8ee92f5194
- Implement NV index mode for TPM 2.0 key protector
0001-protectors-Implement-NV-index.patch
- Fall back to passphrase mode when the key protector fails to
unlock the disk
0002-cryptodisk-Fallback-to-passphrase.patch
- Wipe out the cached key cleanly
0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
- Make diskfiler to look up cryptodisk devices first
0004-diskfilter-look-up-cryptodisk-devices-first.patch
- Version bump to 2.12~rc1
* Added:
- grub-2.12~rc1.tar.xz
* Removed:
- grub-2.06.tar.xz
* Patch dropped merged by new version:
- grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
- grub2-s390x-02-kexec-module-added-to-emu.patch
- grub2-efi-chainloader-root.patch
- grub2-Fix-incorrect-netmask-on-ppc64.patch
- 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
- 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
- 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
- grub2-s390x-10-keep-network-at-kexec.patch
- 0001-Fix-build-error-in-binutils-2.36.patch
- 0001-emu-fix-executable-stack-marking.patch
- 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
- 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- 0001-Filter-out-POSIX-locale-for-translation.patch
OBS-URL: https://build.opensuse.org/request/show/1105405
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=458
102 lines
3.4 KiB
Diff
102 lines
3.4 KiB
Diff
From 83a6f72e1896bd012b7fbca21317e96c2c22b327 Mon Sep 17 00:00:00 2001
|
|
From: Michal Suchanek <msuchanek@suse.de>
|
|
Date: Wed, 12 Jan 2022 19:25:54 +0100
|
|
Subject: [PATCH] grub-install: Add SUSE signed image support for powerpc.
|
|
|
|
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
---
|
|
grub-core/osdep/linux/platform.c | 13 +++++++++++++
|
|
include/grub/util/install.h | 3 +++
|
|
util/grub-install.c | 29 ++++++++++++++++++++++++++---
|
|
3 files changed, 42 insertions(+), 3 deletions(-)
|
|
|
|
--- a/grub-core/osdep/linux/platform.c
|
|
+++ b/grub-core/osdep/linux/platform.c
|
|
@@ -154,3 +154,16 @@
|
|
grub_util_info ("... not found");
|
|
return "i386-pc";
|
|
}
|
|
+
|
|
+int
|
|
+grub_install_get_powerpc_secure_boot (void)
|
|
+{
|
|
+ int32_t ret = -1;
|
|
+ FILE *fp = grub_util_fopen ("/proc/device-tree/ibm,secure-boot", "rb");
|
|
+ if (fp) {
|
|
+ if (fread (&ret , 1, sizeof(ret), fp) > 0)
|
|
+ ret = grub_be_to_cpu32(ret);
|
|
+ fclose(fp);
|
|
+ }
|
|
+ return ret;
|
|
+}
|
|
--- a/include/grub/util/install.h
|
|
+++ b/include/grub/util/install.h
|
|
@@ -233,6 +233,9 @@
|
|
grub_install_get_default_x86_platform (void);
|
|
|
|
int
|
|
+grub_install_get_powerpc_secure_boot (void);
|
|
+
|
|
+int
|
|
grub_install_register_efi (grub_device_t efidir_grub_dev,
|
|
const char *efifile_path,
|
|
const char *efi_distributor);
|
|
--- a/util/grub-install.c
|
|
+++ b/util/grub-install.c
|
|
@@ -321,10 +321,10 @@
|
|
{"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0},
|
|
{"suse-force-signed", OPTION_SUSE_FORCE_SIGNED, 0, 0,
|
|
N_("force installation of signed grub" "%s."
|
|
- "This option is only available on ARM64 EFI targets."), 0},
|
|
+ "This option is only available on ARM64 EFI and powerpc targets."), 0},
|
|
{"suse-inhibit-signed", OPTION_SUSE_INHIBIT_SIGNED, 0, 0,
|
|
N_("inhibit installation of signed grub. "
|
|
- "This option is only available on ARM64 EFI targets."), 0},
|
|
+ "This option is only available on ARM64 EFI and powerpc targets."), 0},
|
|
{"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2},
|
|
{"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2},
|
|
{"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2},
|
|
@@ -1749,6 +1749,7 @@
|
|
char mkimage_target[200];
|
|
const char *core_name = NULL;
|
|
char *signed_imgfile = NULL;
|
|
+ int ppc_sb_state = -1;
|
|
|
|
switch (platform)
|
|
{
|
|
@@ -1796,11 +1797,33 @@
|
|
grub_install_get_platform_platform (platform));
|
|
break;
|
|
|
|
+
|
|
+ case GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275:
|
|
+ ppc_sb_state = grub_install_get_powerpc_secure_boot();
|
|
+
|
|
+ if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || ((signed_grub_mode == SIGNED_GRUB_AUTO) && (ppc_sb_state > 0)))
|
|
+ {
|
|
+ signed_imgfile = grub_util_path_concat (2, grub_install_source_directory, "grub.elf");
|
|
+ if (!grub_util_is_regular (signed_imgfile))
|
|
+ {
|
|
+ if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || (ppc_sb_state > 1))
|
|
+ grub_util_error ("signed image `%s' does not exist\n", signed_imgfile);
|
|
+ else
|
|
+ {
|
|
+ free (signed_imgfile);
|
|
+ signed_imgfile = NULL;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (signed_imgfile)
|
|
+ fprintf (stderr, _("Use signed file in %s for installation.\n"), signed_imgfile);
|
|
+
|
|
+ /* fallthrough. */
|
|
case GRUB_INSTALL_PLATFORM_I386_COREBOOT:
|
|
case GRUB_INSTALL_PLATFORM_ARM_COREBOOT:
|
|
case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT:
|
|
case GRUB_INSTALL_PLATFORM_I386_IEEE1275:
|
|
- case GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275:
|
|
case GRUB_INSTALL_PLATFORM_I386_XEN:
|
|
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
|
|
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
|