forked from pool/grub2
Accepting request 1067109 from home:michael-chang:branches:Base:System
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix lpar got hung at grub after inactive migration (bsc#1207684) * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Rediff * safe_tpm_pcr_snapshot.patch - Patch supersceded * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch OBS-URL: https://build.opensuse.org/request/show/1067109 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=441
This commit is contained in:
parent
03d713cc87
commit
23aa9ce4c5
@ -0,0 +1,46 @@
|
|||||||
|
From d44e0a892621a744e9a64e17ed5676470ef4f023 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wen Xiong <wenxiong@linux.ibm.com>
|
||||||
|
Date: Mon, 20 Feb 2023 15:58:14 -0500
|
||||||
|
Subject: [PATCH 1/2] ieee1275: Further increase initially allocated heap from
|
||||||
|
1/3 to 1/2
|
||||||
|
|
||||||
|
The memory increase to 1/3 of 391MB (~127MB) was still insufficient
|
||||||
|
to boot the kernel and initrd of the SuSE distribution:
|
||||||
|
|
||||||
|
initrd 2023-Jan-18 04:27 114.9M
|
||||||
|
linux 2023-Jan-17 05:23 45.9M
|
||||||
|
|
||||||
|
Therefore, further increase the initially allocated heap to 1/2
|
||||||
|
of 391MB to ~191MB, which now allows to boot the system from an
|
||||||
|
ISO.
|
||||||
|
|
||||||
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||||
|
---
|
||||||
|
grub-core/kern/ieee1275/init.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
||||||
|
index 2a2409d45..e1dbff86a 100644
|
||||||
|
--- a/grub-core/kern/ieee1275/init.c
|
||||||
|
+++ b/grub-core/kern/ieee1275/init.c
|
||||||
|
@@ -47,7 +47,7 @@
|
||||||
|
#include <grub/lockdown.h>
|
||||||
|
|
||||||
|
/* The maximum heap size we're going to claim. Not used by sparc.
|
||||||
|
- We allocate 1/3 of the available memory under 4G, up to this limit. */
|
||||||
|
+ We allocate 1/2 of the available memory under 4G, up to this limit. */
|
||||||
|
#ifdef __i386__
|
||||||
|
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
|
||||||
|
#else // __powerpc__
|
||||||
|
@@ -417,7 +417,7 @@ grub_claim_heap (void)
|
||||||
|
|
||||||
|
grub_machine_mmap_iterate (heap_size, &total);
|
||||||
|
|
||||||
|
- total = total / 3;
|
||||||
|
+ total = total / 2;
|
||||||
|
if (total > HEAP_MAX_SIZE)
|
||||||
|
total = HEAP_MAX_SIZE;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -1,30 +1,34 @@
|
|||||||
From 6c7c4007ad621029295797b439158d36d0f62487 Mon Sep 17 00:00:00 2001
|
From 03056f35a73258fa68a809fba4aeab654ff35734 Mon Sep 17 00:00:00 2001
|
||||||
From: Diego Domingos <diegodo@linux.vnet.ibm.com>
|
From: Diego Domingos <diegodo@linux.vnet.ibm.com>
|
||||||
Date: Thu, 25 Aug 2022 11:37:56 -0400
|
Date: Thu, 25 Aug 2022 11:37:56 -0400
|
||||||
Subject: [PATCH 2/2] ieee1275: implement vec5 for cas negotiation
|
Subject: [PATCH] ieee1275: implement vec5 for cas negotiation
|
||||||
|
|
||||||
As a legacy support, if the vector 5 is not implemented, Power
|
As a legacy support, if the vector 5 is not implemented, Power Hypervisor will
|
||||||
Hypervisor will consider the max CPUs as 64 instead 256 currently
|
consider the max CPUs as 64 instead 256 currently supported during
|
||||||
supported during client-architecture-support negotiation.
|
client-architecture-support negotiation.
|
||||||
|
|
||||||
This patch implements the vector 5 and set the MAX CPUs to 256 while
|
This patch implements the vector 5 and set the MAX CPUs to 256 while setting the
|
||||||
setting the others values to 0 (default).
|
others values to 0 (default).
|
||||||
|
|
||||||
Signed-off-by: Diego Domingos <diegodo@linux.vnet.ibm.com>
|
Signed-off-by: Diego Domingos <diegodo@linux.vnet.ibm.com>
|
||||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
Acked-by: Daniel Axtens <dja@axtens.net>
|
||||||
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||||
|
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
|
||||||
---
|
---
|
||||||
grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++-
|
grub-core/kern/ieee1275/init.c | 28 ++++++++++++++++++++++++----
|
||||||
1 file changed, 19 insertions(+), 1 deletion(-)
|
1 file changed, 24 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
||||||
index 7d7178d3e..3aa40313f 100644
|
index 7d7178d3e..0e902ff62 100644
|
||||||
--- a/grub-core/kern/ieee1275/init.c
|
--- a/grub-core/kern/ieee1275/init.c
|
||||||
+++ b/grub-core/kern/ieee1275/init.c
|
+++ b/grub-core/kern/ieee1275/init.c
|
||||||
@@ -311,6 +311,18 @@ struct option_vector2 {
|
@@ -311,7 +311,21 @@ struct option_vector2 {
|
||||||
grub_uint8_t max_pft_size;
|
grub_uint8_t max_pft_size;
|
||||||
} __attribute__((packed));
|
} __attribute__((packed));
|
||||||
|
|
||||||
+struct option_vector5 {
|
-struct pvr_entry {
|
||||||
|
+struct option_vector5
|
||||||
|
+{
|
||||||
+ grub_uint8_t byte1;
|
+ grub_uint8_t byte1;
|
||||||
+ grub_uint8_t byte2;
|
+ grub_uint8_t byte2;
|
||||||
+ grub_uint8_t byte3;
|
+ grub_uint8_t byte3;
|
||||||
@ -34,21 +38,25 @@ index 7d7178d3e..3aa40313f 100644
|
|||||||
+ grub_uint8_t micro_checkpoint;
|
+ grub_uint8_t micro_checkpoint;
|
||||||
+ grub_uint8_t reserved0;
|
+ grub_uint8_t reserved0;
|
||||||
+ grub_uint32_t max_cpus;
|
+ grub_uint32_t max_cpus;
|
||||||
+} __attribute__((packed));
|
+} GRUB_PACKED;
|
||||||
+
|
+
|
||||||
struct pvr_entry {
|
+struct pvr_entry
|
||||||
|
+{
|
||||||
grub_uint32_t mask;
|
grub_uint32_t mask;
|
||||||
grub_uint32_t entry;
|
grub_uint32_t entry;
|
||||||
@@ -329,6 +341,8 @@ struct cas_vector {
|
};
|
||||||
|
@@ -329,7 +343,9 @@ struct cas_vector {
|
||||||
grub_uint16_t vec3;
|
grub_uint16_t vec3;
|
||||||
grub_uint8_t vec4_size;
|
grub_uint8_t vec4_size;
|
||||||
grub_uint16_t vec4;
|
grub_uint16_t vec4;
|
||||||
|
-} __attribute__((packed));
|
||||||
+ grub_uint8_t vec5_size;
|
+ grub_uint8_t vec5_size;
|
||||||
+ struct option_vector5 vec5;
|
+ struct option_vector5 vec5;
|
||||||
} __attribute__((packed));
|
+} GRUB_PACKED;
|
||||||
|
|
||||||
/* Call ibm,client-architecture-support to try to get more RMA.
|
/* Call ibm,client-architecture-support to try to get more RMA.
|
||||||
@@ -349,7 +363,7 @@ grub_ieee1275_ibm_cas (void)
|
We ask for 512MB which should be enough to verify a distro kernel.
|
||||||
|
@@ -349,7 +365,7 @@ grub_ieee1275_ibm_cas (void)
|
||||||
} args;
|
} args;
|
||||||
struct cas_vector vector = {
|
struct cas_vector vector = {
|
||||||
.pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */
|
.pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */
|
||||||
@ -57,17 +65,19 @@ index 7d7178d3e..3aa40313f 100644
|
|||||||
.vec1_size = 0,
|
.vec1_size = 0,
|
||||||
.vec1 = 0x80, /* ignore */
|
.vec1 = 0x80, /* ignore */
|
||||||
.vec2_size = 1 + sizeof(struct option_vector2) - 2,
|
.vec2_size = 1 + sizeof(struct option_vector2) - 2,
|
||||||
@@ -360,6 +374,10 @@ grub_ieee1275_ibm_cas (void)
|
@@ -359,7 +375,11 @@ grub_ieee1275_ibm_cas (void)
|
||||||
|
.vec3_size = 2 - 1,
|
||||||
.vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied
|
.vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied
|
||||||
.vec4_size = 2 - 1,
|
.vec4_size = 2 - 1,
|
||||||
.vec4 = 0x0001, // set required minimum capacity % to the lowest value
|
- .vec4 = 0x0001, // set required minimum capacity % to the lowest value
|
||||||
|
+ .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
|
||||||
+ .vec5_size = 1 + sizeof (struct option_vector5) - 2,
|
+ .vec5_size = 1 + sizeof (struct option_vector5) - 2,
|
||||||
+ .vec5 = {
|
+ .vec5 = {
|
||||||
+ 0, 0, 0, 0, 0, 0, 0, 0, 256
|
+ 0, 192, 0, 128, 0, 0, 0, 0, 256
|
||||||
+ }
|
+ }
|
||||||
};
|
};
|
||||||
|
|
||||||
INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2);
|
INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2);
|
||||||
--
|
--
|
||||||
2.35.3
|
2.39.1
|
||||||
|
|
||||||
|
@ -1,28 +1,34 @@
|
|||||||
From 12378be5243c1c02ce28de2e5703e87197c69157 Mon Sep 17 00:00:00 2001
|
From e5bba1012e34597215684aa948bbc30093faa750 Mon Sep 17 00:00:00 2001
|
||||||
From: Michael Chang <mchang@suse.com>
|
From: Michael Chang <mchang@suse.com>
|
||||||
Date: Mon, 29 Aug 2022 11:28:28 +0800
|
Date: Fri, 7 Oct 2022 13:37:10 +0800
|
||||||
Subject: [PATCH] tpm: Disable tpm verifier if tpm is not present
|
Subject: [PATCH 2/2] tpm: Disable tpm verifier if tpm is not present
|
||||||
|
|
||||||
This helps to prevent out of memory error when reading large files via disablig
|
This helps to prevent out of memory error when reading large files via
|
||||||
tpm device as verifier has to read all content into memory in one chunk to
|
disabling tpm device as verifier has to read all content into memory in
|
||||||
measure the hash and extend to tpm.
|
one chunk to measure the hash and extend to tpm.
|
||||||
|
|
||||||
|
For ibmvtpm driver support this change here would be needed. It helps to
|
||||||
|
prevent much memory consuming tpm subsystem from being activated when no
|
||||||
|
vtpm device present.
|
||||||
|
|
||||||
Signed-off-by: Michael Chang <mchang@suse.com>
|
Signed-off-by: Michael Chang <mchang@suse.com>
|
||||||
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||||
---
|
---
|
||||||
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++++
|
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++
|
||||||
grub-core/commands/tpm.c | 4 ++++
|
grub-core/commands/ieee1275/ibmvtpm.c | 16 +++++++-----
|
||||||
|
grub-core/commands/tpm.c | 4 +++
|
||||||
include/grub/tpm.h | 1 +
|
include/grub/tpm.h | 1 +
|
||||||
3 files changed, 42 insertions(+)
|
4 files changed, 52 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
--- a/grub-core/commands/efi/tpm.c
|
--- a/grub-core/commands/efi/tpm.c
|
||||||
+++ b/grub-core/commands/efi/tpm.c
|
+++ b/grub-core/commands/efi/tpm.c
|
||||||
@@ -349,3 +349,40 @@
|
@@ -397,3 +397,40 @@
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+int
|
+int
|
||||||
+grub_tpm_present ()
|
+grub_tpm_present (void)
|
||||||
+{
|
+{
|
||||||
+ grub_efi_handle_t tpm_handle;
|
+ grub_efi_handle_t tpm_handle;
|
||||||
+ grub_efi_uint8_t protocol_version;
|
+ grub_efi_uint8_t protocol_version;
|
||||||
@ -57,9 +63,38 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
|||||||
+ return grub_tpm2_present (tpm);
|
+ return grub_tpm2_present (tpm);
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
|
--- a/grub-core/commands/ieee1275/ibmvtpm.c
|
||||||
|
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
|
||||||
|
@@ -136,12 +136,6 @@
|
||||||
|
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
|
||||||
|
const char *description)
|
||||||
|
{
|
||||||
|
- grub_err_t err = tpm_init();
|
||||||
|
-
|
||||||
|
- /* Absence of a TPM isn't a failure. */
|
||||||
|
- if (err != GRUB_ERR_NONE)
|
||||||
|
- return GRUB_ERR_NONE;
|
||||||
|
-
|
||||||
|
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
|
||||||
|
pcr, size, description);
|
||||||
|
|
||||||
|
@@ -150,3 +144,13 @@
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+grub_tpm_present (void)
|
||||||
|
+{
|
||||||
|
+ /*
|
||||||
|
+ * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
|
||||||
|
+ * can be found.
|
||||||
|
+ */
|
||||||
|
+ return tpm_init() == GRUB_ERR_NONE;
|
||||||
|
+}
|
||||||
--- a/grub-core/commands/tpm.c
|
--- a/grub-core/commands/tpm.c
|
||||||
+++ b/grub-core/commands/tpm.c
|
+++ b/grub-core/commands/tpm.c
|
||||||
@@ -291,6 +291,8 @@
|
@@ -311,6 +311,8 @@
|
||||||
|
|
||||||
GRUB_MOD_INIT (tpm)
|
GRUB_MOD_INIT (tpm)
|
||||||
{
|
{
|
||||||
@ -68,7 +103,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
|||||||
grub_verifier_register (&grub_tpm_verifier);
|
grub_verifier_register (&grub_tpm_verifier);
|
||||||
|
|
||||||
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
|
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
|
||||||
@@ -301,6 +303,8 @@
|
@@ -321,6 +323,8 @@
|
||||||
|
|
||||||
GRUB_MOD_FINI (tpm)
|
GRUB_MOD_FINI (tpm)
|
||||||
{
|
{
|
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 22 07:08:44 UTC 2023 - Michael Chang <mchang@suse.com>
|
||||||
|
|
||||||
|
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
|
||||||
|
* 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
|
||||||
|
* 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||||
|
- Fix lpar got hung at grub after inactive migration (bsc#1207684)
|
||||||
|
* 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
|
||||||
|
- Rediff
|
||||||
|
* safe_tpm_pcr_snapshot.patch
|
||||||
|
- Patch supersceded
|
||||||
|
* 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Feb 15 07:09:39 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
Wed Feb 15 07:09:39 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
|
||||||
|
@ -438,7 +438,6 @@ Patch915: tpm-protector-export-secret-key.patch
|
|||||||
Patch916: grub-install-record-pcrs.patch
|
Patch916: grub-install-record-pcrs.patch
|
||||||
Patch917: grub-unseal-debug.patch
|
Patch917: grub-unseal-debug.patch
|
||||||
# efi mm
|
# efi mm
|
||||||
Patch918: 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
|
||||||
Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
|
Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
|
||||||
Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
|
Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
|
||||||
Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
|
Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
|
||||||
@ -495,6 +494,9 @@ Patch968: 0012-tpm2-initialize-the-PCR-selection-list-early.patch
|
|||||||
Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
|
Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
|
||||||
# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI)
|
# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI)
|
||||||
Patch970: grub2-add-module-for-boot-loader-interface.patch
|
Patch970: grub2-add-module-for-boot-loader-interface.patch
|
||||||
|
# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
|
||||||
|
Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
|
||||||
|
Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||||
|
|
||||||
Requires: gettext-runtime
|
Requires: gettext-runtime
|
||||||
%if 0%{?suse_version} >= 1140
|
%if 0%{?suse_version} >= 1140
|
||||||
|
@ -55,7 +55,7 @@
|
|||||||
if (argc == 0)
|
if (argc == 0)
|
||||||
pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT;
|
pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT;
|
||||||
else
|
else
|
||||||
@@ -287,13 +295,28 @@
|
@@ -287,6 +295,18 @@
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,32 +74,6 @@
|
|||||||
static grub_extcmd_t cmd;
|
static grub_extcmd_t cmd;
|
||||||
|
|
||||||
GRUB_MOD_INIT (tpm)
|
GRUB_MOD_INIT (tpm)
|
||||||
{
|
|
||||||
- if (!grub_tpm_present())
|
|
||||||
- return;
|
|
||||||
+#ifdef GRUB_MACHINE_EFI
|
|
||||||
+ if (grub_tpm_present())
|
|
||||||
+ grub_verifier_register (&grub_tpm_verifier);
|
|
||||||
+#else
|
|
||||||
grub_verifier_register (&grub_tpm_verifier);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
|
|
||||||
N_("LIST_OF_PCRS"),
|
|
||||||
@@ -303,8 +326,11 @@
|
|
||||||
|
|
||||||
GRUB_MOD_FINI (tpm)
|
|
||||||
{
|
|
||||||
- if (!grub_tpm_present())
|
|
||||||
- return;
|
|
||||||
+#ifdef GRUB_MACHINE_EFI
|
|
||||||
+ if (grub_tpm_present())
|
|
||||||
+ grub_verifier_unregister (&grub_tpm_verifier);
|
|
||||||
+#else
|
|
||||||
grub_verifier_unregister (&grub_tpm_verifier);
|
|
||||||
+#endif
|
|
||||||
grub_unregister_extcmd (cmd);
|
|
||||||
}
|
|
||||||
--- a/util/grub-install.c
|
--- a/util/grub-install.c
|
||||||
+++ b/util/grub-install.c
|
+++ b/util/grub-install.c
|
||||||
@@ -1457,8 +1457,9 @@
|
@@ -1457,8 +1457,9 @@
|
||||||
|
Loading…
Reference in New Issue
Block a user