit_data_size,
+ grub_efi_char16_t **exit_data);
+
+ grub_efi_status_t (__grub_efi_api *exit) (grub_efi_handle_t image_handle,
+ grub_efi_status_t exit_status,
+ grub_efi_uintn_t exit_data_size,
+ grub_efi_char16_t *exit_data);
+
+ grub_efi_status_t (__grub_efi_api *unload_image) (grub_efi_handle_t image_handle);
+} grub_efi_loader_t;
+
+grub_err_t
+EXPORT_FUNC (grub_efi_register_loader) (const grub_efi_loader_t *loader);
+
+grub_err_t
+EXPORT_FUNC (grub_efi_unregister_loader) (const grub_efi_loader_t *loader);
+
grub_addr_t grub_efi_section_addr (const char *section);
void grub_efi_mm_init (void);
--
2.50.1

186
0009-efi-sb-Add-support-for-the-shim-loader-protocol.patch Normal file
View File

@@ -0,0 +1,186 @@
From bd43c9011d3006a93b22861b6d3d18f62076d5f7 Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Tue, 8 Jul 2025 21:21:14 +0100
Subject: [PATCH 09/13] efi/sb: Add support for the shim loader protocol
Use loader protocol for image verification where available, otherwise
fall back to the old shim lock protocol.
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/sb.c | 59 ++++++++++++++++++++----------------
grub-core/loader/efi/linux.c | 6 ++--
include/grub/efi/api.h | 5 +++
include/grub/efi/sb.h | 2 +-
4 files changed, 42 insertions(+), 30 deletions(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 8d3e41360..48d1ea968 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -31,8 +31,10 @@
#include <grub/verify.h>
static grub_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+static grub_guid_t shim_loader_guid = GRUB_EFI_SHIM_IMAGE_LOADER_GUID;
-static bool shim_lock_enabled = false;
+static grub_efi_loader_t *shim_loader = NULL;
+static grub_efi_shim_lock_protocol_t *shim_lock = NULL;
/*
* Determine whether we're in secure boot mode.
@@ -95,14 +97,6 @@ grub_efi_get_secureboot (void)
if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1)
{
secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
- /*
- * TODO: Replace this all with shim's LoadImage protocol, delegating policy to it.
- *
- * We need to set shim_lock_enabled here because we disabled secure boot
- * validation *inside* shim but not in the firmware, so we set this variable
- * here to trigger that code path, whereas the actual verifier is not enabled.
- */
- shim_lock_enabled = true;
goto out;
}
@@ -183,15 +177,25 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
static grub_err_t
shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size)
{
- grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0);
+ grub_efi_handle_t image_handle;
- if (!sl)
- return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found"));
+ if (shim_loader != NULL)
+ {
+ if (shim_loader->load_image (false, grub_efi_image_handle, NULL, buf, size, &image_handle) != GRUB_EFI_SUCCESS)
+ /* If verification fails no handle is produced */
+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim loader signature"));
- if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+ shim_loader->unload_image (image_handle);
+ return GRUB_ERR_NONE;
+ }
+ if (shim_lock != NULL)
+ {
+ if (shim_lock->verify (buf, size) != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim lock signature"));
+ return GRUB_ERR_NONE;
+ }
- return GRUB_ERR_NONE;
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim protocols not found"));
}
struct grub_file_verifier shim_lock_verifier =
@@ -205,11 +209,17 @@ void
grub_shim_lock_verifier_setup (void)
{
struct grub_module_header *header;
- grub_efi_shim_lock_protocol_t *sl =
- grub_efi_locate_protocol (&shim_lock_guid, 0);
- /* shim_lock is missing, check if GRUB image is built with --disable-shim-lock. */
- if (!sl)
+ /* Secure Boot is off. Ignore shim. */
+ if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
+ /* Find both shim protocols. */
+ shim_loader = grub_efi_locate_protocol (&shim_loader_guid, 0);
+ shim_lock = grub_efi_locate_protocol (&shim_lock_guid, 0);
+
+ /* shim is missing, check if GRUB image is built with --disable-shim-lock. */
+ if (shim_loader == NULL && shim_lock == NULL)
{
FOR_MODULES (header)
{
@@ -218,21 +228,18 @@ grub_shim_lock_verifier_setup (void)
}
}
- /* Secure Boot is off. Do not load shim_lock. */
- if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
- return;
-
/* Enforce shim_lock_verifier. */
grub_verifier_register (&shim_lock_verifier);
- shim_lock_enabled = true;
+ /* Register shim loader if supported. */
+ grub_efi_register_loader (shim_loader);
grub_env_set ("shim_lock", "y");
grub_env_export ("shim_lock");
}
bool
-grub_is_shim_lock_enabled (void)
+grub_is_using_legacy_shim_lock_protocol (void)
{
- return shim_lock_enabled;
+ return (shim_loader == NULL && shim_lock != NULL) ? true : false;
}
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 58be3c9f8..993d18546 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -460,10 +460,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dl_ref (my_mod);
- if (grub_is_shim_lock_enabled () == true)
+ if (grub_is_using_legacy_shim_lock_protocol () == true)
{
#if defined(__i386__) || defined(__x86_64__)
- grub_dprintf ("linux", "shim_lock enabled, falling back to legacy Linux kernel loader\n");
+ grub_dprintf ("linux", "using legacy shim_lock protocol, falling back to legacy Linux kernel loader\n");
err = grub_cmd_linux_x86_legacy (cmd, argc, argv);
@@ -472,7 +472,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
else
goto fail;
#else
- grub_dprintf ("linux", "shim_lock enabled, trying Linux kernel EFI stub loader\n");
+ grub_dprintf ("linux", "using legacy shim_lock protocol on non-x86, only db verifiable kernels will work\n");
#endif
}
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index 5d1aada34..72017eaa7 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -364,6 +364,11 @@
{ 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
}
+#define GRUB_EFI_SHIM_IMAGE_LOADER_GUID \
+ { 0x1f492041, 0xfadb, 0x4e59, \
+ {0x9e, 0x57, 0x7c, 0xaf, 0xe7, 0x3a, 0x55, 0xab } \
+ }
+
#define GRUB_EFI_RNG_PROTOCOL_GUID \
{ 0x3152bca5, 0xeade, 0x433d, \
{ 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
index 49a9ad01c..4cae88376 100644
--- a/include/grub/efi/sb.h
+++ b/include/grub/efi/sb.h
@@ -32,7 +32,7 @@ extern grub_uint8_t
EXPORT_FUNC (grub_efi_get_secureboot) (void);
extern bool
-EXPORT_FUNC (grub_is_shim_lock_enabled) (void);
+EXPORT_FUNC (grub_is_using_legacy_shim_lock_protocol) (void);
extern void
grub_shim_lock_verifier_setup (void);
--
2.50.1

100
0010-efi-sb-Add-API-for-retrieving-shim-loader-image-hand.patch Normal file
View File

@@ -0,0 +1,100 @@
From b0e9763fd6b4c7635d190439973276ed57ee7af8 Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Tue, 8 Jul 2025 21:21:15 +0100
Subject: [PATCH 10/13] efi/sb: Add API for retrieving shim loader image
handles
Not reusing these handles will result in image measurements showing up
twice in the event log.
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/sb.c | 34 ++++++++++++++++++++++++++++++++--
include/grub/efi/sb.h | 4 ++++
2 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 48d1ea968..4409e03c5 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -36,6 +36,8 @@ static grub_guid_t shim_loader_guid = GRUB_EFI_SHIM_IMAGE_LOADER_GUID;
static grub_efi_loader_t *shim_loader = NULL;
static grub_efi_shim_lock_protocol_t *shim_lock = NULL;
+static grub_efi_handle_t last_verified_image_handle = NULL;
+
/*
* Determine whether we're in secure boot mode.
*
@@ -181,11 +183,25 @@ shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, gru
if (shim_loader != NULL)
{
+ if (last_verified_image_handle != NULL)
+ {
+ /*
+ * Unload the previous image because ownership of the handle was
+ * not transfered to a loader, and a new image is being loaded.
+ */
+ shim_loader->unload_image (last_verified_image_handle);
+ last_verified_image_handle = NULL;
+ }
+
if (shim_loader->load_image (false, grub_efi_image_handle, NULL, buf, size, &image_handle) != GRUB_EFI_SUCCESS)
- /* If verification fails no handle is produced */
+ /* If verification fails no handle is produced. */
return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim loader signature"));
- shim_loader->unload_image (image_handle);
+ /*
+ * Not unloading the image here because chainloader and linux
+ * might use this handle to avoid double TPM measurements.
+ */
+ last_verified_image_handle = image_handle;
return GRUB_ERR_NONE;
}
if (shim_lock != NULL)
@@ -243,3 +259,17 @@ grub_is_using_legacy_shim_lock_protocol (void)
{
return (shim_loader == NULL && shim_lock != NULL) ? true : false;
}
+
+grub_efi_handle_t
+grub_efi_get_last_verified_image_handle (void)
+{
+ grub_efi_handle_t tmp = last_verified_image_handle;
+
+ /*
+ * This function is intended to act as a "transfer of ownership"
+ * of the handle. We set it to NULL so that it cannot be buggily
+ * retrieved more than once and reused for the wrong image.
+ */
+ last_verified_image_handle = NULL;
+ return tmp;
+}
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
index 4cae88376..149005ced 100644
--- a/include/grub/efi/sb.h
+++ b/include/grub/efi/sb.h
@@ -21,6 +21,7 @@
#include <grub/types.h>
#include <grub/dl.h>
+#include <grub/efi/api.h>
#define GRUB_EFI_SECUREBOOT_MODE_UNSET 0
#define GRUB_EFI_SECUREBOOT_MODE_UNKNOWN 1
@@ -34,6 +35,9 @@ EXPORT_FUNC (grub_efi_get_secureboot) (void);
extern bool
EXPORT_FUNC (grub_is_using_legacy_shim_lock_protocol) (void);
+extern grub_efi_handle_t
+EXPORT_FUNC (grub_efi_get_last_verified_image_handle) (void);
+
extern void
grub_shim_lock_verifier_setup (void);
#else
--
2.50.1

107
0011-loader-efi-chainloader-Use-shim-loader-image-handle-.patch Normal file
View File

@@ -0,0 +1,107 @@
From 918af0d51fe594a7e6cbb0fe8a4889e773bba4bb Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Tue, 8 Jul 2025 21:21:16 +0100
Subject: [PATCH 11/13] loader/efi/chainloader: Use shim loader image handle
where available
Not reusing these handles will result in image measurements showing up
twice in the event log.
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/efi/chainloader.c | 67 ++++++++++++++++--------------
1 file changed, 36 insertions(+), 31 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 04b9e3553..1830de223 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -33,6 +33,7 @@
#include <grub/efi/efi.h>
#include <grub/efi/disk.h>
#include <grub/efi/memory.h>
+#include <grub/efi/sb.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/net.h>
@@ -824,41 +825,45 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
#endif
- status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
+ image_handle = grub_efi_get_last_verified_image_handle ();
+ if (image_handle == NULL)
+ {
+ status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
boot_image, size, &image_handle);
#ifdef SUPPORT_SECURE_BOOT
- if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
- {
- /* If it failed with security violation while not in secure boot mode,
- the firmware might be broken. We try to workaround on that by forcing
- the SB method! (bsc#887793) */
- struct grub_secureboot_chainloader_context *sb_context;
-
- grub_dprintf ("chain", "Possible firmware flaw! Security violation while not in secure boot mode.\n");
- sb_context = grub_malloc (sizeof (*sb_context));
- if (!sb_context)
- goto fail;
- sb_context->cmdline = cmdline;
- sb_context->cmdline_len = cmdline_len;
- sb_context->fsize = size;
- sb_context->dev_handle = dev_handle;
- sb_context->address = address;
- sb_context->pages = pages;
- sb_context->file_path = file_path;
- grub_file_close (file);
- grub_loader_set_ex (grub_secureboot_chainloader_boot,
- grub_secureboot_chainloader_unload, sb_context, 0);
- return 0;
- }
+ if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ {
+ /* If it failed with security violation while not in secure boot mode,
+ the firmware might be broken. We try to workaround on that by forcing
+ the SB method! (bsc#887793) */
+ struct grub_secureboot_chainloader_context *sb_context;
+
+ grub_dprintf ("chain", "Possible firmware flaw! Security violation while not in secure boot mode.\n");
+ sb_context = grub_malloc (sizeof (*sb_context));
+ if (!sb_context)
+ goto fail;
+ sb_context->cmdline = cmdline;
+ sb_context->cmdline_len = cmdline_len;
+ sb_context->fsize = size;
+ sb_context->dev_handle = dev_handle;
+ sb_context->address = address;
+ sb_context->pages = pages;
+ sb_context->file_path = file_path;
+ grub_file_close (file);
+ grub_loader_set_ex (grub_secureboot_chainloader_boot,
+ grub_secureboot_chainloader_unload, sb_context, 0);
+ return 0;
+ }
#endif
- if (status != GRUB_EFI_SUCCESS)
- {
- if (status == GRUB_EFI_OUT_OF_RESOURCES)
- grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
- else
- grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ if (status == GRUB_EFI_OUT_OF_RESOURCES)
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
+ else
+ grub_error (GRUB_ERR_BAD_OS, "cannot load image");
- goto fail;
+ goto fail;
+ }
}
/* LoadImage does not set a device handler when the image is
--
2.50.1

50
0012-loader-efi-linux-Use-shim-loader-image-handle-where-.patch Normal file
View File

@@ -0,0 +1,50 @@
From e4855838e156b3509a2fd774c69ab4681e774427 Mon Sep 17 00:00:00 2001
From: Mate Kukri <mate.kukri@canonical.com>
Date: Tue, 8 Jul 2025 21:21:17 +0100
Subject: [PATCH 12/13] loader/efi/linux: Use shim loader image handle where
available
Not reusing these handles will result in image measurements showing up
twice in the event log.
On the occasion add missing grub_free() call.
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/efi/linux.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 993d18546..394df6039 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -206,11 +206,20 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE;
mempath[1].header.length = sizeof (grub_efi_device_path_t);
- status = grub_efi_load_image (0, grub_efi_image_handle,
- (grub_efi_device_path_t *)mempath,
- (void *)addr, size, &image_handle);
- if (status != GRUB_EFI_SUCCESS)
- return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+ image_handle = grub_efi_get_last_verified_image_handle ();
+ if (image_handle == NULL)
+ {
+ status = grub_efi_load_image (0, grub_efi_image_handle,
+ (grub_efi_device_path_t *) mempath,
+ (void *) addr, size, &image_handle);
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ grub_free (mempath);
+ return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+ }
+ }
+
+ grub_free (mempath);
grub_dprintf ("linux", "linux command line: '%s'\n", args);
--
2.50.1

32
0013-nx-Rename-GRUB_DL_ALIGN-to-DL_ALIGN.patch Normal file
View File

@@ -0,0 +1,32 @@
From d36e8d9cc3bf2bbaf90d15fdb7a7594275892ec7 Mon Sep 17 00:00:00 2001
From: Daniel Kiper <daniel.kiper@oracle.com>
Date: Wed, 16 Oct 2024 15:04:17 +0200
Subject: [PATCH 13/13] nx: Rename GRUB_DL_ALIGN to DL_ALIGN
Rename has been skipped by mistake in the original commit.
Fixes: 94649c026 (nx: Set page permissions for loaded modules)
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sudeep Holla <sudeep.holla@arm.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
---
grub-core/kern/dl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index da31db218..cf1a5a24d 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -647,7 +647,7 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
grub_err_t err;
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
!defined (__loongarch__)
- grub_size_t arch_addralign = GRUB_DL_ALIGN;
+ grub_size_t arch_addralign = DL_ALIGN;
grub_addr_t tgaddr;
grub_size_t tgsz;
#endif
--
2.50.1

93
grub2-bls-loader-entry-default.patch Normal file
View File

@@ -0,0 +1,93 @@
Factoring out get_entry_from_efivar helper to reduce code duplication
and add support for LoaderEntryDefault.
Index: grub-2.12/grub-core/normal/menu.c
===================================================================
--- grub-2.12.orig/grub-core/normal/menu.c
+++ grub-2.12/grub-core/normal/menu.c
@@ -741,6 +741,38 @@ workaround_snapshot_menu_default_entry (
return;
}
+#ifdef GRUB_MACHINE_EFI
+static int
+get_entry_from_efivar(grub_menu_t menu, const char* efivar)
+{
+ grub_efi_status_t status;
+ grub_size_t entry_size;
+ grub_efi_char16_t *entry_efi = NULL;
+ char *entry_name = NULL;
+ int entry_index = -1;
+ status = grub_efi_get_variable(efivar,
+ &grub_efi_loader_guid,
+ &entry_size,
+ (void**) &entry_efi);
+ if (status == GRUB_EFI_SUCCESS)
+ {
+ grub_efi_char16_t *src = entry_efi;
+ int size = 0;
+ while (*src++)
+ size++;
+ if (size != 0)
+ {
+ entry_name = grub_malloc (size * sizeof (char));
+ grub_utf16_to_utf8 ((grub_uint8_t*) entry_name,
+ (grub_uint16_t*) entry_efi, size);
+ entry_index = search_entry (menu, entry_name);
+ }
+ }
+ grub_free(entry_name);
+ return entry_index;
+}
+#endif
+
#define GRUB_MENU_PAGE_SIZE 10
/* Show the menu and handle menu entry selection. Returns the menu entry
@@ -766,36 +798,19 @@ run_menu (grub_menu_t menu, int nested,
const char* val = grub_env_get ("enable_blscfg");
if (val && (val[0] == '1' || val[0] == 'y'))
{
- grub_efi_status_t status;
- int oneshot_entry_index;
- grub_efi_char16_t *oneshot_entry_efi = NULL;
- char *oneshot_entry = NULL;
- grub_size_t oneshot_entry_size;
- status = grub_efi_get_variable("LoaderEntryOneShot",
- &grub_efi_loader_guid,
- &oneshot_entry_size,
- (void**) &oneshot_entry_efi);
- if (status == GRUB_EFI_SUCCESS)
+ int oneshot_entry, default_entry_efi;
+ oneshot_entry = get_entry_from_efivar(menu, "LoaderEntryOneShot");
+ if (oneshot_entry != -1)
{
- grub_efi_char16_t *src = oneshot_entry_efi;
- int size = 0;
- while (*src++)
- size++;
- if (size == 0)
+ default_entry = oneshot_entry;
+ grub_efi_set_variable_to_string("LoaderEntryOneShot",
+ &grub_efi_loader_guid, "", 0);
+ } else {
+ default_entry_efi = get_entry_from_efivar(menu, "LoaderEntryDefault");
+ if (default_entry_efi != -1)
{
- oneshot_entry = grub_malloc (size * sizeof (char));
- grub_utf16_to_utf8 ((grub_uint8_t*) oneshot_entry,
- (grub_uint16_t*) oneshot_entry_efi, size);
- oneshot_entry_index = search_entry (menu, oneshot_entry);
- if (oneshot_entry_index != -1)
- {
- default_entry = oneshot_entry_index;
- grub_efi_set_variable_to_string("LoaderEntryOneShot",
- &grub_efi_loader_guid, "", 0);
- }
- grub_free(oneshot_entry);
+ default_entry = default_entry_efi;
}
- grub_free(oneshot_entry_efi);
}
}
#endif

16
grub2-grubenv-in-btrfs-header.patch
View File

@@ -475,33 +475,27 @@ v4:
EOF
if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then
cat <<EOF
@@ -54,7 +61,11 @@
elif [ "\${next_entry}" ] ; then
@@ -55,6 +62,9 @@
set default="\${next_entry}"
set next_entry=
- save_env next_entry
save_env next_entry
+ if [ "\${env_block}" ] ; then
+ save_env -f "\${env_block}" next_entry
+ else
+ save_env next_entry
+ fi
set boot_once=true
else
set default="${GRUB_DEFAULT}"
@@ -65,7 +76,11 @@
if [ "\${next_entry}" ] ; then
@@ -66,6 +76,9 @@
set default="\${next_entry}"
set next_entry=
- save_env next_entry
save_env next_entry
+ if [ "\${env_block}" ] ; then
+ save_env -f "\${env_block}" next_entry
+ else
+ save_env next_entry
+ fi
set boot_once=true
else
set default="${GRUB_DEFAULT}"
@@ -93,7 +108,12 @@
@@ -93,7 +106,12 @@
function savedefault {
if [ -z "\${boot_once}" ]; then
saved_entry="\${chosen}"

78
grub2.changes
View File

@@ -1,41 +1,3 @@
-------------------------------------------------------------------
Tue Jan 20 02:25:34 UTC 2026 - Gary Ching-Pang Lin <glin@suse.com>
- Optimize PBKDF2 to reduce the decryption time (bsc#1248516)
* 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
* 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
* 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
-------------------------------------------------------------------
Wed Nov 12 08:24:35 UTC 2025 - Michael Chang <mchang@suse.com>
- Fix CVE-2025-54771 (bsc#1252931)
* 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
- Fix CVE-2025-54770 (bsc#1252930)
* 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
- Fix CVE-2025-61662 (bsc#1252933)
* 0003-gettext-gettext-Unregister-gettext-command-on-module.patch
- Fix CVE-2025-61663 (bsc#1252934)
- Fix CVE-2025-61664 (bsc#1252935)
* 0004-normal-main-Unregister-commands-on-module-unload.patch
* 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
- Fix CVE-2025-61661 (bsc#1252932)
* 0006-commands-usbtest-Use-correct-string-length-field.patch
* 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
- Bump upstream SBAT generation to 6
-------------------------------------------------------------------
Mon Oct 13 09:45:07 UTC 2025 - Michael Chang <mchang@suse.com>
- Fix "sparse file not allowed" error after grub2-reboot (bsc#1245738)
* grub2-grubenv-in-btrfs-header.patch
-------------------------------------------------------------------
Mon Oct 13 09:36:02 UTC 2025 - Michael Chang <mchang@suse.com>
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
-------------------------------------------------------------------
Tue Sep 23 08:47:49 UTC 2025 - Steffen Winterfeldt <snwint@suse.com>
@@ -49,6 +11,46 @@ Mon Sep 22 07:15:00 UTC 2025 - Michael Chang <mchang@suse.com>
and redirection is disabled (bsc#1249088)
* 0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch
-------------------------------------------------------------------
Tue Sep 9 14:25:42 UTC 2025 - Danilo Spinella <danilo.spinella@suse.com>
- Add support for `LoaderEntryDefault` EFI variable
* grub2-bls-loader-entry-default.patch
-------------------------------------------------------------------
Tue Sep 2 07:46:46 UTC 2025 - Gary Ching-Pang Lin <glin@suse.com>
- Optimize PBKDF2 to reduce the decryption time
* 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
* 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
* 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
-------------------------------------------------------------------
Mon Aug 11 02:57:30 UTC 2025 - Michael Chang <mchang@suse.com>
- UEFI NX support and NX Linux loader using shim loader protocol (bsc#1205588)
(jsc#PED-13361)
* 0001-modules-Make-.module_license-read-only.patch
* 0002-modules-Strip-.llvm_addrsig-sections-and-similar.patch
* 0003-modules-Don-t-allocate-space-for-non-allocable-secti.patch
* 0004-modules-Load-module-sections-at-page-aligned-address.patch
* 0005-nx-Add-memory-attribute-get-set-API.patch
* 0006-nx-Set-page-permissions-for-loaded-modules.patch
* 0007-nx-Set-the-NX-compatible-flag-for-the-GRUB-EFI-image.patch
* 0008-efi-Provide-wrappers-for-load_image-start_image-and-.patch
* 0009-efi-sb-Add-support-for-the-shim-loader-protocol.patch
* 0010-efi-sb-Add-API-for-retrieving-shim-loader-image-hand.patch
* 0011-loader-efi-chainloader-Use-shim-loader-image-handle-.patch
* 0012-loader-efi-linux-Use-shim-loader-image-handle-where-.patch
* 0013-nx-Rename-GRUB_DL_ALIGN-to-DL_ALIGN.patch
- Fallback for legacy shim lock protocol while secure boot is enabled
* 0001-linux-fallback-to-EFI-handover-on-x86_64.patch
* 0002-linux-fallback-to-direct-PE-entry-boot-on-arm64.patch
* 0003-efi-chainloader-fallback-to-direct-image-execution.patch
* 0004-efi-chainloader-fix-missing-file_path-in-loaded_imag.patch
- Removed patch
* 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
-------------------------------------------------------------------
Thu Aug 7 06:19:53 UTC 2025 - Michael Chang <mchang@suse.com>

36
grub2.spec
View File

@@ -2,6 +2,7 @@
# spec file for package grub2
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +23,7 @@
%if %{defined sbat_distro}
# SBAT metadata
%define sbat_generation 1
%define sbat_generation_grub 6
%define sbat_generation_grub 5
%else
%{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
%endif
@@ -369,7 +370,6 @@ Patch176: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
Patch177: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
Patch178: 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch
Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch
Patch183: grub2-change-bash-completion-dir.patch
@@ -496,19 +496,29 @@ Patch318: 0004-tftp-Fix-hang-when-file-is-a-directory.patch
Patch319: grub2-constant-time-grub_crypto_memcmp.patch
Patch320: 0001-getroot-Skip-mount-points-in-grub_find_device.patch
Patch321: 0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch
Patch322: 0001-modules-Make-.module_license-read-only.patch
Patch323: 0002-modules-Strip-.llvm_addrsig-sections-and-similar.patch
Patch324: 0003-modules-Don-t-allocate-space-for-non-allocable-secti.patch
Patch325: 0004-modules-Load-module-sections-at-page-aligned-address.patch
Patch326: 0005-nx-Add-memory-attribute-get-set-API.patch
Patch327: 0006-nx-Set-page-permissions-for-loaded-modules.patch
Patch328: 0007-nx-Set-the-NX-compatible-flag-for-the-GRUB-EFI-image.patch
Patch329: 0008-efi-Provide-wrappers-for-load_image-start_image-and-.patch
Patch330: 0009-efi-sb-Add-support-for-the-shim-loader-protocol.patch
Patch331: 0010-efi-sb-Add-API-for-retrieving-shim-loader-image-hand.patch
Patch332: 0011-loader-efi-chainloader-Use-shim-loader-image-handle-.patch
Patch333: 0012-loader-efi-linux-Use-shim-loader-image-handle-where-.patch
Patch334: 0013-nx-Rename-GRUB_DL_ALIGN-to-DL_ALIGN.patch
Patch335: 0001-linux-fallback-to-EFI-handover-on-x86_64.patch
Patch336: 0002-linux-fallback-to-direct-PE-entry-boot-on-arm64.patch
Patch337: 0003-efi-chainloader-fallback-to-direct-image-execution.patch
Patch338: 0004-efi-chainloader-fix-missing-file_path-in-loaded_imag.patch
Patch339: 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
Patch340: 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
Patch341: 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
Patch342: grub2-bls-loader-entry-default.patch
Patch343: 0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch
Patch344: grub2-i386-pc-no-pageflipping.patch
Patch345: 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
Patch346: 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
Patch347: 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
Patch348: 0003-gettext-gettext-Unregister-gettext-command-on-module.patch
Patch349: 0004-normal-main-Unregister-commands-on-module-unload.patch
Patch350: 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
Patch351: 0006-commands-usbtest-Use-correct-string-length-field.patch
Patch352: 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
Patch353: 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
Patch354: 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
Patch355: 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
%if 0%{?suse_version} < 1600
Requires: gettext-runtime