From 8ee92f5194c025617fd948b3d85094f9426bf4d28321bd5294d0263ebfbd7498 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 24 Aug 2023 03:25:56 +0000 Subject: [PATCH] Accepting request 1105405 from home:michael-chang:grub:2.12rc1 - Implement NV index mode for TPM 2.0 key protector 0001-protectors-Implement-NV-index.patch - Fall back to passphrase mode when the key protector fails to unlock the disk 0002-cryptodisk-Fallback-to-passphrase.patch - Wipe out the cached key cleanly 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch - Make diskfiler to look up cryptodisk devices first 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Version bump to 2.12~rc1 * Added: - grub-2.12~rc1.tar.xz * Removed: - grub-2.06.tar.xz * Patch dropped merged by new version: - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch - grub2-s390x-02-kexec-module-added-to-emu.patch - grub2-efi-chainloader-root.patch - grub2-Fix-incorrect-netmask-on-ppc64.patch - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - grub2-s390x-10-keep-network-at-kexec.patch - 0001-Fix-build-error-in-binutils-2.36.patch - 0001-emu-fix-executable-stack-marking.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - 0001-Filter-out-POSIX-locale-for-translation.patch OBS-URL: https://build.opensuse.org/request/show/1105405 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=458 --- ...are-fix-printf-format-with-null-byte.patch | 88 --- ...or-Linux-EFI-stub-loading-on-aarch64.patch | 105 +-- 0001-Factor-out-grub_efi_linux_boot.patch | 171 ++--- ...ter-out-POSIX-locale-for-translation.patch | 36 - 0001-Fix-build-error-in-binutils-2.36.patch | 47 -- ...boot-loop-on-headless-system-in-qemu.patch | 11 +- ...-grub.cfg-compatible-to-old-binaries.patch | 82 +++ ...Adjust-march-flags-for-binutils-2.38.patch | 47 -- ...RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch | 56 -- ...-check-to-enable-btrfs-relative-path.patch | 26 +- ...orkaround-volatile-efi-boot-variable.patch | 34 +- ...d-support-for-UEFI-network-protocols.patch | 384 +++++----- ...rypttab-and-linux-modules-dependency.patch | 18 +- ...i-tpm-Refine-the-status-of-log-event.patch | 39 - ...isk-fix-cryptodisk-module-looking-up.patch | 33 - ...troot-Have-devmapper-recognize-LUKS2.patch | 53 -- ...Fix-missing-change-when-updating-to-.patch | 35 + ...Use-nodes-in-logical-volume-s-segmen.patch | 180 ----- 0001-efi-linux-provide-linux-command.patch | 26 +- 0001-emu-fix-executable-stack-marking.patch | 70 -- ...hs-exceeds-font-max_glyph_width-or-f.patch | 33 - ...Try-memdisk-fonts-with-the-same-name.patch | 39 + ...extent-item-iteration-to-handle-gaps.patch | 124 ---- ...btrfs-Use-full-btrfs-bootloader-area.patch | 162 ----- ...gnore-checksum-seed-incompat-feature.patch | 59 -- ...gnore-the-large_dir-incompat-feature.patch | 58 -- ...adable-filesystem-with-v4-superblock.patch | 120 --- ...odify-sector-by-sysfs-as-disk-sector.patch | 57 -- ...-SUSE-signed-image-support-for-power.patch | 25 +- ...-install-bailout-root-device-probing.patch | 31 +- ...nt-of-no-return-for-powerpc-ieee1275.patch | 32 - ...-mkconfig-restore-umask-for-grub.cfg.patch | 44 -- ...le-device-path-for-a-nvmf-boot-devic.patch | 25 +- ...ort-for-trusted-boot-using-a-vTPM-2..patch | 239 ------ ...-Avoiding-many-unecessary-open-close.patch | 19 +- ...AP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch | 82 --- ...-increase-initially-allocated-heap-f.patch | 46 -- ...e-initially-allocated-heap-from-1-4-.patch | 49 -- ...fdisk-retry-on-open-and-read-failure.patch | 19 +- 0001-install-fix-software-raid1-on-esp.patch | 57 +- ...efi-mm-Enlarge-the-default-heap-size.patch | 32 - ...it-Convert-plain-numbers-to-constant.patch | 50 -- 0001-kern-mm.c-Make-grub_calloc-inline.patch | 15 +- 0001-libc-config-merge-from-glibc.patch | 339 --------- ...ure-the-newc-pathname-is-NULL-termin.patch | 146 ---- ...message-to-align-with-luks-and-geli-.patch | 31 - ...x-dangling-pointer-may-be-used-error.patch | 86 --- ...ally-requesting-additional-memory-re.patch | 133 ---- ...-boot-time-by-lookup-boot-disk-first.patch | 11 +- ...include-grub-osdep-major.h-and-use-i.patch | 158 ---- ...erpc-do-CAS-in-a-more-compatible-way.patch | 113 --- ...tectors-Add-key-protectors-framework.patch | 17 +- 0001-protectors-Implement-NV-index.patch | 80 ++ ...-the-path-of-usr-merged-kernel-confi.patch | 11 +- ...-error-as-non-fatal-but-debug-print-.patch | 29 - 0001-video-Remove-trailing-whitespaces.patch | 686 ------------------ ...sing-grub_arch_efi_linux_load_image_.patch | 83 +++ 0002-AUDIT-0-http-boot-tracker-bug.patch | 2 +- ...grub_disk_write_tail-helper-function.patch | 17 +- ...r-the-PE-magic-for-the-compiled-arch.patch | 21 +- ...-bounds-array-subscript-0-is-outside.patch | 533 -------------- ...t-blocks-as-used-for-image-embedding.patch | 17 +- ...tup-key-file-permission-for-better-s.patch | 15 +- ...fdt-has-address-cells-and-size-cells.patch | 7 +- ...-Provide-cmdline-functions-as-module.patch | 17 +- ...-Use-grub_strcpy-instead-of-grub_mem.patch | 40 - 0002-cryptodisk-Fallback-to-passphrase.patch | 41 ++ ...k-Refactor-to-discard-have_it-global.patch | 187 ----- ...t-Set-up-cheated-LUKS2-cryptodisk-mo.patch | 127 ---- ...ey-before-entering-grub-shell-and-ed.patch | 4 +- ...erflow-in-grub_font_get_glyph_intern.patch | 113 --- 0002-ieee1275-claim-more-memory.patch | 242 ------ ...5-implement-vec5-for-cas-negotiation.patch | 83 --- ...ys-request-a-fixed-number-of-pages-o.patch | 106 --- ...ee1275-init-Extended-support-in-Vec5.patch | 129 ---- ...hainloader-Simplify-the-loader-state.patch | 125 ---- ...mm-Defer-the-disk-cache-invalidation.patch | 68 -- ...racketed-ipv6-addrs-and-port-numbers.patch | 246 ------- ...disk-Use-stat-instead-of-udevadm-for.patch | 98 --- ...e-tpm-verifier-if-tpm-is-not-present.patch | 128 ---- 0002-tpm2-Add-TPM-Software-Stack-TSS.patch | 42 +- ...rch-64-on-32-boot-in-linuxefi-loader.patch | 99 ++- 0003-Make-grub_error-more-verbose.patch | 16 +- 0003-bootp-New-net_bootp6-command.patch | 36 +- ...ot-Add-API-to-pass-context-to-loader.patch | 161 ---- ...n-failure-in-cryptomount-when-no-cry.patch | 32 - ...-out-the-cached-keys-from-protectors.patch | 36 + ...When-cheatmounting-use-the-sector-in.patch | 71 -- ...-EFI_CC_MEASUREMENT_PROTOCOL-support.patch | 260 ------- ...-integer-overflows-in-grub_font_cons.patch | 81 --- ...stall-support-prep-environment-block.patch | 15 +- ...-memory-with-ibm-client-architecture.patch | 263 ------- ...tract-function-to-add-memory-regions.patch | 86 --- 0003-protectors-Add-TPM2-Key-Protector.patch | 34 +- ...-array-subscript-0-is-outside-array-.patch | 51 -- ...igning-grub-with-an-appended-signatu.patch | 53 +- 0004-Introduce-prep_load_env-command.patch | 4 +- ...tter-locations-for-kernel-and-initrd.patch | 31 +- ...-Better-memory-allocation-and-error-.patch | 35 +- ...ve-error-messaging-in-cryptomount-in.patch | 58 -- 0004-cryptodisk-Support-key-protectors.patch | 270 +++---- ...ter-look-up-cryptodisk-devices-first.patch | 89 +++ 0004-efinet-UEFI-IPv6-PXE-support.patch | 31 +- 0004-font-Remove-grub_font_dup_glyph.patch | 42 -- ...ss-up-errors-from-add_memory_regions.patch | 89 --- ...i-chainloader-Use-grub_loader_set_ex.patch | 83 --- ...t-show-Booting-s-msg-when-auto-booti.patch | 93 --- ...-Welcome-to-GRUB-message-in-EFI-buil.patch | 45 -- ...-Improve-cryptomount-u-error-message.patch | 31 - ...rub-Document-signing-grub-under-UEFI.patch | 11 +- 0005-export-environment-at-start-up.patch | 9 +- ...nteger-overflow-in-ensure_comb_space.patch | 48 -- 0005-grub.texi-Add-net_bootp6-doument.patch | 10 +- ...-Implement-runtime-addition-of-pages.patch | 77 -- ...ct-non-kernel-files-in-the-shim_lock.patch | 103 --- 0005-util-grub-protect-Add-new-tool.patch | 22 +- ...ot-set-colorstate-until-the-first-te.patch | 54 -- ...essing-DHCPACK-packet-from-HTTP-Boot.patch | 18 +- ...nfrastructure-to-pass-data-from-cryp.patch | 252 ------- ...nt-signing-grub-with-an-appended-sig.patch | 7 +- ...nt-Fix-integer-overflow-in-BMP-index.patch | 65 -- ...-leak-device_name-on-error-in-grub_f.patch | 41 -- ...ot-set-cursor-until-the-first-text-o.patch | 75 -- ...tor-password-input-out-of-crypto-dev.patch | 342 --------- ...e-grub_dl_set_persistent-for-the-emu.patch | 7 +- ...etting-network-from-UEFI-device-path.patch | 42 +- ...-underflow-in-binary-search-of-char-.patch | 86 --- ...g-Abort-sooner-if-a-read-operation-f.patch | 201 ----- ...global-variables-into-grub_cryptomou.patch | 248 ------- ...etting-DNS-server-from-UEFI-protocol.patch | 72 +- 0008-fbutil-Fix-integer-overflow.patch | 85 --- ...linuxefi-Use-common-grub_initrd_load.patch | 15 +- 0008-pgp-factor-out-rsa_pad.patch | 23 +- ...g-Refuse-to-handle-multiple-image-he.patch | 31 - ...ry-to-obviate-the-need-to-input-pass.patch | 44 +- ...ve-handling-of-partition-name-in-cry.patch | 39 - ...ix-an-integer-underflow-in-blit_comb.patch | 91 --- ...g-Drop-greyscale-support-to-fix-heap.patch | 171 ----- ..._font_blit_glyph-and-grub_font_blit_.patch | 75 -- ...p-tweaks-in-preparation-for-libtasn1.patch | 17 +- ...ates-import-etc-crypttab-to-grub.cfg.patch | 2 +- ...g-Avoid-heap-OOB-R-W-inserting-huff-.patch | 42 -- ...l_font-to-glyphs-in-ascii_font_glyph.patch | 36 - 0011-libtasn1-import-libtasn1-4.18.0.patch | 48 -- ...-png-Sanity-check-some-huffman-codes.patch | 42 -- ...ix-an-integer-overflow-in-grub_unico.patch | 55 -- 0012-tpm-Build-tpm-as-module.patch | 16 +- ...eg-Abort-sooner-if-a-read-operation-.patch | 258 ------- ...eg-Do-not-reallocate-a-given-huff-ta.patch | 32 - 0014-libtasn1-compile-into-asn1-module.patch | 10 +- ...eg-Refuse-to-handle-multiple-start-o.patch | 46 -- 0015-test_asn1-test-module-for-libtasn1.patch | 56 +- ...eg-Block-int-underflow-wild-pointer-.patch | 77 -- ...-support-embedding-x509-certificates.patch | 47 +- ...ix-array-out-of-bounds-formatting-un.patch | 36 - ...res-import-GNUTLS-s-ASN.1-descriptio.patch | 9 - 0017-net-ip-Do-IP-fragment-maths-safely.patch | 54 -- ...res-parse-PKCS-7-signedData-and-X.50.patch | 15 - ...ff-Block-overly-large-netbuff-allocs.patch | 55 -- ...res-support-verifying-appended-signa.patch | 21 +- ...le-free-addresses-on-corrupt-DNS-res.patch | 59 -- ...pended-signatures-verification-tests.patch | 23 +- ...ad-past-the-end-of-the-string-we-re-.patch | 73 -- 0021-appended-signatures-documentation.patch | 45 +- ...-a-UAF-and-double-free-from-a-failed.patch | 115 --- ...er-lockdown-based-on-ibm-secure-boot.patch | 23 +- 0022-net-tftp-Avoid-a-trivial-UAF.patch | 37 - ...tear-down-socket-if-it-s-already-bee.patch | 44 -- ...Fix-OOB-write-for-split-http-headers.patch | 48 -- ...or-out-on-headers-with-LF-without-CR.patch | 50 -- ...ead-past-the-end-of-nat-journal-entr.patch | 75 -- ...-not-read-past-the-end-of-nat-bitmap.patch | 134 ---- ...ot-copy-file-names-that-are-too-long.patch | 40 - ...eral-fuzz-issues-with-invalid-dir-it.patch | 79 -- ...e-ASAN-and-SEGV-issues-found-with-fu.patch | 137 ---- ...x-more-fuzz-issues-related-to-chunks.patch | 78 -- ...er_set_ex-for-secureboot-chainloader.patch | 261 ------- ...s-Move-verifiers-API-to-kernel-image.patch | 150 ---- efi-set-variable-with-attrs.patch | 51 -- grub-2.06.tar.xz | 3 - grub-2.12~rc1.tar.xz | 3 + ...ce-journal-draining-to-ensure-data-i.patch | 50 +- grub-install-record-pcrs.patch | 8 +- grub-read-pcr.patch | 48 +- grub2-Add-hidden-menu-entries.patch | 42 +- grub2-Fix-incorrect-netmask-on-ppc64.patch | 41 -- ...INE_LINUX_RECOVERY-for-recovery-mode.patch | 46 -- grub2-SUSE-Add-the-t-hotkey.patch | 20 +- ...add-module-for-boot-loader-interface.patch | 277 ------- ...-add-ability-to-boot-from-subvolumes.patch | 35 +- grub2-btrfs-02-export-subvolume-envvars.patch | 8 +- grub2-btrfs-03-follow_default.patch | 24 +- grub2-btrfs-04-grub2-install.patch | 60 +- grub2-btrfs-05-grub2-mkconfig.patch | 14 +- grub2-btrfs-06-subvol-mount.patch | 54 +- grub2-btrfs-07-subvol-fallback.patch | 8 +- ...rkaround-snapshot-menu-default-entry.patch | 10 +- grub2-btrfs-09-get-default-subvolume.patch | 12 +- grub2-btrfs-10-config-directory.patch | 22 +- grub2-btrfs-help-on-snapper-rollback.patch | 8 +- ...mands-introduce-read_file-subcommand.patch | 26 +- ...er-support-pv-without-metadatacopies.patch | 26 +- grub2-efi-HP-workaround.patch | 14 +- grub2-efi-chainload-harder.patch | 35 +- grub2-efi-chainloader-root.patch | 39 - ...-efi-disable-video-cirrus-and-bochus.patch | 16 +- grub2-efi-xen-cfg-unquote.patch | 10 +- grub2-efi-xen-chainload.patch | 28 +- grub2-efi-xen-cmdline.patch | 6 +- grub2-efi-xen-removable.patch | 14 +- grub2-emu-4-all.patch | 60 +- grub2-fix-menu-in-xen-host-server.patch | 34 +- grub2-getroot-support-nvdimm.patch | 7 +- ...oot-treat-mdadm-ddf-as-simple-device.patch | 18 +- ...-support-scrolling-menu-entry-s-text.patch | 70 +- grub2-grubenv-in-btrfs-header.patch | 42 +- grub2-install-fix-not-a-directory-error.patch | 10 +- ...seless-check-PReP-partition-is-empty.patch | 21 +- grub2-linux.patch | 20 +- grub2-linuxefi-fix-boot-params.patch | 8 +- grub2-menu-unrestricted.patch | 8 +- grub2-mkconfig-aarch64.patch | 8 +- grub2-mkconfig-arm.patch | 8 +- grub2-mkconfig-default-entry-correction.patch | 10 +- grub2-pass-corret-root-for-nfsroot.patch | 53 +- grub2-ppc-terminfo.patch | 16 +- grub2-ppc64-cas-fix-double-free.patch | 28 +- grub2-ppc64-cas-new-scope.patch | 8 +- grub2-ppc64-cas-reboot-support.patch | 34 +- grub2-ppc64le-disable-video.patch | 30 +- grub2-ppc64le-memory-map.patch | 28 +- ...-files-added-in-order-to-allow-s390x.patch | 92 ++- ...2-s390x-02-kexec-module-added-to-emu.patch | 342 --------- grub2-s390x-03-output-7-bit-ascii.patch | 74 +- grub2-s390x-04-grub2-install.patch | 92 +-- grub2-s390x-05-grub2-mkconfig.patch | 18 +- grub2-s390x-06-loadparm.patch | 8 +- ...0x-07-add-image-param-for-zipl-setup.patch | 12 +- grub2-s390x-08-workaround-part-to-disk.patch | 8 +- grub2-s390x-10-keep-network-at-kexec.patch | 17 - grub2-s390x-11-secureboot.patch | 38 +- grub2-s390x-skip-zfcpdump-image.patch | 8 +- grub2-secureboot-add-linuxefi.patch | 32 +- grub2-secureboot-chainloader.patch | 223 +++--- grub2-secureboot-install-signed-grub.patch | 24 +- grub2-secureboot-no-insmod-on-sb.patch | 8 +- grub2-simplefb.patch | 6 +- grub2-suse-remove-linux-root-param.patch | 12 +- grub2-use-rpmsort-for-version-sorting.patch | 163 ++++- grub2-util-30_os-prober-multiple-initrd.patch | 17 +- ...-vbe-blacklist-preferred-1440x900x32.patch | 8 +- ...-the-resolution-for-fixed-bimap-font.patch | 20 +- grub2-xen-linux16.patch | 12 +- grub2.changes | 278 +++++++ grub2.spec | 532 ++++++-------- rename-grub-info-file-to-grub2.patch | 12 +- safe_tpm_pcr_snapshot.patch | 12 +- tpm-record-pcrs.patch | 28 +- use-grub2-as-a-package-name.patch | 16 +- 259 files changed, 2818 insertions(+), 15166 deletions(-) delete mode 100644 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch delete mode 100644 0001-Filter-out-POSIX-locale-for-translation.patch delete mode 100644 0001-Fix-build-error-in-binutils-2.36.patch create mode 100644 0001-Make-grub.cfg-compatible-to-old-binaries.patch delete mode 100644 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch delete mode 100644 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch delete mode 100644 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch delete mode 100644 0001-crytodisk-fix-cryptodisk-module-looking-up.patch delete mode 100644 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch create mode 100644 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch delete mode 100644 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch delete mode 100644 0001-emu-fix-executable-stack-marking.patch delete mode 100644 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch create mode 100644 0001-font-Try-memdisk-fonts-with-the-same-name.patch delete mode 100644 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch delete mode 100644 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch delete mode 100644 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch delete mode 100644 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch delete mode 100644 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch delete mode 100644 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch delete mode 100644 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch delete mode 100644 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch delete mode 100644 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch delete mode 100644 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch delete mode 100644 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch delete mode 100644 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch delete mode 100644 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch delete mode 100644 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch delete mode 100644 0001-libc-config-merge-from-glibc.patch delete mode 100644 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch delete mode 100644 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch delete mode 100644 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch delete mode 100644 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch delete mode 100644 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch delete mode 100644 0001-powerpc-do-CAS-in-a-more-compatible-way.patch create mode 100644 0001-protectors-Implement-NV-index.patch delete mode 100644 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch delete mode 100644 0001-video-Remove-trailing-whitespaces.patch create mode 100644 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch delete mode 100644 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch delete mode 100644 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch create mode 100644 0002-cryptodisk-Fallback-to-passphrase.patch delete mode 100644 0002-cryptodisk-Refactor-to-discard-have_it-global.patch delete mode 100644 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch delete mode 100644 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch delete mode 100644 0002-ieee1275-claim-more-memory.patch delete mode 100644 0002-ieee1275-implement-vec5-for-cas-negotiation.patch delete mode 100644 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch delete mode 100644 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch delete mode 100644 0002-loader-efi-chainloader-Simplify-the-loader-state.patch delete mode 100644 0002-mm-Defer-the-disk-cache-invalidation.patch delete mode 100644 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch delete mode 100644 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch delete mode 100644 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch delete mode 100644 0003-commands-boot-Add-API-to-pass-context-to-loader.patch delete mode 100644 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch create mode 100644 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch delete mode 100644 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch delete mode 100644 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch delete mode 100644 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch delete mode 100644 0003-ieee1275-request-memory-with-ibm-client-architecture.patch delete mode 100644 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch delete mode 100644 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch delete mode 100644 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch create mode 100644 0004-diskfilter-look-up-cryptodisk-devices-first.patch delete mode 100644 0004-font-Remove-grub_font_dup_glyph.patch delete mode 100644 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch delete mode 100644 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch delete mode 100644 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch delete mode 100644 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch delete mode 100644 0005-cryptodisk-Improve-cryptomount-u-error-message.patch delete mode 100644 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch delete mode 100644 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch delete mode 100644 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch delete mode 100644 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch delete mode 100644 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch delete mode 100644 0006-font-Fix-integer-overflow-in-BMP-index.patch delete mode 100644 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch delete mode 100644 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch delete mode 100644 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch delete mode 100644 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch delete mode 100644 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch delete mode 100644 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch delete mode 100644 0008-fbutil-Fix-integer-overflow.patch delete mode 100644 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch delete mode 100644 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch delete mode 100644 0009-font-Fix-an-integer-underflow-in-blit_comb.patch delete mode 100644 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch delete mode 100644 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch delete mode 100644 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch delete mode 100644 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch delete mode 100644 0011-video-readers-png-Sanity-check-some-huffman-codes.patch delete mode 100644 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch delete mode 100644 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch delete mode 100644 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch delete mode 100644 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch delete mode 100644 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch delete mode 100644 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch delete mode 100644 0017-net-ip-Do-IP-fragment-maths-safely.patch delete mode 100644 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch delete mode 100644 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch delete mode 100644 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch delete mode 100644 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch delete mode 100644 0022-net-tftp-Avoid-a-trivial-UAF.patch delete mode 100644 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch delete mode 100644 0024-net-http-Fix-OOB-write-for-split-http-headers.patch delete mode 100644 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch delete mode 100644 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch delete mode 100644 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch delete mode 100644 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch delete mode 100644 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch delete mode 100644 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch delete mode 100644 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch delete mode 100644 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch delete mode 100644 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch delete mode 100644 efi-set-variable-with-attrs.patch delete mode 100644 grub-2.06.tar.xz create mode 100644 grub-2.12~rc1.tar.xz delete mode 100644 grub2-Fix-incorrect-netmask-on-ppc64.patch delete mode 100644 grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch delete mode 100644 grub2-add-module-for-boot-loader-interface.patch delete mode 100644 grub2-efi-chainloader-root.patch delete mode 100644 grub2-s390x-02-kexec-module-added-to-emu.patch delete mode 100644 grub2-s390x-10-keep-network-at-kexec.patch diff --git a/0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch b/0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch deleted file mode 100644 index dfb6b92..0000000 --- a/0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 47eddcfc6859f269bb3cfaf95d5b33502cafd9ec Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Mon, 21 Jun 2021 05:11:18 +0000 -Subject: [PATCH] 30_uefi-firmware: fix printf format with null byte -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On a Raspberry Pi 4, the OsIndications variable is set as following - - $ od -An -t u1 /sys/firmware/efi/efivars/OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c - 6 0 0 0 0 0 0 0 0 0 0 0 - -The fifth byte indicates there's no boot to uefi firmware support as no -bit is set. However the /etc/grub.d/30_uefi-firmware mistakenly detects -that from the grub-mkconfig output. - - /etc/grub.d/30_uefi-firmware: line 34: warning: command substitution: ignored null byte in input - Adding boot menu entry for UEFI Firmware Settings ... - -The warning has dictated that the null byte is ignored from the printf -input arguments so that the expression of - - rintf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5)"\') - -becomes - - printf 0x%x \'""\' - 0x27 - -The numeric value of trailing character \' is outputted instead of the -null byte. - -From the printf manual, there's description to the synax of formatting -the numeric value ouput of a character. - -"If the leading character of a numeric argument is ‘"’ or ‘'’ then its -value is the numeric value of the immediately following character. Any -remaining characters are silently ignored if the POSIXLY_CORRECT -environment variable is set; otherwise, a warning is printed. For -example, ‘printf "%d" "'a"’ outputs ‘97’ on hosts that use the ASCII -character set, since ‘a’ has the numeric value 97 in ASCII." - -From the descrption the trailing \' appears to be superfluous and should -get removed to have correct output. - - printf 0x%x \'"" - 0x0 - -In additon to suppress the warning message of ignored null byte in -input, we can delete it so an empty string is used. - -To illustrate the problem using echo as example - - printf 0x%x \'"$(echo -e '\x00')" - -bash: warning: command substitution: ignored null byte in input - 0x0 - -And here using tr to delete the null character - - printf 0x%x \'"$(echo -e '\x00'| tr -d '\000')" - -The expression above is substituted to - - printf 0x%x \'"" - 0x0 - -Signed-off-by: Michael Chang ---- - util/grub.d/30_uefi-firmware.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in -index d344d3883..d069f2727 100644 ---- a/util/grub.d/30_uefi-firmware.in -+++ b/util/grub.d/30_uefi-firmware.in -@@ -31,7 +31,7 @@ EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c - OS_INDICATIONS="$EFI_VARS_DIR/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE" - - if [ -e "$OS_INDICATIONS" ] && \ -- [ "$(( $(printf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5)"\') & 1 ))" = 1 ]; then -+ [ "$(( $(printf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5 | tr -d '\000')") & 1 ))" = 1 ]; then - LABEL="UEFI Firmware Settings" - - gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 --- -2.26.2 - diff --git a/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch b/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch index a687656..3baf8bc 100644 --- a/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch +++ b/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch @@ -23,20 +23,18 @@ like secure boot, gpg and tpm. 4 files changed, 465 insertions(+), 1 deletion(-) create mode 100644 grub-core/loader/arm64/efi/linux.c -Index: grub-2.06~rc1/grub-core/Makefile.core.def -=================================================================== ---- grub-2.06~rc1.orig/grub-core/Makefile.core.def -+++ grub-2.06~rc1/grub-core/Makefile.core.def -@@ -1812,7 +1812,7 @@ module = { +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1854,7 +1854,7 @@ arm_coreboot = loader/arm/linux.c; - arm_efi = loader/arm64/linux.c; + arm_efi = loader/efi/linux.c; arm_uboot = loader/arm/linux.c; -- arm64 = loader/arm64/linux.c; +- arm64 = loader/efi/linux.c; + arm64 = loader/arm64/efi/linux.c; - riscv32 = loader/riscv/linux.c; - riscv64 = loader/riscv/linux.c; - emu = loader/emu/linux.c; -@@ -1879,7 +1879,7 @@ module = { + loongarch64 = loader/efi/linux.c; + riscv32 = loader/efi/linux.c; + riscv64 = loader/efi/linux.c; +@@ -1922,7 +1922,7 @@ module = { name = linuxefi; @@ -45,10 +43,8 @@ Index: grub-2.06~rc1/grub-core/Makefile.core.def enable = i386_efi; enable = x86_64_efi; }; -Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c -=================================================================== --- /dev/null -+++ grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c ++++ b/grub-core/loader/arm64/efi/linux.c @@ -0,0 +1,411 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -120,7 +116,7 @@ Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c + +#pragma GCC diagnostic pop + -+grub_err_t ++static grub_err_t +grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) +{ + if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) @@ -332,7 +328,7 @@ Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c + goto fail; + } + -+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem)) ++ if (grub_initrd_load (&initrd_ctx, initrd_mem)) + goto fail; + + initrd_start = (grub_addr_t) initrd_mem; @@ -461,21 +457,16 @@ Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); +} -Index: grub-2.06~rc1/include/grub/arm/linux.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/arm/linux.h -+++ grub-2.06~rc1/include/grub/arm/linux.h -@@ -20,6 +20,7 @@ +--- a/include/grub/arm/linux.h ++++ b/include/grub/arm/linux.h +@@ -20,10 +20,22 @@ #ifndef GRUB_ARM_LINUX_HEADER #define GRUB_ARM_LINUX_HEADER 1 +#include #include "system.h" - #define GRUB_LINUX_ARM_MAGIC_SIGNATURE 0x016f2818 -@@ -34,9 +35,17 @@ struct linux_arm_kernel_header { - grub_uint32_t hdr_offset; - }; + #include +struct grub_arm_linux_pe_header +{ @@ -484,29 +475,42 @@ Index: grub-2.06~rc1/include/grub/arm/linux.h + struct grub_pe32_optional_header opt; +}; + - #if defined(__arm__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE - # define linux_arch_kernel_header linux_arm_kernel_header ++#if defined(__arm__) +# define grub_armxx_linux_pe_header grub_arm_linux_pe_header - #endif - ++#endif ++ #if defined GRUB_MACHINE_UBOOT -Index: grub-2.06~rc1/include/grub/arm64/linux.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/arm64/linux.h -+++ grub-2.06~rc1/include/grub/arm64/linux.h -@@ -20,6 +20,7 @@ - #define GRUB_ARM64_LINUX_HEADER 1 - - #include + # include + # define LINUX_ADDRESS (start_of_ram + 0x8000) +--- /dev/null ++++ b/include/grub/arm64/linux.h +@@ -0,0 +1,39 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_ARM64_LINUX_HEADER ++#define GRUB_ARM64_LINUX_HEADER 1 ++ ++#include +#include - - #define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ - -@@ -38,9 +39,17 @@ struct linux_arm64_kernel_header - grub_uint32_t hdr_offset; /* Offset of PE/COFF header */ - }; - ++ ++#define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ ++ +struct grub_arm64_linux_pe_header +{ + grub_uint32_t magic; @@ -514,10 +518,9 @@ Index: grub-2.06~rc1/include/grub/arm64/linux.h + struct grub_pe64_optional_header opt; +}; + - #if defined(__aarch64__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE - # define linux_arch_kernel_header linux_arm64_kernel_header ++#if defined(__aarch64__) ++# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE +# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header - #endif - - #endif /* ! GRUB_ARM64_LINUX_HEADER */ ++#endif ++ ++#endif /* ! GRUB_ARM64_LINUX_HEADER */ diff --git a/0001-Factor-out-grub_efi_linux_boot.patch b/0001-Factor-out-grub_efi_linux_boot.patch index f8dbced..96e82e4 100644 --- a/0001-Factor-out-grub_efi_linux_boot.patch +++ b/0001-Factor-out-grub_efi_linux_boot.patch @@ -18,20 +18,18 @@ Signed-off-by: Michael Chang create mode 100644 grub-core/loader/efi/linux.c create mode 100644 include/grub/efi/linux.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index b5328d7a0..46a488131 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -1834,6 +1834,7 @@ module = { - riscv64 = loader/riscv/linux.c; +@@ -1860,6 +1860,9 @@ + riscv64 = loader/efi/linux.c; emu = loader/emu/linux.c; common = loader/linux.c; -+ efi = loader/efi/linux.c; ++ i386_efi = loader/efi/linux_boot.c; ++ x86_64_efi = loader/efi/linux_boot.c; ++ arm64 = loader/efi/linux_boot.c; }; module = { -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 87cb2f97c..0ebdc48b7 100644 --- a/grub-core/loader/arm64/efi/linux.c +++ b/grub-core/loader/arm64/efi/linux.c @@ -33,6 +33,7 @@ @@ -42,7 +40,7 @@ index 87cb2f97c..0ebdc48b7 100644 GRUB_MOD_LICENSE ("GPLv3+"); -@@ -51,40 +52,6 @@ static grub_uint32_t cmdline_size; +@@ -51,40 +52,6 @@ static grub_addr_t initrd_start; static grub_addr_t initrd_end; @@ -80,14 +78,82 @@ index 87cb2f97c..0ebdc48b7 100644 - -#pragma GCC diagnostic pop - - grub_err_t + static grub_err_t grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) { -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -new file mode 100644 -index 000000000..442627dc2 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -40,26 +41,18 @@ + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + +-typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *); +- + static grub_err_t + grub_linuxefi_boot (void) + { +- handover_func hf; + int offset = 0; + + #ifdef __x86_64__ + offset = 512; + #endif +- +- hf = (handover_func)((char *)kernel_mem + handover_offset + offset); +- + asm volatile ("cli"); + +- hf (grub_efi_image_handle, grub_efi_system_table, params); +- +- /* Not reached */ +- return GRUB_ERR_NONE; ++ return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, ++ params); + } + + static grub_err_t --- /dev/null -+++ b/grub-core/loader/efi/linux.c ++++ b/include/grub/efi/linux.h +@@ -0,0 +1,29 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++#ifndef GRUB_EFI_LINUX_HEADER ++#define GRUB_EFI_LINUX_HEADER 1 ++ ++#include ++#include ++#include ++ ++grub_err_t ++EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, ++ void *kernel_param); ++ ++#endif /* ! GRUB_EFI_LINUX_HEADER */ +--- /dev/null ++++ b/grub-core/loader/efi/linux_boot.c @@ -0,0 +1,58 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -147,82 +213,3 @@ index 000000000..442627dc2 +} + +#pragma GCC diagnostic pop -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 355ecc9b9..06814cae3 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -40,26 +41,18 @@ static char *linux_cmdline; - - #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) - --typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *); -- - static grub_err_t - grub_linuxefi_boot (void) - { -- handover_func hf; - int offset = 0; - - #ifdef __x86_64__ - offset = 512; - #endif -- -- hf = (handover_func)((char *)kernel_mem + handover_offset + offset); -- - asm volatile ("cli"); - -- hf (grub_efi_image_handle, grub_efi_system_table, params); -- -- /* Not reached */ -- return GRUB_ERR_NONE; -+ return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, -+ params); - } - - static grub_err_t -diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -new file mode 100644 -index 000000000..887b02fd9 ---- /dev/null -+++ b/include/grub/efi/linux.h -@@ -0,0 +1,29 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2014 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+#ifndef GRUB_EFI_LINUX_HEADER -+#define GRUB_EFI_LINUX_HEADER 1 -+ -+#include -+#include -+#include -+ -+grub_err_t -+EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, -+ void *kernel_param); -+ -+#endif /* ! GRUB_EFI_LINUX_HEADER */ --- -2.31.1 - diff --git a/0001-Filter-out-POSIX-locale-for-translation.patch b/0001-Filter-out-POSIX-locale-for-translation.patch deleted file mode 100644 index da1861b..0000000 --- a/0001-Filter-out-POSIX-locale-for-translation.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 87b01d35b4db56778e2d9f99d18656026f818bab Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Tue, 26 Oct 2021 13:31:24 +0800 -Subject: [PATCH] Filter out POSIX locale for translation - -The POSIX locale is default or native operating system's locale -identical to the C locale, so no translation to human speaking languages -provided. - -For this reason we should filter out LANG=POSIX as well as LANG=C upon -generating grub.cfg to avoid looking up for it's gettext's message -catalogs that will consequently result in the unpleasant message. - -error: file `/boot/grub/locale/POSIX.gmo' not found - -Signed-off-by: Michael Chang ---- - util/grub.d/00_header.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 57a35a14a..b21caa4bc 100644 ---- a/util/grub.d/00_header.in -+++ b/util/grub.d/00_header.in -@@ -250,7 +250,7 @@ EOF - EOF - - # Gettext variables and module --if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "x" ]; then -+if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "xPOSIX" ] && [ "x${LANG}" != "x" ]; then - cat << EOF - set locale_dir=\$prefix/locale - set lang=${grub_lang} --- -2.31.1 - diff --git a/0001-Fix-build-error-in-binutils-2.36.patch b/0001-Fix-build-error-in-binutils-2.36.patch deleted file mode 100644 index 43a19aa..0000000 --- a/0001-Fix-build-error-in-binutils-2.36.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 7801d671905329d28e789082225570fc54fe5784 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 19 Feb 2021 17:40:43 +0800 -Subject: [PATCH] Fix build error in binutils 2.36 - -The build fails in binutils 2.36 - -[ 520s] cat kernel_syms.lst > syminfo.lst.new -[ 520s] /usr/lib64/gcc/x86_64-suse-linux/10/../../../../x86_64-suse-linux/bin/ld: section .note.gnu.property VMA [0000000000400158,0000000000400187] overlaps section .bss VMA [000000000000f000,000000000041e1af] - -It is caused by assembler now generates the GNU property notes section -by default. Use the assmbler option -mx86-used-note=no to disable the -section from being generated to workaround the ensuing linker issue. - -Signed-off-by: Michael Chang ---- - configure.ac | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/configure.ac b/configure.ac -index c39e8379f..a3fb713ad 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -827,6 +827,20 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p - TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow" - fi - -+if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ); then -+ AC_CACHE_CHECK([whether -Wa,-mx86-used-note works], [grub_cv_cc_mx86_used_note], [ -+ CFLAGS="$TARGET_CFLAGS -Wa,-mx86-used-note=no -Werror" -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_cc_mx86_used_note=yes], -+ [grub_cv_cc_mx86_used_note=no]) -+ ]) -+ -+ if test "x$grub_cv_cc_mx86_used_note" = xyes; then -+ TARGET_CFLAGS="$TARGET_CFLAGS -Wa,-mx86-used-note=no" -+ TARGET_CCASFLAGS="$TARGET_CCASFLAGS -Wa,-mx86-used-note=no" -+ fi -+fi -+ - # GRUB doesn't use float or doubles at all. Yet some toolchains may decide - # that floats are a good fit to run instead of what's written in the code. - # Given that floating point unit is disabled (if present to begin with) --- -2.30.0 - diff --git a/0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch b/0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch index b65d5f6..a4798e5 100644 --- a/0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch +++ b/0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch @@ -33,11 +33,9 @@ Signed-off-by: Michael Chang util/grub.d/00_header.in | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) -diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk -index 04c2863e5a..9b64f3ca93 100644 --- a/grub-core/genmoddep.awk +++ b/grub-core/genmoddep.awk -@@ -96,6 +96,9 @@ END { +@@ -98,6 +98,9 @@ } modlist = "" while (getline <"video.lst") { @@ -47,11 +45,9 @@ index 04c2863e5a..9b64f3ca93 100644 modlist = modlist " " $1; } printf "all_video:%s\n", modlist; -diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index b21caa4bcb..23671838e9 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in -@@ -280,7 +280,15 @@ case x${GRUB_TERMINAL_OUTPUT} in +@@ -287,7 +287,15 @@ ;; x*) cat << EOF @@ -68,6 +64,3 @@ index b21caa4bcb..23671838e9 100644 EOF ;; esac --- -2.34.1 - diff --git a/0001-Make-grub.cfg-compatible-to-old-binaries.patch b/0001-Make-grub.cfg-compatible-to-old-binaries.patch new file mode 100644 index 0000000..57e3c66 --- /dev/null +++ b/0001-Make-grub.cfg-compatible-to-old-binaries.patch @@ -0,0 +1,82 @@ +From b8457f2e271917c5c83a4fee286bafedf8c5790c Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 8 Aug 2023 17:57:24 +0800 +Subject: [PATCH] Make grub.cfg compatible to old binaries + +The new added fwsetup test in the topmost menu is always executed +regardless older grub may not be able to handle and thus trapped in a +boot loop between grub and fwsetup. + +This in particular is to make sure a smooth transition if grub is rolled +back to older release and needs to boot newer snapshots. + +Also removing dashes in the UUID that every version released in the wild +can handle. + +Signed-off-by: Michael Chang +--- + util/grub-probe.c | 20 +++++++++++++++++++- + util/grub.d/30_uefi-firmware.in | 16 ++++++++++------ + 2 files changed, 29 insertions(+), 7 deletions(-) + +diff --git a/util/grub-probe.c b/util/grub-probe.c +index e7efcc268..99c738e44 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -290,8 +290,26 @@ probe_cryptodisk_uuid (grub_disk_t disk, char delim) + } + if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID) + { ++ grub_size_t i, j; + const char *uu = grub_util_cryptodisk_get_uuid (disk); +- grub_printf ("%s%c", uu, delim); ++ grub_size_t len = grub_strlen (uu); ++ char *p = grub_malloc (len + 1); ++ ++ /* Removing dash in the UUID string ++ * This keeps old grub binary to work with newer config in a system, ++ * especially for snapshots. It is a temporary change to make sure smooth ++ * transition from 2.06 to 2.12-rc1 and this hunk can be removed ++ * after 2.12-rc1 release stablized. ++ */ ++ for (i = 0, j = 0; i < len; i++) ++ { ++ if (uu[i] != '-') ++ p[j++] = uu[i]; ++ } ++ p[j] = '\0'; ++ ++ grub_printf ("%s%c", p, delim); ++ grub_free (p); + } + } + +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +index 1c2365ddb..96ff112e5 100644 +--- a/util/grub.d/30_uefi-firmware.in ++++ b/util/grub.d/30_uefi-firmware.in +@@ -32,11 +32,15 @@ gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 + + cat << EOF + if [ "\$grub_platform" = "efi" ]; then +- fwsetup --is-supported +- if [ "\$?" = 0 ]; then +- menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { +- fwsetup +- } +- fi ++ menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { ++ fwsetup --is-supported ++ if [ "\$?" = 0 ]; then ++ fwsetup ++ else ++ echo "Your firmware doesn't support setup menu entry from a boot loader" ++ echo "Press any key to return ..." ++ read ++ fi ++ } + fi + EOF +-- +2.41.0 + diff --git a/0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch b/0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch deleted file mode 100644 index 5cab5f3..0000000 --- a/0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 4e7de0959f3e99824d4a688398958ea022a1d023 Mon Sep 17 00:00:00 2001 -From: Heinrich Schuchardt -Date: Sat, 29 Jan 2022 13:36:55 +0100 -Subject: [PATCH] RISC-V: Adjust -march flags for binutils 2.38 - -As of version 2.38 binutils defaults to ISA specification version -2019-12-13. This version of the specification has has separated the -the csr read/write (csrr*/csrw*) instructions and the fence.i from -the I extension and put them into separate Zicsr and Zifencei -extensions. - -This implies that we have to adjust the -march flag passed to the -compiler accordingly. - -Signed-off-by: Heinrich Schuchardt -Reviewed-by: Daniel Kiper ---- - configure.ac | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/configure.ac b/configure.ac -index af8e2615ce..906eb1cedc 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -866,11 +866,19 @@ if test x"$platform" != xemu ; then - CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], - [grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], []) -+ # ISA spec version 20191213 factored out extensions Zicsr and Zifencei -+ CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror" -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], []) - fi - if test "x$target_cpu" = xriscv64; then - CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], - [grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], []) -+ # ISA spec version 20191213 factored out extensions Zicsr and Zifencei -+ CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror" -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], []) - fi - if test "x$target_cpu" = xia64; then - CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror" --- -2.34.1 - diff --git a/0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch b/0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch deleted file mode 100644 index 44808cf..0000000 --- a/0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 8a6489818b5d30524092b3b9524aabbfc172a882 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 23 Feb 2023 13:15:08 -0800 -Subject: [PATCH] RISC-V: Handle R_RISCV_CALL_PLT reloc - -GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT -reloc for call in assembler [1], similarly LLVM does not make -distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2]. - -Fixes "grub-mkimage: error: relocation 0x13 is not implemented yet.". - -[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c -[2] https://reviews.llvm.org/D132530 - -Signed-off-by: Khem Raj -Reviewed-by: Daniel Kiper ---- - grub-core/kern/riscv/dl.c | 1 + - util/grub-mkimagexx.c | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c -index f26b12aaa..896653bb4 100644 ---- a/grub-core/kern/riscv/dl.c -+++ b/grub-core/kern/riscv/dl.c -@@ -188,6 +188,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - break; - - case R_RISCV_CALL: -+ case R_RISCV_CALL_PLT: - { - grub_uint32_t *abs_place = place; - grub_ssize_t off = sym_addr - (grub_addr_t) place; -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index 8ac9248d1..19cec945a 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -1331,6 +1331,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, - } - break; - case R_RISCV_CALL: -+ case R_RISCV_CALL_PLT: - { - grub_uint32_t hi20, lo12; - -@@ -1763,6 +1764,7 @@ translate_relocation_pe (struct translate_context *ctx, - case R_RISCV_BRANCH: - case R_RISCV_JAL: - case R_RISCV_CALL: -+ case R_RISCV_CALL_PLT: - case R_RISCV_PCREL_HI20: - case R_RISCV_PCREL_LO12_I: - case R_RISCV_PCREL_LO12_S: --- -2.39.2 - diff --git a/0001-Unify-the-check-to-enable-btrfs-relative-path.patch b/0001-Unify-the-check-to-enable-btrfs-relative-path.patch index c12850d..3f9d79e 100644 --- a/0001-Unify-the-check-to-enable-btrfs-relative-path.patch +++ b/0001-Unify-the-check-to-enable-btrfs-relative-path.patch @@ -13,11 +13,9 @@ Signed-off-by: Michael Chang util/grub-mkconfig_lib.in | 3 +- 2 files changed, 48 insertions(+), 22 deletions(-) -diff --git a/util/grub-install.c b/util/grub-install.c -index 746a42a04..8d18f2530 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -870,6 +870,7 @@ main (int argc, char *argv[]) +@@ -886,6 +886,7 @@ const char *efi_file = NULL; char **grub_devices; grub_fs_t grub_fs; @@ -25,7 +23,7 @@ index 746a42a04..8d18f2530 100644 grub_device_t grub_dev = NULL; enum grub_install_plat platform; char *grubdir, *device_map; -@@ -882,6 +883,8 @@ main (int argc, char *argv[]) +@@ -898,6 +899,8 @@ int efidir_is_mac = 0; int is_prep = 0; const char *pkgdatadir; @@ -34,7 +32,7 @@ index 746a42a04..8d18f2530 100644 grub_util_host_init (&argc, &argv); product_version = xstrdup (PACKAGE_VERSION); -@@ -895,9 +898,6 @@ main (int argc, char *argv[]) +@@ -911,9 +914,6 @@ grub_util_load_config (&config); @@ -44,7 +42,7 @@ index 746a42a04..8d18f2530 100644 if (!bootloader_id && config.grub_distributor) { char *ptr; -@@ -1046,6 +1046,45 @@ main (int argc, char *argv[]) +@@ -1064,6 +1064,45 @@ grub_hostfs_init (); grub_host_init (); @@ -90,7 +88,7 @@ index 746a42a04..8d18f2530 100644 switch (platform) { case GRUB_INSTALL_PLATFORM_I386_EFI: -@@ -1410,8 +1449,7 @@ main (int argc, char *argv[]) +@@ -1454,8 +1493,7 @@ debug_image); } @@ -100,7 +98,7 @@ index 746a42a04..8d18f2530 100644 { if (!load_cfg_f) load_cfg_f = grub_util_fopen (load_cfg, "wb"); -@@ -1624,21 +1662,13 @@ main (int argc, char *argv[]) +@@ -1669,21 +1707,13 @@ #ifdef __linux__ @@ -116,16 +114,17 @@ index 746a42a04..8d18f2530 100644 - - if (rootdir_path && grub_util_is_directory (rootdir_path)) - rootdir_devices = grub_guess_root_devices (rootdir_path); - +- - if (rootdir_devices && rootdir_devices[0]) - if (grub_strcmp (rootdir_devices[0], grub_devices[0]) == 0) - subvol = grub_util_get_btrfs_subvol (platdir, &mount_path); ++ + if (grub_strcmp (rootdir_devices[0], grub_devices[0]) == 0) + subvol = grub_util_get_btrfs_subvol (platdir, &mount_path); if (subvol && mount_path) { -@@ -1663,11 +1693,6 @@ main (int argc, char *argv[]) +@@ -1708,11 +1738,6 @@ } } @@ -137,11 +136,9 @@ index 746a42a04..8d18f2530 100644 free (subvol); free (mount_path); } -diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 023f54a2d..eab46773b 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in -@@ -49,7 +49,8 @@ grub_warn () +@@ -49,7 +49,8 @@ make_system_path_relative_to_its_root () { @@ -151,6 +148,3 @@ index 023f54a2d..eab46773b 100644 "${grub_mkrelpath}" -r "$1" else "${grub_mkrelpath}" "$1" --- -2.28.0 - diff --git a/0001-Workaround-volatile-efi-boot-variable.patch b/0001-Workaround-volatile-efi-boot-variable.patch index 3f0b79a..2541f11 100644 --- a/0001-Workaround-volatile-efi-boot-variable.patch +++ b/0001-Workaround-volatile-efi-boot-variable.patch @@ -32,21 +32,18 @@ care must be taken to ensure that: create mode 100644 grub-core/osdep/efi_removable_fallback.c create mode 100644 grub-core/osdep/linux/efi_removable_fallback.c -diff --git a/Makefile.util.def b/Makefile.util.def -index 2eaa3ff68..018874ab5 100644 --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -652,6 +652,7 @@ program = { - common = grub-core/kern/emu/argp_common.c; - common = grub-core/osdep/init.c; +@@ -681,6 +681,9 @@ common = grub-core/osdep/journaled_fs.c; + extra_dist = grub-core/osdep/basic/journaled_fs.c; + extra_dist = grub-core/osdep/linux/journaled_fs.c; + common = grub-core/osdep/efi_removable_fallback.c; ++ extra_dist = grub-core/osdep/basic/efi_removable_fallback.c; ++ extra_dist = grub-core/osdep/linux/efi_removable_fallback.c; ldadd = '$(LIBLZMA)'; ldadd = libgrubmods.a; -diff --git a/grub-core/osdep/basic/efi_removable_fallback.c b/grub-core/osdep/basic/efi_removable_fallback.c -new file mode 100644 -index 000000000..3f782f764 --- /dev/null +++ b/grub-core/osdep/basic/efi_removable_fallback.c @@ -0,0 +1,26 @@ @@ -76,9 +73,6 @@ index 000000000..3f782f764 + return NULL; +} + -diff --git a/grub-core/osdep/efi_removable_fallback.c b/grub-core/osdep/efi_removable_fallback.c -new file mode 100644 -index 000000000..615a60831 --- /dev/null +++ b/grub-core/osdep/efi_removable_fallback.c @@ -0,0 +1,5 @@ @@ -87,9 +81,6 @@ index 000000000..615a60831 +#else +#include "basic/efi_removable_fallback.c" +#endif -diff --git a/grub-core/osdep/linux/efi_removable_fallback.c b/grub-core/osdep/linux/efi_removable_fallback.c -new file mode 100644 -index 000000000..7375fb0c2 --- /dev/null +++ b/grub-core/osdep/linux/efi_removable_fallback.c @@ -0,0 +1,151 @@ @@ -244,11 +235,9 @@ index 000000000..7375fb0c2 + return NULL; +} + -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 1541ee233..cedc5f856 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h -@@ -274,4 +274,7 @@ grub_install_is_short_mbrgap_supported(void); +@@ -303,4 +303,7 @@ int grub_install_sync_fs_journal (const char *path); @@ -256,11 +245,9 @@ index 1541ee233..cedc5f856 100644 +const char * +grub_install_efi_removable_fallback (const char *efidir, enum grub_install_plat platform); #endif -diff --git a/util/grub-install.c b/util/grub-install.c -index b37f3ca26..e20b3c6b9 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -885,6 +885,7 @@ main (int argc, char *argv[]) +@@ -901,6 +901,7 @@ const char *pkgdatadir; char *rootdir_path; char **rootdir_devices; @@ -268,7 +255,7 @@ index b37f3ca26..e20b3c6b9 100644 grub_util_host_init (&argc, &argv); product_version = xstrdup (PACKAGE_VERSION); -@@ -1142,6 +1143,7 @@ main (int argc, char *argv[]) +@@ -1175,6 +1176,7 @@ } if (!efidir) grub_util_error ("%s", _("cannot find EFI directory")); @@ -276,7 +263,7 @@ index b37f3ca26..e20b3c6b9 100644 efidir_device_names = grub_guess_root_devices (efidir); if (!efidir_device_names || !efidir_device_names[0]) grub_util_error (_("cannot find a device for %s (is /dev mounted?)"), -@@ -2159,6 +2161,23 @@ main (int argc, char *argv[]) +@@ -2217,6 +2219,23 @@ free (grub_efi_cfg); } } @@ -300,6 +287,3 @@ index b37f3ca26..e20b3c6b9 100644 if (!removable && update_nvram) { char * efifile_path; --- -2.26.2 - diff --git a/0001-add-support-for-UEFI-network-protocols.patch b/0001-add-support-for-UEFI-network-protocols.patch index 274c9e5..5a8b94d 100644 --- a/0001-add-support-for-UEFI-network-protocols.patch +++ b/0001-add-support-for-UEFI-network-protocols.patch @@ -68,11 +68,9 @@ V6: create mode 100644 include/grub/efi/http.h create mode 100644 include/grub/net/efi.h -Index: grub-2.06/grub-core/Makefile.core.def -=================================================================== ---- grub-2.06.orig/grub-core/Makefile.core.def -+++ grub-2.06/grub-core/Makefile.core.def -@@ -2306,6 +2306,12 @@ module = { +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2362,6 +2362,12 @@ common = net/ethernet.c; common = net/arp.c; common = net/netbuff.c; @@ -85,11 +83,9 @@ Index: grub-2.06/grub-core/Makefile.core.def }; module = { -Index: grub-2.06/grub-core/io/bufio.c -=================================================================== ---- grub-2.06.orig/grub-core/io/bufio.c -+++ grub-2.06/grub-core/io/bufio.c -@@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char +--- a/grub-core/io/bufio.c ++++ b/grub-core/io/bufio.c +@@ -139,7 +139,7 @@ return res; /* Need to read some more. */ @@ -98,11 +94,9 @@ Index: grub-2.06/grub-core/io/bufio.c /* Now read between file->offset + res and bufio->buffer_at. */ if (file->offset + res < next_buf) { -Index: grub-2.06/grub-core/kern/efi/efi.c -=================================================================== ---- grub-2.06.orig/grub-core/kern/efi/efi.c -+++ grub-2.06/grub-core/kern/efi/efi.c -@@ -750,7 +750,7 @@ grub_efi_print_device_path (grub_efi_dev +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -770,7 +770,7 @@ { grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) dp; @@ -111,7 +105,7 @@ Index: grub-2.06/grub-core/kern/efi/efi.c (unsigned) ipv4->local_ip_address[0], (unsigned) ipv4->local_ip_address[1], (unsigned) ipv4->local_ip_address[2], -@@ -763,33 +763,60 @@ grub_efi_print_device_path (grub_efi_dev +@@ -783,33 +783,60 @@ (unsigned) ipv4->remote_port, (unsigned) ipv4->protocol, (unsigned) ipv4->static_ip_address); @@ -189,7 +183,7 @@ Index: grub-2.06/grub-core/kern/efi/efi.c } break; case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE: -@@ -829,6 +856,39 @@ grub_efi_print_device_path (grub_efi_dev +@@ -856,6 +883,39 @@ dump_vendor_path ("Messaging", (grub_efi_vendor_device_path_t *) dp); break; @@ -229,10 +223,8 @@ Index: grub-2.06/grub-core/kern/efi/efi.c default: grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); break; -Index: grub-2.06/grub-core/net/drivers/efi/efinet.c -=================================================================== ---- grub-2.06.orig/grub-core/net/drivers/efi/efinet.c -+++ grub-2.06/grub-core/net/drivers/efi/efinet.c +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c @@ -24,6 +24,7 @@ #include #include @@ -241,7 +233,16 @@ Index: grub-2.06/grub-core/net/drivers/efi/efinet.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -481,6 +482,17 @@ grub_efinet_create_dhcp_ack_from_device_ +@@ -345,7 +346,7 @@ + } + + static grub_efi_handle_t +-grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, ++grub_efi_locate_device_path (grub_guid_t *protocol, grub_efi_device_path_t *device_path, + grub_efi_device_path_t **r_device_path) + { + grub_efi_handle_t handle; +@@ -498,6 +499,17 @@ ldp = grub_efi_find_last_device_path (ddp); @@ -259,7 +260,7 @@ Index: grub-2.06/grub-core/net/drivers/efi/efinet.c if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) -@@ -744,6 +756,7 @@ grub_efi_net_config_real (grub_efi_handl +@@ -765,6 +777,7 @@ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE @@ -267,7 +268,7 @@ Index: grub-2.06/grub-core/net/drivers/efi/efinet.c && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) continue; dup_dp = grub_efi_duplicate_device_path (dp); -@@ -759,6 +772,15 @@ grub_efi_net_config_real (grub_efi_handl +@@ -780,6 +793,15 @@ } dup_ldp = grub_efi_find_last_device_path (dup_dp); @@ -283,7 +284,7 @@ Index: grub-2.06/grub-core/net/drivers/efi/efinet.c dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; dup_ldp->length = sizeof (*dup_ldp); -@@ -816,6 +838,9 @@ grub_efi_net_config_real (grub_efi_handl +@@ -860,6 +882,9 @@ GRUB_MOD_INIT(efinet) { @@ -293,18 +294,16 @@ Index: grub-2.06/grub-core/net/drivers/efi/efinet.c grub_efinet_findcards (); grub_efi_net_config = grub_efi_net_config_real; } -@@ -827,5 +852,7 @@ GRUB_MOD_FINI(efinet) - FOR_NET_CARDS_SAFE (card, next) +@@ -871,5 +896,7 @@ + FOR_NET_CARDS_SAFE (card, next) if (card->driver == &efidriver) grub_net_card_unregister (card); + + grub_efi_net_config = NULL; } -Index: grub-2.06/grub-core/net/efi/dhcp.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/net/efi/dhcp.c ++++ b/grub-core/net/efi/dhcp.c @@ -0,0 +1,399 @@ +#include +#include @@ -383,7 +382,7 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + grub_efi_uint32_t option_count = 0; + grub_efi_uint32_t i; + -+ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, NULL); ++ status = dhcp4->parse (dhcp4, reply_packet, &option_count, NULL); + + if (status != GRUB_EFI_BUFFER_TOO_SMALL) + return NULL; @@ -392,7 +391,7 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + if (!option_list) + return NULL; + -+ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, option_list); ++ status = dhcp4->parse (dhcp4, reply_packet, &option_count, option_list); + if (status != GRUB_EFI_SUCCESS) + { + grub_free (option_list); @@ -441,13 +440,13 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + + if (!mode->started) + { -+ status = efi_call_2 (pxe->start, pxe, 0); ++ status = pxe->start (pxe, 0); + + if (status != GRUB_EFI_SUCCESS) + grub_printf ("Couldn't start PXE\n"); + } + -+ status = efi_call_2 (pxe->dhcp, pxe, 0); ++ status = pxe->dhcp (pxe, 0); + if (status != GRUB_EFI_SUCCESS) + { + grub_printf ("dhcp4 configure failed, %d\n", (int)status); @@ -498,7 +497,7 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + config.option_list = &options; + + /* FIXME: What if the dhcp has bounded */ -+ status = efi_call_2 (netdev->dhcp4->configure, netdev->dhcp4, &config); ++ status = netdev->dhcp4->configure (netdev->dhcp4, &config); + grub_free (options); + if (status != GRUB_EFI_SUCCESS) + { @@ -506,14 +505,14 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + continue; + } + -+ status = efi_call_2 (netdev->dhcp4->start, netdev->dhcp4, NULL); ++ status = netdev->dhcp4->start (netdev->dhcp4, NULL); + if (status != GRUB_EFI_SUCCESS) + { + grub_printf ("dhcp4 start failed, %d\n", (int)status); + continue; + } + -+ status = efi_call_2 (netdev->dhcp4->get_mode_data, netdev->dhcp4, &mode); ++ status = netdev->dhcp4->get_mode_data (netdev->dhcp4, &mode); + if (status != GRUB_EFI_SUCCESS) + { + grub_printf ("dhcp4 get mode failed, %d\n", (int)status); @@ -614,21 +613,21 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + config.rapid_commit = 0; + config.solicit_retransmission = &retrans; + -+ status = efi_call_2 (dev->dhcp6->configure, dev->dhcp6, &config); ++ status = dev->dhcp6->configure (dev->dhcp6, &config); + grub_free (opt); + if (status != GRUB_EFI_SUCCESS) + { + grub_printf ("dhcp6 configure failed, %d\n", (int)status); + continue; + } -+ status = efi_call_1 (dev->dhcp6->start, dev->dhcp6); ++ status = dev->dhcp6->start (dev->dhcp6); + if (status != GRUB_EFI_SUCCESS) + { + grub_printf ("dhcp6 start failed, %d\n", (int)status); + continue; + } + -+ status = efi_call_3 (dev->dhcp6->get_mode_data, dev->dhcp6, &mode, NULL); ++ status = dev->dhcp6->get_mode_data (dev->dhcp6, &mode, NULL); + if (status != GRUB_EFI_SUCCESS) + { + grub_printf ("dhcp4 get mode failed, %d\n", (int)status); @@ -664,14 +663,14 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + grub_efi_dhcp6_packet_option_t **options = NULL; + grub_efi_uint32_t i; + -+ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, NULL); ++ status = dev->dhcp6->parse (dev->dhcp6, mode.ia->reply_packet, &count, NULL); + + if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) + { + options = grub_calloc (count, sizeof(*options)); + if (!options) + return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); ++ status = dev->dhcp6->parse (dev->dhcp6, mode.ia->reply_packet, &count, options); + } + + if (status != GRUB_EFI_SUCCESS) @@ -696,8 +695,8 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + grub_free (options); + } + -+ efi_call_1 (b->free_pool, mode.client_id); -+ efi_call_1 (b->free_pool, mode.ia); ++ b->free_pool (mode.client_id); ++ b->free_pool (mode.ia); + } + + return GRUB_ERR_NONE; @@ -705,10 +704,8 @@ Index: grub-2.06/grub-core/net/efi/dhcp.c + +grub_command_func_t grub_efi_net_bootp = grub_cmd_efi_bootp; +grub_command_func_t grub_efi_net_bootp6 = grub_cmd_efi_bootp6; -Index: grub-2.06/grub-core/net/efi/http.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c @@ -0,0 +1,424 @@ + +#include @@ -739,7 +736,7 @@ Index: grub-2.06/grub-core/net/efi/http.c + + http_config.local_address_is_ipv6 = 1; + sz = sizeof (manual_address); -+ status = efi_call_4 (dev->ip6_config->get_data, dev->ip6_config, ++ status = dev->ip6_config->get_data (dev->ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, + &sz, &manual_address); + @@ -771,19 +768,19 @@ Index: grub-2.06/grub-core/net/efi/http.c + http_config.access_point.ipv4_node = &httpv4_node; + } + -+ status = efi_call_2 (http->configure, http, &http_config); ++ status = http->configure (http, &http_config); + + if (status == GRUB_EFI_ALREADY_STARTED) + { + /* XXX: This hangs HTTPS boot */ +#if 0 -+ if (efi_call_2 (http->configure, http, NULL) != GRUB_EFI_SUCCESS) ++ if (http->configure (http, NULL) != GRUB_EFI_SUCCESS) + { + grub_error (GRUB_ERR_IO, N_("couldn't reset http instance")); + grub_print_error (); + return; + } -+ status = efi_call_2 (http->configure, http, &http_config); ++ status = http->configure (http, &http_config); +#endif + return; + } @@ -799,14 +796,14 @@ Index: grub-2.06/grub-core/net/efi/http.c +static grub_efi_boolean_t request_callback_done; +static grub_efi_boolean_t response_callback_done; + -+static void ++static void __grub_efi_api +grub_efi_http_request_callback (grub_efi_event_t event __attribute__ ((unused)), + void *context __attribute__ ((unused))) +{ + request_callback_done = 1; +} + -+static void ++static void __grub_efi_api +grub_efi_http_response_callback (grub_efi_event_t event __attribute__ ((unused)), + void *context __attribute__ ((unused))) +{ @@ -886,7 +883,7 @@ Index: grub-2.06/grub-core/net/efi/http.c + request_token.message = &request_message; + + request_callback_done = 0; -+ status = efi_call_5 (b->create_event, ++ status = b->create_event ( + GRUB_EFI_EVT_NOTIFY_SIGNAL, + GRUB_EFI_TPL_CALLBACK, + grub_efi_http_request_callback, @@ -899,17 +896,17 @@ Index: grub-2.06/grub-core/net/efi/http.c + return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%" PRIxGRUB_SIZE, status); + } + -+ status = efi_call_2 (http->request, http, &request_token); ++ status = http->request (http, &request_token); + + if (status != GRUB_EFI_SUCCESS) + { -+ efi_call_1 (b->close_event, request_token.event); ++ b->close_event (request_token.event); + grub_free (request_data.url); + return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%" PRIxGRUB_SIZE, status); + } + /* TODO: Add Timeout */ + while (!request_callback_done) -+ efi_call_1(http->poll, http); ++ http->poll (http); + + response_data.status_code = GRUB_EFI_HTTP_STATUS_UNSUPPORTED_STATUS; + response_message.data.response = &response_data; @@ -922,7 +919,7 @@ Index: grub-2.06/grub-core/net/efi/http.c + response_message.body = NULL; + response_token.event = NULL; + -+ status = efi_call_5 (b->create_event, ++ status = b->create_event ( + GRUB_EFI_EVT_NOTIFY_SIGNAL, + GRUB_EFI_TPL_CALLBACK, + grub_efi_http_response_callback, @@ -931,7 +928,7 @@ Index: grub-2.06/grub-core/net/efi/http.c + + if (status != GRUB_EFI_SUCCESS) + { -+ efi_call_1 (b->close_event, request_token.event); ++ b->close_event (request_token.event); + grub_free (request_data.url); + return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%" PRIxGRUB_SIZE, status); + } @@ -941,28 +938,28 @@ Index: grub-2.06/grub-core/net/efi/http.c + + /* wait for HTTP response */ + response_callback_done = 0; -+ status = efi_call_2 (http->response, http, &response_token); ++ status = http->response (http, &response_token); + + if (status != GRUB_EFI_SUCCESS) + { -+ efi_call_1 (b->close_event, response_token.event); -+ efi_call_1 (b->close_event, request_token.event); ++ b->close_event (response_token.event); ++ b->close_event (request_token.event); + grub_free (request_data.url); + return grub_error (GRUB_ERR_IO, "Fail to receive a response! status=%d\n", (int)status); + } + + /* TODO: Add Timeout */ + while (!response_callback_done) -+ efi_call_1 (http->poll, http); ++ http->poll (http); + + if (response_message.data.response->status_code != GRUB_EFI_HTTP_STATUS_200_OK) + { + grub_efi_http_status_code_t status_code = response_message.data.response->status_code; + + if (response_message.headers) -+ efi_call_1 (b->free_pool, response_message.headers); -+ efi_call_1 (b->close_event, response_token.event); -+ efi_call_1 (b->close_event, request_token.event); ++ b->free_pool (response_message.headers); ++ b->close_event (response_token.event); ++ b->close_event (request_token.event); + grub_free (request_data.url); + if (status_code == GRUB_EFI_HTTP_STATUS_404_NOT_FOUND) + { @@ -990,9 +987,9 @@ Index: grub-2.06/grub-core/net/efi/http.c + } + + if (response_message.headers) -+ efi_call_1 (b->free_pool, response_message.headers); -+ efi_call_1 (b->close_event, response_token.event); -+ efi_call_1 (b->close_event, request_token.event); ++ b->free_pool (response_message.headers); ++ b->close_event (response_token.event); ++ b->close_event (request_token.event); + grub_free (request_data.url); + + return GRUB_ERR_NONE; @@ -1017,7 +1014,7 @@ Index: grub-2.06/grub-core/net/efi/http.c + return -1; + } + -+ efi_call_5 (b->create_event, ++ b->create_event ( + GRUB_EFI_EVT_NOTIFY_SIGNAL, + GRUB_EFI_TPL_CALLBACK, + grub_efi_http_response_callback, @@ -1037,23 +1034,23 @@ Index: grub-2.06/grub-core/net/efi/http.c + + response_callback_done = 0; + -+ status = efi_call_2 (http->response, http, &response_token); ++ status = http->response (http, &response_token); + if (status != GRUB_EFI_SUCCESS) + { -+ efi_call_1 (b->close_event, response_token.event); ++ b->close_event (response_token.event); + grub_error (GRUB_ERR_IO, "Error! status=%d\n", (int)status); + return -1; + } + + while (!response_callback_done) -+ efi_call_1(http->poll, http); ++ http->poll (http); + + sum += response_message.body_length; + buf += response_message.body_length; + len -= response_message.body_length; + } + -+ efi_call_1 (b->close_event, response_token.event); ++ b->close_event (response_token.event); + + return sum; +} @@ -1134,10 +1131,8 @@ Index: grub-2.06/grub-core/net/efi/http.c + .read = grub_efihttp_read, + .close = grub_efihttp_close + }; -Index: grub-2.06/grub-core/net/efi/ip4_config.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c @@ -0,0 +1,409 @@ + +#include @@ -1249,7 +1244,7 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c + if (!interface_info) + return NULL; + -+ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ status = ip4_config->get_data (ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, + &sz, interface_info); + @@ -1257,7 +1252,7 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c + { + grub_free (interface_info); + interface_info = grub_malloc (sz); -+ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ status = ip4_config->get_data (ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, + &sz, interface_info); + } @@ -1283,7 +1278,7 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c + if (!manual_address) + return NULL; + -+ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ status = ip4_config->get_data (ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, + &sz, manual_address); + @@ -1497,7 +1492,7 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c + } + } + -+ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ status = dev->ip4_config->set_data (dev->ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, + sizeof(*address), address); + @@ -1513,7 +1508,7 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c +{ + grub_efi_status_t status; + -+ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ status = dev->ip4_config->set_data (dev->ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_GATEWAY, + sizeof (address->ip4), &address->ip4); + @@ -1529,7 +1524,7 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c +{ + grub_efi_status_t status; + -+ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ status = dev->ip4_config->set_data (dev->ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, + sizeof (address->ip4), &address->ip4); + @@ -1548,10 +1543,8 @@ Index: grub-2.06/grub-core/net/efi/ip4_config.c + .set_gateway = grub_efi_ip4_interface_set_gateway, + .set_dns = grub_efi_ip4_interface_set_dns + }; -Index: grub-2.06/grub-core/net/efi/ip6_config.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/net/efi/ip6_config.c ++++ b/grub-core/net/efi/ip6_config.c @@ -0,0 +1,430 @@ +#include +#include @@ -1680,7 +1673,7 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c + sz = sizeof (*interface_info) + sizeof (*interface_info->route_table); + interface_info = grub_malloc (sz); + -+ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ status = ip6_config->get_data (ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, + &sz, interface_info); + @@ -1688,7 +1681,7 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c + { + grub_free (interface_info); + interface_info = grub_malloc (sz); -+ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ status = ip6_config->get_data (ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, + &sz, interface_info); + } @@ -1714,7 +1707,7 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c + if (!manual_address) + return NULL; + -+ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ status = ip6_config->get_data (ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, + &sz, manual_address); + @@ -1932,7 +1925,7 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c + } + } + -+ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ status = dev->ip6_config->set_data (dev->ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, + sizeof(*address), address); + @@ -1948,7 +1941,7 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c +{ + grub_efi_status_t status; + -+ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ status = dev->ip6_config->set_data (dev->ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_GATEWAY, + sizeof (address->ip6), &address->ip6); + @@ -1964,7 +1957,7 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c + + grub_efi_status_t status; + -+ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ status = dev->ip6_config->set_data (dev->ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, + sizeof (address->ip6), &address->ip6); + @@ -1983,10 +1976,8 @@ Index: grub-2.06/grub-core/net/efi/ip6_config.c + .set_gateway = grub_efi_ip6_interface_set_gateway, + .set_dns = grub_efi_ip6_interface_set_dns + }; -Index: grub-2.06/grub-core/net/efi/net.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c @@ -0,0 +1,1440 @@ +#include +#include @@ -2008,15 +1999,15 @@ Index: grub-2.06/grub-core/net/efi/net.c + +#define GRUB_EFI_IP6_PREFIX_LENGTH 64 + -+static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; -+static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; -+static grub_efi_guid_t http_service_binding_guid = GRUB_EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID; -+static grub_efi_guid_t http_guid = GRUB_EFI_HTTP_PROTOCOL_GUID; -+static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; -+static grub_efi_guid_t dhcp4_service_binding_guid = GRUB_EFI_DHCP4_SERVICE_BINDING_PROTOCOL_GUID; -+static grub_efi_guid_t dhcp4_guid = GRUB_EFI_DHCP4_PROTOCOL_GUID; -+static grub_efi_guid_t dhcp6_service_binding_guid = GRUB_EFI_DHCP6_SERVICE_BINDING_PROTOCOL_GUID; -+static grub_efi_guid_t dhcp6_guid = GRUB_EFI_DHCP6_PROTOCOL_GUID; ++static grub_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; ++static grub_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; ++static grub_guid_t http_service_binding_guid = GRUB_EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID; ++static grub_guid_t http_guid = GRUB_EFI_HTTP_PROTOCOL_GUID; ++static grub_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; ++static grub_guid_t dhcp4_service_binding_guid = GRUB_EFI_DHCP4_SERVICE_BINDING_PROTOCOL_GUID; ++static grub_guid_t dhcp4_guid = GRUB_EFI_DHCP4_PROTOCOL_GUID; ++static grub_guid_t dhcp6_service_binding_guid = GRUB_EFI_DHCP6_SERVICE_BINDING_PROTOCOL_GUID; ++static grub_guid_t dhcp6_guid = GRUB_EFI_DHCP6_PROTOCOL_GUID; + +struct grub_efi_net_device *net_devices; + @@ -2031,13 +2022,13 @@ Index: grub-2.06/grub-core/net/efi/net.c +#define efi_net_interface(m,...) efi_net_interface_ ## m (net_interface, ## __VA_ARGS__) + +static grub_efi_handle_t -+grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, ++grub_efi_locate_device_path (grub_guid_t *protocol, grub_efi_device_path_t *device_path, + grub_efi_device_path_t **r_device_path) +{ + grub_efi_handle_t handle; + grub_efi_status_t status; + -+ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, ++ status = grub_efi_system_table->boot_services->locate_device_path ( + protocol, &device_path, &handle); + + if (status != GRUB_EFI_SUCCESS) @@ -2687,7 +2678,7 @@ Index: grub-2.06/grub-core/net/efi/net.c +} + +static grub_efi_handle_t -+grub_efi_service_binding (grub_efi_handle_t dev, grub_efi_guid_t *service_binding_guid) ++grub_efi_service_binding (grub_efi_handle_t dev, grub_guid_t *service_binding_guid) +{ + grub_efi_service_binding_t *service; + grub_efi_status_t status; @@ -2700,7 +2691,7 @@ Index: grub-2.06/grub-core/net/efi/net.c + return NULL; + } + -+ status = efi_call_2 (service->create_child, service, &child_dev); ++ status = service->create_child (service, &child_dev); + if (status != GRUB_EFI_SUCCESS) + { + grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %" PRIxGRUB_SIZE), status); @@ -2913,7 +2904,7 @@ Index: grub-2.06/grub-core/net/efi/net.c + { + grub_efi_ip4_config2_policy_t ip4_policy = GRUB_EFI_IP4_CONFIG2_POLICY_STATIC; + -+ if (efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ if (dev->ip4_config->set_data (dev->ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_POLICY, + sizeof (ip4_policy), &ip4_policy) != GRUB_EFI_SUCCESS) + grub_dprintf ("efinetfs", "could not set GRUB_EFI_IP4_CONFIG2_POLICY_STATIC on dev `%s'", dev->card_name); @@ -2922,7 +2913,7 @@ Index: grub-2.06/grub-core/net/efi/net.c + { + grub_efi_ip6_config_policy_t ip6_policy = GRUB_EFI_IP6_CONFIG_POLICY_MANUAL; + -+ if (efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ if (dev->ip6_config->set_data (dev->ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_POLICY, + sizeof (ip6_policy), &ip6_policy) != GRUB_EFI_SUCCESS) + grub_dprintf ("efinetfs", "could not set GRUB_EFI_IP6_CONFIG_POLICY_MANUAL on dev `%s'", dev->card_name); @@ -3428,10 +3419,8 @@ Index: grub-2.06/grub-core/net/efi/net.c + grub_net_open = NULL; + grub_fs_unregister (&grub_efi_netfs); +} -Index: grub-2.06/grub-core/net/efi/pxe.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/net/efi/pxe.c ++++ b/grub-core/net/efi/pxe.c @@ -0,0 +1,424 @@ + +#include @@ -3452,7 +3441,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + if (!manual_address) + return NULL; + -+ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ status = ip6_config->get_data (ip6_config, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, + &sz, manual_address); + @@ -3477,7 +3466,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + if (!manual_address) + return NULL; + -+ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ status = ip4_config->get_data (ip4_config, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, + &sz, manual_address); + @@ -3500,7 +3489,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + if (!mode->started) + { + grub_efi_status_t status; -+ status = efi_call_2 (pxe->start, pxe, prefer_ip6); ++ status = pxe->start (pxe, prefer_ip6); + + if (status != GRUB_EFI_SUCCESS) + grub_printf ("Couldn't start PXE\n"); @@ -3523,7 +3512,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + grub_efi_pxe_ip_address_t station_ip; + + grub_memcpy (station_ip.v6.addr, manual_address->address, sizeof (station_ip.v6.addr)); -+ status = efi_call_3 (pxe->set_station_ip, pxe, &station_ip, NULL); ++ status = pxe->set_station_ip (pxe, &station_ip, NULL); + + if (status != GRUB_EFI_SUCCESS) + grub_printf ("Couldn't set station ip\n"); @@ -3546,7 +3535,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + grub_memcpy (station_ip.v4.addr, manual_address->address, sizeof (station_ip.v4.addr)); + grub_memcpy (subnet_mask.v4.addr, manual_address->subnet_mask, sizeof (subnet_mask.v4.addr)); + -+ status = efi_call_3 (pxe->set_station_ip, pxe, &station_ip, &subnet_mask); ++ status = pxe->set_station_ip (pxe, &station_ip, &subnet_mask); + + if (status != GRUB_EFI_SUCCESS) + grub_printf ("Couldn't set station ip\n"); @@ -3699,7 +3688,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + server_ip.v4.addr[i] = grub_strtoul (p, &p, 10); + } + -+ status = efi_call_10 (pxe->mtftp, ++ status = pxe->mtftp ( + pxe, + GRUB_EFI_PXE_BASE_CODE_TFTP_GET_FILE_SIZE, + NULL, @@ -3784,7 +3773,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + server_ip.v4.addr[i] = grub_strtoul (p, &p, 10); + } + -+ status = efi_call_10 (pxe->mtftp, ++ status = pxe->mtftp ( + pxe, + GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, + buf, @@ -3815,7 +3804,7 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + return 0; + } + -+ status = efi_call_10 (pxe->mtftp, ++ status = pxe->mtftp ( + pxe, + GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, + buf2, @@ -3857,10 +3846,8 @@ Index: grub-2.06/grub-core/net/efi/pxe.c + .close = pxe_close + }; + -Index: grub-2.06/grub-core/net/net.c -=================================================================== ---- grub-2.06.orig/grub-core/net/net.c -+++ grub-2.06/grub-core/net/net.c +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c @@ -32,6 +32,9 @@ #include #include @@ -3871,8 +3858,8 @@ Index: grub-2.06/grub-core/net/net.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -1954,8 +1957,49 @@ static grub_command_t cmd_addaddr, cmd_d - static grub_command_t cmd_lsroutes, cmd_lscards; +@@ -2014,8 +2017,49 @@ + static grub_command_t cmd_setvlan, cmd_lsroutes, cmd_lscards; static grub_command_t cmd_lsaddr, cmd_slaac; +#ifdef GRUB_MACHINE_EFI @@ -3921,7 +3908,7 @@ Index: grub-2.06/grub-core/net/net.c grub_register_variable_hook ("net_default_server", defserver_get_env, defserver_set_env); grub_env_export ("net_default_server"); -@@ -2003,10 +2047,37 @@ GRUB_MOD_INIT(net) +@@ -2066,10 +2110,37 @@ grub_net_restore_hw, GRUB_LOADER_PREBOOT_HOOK_PRIO_DISK); grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; @@ -3959,19 +3946,17 @@ Index: grub-2.06/grub-core/net/net.c grub_register_variable_hook ("net_default_server", 0, 0); grub_register_variable_hook ("pxe_default_server", 0, 0); -@@ -2025,4 +2096,7 @@ GRUB_MOD_FINI(net) +@@ -2088,4 +2159,7 @@ grub_net_fini_hw (0); grub_loader_unregister_preboot_hook (fini_hnd); - grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; + grub_net_poll_cards_idle = NULL; +#ifdef GRUB_MACHINE_EFI + init_mode = INIT_MODE_NONE; +#endif } -Index: grub-2.06/include/grub/efi/api.h -=================================================================== ---- grub-2.06.orig/include/grub/efi/api.h -+++ grub-2.06/include/grub/efi/api.h -@@ -608,6 +608,23 @@ typedef grub_uint16_t grub_efi_ipv6_addr +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -653,6 +653,23 @@ typedef grub_uint8_t grub_efi_ip_address_t[8] __attribute__ ((aligned(4))); typedef grub_efi_uint64_t grub_efi_physical_address_t; typedef grub_efi_uint64_t grub_efi_virtual_address_t; @@ -3993,9 +3978,9 @@ Index: grub-2.06/include/grub/efi/api.h + grub_efi_pxe_ipv6_address_t v6; +} grub_efi_pxe_ip_address_t; - struct grub_efi_guid - { -@@ -875,6 +892,8 @@ struct grub_efi_ipv6_device_path + /* XXX although the spec does not specify the padding, this actually + must have the padding! */ +@@ -902,6 +919,8 @@ grub_efi_uint16_t remote_port; grub_efi_uint16_t protocol; grub_efi_uint8_t static_ip_address; @@ -4004,7 +3989,7 @@ Index: grub-2.06/include/grub/efi/api.h } GRUB_PACKED; typedef struct grub_efi_ipv6_device_path grub_efi_ipv6_device_path_t; -@@ -924,6 +943,15 @@ struct grub_efi_uri_device_path +@@ -960,6 +979,15 @@ } GRUB_PACKED; typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; @@ -4020,7 +4005,7 @@ Index: grub-2.06/include/grub/efi/api.h #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 /* Media Device Path. */ -@@ -1006,6 +1034,23 @@ struct grub_efi_bios_device_path +@@ -1042,6 +1070,23 @@ } GRUB_PACKED; typedef struct grub_efi_bios_device_path grub_efi_bios_device_path_t; @@ -4028,11 +4013,11 @@ Index: grub-2.06/include/grub/efi/api.h +struct grub_efi_service_binding; + +typedef grub_efi_status_t -+(*grub_efi_service_binding_create_child) (struct grub_efi_service_binding *this, ++(__grub_efi_api *grub_efi_service_binding_create_child) (struct grub_efi_service_binding *this, + grub_efi_handle_t *child_handle); + +typedef grub_efi_status_t -+(*grub_efi_service_binding_destroy_child) (struct grub_efi_service_binding *this, ++(__grub_efi_api *grub_efi_service_binding_destroy_child) (struct grub_efi_service_binding *this, + grub_efi_handle_t *child_handle); + +typedef struct grub_efi_service_binding @@ -4044,7 +4029,7 @@ Index: grub-2.06/include/grub/efi/api.h struct grub_efi_open_protocol_information_entry { grub_efi_handle_t agent_handle; -@@ -1497,23 +1542,28 @@ typedef struct grub_efi_simple_text_outp +@@ -1544,23 +1589,28 @@ typedef grub_uint8_t grub_efi_pxe_packet_t[1472]; @@ -4087,19 +4072,28 @@ Index: grub-2.06/include/grub/efi/api.h #define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 typedef struct { -@@ -1563,17 +1613,31 @@ typedef struct grub_efi_pxe_mode +@@ -1610,18 +1660,32 @@ typedef struct grub_efi_pxe { grub_uint64_t rev; -- void (*start) (void); -+ grub_efi_status_t (*start) (struct grub_efi_pxe *this, grub_efi_boolean_t use_ipv6); - void (*stop) (void); -- void (*dhcp) (void); -+ grub_efi_status_t (*dhcp) (struct grub_efi_pxe *this, +- void *start; +- void *stop; +- void *dhcp; +- void *discover; +- void *mftp; +- void *udpwrite; +- void *udpread; +- void *setipfilter; +- void *arp; +- void *setparams; +- void *setstationip; +- void *setpackets; ++ grub_efi_status_t (__grub_efi_api *start) (struct grub_efi_pxe *this, grub_efi_boolean_t use_ipv6); ++ void (__grub_efi_api *stop) (void); ++ grub_efi_status_t (__grub_efi_api *dhcp) (struct grub_efi_pxe *this, + grub_efi_boolean_t sort_offers); - void (*discover) (void); -- void (*mftp) (void); -+ grub_efi_status_t (*mtftp) (struct grub_efi_pxe *this, ++ void (__grub_efi_api *discover) (void); ++ grub_efi_status_t (__grub_efi_api *mtftp) (struct grub_efi_pxe *this, + grub_efi_pxe_base_code_tftp_opcode_t operation, + void *buffer_ptr, + grub_efi_boolean_t overwrite, @@ -4110,20 +4104,20 @@ Index: grub-2.06/include/grub/efi/api.h + grub_efi_char8_t *filename, + grub_efi_pxe_base_code_mtftp_info_t *info, + grub_efi_boolean_t dont_use_buffer); - void (*udpwrite) (void); - void (*udpread) (void); - void (*setipfilter) (void); - void (*arp) (void); - void (*setparams) (void); -- void (*setstationip) (void); -+ grub_efi_status_t (*set_station_ip) (struct grub_efi_pxe *this, ++ void (__grub_efi_api *udpwrite) (void); ++ void (__grub_efi_api *udpread) (void); ++ void (__grub_efi_api *setipfilter) (void); ++ void (__grub_efi_api *arp) (void); ++ void (__grub_efi_api *setparams) (void); ++ grub_efi_status_t (__grub_efi_api *set_station_ip) (struct grub_efi_pxe *this, + grub_efi_pxe_ip_address_t *new_station_ip, + grub_efi_pxe_ip_address_t *new_subnet_mask); + //void (*setstationip) (void); - void (*setpackets) (void); ++ void (__grub_efi_api *setpackets) (void); struct grub_efi_pxe_mode *mode; } grub_efi_pxe_t; -@@ -1835,6 +1899,44 @@ struct grub_efi_ip4_config2_protocol + +@@ -1921,6 +1985,44 @@ }; typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; @@ -4168,7 +4162,7 @@ Index: grub-2.06/include/grub/efi/api.h enum grub_efi_ip6_config_data_type { GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, -@@ -1869,6 +1971,49 @@ struct grub_efi_ip6_config_protocol +@@ -1955,4 +2057,47 @@ }; typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; @@ -4215,13 +4209,9 @@ Index: grub-2.06/include/grub/efi/api.h +}; +typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; + - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) -Index: grub-2.06/include/grub/efi/dhcp.h -=================================================================== + #endif /* ! GRUB_EFI_API_HEADER */ --- /dev/null -+++ grub-2.06/include/grub/efi/dhcp.h ++++ b/include/grub/efi/dhcp.h @@ -0,0 +1,343 @@ +#ifndef GRUB_EFI_DHCP_HEADER +#define GRUB_EFI_DHCP_HEADER 1 @@ -4378,27 +4368,27 @@ Index: grub-2.06/include/grub/efi/dhcp.h +typedef struct grub_efi_dhcp4_mode_data grub_efi_dhcp4_mode_data_t; + +struct grub_efi_dhcp4_protocol { -+ grub_efi_status_t (*get_mode_data) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *get_mode_data) (grub_efi_dhcp4_protocol_t *this, + grub_efi_dhcp4_mode_data_t *dhcp4_mode_data); -+ grub_efi_status_t (*configure) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *configure) (grub_efi_dhcp4_protocol_t *this, + grub_efi_dhcp4_config_data_t *dhcp4_cfg_data); -+ grub_efi_status_t (*start) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *start) (grub_efi_dhcp4_protocol_t *this, + grub_efi_event_t completion_event); -+ grub_efi_status_t (*renew_rebind) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *renew_rebind) (grub_efi_dhcp4_protocol_t *this, + grub_efi_boolean_t rebind_request, + grub_efi_event_t completion_event); -+ grub_efi_status_t (*release) (grub_efi_dhcp4_protocol_t *this); -+ grub_efi_status_t (*stop) (grub_efi_dhcp4_protocol_t *this); -+ grub_efi_status_t (*build) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *release) (grub_efi_dhcp4_protocol_t *this); ++ grub_efi_status_t (__grub_efi_api *stop) (grub_efi_dhcp4_protocol_t *this); ++ grub_efi_status_t (__grub_efi_api *build) (grub_efi_dhcp4_protocol_t *this, + grub_efi_dhcp4_packet_t *seed_packet, + grub_efi_uint32_t delete_count, + grub_efi_uint8_t *delete_list, + grub_efi_uint32_t append_count, + grub_efi_dhcp4_packet_option_t *append_list[], + grub_efi_dhcp4_packet_t **new_packet); -+ grub_efi_status_t (*transmit_receive) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *transmit_receive) (grub_efi_dhcp4_protocol_t *this, + grub_efi_dhcp4_transmit_receive_token_t *token); -+ grub_efi_status_t (*parse) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *parse) (grub_efi_dhcp4_protocol_t *this, + grub_efi_dhcp4_packet_t *packet, + grub_efi_uint32_t *option_count, + grub_efi_dhcp4_packet_option_t *packet_option_list[]); @@ -4533,43 +4523,41 @@ Index: grub-2.06/include/grub/efi/dhcp.h +typedef struct grub_efi_dhcp6_config_data grub_efi_dhcp6_config_data_t; + +struct grub_efi_dhcp6_protocol { -+ grub_efi_status_t (*get_mode_data) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *get_mode_data) (grub_efi_dhcp6_protocol_t *this, + grub_efi_dhcp6_mode_data_t *dhcp6_mode_data, + grub_efi_dhcp6_config_data_t *dhcp6_config_data); -+ grub_efi_status_t (*configure) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *configure) (grub_efi_dhcp6_protocol_t *this, + grub_efi_dhcp6_config_data_t *dhcp6_cfg_data); -+ grub_efi_status_t (*start) (grub_efi_dhcp6_protocol_t *this); -+ grub_efi_status_t (*info_request) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *start) (grub_efi_dhcp6_protocol_t *this); ++ grub_efi_status_t (__grub_efi_api *info_request) (grub_efi_dhcp6_protocol_t *this, + grub_efi_boolean_t send_client_id, + grub_efi_dhcp6_packet_option_t *option_request, + grub_efi_uint32_t option_count, + grub_efi_dhcp6_packet_option_t *option_list[], + grub_efi_dhcp6_retransmission_t *retransmission, + grub_efi_event_t timeout_event, -+ grub_efi_status_t (*reply_callback) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *reply_callback) (grub_efi_dhcp6_protocol_t *this, + void *context, + grub_efi_dhcp6_packet_t *packet), + void *callback_context); -+ grub_efi_status_t (*renew_rebind) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *renew_rebind) (grub_efi_dhcp6_protocol_t *this, + grub_efi_boolean_t rebind_request); -+ grub_efi_status_t (*decline) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *decline) (grub_efi_dhcp6_protocol_t *this, + grub_efi_uint32_t address_count, + grub_efi_ipv6_address_t *addresses); -+ grub_efi_status_t (*release) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *release) (grub_efi_dhcp6_protocol_t *this, + grub_efi_uint32_t address_count, + grub_efi_ipv6_address_t *addresses); -+ grub_efi_status_t (*stop) (grub_efi_dhcp6_protocol_t *this); -+ grub_efi_status_t (*parse) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_status_t (__grub_efi_api *stop) (grub_efi_dhcp6_protocol_t *this); ++ grub_efi_status_t (__grub_efi_api *parse) (grub_efi_dhcp6_protocol_t *this, + grub_efi_dhcp6_packet_t *packet, + grub_efi_uint32_t *option_count, + grub_efi_dhcp6_packet_option_t *packet_option_list[]); +}; + +#endif /* ! GRUB_EFI_DHCP_HEADER */ -Index: grub-2.06/include/grub/efi/http.h -=================================================================== --- /dev/null -+++ grub-2.06/include/grub/efi/http.h ++++ b/include/grub/efi/http.h @@ -0,0 +1,215 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -4761,35 +4749,33 @@ Index: grub-2.06/include/grub/efi/http.h + +struct grub_efi_http { + grub_efi_status_t -+ (*get_mode_data) (struct grub_efi_http *this, ++ (__grub_efi_api *get_mode_data) (struct grub_efi_http *this, + grub_efi_http_config_data_t *http_config_data); + + grub_efi_status_t -+ (*configure) (struct grub_efi_http *this, ++ (__grub_efi_api *configure) (struct grub_efi_http *this, + grub_efi_http_config_data_t *http_config_data); + + grub_efi_status_t -+ (*request) (struct grub_efi_http *this, ++ (__grub_efi_api *request) (struct grub_efi_http *this, + grub_efi_http_token_t *token); + + grub_efi_status_t -+ (*cancel) (struct grub_efi_http *this, ++ (__grub_efi_api *cancel) (struct grub_efi_http *this, + grub_efi_http_token_t *token); + + grub_efi_status_t -+ (*response) (struct grub_efi_http *this, ++ (__grub_efi_api *response) (struct grub_efi_http *this, + grub_efi_http_token_t *token); + + grub_efi_status_t -+ (*poll) (struct grub_efi_http *this); ++ (__grub_efi_api *poll) (struct grub_efi_http *this); +}; +typedef struct grub_efi_http grub_efi_http_t; + +#endif /* !GRUB_EFI_HTTP_HEADER */ -Index: grub-2.06/include/grub/net/efi.h -=================================================================== --- /dev/null -+++ grub-2.06/include/grub/net/efi.h ++++ b/include/grub/net/efi.h @@ -0,0 +1,144 @@ +#ifndef GRUB_NET_EFI_HEADER +#define GRUB_NET_EFI_HEADER 1 diff --git a/0001-clean-up-crypttab-and-linux-modules-dependency.patch b/0001-clean-up-crypttab-and-linux-modules-dependency.patch index 712e53d..e1e1421 100644 --- a/0001-clean-up-crypttab-and-linux-modules-dependency.patch +++ b/0001-clean-up-crypttab-and-linux-modules-dependency.patch @@ -25,7 +25,7 @@ Signed-off-by: Michael Chang --- a/grub-core/commands/crypttab.c +++ b/grub-core/commands/crypttab.c -@@ -3,10 +3,52 @@ +@@ -3,10 +3,56 @@ #include #include #include @@ -41,7 +41,11 @@ Signed-off-by: Michael Chang +grub_err_t +grub_initrd_publish_key (const char *uuid, const char *key, grub_size_t key_len, const char *path) +{ -+ struct grub_key_publisher *cur = grub_named_list_find (GRUB_AS_NAMED_LIST (kpuber), uuid); ++ struct grub_key_publisher *cur = NULL; ++ ++ FOR_LIST_ELEMENTS (cur, kpuber) ++ if (grub_uuidcasecmp (cur->name, uuid, sizeof (cur->name)) == 0) ++ break; + + if (!cur) + cur = grub_zalloc (sizeof (*cur)); @@ -119,7 +123,7 @@ Signed-off-by: Michael Chang static char hex (grub_uint8_t val) { -@@ -423,41 +412,3 @@ +@@ -436,45 +425,3 @@ root = 0; return GRUB_ERR_NONE; } @@ -127,7 +131,11 @@ Signed-off-by: Michael Chang -grub_err_t -grub_initrd_publish_key (const char *uuid, const char *key, grub_size_t key_len, const char *path) -{ -- struct grub_key_publisher *cur = grub_named_list_find (GRUB_AS_NAMED_LIST (kpuber), uuid); +- struct grub_key_publisher *cur = NULL; +- +- FOR_LIST_ELEMENTS (cur, kpuber) +- if (grub_uuidcasecmp (cur->name, uuid, sizeof (cur->name)) == 0) +- break; - - if (!cur) - cur = grub_zalloc (sizeof (*cur)); @@ -191,7 +199,7 @@ Signed-off-by: Michael Chang @@ -22,6 +22,3 @@ grub_err_t grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - char *argv[], void *target); + void *target); - -grub_err_t -grub_initrd_publish_key (const char *uuid, const char *key, grub_size_t key_len, const char *path); diff --git a/0001-commands-efi-tpm-Refine-the-status-of-log-event.patch b/0001-commands-efi-tpm-Refine-the-status-of-log-event.patch deleted file mode 100644 index c284274..0000000 --- a/0001-commands-efi-tpm-Refine-the-status-of-log-event.patch +++ /dev/null @@ -1,39 +0,0 @@ -From d2c0426b3f0f91b941037263c83859a46ebb0c4f Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Wed, 13 Jul 2022 10:06:10 +0800 -Subject: [PATCH 1/3] commands/efi/tpm: Refine the status of log event - -1. Use macro GRUB_ERR_NONE instead of hard code 0. -2. Keep lowercase of the first char for the status string of log event. - -Signed-off-by: Lu Ken -Reviewed-by: Daniel Kiper ---- - grub-core/commands/efi/tpm.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index f296b8698..19737b462 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -136,13 +136,13 @@ grub_efi_log_event_status (grub_efi_status_t status) - switch (status) - { - case GRUB_EFI_SUCCESS: -- return 0; -+ return GRUB_ERR_NONE; - case GRUB_EFI_DEVICE_ERROR: -- return grub_error (GRUB_ERR_IO, N_("Command failed")); -+ return grub_error (GRUB_ERR_IO, N_("command failed")); - case GRUB_EFI_INVALID_PARAMETER: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid parameter")); - case GRUB_EFI_BUFFER_TOO_SMALL: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("output buffer too small")); - case GRUB_EFI_NOT_FOUND: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); - default: --- -2.35.3 - diff --git a/0001-crytodisk-fix-cryptodisk-module-looking-up.patch b/0001-crytodisk-fix-cryptodisk-module-looking-up.patch deleted file mode 100644 index f19c0d0..0000000 --- a/0001-crytodisk-fix-cryptodisk-module-looking-up.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 822f71318a69c150da3ad7df5fe8667dfa6e8069 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 31 Mar 2022 15:45:35 +0800 -Subject: [PATCH] crytodisk: fix cryptodisk module looking up - -The error "no cryptodisk module can handle this device" may happen even -encrypted disk were correctly formatted and required modules were loaded. - -It is casued by missing break to the loop in which cryptodisk modules are -iterated to find the one matching target's disk format. With the break -statement, the loop will be always ended with testing last cryptodisk module on -the list that may not be able to handle the format of encrypted disk's. - -Signed-off-by: Michael Chang ---- - grub-core/disk/cryptodisk.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 00c44773fb..6d22bf871c 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1021,6 +1021,7 @@ grub_cryptodisk_scan_device_real (const char *name, - if (!dev) - continue; - crd = cr; -+ break; - } - - if (!dev) --- -2.34.1 - diff --git a/0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch b/0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch deleted file mode 100644 index 268417a..0000000 --- a/0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ebe4ac49e800b18b539564169593ab1c6f163378 Mon Sep 17 00:00:00 2001 -From: Josselin Poiret via Grub-devel -Date: Tue, 14 Jun 2022 15:47:29 +0200 -Subject: [PATCH 01/10] devmapper/getroot: Have devmapper recognize LUKS2 - -Changes UUID comparisons so that LUKS1 and LUKS2 are both recognized -as being LUKS cryptodisks. ---- - grub-core/osdep/devmapper/getroot.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/grub-core/osdep/devmapper/getroot.c b/grub-core/osdep/devmapper/getroot.c -index 9ba5c98655..2bf4264cf0 100644 ---- a/grub-core/osdep/devmapper/getroot.c -+++ b/grub-core/osdep/devmapper/getroot.c -@@ -138,7 +138,8 @@ grub_util_get_dm_abstraction (const char *os_dev) - grub_free (uuid); - return GRUB_DEV_ABSTRACTION_LVM; - } -- if (strncmp (uuid, "CRYPT-LUKS1-", 12) == 0) -+ if (strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0 -+ || strncmp (uuid, "CRYPT-LUKS2-", sizeof ("CRYPT-LUKS2-") - 1) == 0) - { - grub_free (uuid); - return GRUB_DEV_ABSTRACTION_LUKS; -@@ -179,7 +180,9 @@ grub_util_pull_devmapper (const char *os_dev) - grub_util_pull_device (subdev); - } - } -- if (uuid && strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0 -+ if (uuid -+ && (strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0 -+ || strncmp (uuid, "CRYPT-LUKS2-", sizeof ("CRYPT-LUKS2-") - 1) == 0) - && lastsubdev) - { - char *grdev = grub_util_get_grub_dev (lastsubdev); -@@ -253,11 +256,11 @@ grub_util_get_devmapper_grub_dev (const char *os_dev) - { - char *dash; - -- dash = grub_strchr (uuid + sizeof ("CRYPT-LUKS1-") - 1, '-'); -+ dash = grub_strchr (uuid + sizeof ("CRYPT-LUKS*-") - 1, '-'); - if (dash) - *dash = 0; - grub_dev = grub_xasprintf ("cryptouuid/%s", -- uuid + sizeof ("CRYPT-LUKS1-") - 1); -+ uuid + sizeof ("CRYPT-LUKS*-") - 1); - grub_free (uuid); - return grub_dev; - } --- -2.34.1 - diff --git a/0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch b/0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch new file mode 100644 index 0000000..d7493bf --- /dev/null +++ b/0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch @@ -0,0 +1,35 @@ +From 652b221a5eacb1421891c1469608028e2c2f0615 Mon Sep 17 00:00:00 2001 +From: Glenn Washburn +Date: Fri, 18 Aug 2023 12:27:22 -0500 +Subject: [PATCH] disk/cryptodisk: Fix missing change when updating to use + grub_uuidcasecmp + +This was causing the cryptomount command to return failure even though +the crypto device was successfully added. Of course, this meant that any +script using the return code would behave unexpectedly. + +Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner) + +Suggested-by: Olaf Hering +Signed-off-by: Glenn Washburn +--- + grub-core/disk/cryptodisk.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index 802b191b2..c79d4125a 100644 +--- a/grub-core/disk/cryptodisk.c ++++ b/grub-core/disk/cryptodisk.c +@@ -1323,7 +1323,8 @@ grub_cryptodisk_scan_device (const char *name, + dev = grub_cryptodisk_scan_device_real (name, source, cargs); + if (dev) + { +- ret = (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, dev->uuid) == 0); ++ ret = (cargs->search_uuid != NULL ++ && grub_uuidcasecmp (cargs->search_uuid, dev->uuid, sizeof (dev->uuid)) == 0); + goto cleanup; + } + +-- +2.41.0 + diff --git a/0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch b/0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch deleted file mode 100644 index 937afe4..0000000 --- a/0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 5cc00eac24c7019d9696a859f69b587e11f1621e Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Mon, 27 Sep 2021 17:39:56 +0800 -Subject: [PATCH] disk/diskfilter: Use nodes in logical volume's segment as - member device - -Currently the grub_diskfilter_memberlist() function returns all physical -volumes added to a volume group to which a logical volume (LV) belongs. -However, this is suboptimal as it doesn't fit the intended behavior of -returning underlying devices that make up the LV. To give a clear -picture, the result should be identical to running commands below to -display the logical volumes with underlying physical volumes in use. - - localhost:~ # lvs -o lv_name,vg_name,devices /dev/system/root - LV VG Devices - root system /dev/vda2(512) - - localhost:~ # lvdisplay --maps /dev/system/root - --- Logical volume --- - ... - --- Segments --- - Logical extents 0 to 4604: - Type linear - Physical volume /dev/vda2 - Physical extents 512 to 5116 - -As shown above, we can know system-root LV uses only /dev/vda2 to -allocate it's extents, or we can say that /dev/vda2 is the member device -comprising the system-root LV. - -It is important to be precise on the member devices, because that helps -to avoid pulling in excessive dependency. Let's use an example to -demonstrate why it is needed. - - localhost:~ # findmnt / - TARGET SOURCE FSTYPE OPTIONS - / /dev/mapper/system-root ext4 rw,relatime - - localhost:~ # pvs - PV VG Fmt Attr PSize PFree - /dev/mapper/data system lvm2 a-- 1020.00m 0 - /dev/vda2 system lvm2 a-- 19.99g 0 - - localhost:~ # cryptsetup status /dev/mapper/data - /dev/mapper/data is active and is in use. - type: LUKS1 - cipher: aes-xts-plain64 - keysize: 512 bits - key location: dm-crypt - device: /dev/vdb - sector size: 512 - offset: 4096 sectors - size: 2093056 sectors - mode: read/write - - localhost:~ # vgs - VG #PV #LV #SN Attr VSize VFree - system 2 3 0 wz--n- 20.98g 0 - - localhost:~ # lvs -o lv_name,vg_name,devices - LV VG Devices - data system /dev/mapper/data(0) - root system /dev/vda2(512) - swap system /dev/vda2(0) - -We can learn from above that /dev/mapper/data is an encrypted volume and -also gets assigned to volume group "system" as one of it's physical -volumes. And also it is not used by root device, /dev/mapper/system-root, -for allocating extents, so it shouldn't be taking part in the process of -setting up GRUB to access root device. - -However, running grub-install reports error as volume group "system" -contains encrypted volume. - - error: attempt to install to encrypted disk without cryptodisk - enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'. - -Certainly we can enable GRUB_ENABLE_CRYPTODISK=y and move on, but that -is not always acceptable since the server may need to be booted unattended. -Additionally, typing passphrase for every system startup can be a big -hassle of which most users would like to avoid. - -This patch solves the problem by returning exact physical volume, /dev/vda2, -rightly used by system-root from the example above, thus grub-install will -not error out because the excessive encrypted device to boot the root device -is not configured. - -Signed-off-by: Michael Chang -Tested-by: Olav Reinert -Reviewed-by: Daniel Kiper ---- - grub-core/disk/diskfilter.c | 61 ++++++++++++++++++++++++++----------- - 1 file changed, 44 insertions(+), 17 deletions(-) - -diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index d094f7882..39d74cb86 100644 ---- a/grub-core/disk/diskfilter.c -+++ b/grub-core/disk/diskfilter.c -@@ -396,6 +396,8 @@ grub_diskfilter_memberlist (grub_disk_t disk) - grub_disk_dev_t p; - struct grub_diskfilter_vg *vg; - struct grub_diskfilter_lv *lv2 = NULL; -+ struct grub_diskfilter_segment *seg; -+ unsigned int i, j; - - if (!lv->vg->pvs) - return NULL; -@@ -427,27 +429,52 @@ grub_diskfilter_memberlist (grub_disk_t disk) - } - } - -- for (pv = lv->vg->pvs; pv; pv = pv->next) -- { -- if (!pv->disk) -+ for (i = 0, seg = lv->segments; i < lv->segment_count; i++, seg++) -+ for (j = 0; j < seg->node_count; ++j) -+ if (seg->nodes[j].pv != NULL) - { -- /* TRANSLATORS: This message kicks in during the detection of -- which modules needs to be included in core image. This happens -- in the case of degraded RAID and means that autodetection may -- fail to include some of modules. It's an installation time -- message, not runtime message. */ -- grub_util_warn (_("Couldn't find physical volume `%s'." -- " Some modules may be missing from core image."), -- pv->name); -- continue; -+ pv = seg->nodes[j].pv; -+ -+ if (pv->disk == NULL) -+ { -+ /* -+ * TRANSLATORS: This message kicks in during the detection of -+ * which modules needs to be included in core image. This happens -+ * in the case of degraded RAID and means that autodetection may -+ * fail to include some of modules. It's an installation time -+ * message, not runtime message. -+ */ -+ grub_util_warn (_("Couldn't find physical volume `%s'." -+ " Some modules may be missing from core image."), -+ pv->name); -+ continue; -+ } -+ -+ for (tmp = list; tmp != NULL; tmp = tmp->next) -+ if (!grub_strcmp (tmp->disk->name, pv->disk->name)) -+ break; -+ if (tmp != NULL) -+ continue; -+ -+ tmp = grub_malloc (sizeof (*tmp)); -+ if (tmp == NULL) -+ goto fail; -+ tmp->disk = pv->disk; -+ tmp->next = list; -+ list = tmp; - } -- tmp = grub_malloc (sizeof (*tmp)); -- tmp->disk = pv->disk; -- tmp->next = list; -- list = tmp; -- } - - return list; -+ -+ fail: -+ while (list != NULL) -+ { -+ tmp = list; -+ list = list->next; -+ grub_free (tmp); -+ } -+ -+ return NULL; - } - - void --- -2.31.1 - diff --git a/0001-efi-linux-provide-linux-command.patch b/0001-efi-linux-provide-linux-command.patch index 624ab77..9ef7342 100644 --- a/0001-efi-linux-provide-linux-command.patch +++ b/0001-efi-linux-provide-linux-command.patch @@ -25,11 +25,9 @@ Signed-off-by: Michael Chang grub-core/loader/i386/efi/linux.c | 17 +++++++++++++---- 3 files changed, 20 insertions(+), 6 deletions(-) -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 6045da47b..3ea9dace0 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -1773,7 +1773,9 @@ module = { +@@ -1840,7 +1840,9 @@ module = { name = linux; @@ -40,7 +38,16 @@ index 6045da47b..3ea9dace0 100644 i386_xen_pvh = loader/i386/linux.c; xen = loader/i386/xen.c; i386_pc = lib/i386/pc/vesa_modes_table.c; -@@ -1852,7 +1854,7 @@ module = { +@@ -1856,8 +1858,6 @@ + loongarch64 = loader/efi/linux.c; + riscv32 = loader/efi/linux.c; + riscv64 = loader/efi/linux.c; +- i386_efi = loader/efi/linux.c; +- x86_64_efi = loader/efi/linux.c; + emu = loader/emu/linux.c; + common = loader/linux.c; + }; +@@ -1922,7 +1922,7 @@ module = { name = linuxefi; @@ -49,22 +56,18 @@ index 6045da47b..3ea9dace0 100644 enable = i386_efi; enable = x86_64_efi; }; -diff --git a/grub-core/gensyminfo.sh.in b/grub-core/gensyminfo.sh.in -index 9bc767532..098de9258 100644 --- a/grub-core/gensyminfo.sh.in +++ b/grub-core/gensyminfo.sh.in -@@ -35,3 +35,6 @@ fi +@@ -35,3 +35,6 @@ # Print all undefined symbols used by module @TARGET_NM@ -u @TARGET_NMFLAGS_MINUS_P@ -p $module | sed "s@^\([^ ]*\).*@undefined $modname \1@g" + +# Specify linuxefi module should load default linux +test "$modname" = "linuxefi" && echo "undefined $modname grub_initrd_init" || true -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 8017e8c05..3f6d51519 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c -@@ -347,20 +347,29 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -333,20 +333,29 @@ } static grub_command_t cmd_linux, cmd_initrd; @@ -98,6 +101,3 @@ index 8017e8c05..3f6d51519 100644 grub_unregister_command (cmd_linux); grub_unregister_command (cmd_initrd); } --- -2.26.2 - diff --git a/0001-emu-fix-executable-stack-marking.patch b/0001-emu-fix-executable-stack-marking.patch deleted file mode 100644 index f5f8bb9..0000000 --- a/0001-emu-fix-executable-stack-marking.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 4cc06bef26c3573309086bec4472cc9151b0379e Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Mon, 1 Feb 2021 20:14:12 +0800 -Subject: [PATCH] emu: fix executable stack marking - -The gcc by default assumes executable stack is required if the source -object file doesn't have .note.GNU-stack section in place. If any of the -source objects doesn't incorporate the GNU-stack note, the resulting -program will have executable stack flag set in PT_GNU_STACK program -header to instruct program loader or kernel to set up the exeutable -stack when program loads to memory. - -Usually the .note.GNU-stack section will be generated by gcc -automatically if it finds that executable stack is not required. However -it doesn't take care of generating .note.GNU-stack section for those -object files built from assembler sources. This leads to unnecessary -risk of security of exploiting the executable stack because those -assembler sources don't actually require stack to be executable to work. - -The grub-emu and grub-emu-lite are found to flag stack as executable -revealed by execstack tool. - - $ mkdir -p build-emu && cd build-emu - $ ../configure --with-platform=emu && make - $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite - X grub-core/grub-emu - X grub-core/grub-emu-lite - -This patch will add the missing GNU-stack note to the assembler source -used by both utilities, therefore the result doesn't count on gcc -default behavior and the executable stack is disabled. - - $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite - - grub-core/grub-emu - - grub-core/grub-emu-lite - -Signed-off-by: Michael Chang ---- - grub-core/kern/emu/cache_s.S | 5 +++++ - grub-core/lib/setjmp.S | 4 ++++ - 2 files changed, 9 insertions(+) - -Index: grub-2.04/grub-core/kern/emu/cache_s.S -=================================================================== ---- grub-2.04.orig/grub-core/kern/emu/cache_s.S -+++ grub-2.04/grub-core/kern/emu/cache_s.S -@@ -2,6 +2,11 @@ - #error "This source is only meant for grub-emu platform" - #endif - -+/* An executable stack is not required for these functions */ -+#if defined (__linux__) && defined (__ELF__) -+.section .note.GNU-stack,"",%progbits -+#endif -+ - #if defined(__i386__) || defined(__x86_64__) - /* Nothing is necessary. */ - #elif defined(__sparc__) -Index: grub-2.04/grub-core/lib/setjmp.S -=================================================================== ---- grub-2.04.orig/grub-core/lib/setjmp.S -+++ grub-2.04/grub-core/lib/setjmp.S -@@ -1,3 +1,7 @@ -+/* An executable stack is not required for these functions */ -+#if defined (__linux__) && defined (__ELF__) -+.section .note.GNU-stack,"",%progbits -+#endif - #if defined(__i386__) - #include "./i386/setjmp.S" - #elif defined(__x86_64__) diff --git a/0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch b/0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch deleted file mode 100644 index e6a4cf1..0000000 --- a/0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a2606b0cb95f261288c79cafc7295927d868cb04 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Wed, 3 Aug 2022 19:45:33 +0800 -Subject: [PATCH 01/12] font: Reject glyphs exceeds font->max_glyph_width or - font->max_glyph_height - -Check glyph's width and height against limits specified in font's -metadata. Reject the glyph (and font) if such limits are exceeded. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index d09bb38d8..2f09a4a55 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - || read_be_uint16 (font->file, &height) != 0 - || read_be_int16 (font->file, &xoff) != 0 - || read_be_int16 (font->file, &yoff) != 0 -- || read_be_int16 (font->file, &dwidth) != 0) -+ || read_be_int16 (font->file, &dwidth) != 0 -+ || width > font->max_char_width -+ || height > font->max_char_height) - { - remove_font (font); - return 0; --- -2.35.3 - diff --git a/0001-font-Try-memdisk-fonts-with-the-same-name.patch b/0001-font-Try-memdisk-fonts-with-the-same-name.patch new file mode 100644 index 0000000..7ca5b3f --- /dev/null +++ b/0001-font-Try-memdisk-fonts-with-the-same-name.patch @@ -0,0 +1,39 @@ +From d02304f70b5b9c79761d8084ab9dfc66d84688e2 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Wed, 30 Nov 2022 17:02:50 +0800 +Subject: [PATCH] font: Try memdisk fonts with the same name + +--- + grub-core/font/font.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 18de52562..92ff415bf 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -451,7 +451,21 @@ grub_font_load (const char *filename) + #endif + + if (filename[0] == '(' || filename[0] == '/' || filename[0] == '+') +- file = grub_buffile_open (filename, GRUB_FILE_TYPE_FONT, 1024); ++ { ++ char *n = grub_strdup (filename); ++ char *p = grub_strrchr (n, '/'); ++ if (p) ++ { ++ char *q = grub_strrchr (p, '.'); ++ if (q) ++ *q = 0; ++ p++; ++ file = try_open_from_prefix ("(memdisk)", p); ++ } ++ grub_free (n); ++ if (!file) ++ file = grub_buffile_open (filename, GRUB_FILE_TYPE_FONT, 1024); ++ } + else + { + file = try_open_from_prefix ("(memdisk)", filename); +-- +2.41.0 + diff --git a/0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch b/0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch deleted file mode 100644 index b7b3fcd..0000000 --- a/0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 149df8b7bb86401693e1f064859de0a8906d97b7 Mon Sep 17 00:00:00 2001 -From: Qu Wenruo -Date: Thu, 28 Oct 2021 17:44:57 +0800 -Subject: [PATCH] fs/btrfs: Make extent item iteration to handle gaps - -[BUG] -Grub btrfs implementation can't handle two very basic btrfs file -layouts: - -1. Mixed inline/regualr extents - # mkfs.btrfs -f test.img - # mount test.img /mnt/btrfs - # xfs_io -f -c "pwrite 0 1k" -c "sync" -c "falloc 0 4k" \ - -c "pwrite 4k 4k" /mnt/btrfs/file - # umount /mnt/btrfs - # ./grub-fstest ./grub-fstest --debug=btrfs ~/test.img hex "/file" - - Such mixed inline/regular extents case is not recommended layout, - but all existing tools and kernel can handle it without problem - -2. NO_HOLES feature - # mkfs.btrfs -f test.img -O no_holes - # mount test.img /mnt/btrfs - # xfs_io -f -c "pwrite 0 4k" -c "pwrite 8k 4k" /mnt/btrfs/file - # umount /mnt/btrfs - # ./grub-fstest ./grub-fstest --debug=btrfs ~/test.img hex "/file" - - NO_HOLES feature is going to be the default mkfs feature in the incoming - v5.15 release, and kernel has support for it since v4.0. - -[CAUSE] -The way GRUB btrfs code iterates through file extents relies on no gap -between extents. - -If any gap is hit, then grub btrfs will error out, without any proper -reason to help debug the bug. - -This is a bad assumption, since a long long time ago btrfs has a new -feature called NO_HOLES to allow btrfs to skip the padding hole extent -to reduce metadata usage. - -The NO_HOLES feature is already stable since kernel v4.0 and is going to -be the default mkfs feature in the incoming v5.15 btrfs-progs release. - -[FIX] -When there is a extent gap, instead of error out, just try next item. - -This is still not ideal, as kernel/progs/U-boot all do the iteration -item by item, not relying on the file offset continuity. - -But it will be way more time consuming to correct the whole behavior -than starting from scratch to build a proper designed btrfs module for GRUB. - -Signed-off-by: Qu Wenruo -Reviewed-by: Daniel Kiper ---- - grub-core/fs/btrfs.c | 35 ++++++++++++++++++++++++++++++++--- - 1 file changed, 32 insertions(+), 3 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 9625bdf16..b8625197b 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -1506,6 +1506,7 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data, - grub_size_t csize; - grub_err_t err; - grub_off_t extoff; -+ struct grub_btrfs_leaf_descriptor desc; - if (!data->extent || data->extstart > pos || data->extino != ino - || data->exttree != tree || data->extend <= pos) - { -@@ -1518,7 +1519,7 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data, - key_in.type = GRUB_BTRFS_ITEM_TYPE_EXTENT_ITEM; - key_in.offset = grub_cpu_to_le64 (pos); - err = lower_bound (data, &key_in, &key_out, tree, -- &elemaddr, &elemsize, NULL, 0); -+ &elemaddr, &elemsize, &desc, 0); - if (err) - return -1; - if (key_out.object_id != ino -@@ -1557,10 +1558,38 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data, - PRIxGRUB_UINT64_T "\n", - grub_le_to_cpu64 (key_out.offset), - grub_le_to_cpu64 (data->extent->size)); -+ /* -+ * The way of extent item iteration is pretty bad, it completely -+ * requires all extents are contiguous, which is not ensured. -+ * -+ * Features like NO_HOLE and mixed inline/regular extents can cause -+ * gaps between file extent items. -+ * -+ * The correct way is to follow kernel/U-boot to iterate item by -+ * item, without any assumption on the file offset continuity. -+ * -+ * Here we just manually skip to next item and re-do the verification. -+ * -+ * TODO: Rework the whole extent item iteration code, if not the -+ * whole btrfs implementation. -+ */ - if (data->extend <= pos) - { -- grub_error (GRUB_ERR_BAD_FS, "extent not found"); -- return -1; -+ err = next(data, &desc, &elemaddr, &elemsize, &key_out); -+ if (err < 0) -+ return -1; -+ /* No next item for the inode, we hit the end */ -+ if (err == 0 || key_out.object_id != ino || -+ key_out.type != GRUB_BTRFS_ITEM_TYPE_EXTENT_ITEM) -+ return pos - pos0; -+ -+ csize = grub_le_to_cpu64(key_out.offset) - pos; -+ if (csize > len) -+ csize = len; -+ buf += csize; -+ pos += csize; -+ len -= csize; -+ continue; - } - } - csize = data->extend - pos; --- -2.31.1 - diff --git a/0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch b/0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch deleted file mode 100644 index 0130b96..0000000 --- a/0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch +++ /dev/null @@ -1,162 +0,0 @@ -From b78aca6e1c4f72a6491457e849b76c8e0af77765 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Mon, 13 Dec 2021 14:25:49 +0800 -Subject: [PATCH 1/2] fs/btrfs: Use full btrfs bootloader area - -Up to now GRUB can only embed to the first 64 KiB before primary -superblock of btrfs, effectively limiting the GRUB core size. That -could consequently pose restrictions to feature enablement like -advanced zstd compression. - -This patch attempts to utilize full unused area reserved by btrfs for -the bootloader outlined in the document [1]: - - The first 1MiB on each device is unused with the exception of primary - superblock that is on the offset 64KiB and spans 4KiB. - -Apart from that, adjacent sectors to superblock and first block group -are not used for embedding in case of overflow and logged access to -adjacent sectors could be useful for tracing it up. - -This patch has been tested to provide out of the box support for btrfs -zstd compression with which GRUB has been installed to the partition. - -[1] https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT - -Signed-off-by: Michael Chang -Reviewed-by: Daniel Kiper ---- - grub-core/fs/btrfs.c | 90 +++++++++++++++++++++++++++++++++++++------- - include/grub/disk.h | 2 + - 2 files changed, 79 insertions(+), 13 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 7007463c6..979ba1b28 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2537,6 +2537,33 @@ grub_btrfs_label (grub_device_t device, char **label) - } - - #ifdef GRUB_UTIL -+ -+struct embed_region { -+ unsigned int start; -+ unsigned int secs; -+}; -+ -+/* -+ * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT -+ * The first 1 MiB on each device is unused with the exception of primary -+ * superblock that is on the offset 64 KiB and spans 4 KiB. -+ */ -+ -+static const struct { -+ struct embed_region available; -+ struct embed_region used[6]; -+} btrfs_head = { -+ .available = {0, GRUB_DISK_KiB_TO_SECTORS (1024)}, /* The first 1 MiB. */ -+ .used = { -+ {0, 1}, /* boot.S. */ -+ {GRUB_DISK_KiB_TO_SECTORS (64) - 1, 1}, /* Overflow guard. */ -+ {GRUB_DISK_KiB_TO_SECTORS (64), GRUB_DISK_KiB_TO_SECTORS (4)}, /* 4 KiB superblock. */ -+ {GRUB_DISK_KiB_TO_SECTORS (68), 1}, /* Overflow guard. */ -+ {GRUB_DISK_KiB_TO_SECTORS (1024) - 1, 1}, /* Overflow guard. */ -+ {0, 0} /* Array terminator. */ -+ } -+}; -+ - static grub_err_t - grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - unsigned int *nsectors, -@@ -2544,25 +2571,62 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - grub_embed_type_t embed_type, - grub_disk_addr_t **sectors) - { -- unsigned i; -+ unsigned int i, j, n = 0; -+ const struct embed_region *u; -+ grub_disk_addr_t *map; - - if (embed_type != GRUB_EMBED_PCBIOS) - return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, - "BtrFS currently supports only PC-BIOS embedding"); - -- if (64 * 2 - 1 < *nsectors) -- return grub_error (GRUB_ERR_OUT_OF_RANGE, -- N_("your core.img is unusually large. " -- "It won't fit in the embedding area")); -- -- *nsectors = 64 * 2 - 1; -- if (*nsectors > max_nsectors) -- *nsectors = max_nsectors; -- *sectors = grub_calloc (*nsectors, sizeof (**sectors)); -- if (!*sectors) -+ map = grub_calloc (btrfs_head.available.secs, sizeof (*map)); -+ if (map == NULL) - return grub_errno; -- for (i = 0; i < *nsectors; i++) -- (*sectors)[i] = i + 1; -+ -+ /* -+ * Populating the map array so that it can be used to index if a disk -+ * address is available to embed: -+ * - 0: available, -+ * - 1: unavailable. -+ */ -+ for (u = btrfs_head.used; u->secs; ++u) -+ { -+ unsigned int end = u->start + u->secs; -+ -+ if (end > btrfs_head.available.secs) -+ end = btrfs_head.available.secs; -+ for (i = u->start; i < end; ++i) -+ map[i] = 1; -+ } -+ -+ /* Adding up n until it matches total size of available embedding area. */ -+ for (i = 0; i < btrfs_head.available.secs; ++i) -+ if (map[i] == 0) -+ n++; -+ -+ if (n < *nsectors) -+ { -+ grub_free (map); -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, -+ N_("your core.img is unusually large. " -+ "It won't fit in the embedding area")); -+ } -+ -+ if (n > max_nsectors) -+ n = max_nsectors; -+ -+ /* -+ * Populating the array so that it can used to index disk block address for -+ * an image file's offset to be embedded on disk (the unit is in sectors): -+ * - i: The disk block address relative to btrfs_head.available.start, -+ * - j: The offset in image file. -+ */ -+ for (i = 0, j = 0; i < btrfs_head.available.secs && j < n; ++i) -+ if (map[i] == 0) -+ map[j++] = btrfs_head.available.start + i; -+ -+ *nsectors = n; -+ *sectors = map; - - return GRUB_ERR_NONE; - } -diff --git a/include/grub/disk.h b/include/grub/disk.h -index 6d656c431..a10fa3bc7 100644 ---- a/include/grub/disk.h -+++ b/include/grub/disk.h -@@ -182,6 +182,8 @@ typedef struct grub_disk_memberlist *grub_disk_memberlist_t; - /* Return value of grub_disk_native_sectors() in case disk size is unknown. */ - #define GRUB_DISK_SIZE_UNKNOWN 0xffffffffffffffffULL - -+#define GRUB_DISK_KiB_TO_SECTORS(x) ((x) << (10 - GRUB_DISK_SECTOR_BITS)) -+ - /* Convert sector number from one sector size to another. */ - static inline grub_disk_addr_t - grub_convert_sector (grub_disk_addr_t sector, --- -2.35.3 - diff --git a/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch b/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch deleted file mode 100644 index 7f4b599..0000000 --- a/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 11 Jun 2021 21:36:16 +0200 -Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature - -This incompat feature is used to denote that the filesystem stored its -metadata checksum seed in the superblock. This is used to allow tune2fs -changing the UUID on a mounted metdata_csum filesystem without having -to rewrite all the disk metadata. However, the GRUB doesn't use the -metadata checksum at all. So, it can just ignore this feature if it -is enabled. This is consistent with the GRUB filesystem code in general -which just does a best effort to access the filesystem's data. - -The checksum seed incompat feature has to be removed from the ignore -list if the support for metadata checksum verification is added to the -GRUB ext2 driver later. - -Suggested-by: Eric Sandeen -Suggested-by: Lukas Czerner -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Lukas Czerner -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ext2.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index e7dd78e66..4953a1591 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 - #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 - #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 -+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000 - #define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 - - /* The set of back-incompatible features this driver DOES support. Add (OR) -@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+"); - * mmp: Not really back-incompatible - was added as such to - * avoid multiple read-write mounts. Safe to ignore for this - * RO driver. -+ * checksum seed: Not really back-incompatible - was added to allow tools -+ * such as tune2fs to change the UUID on a mounted metadata -+ * checksummed filesystem. Safe to ignore for now since the -+ * driver doesn't support checksum verification. However, it -+ * has to be removed from this list if the support is added later. - */ - #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \ -- | EXT4_FEATURE_INCOMPAT_MMP) -- -+ | EXT4_FEATURE_INCOMPAT_MMP \ -+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED) - - #define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U - --- -2.40.1 - diff --git a/0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch b/0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch deleted file mode 100644 index 80bf0cd..0000000 --- a/0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o -Date: Tue, 30 Aug 2022 22:41:59 -0400 -Subject: [PATCH] fs/ext2: Ignore the large_dir incompat feature - -Recently, ext4 added the large_dir feature, which adds support for -a 3 level htree directory support. - -The GRUB supports existing file systems with htree directories by -ignoring their existence, and since the index nodes for the hash tree -look like deleted directory entries (by design), the GRUB can simply do -a brute force O(n) linear search of directories. The same is true for -3 level deep htrees indicated by large_dir feature flag. - -Hence, it is safe for the GRUB to ignore the large_dir incompat feature. - -Fixes: https://savannah.gnu.org/bugs/?61606 - -Signed-off-by: Theodore Ts'o -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ext2.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index 0989e26e1..e1cc5e62a 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -104,6 +104,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 - #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 - #define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000 -+#define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3 level htree */ - #define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 - - /* The set of back-incompatible features this driver DOES support. Add (OR) -@@ -129,10 +130,17 @@ GRUB_MOD_LICENSE ("GPLv3+"); - * checksummed filesystem. Safe to ignore for now since the - * driver doesn't support checksum verification. However, it - * has to be removed from this list if the support is added later. -+ * large_dir: Not back-incompatible given that the GRUB ext2 driver does -+ * not implement EXT2_FEATURE_COMPAT_DIR_INDEX. If the GRUB -+ * eventually supports the htree feature (aka dir_index) -+ * it should support 3 level htrees and then move -+ * EXT4_FEATURE_INCOMPAT_LARGEDIR to -+ * EXT2_DRIVER_SUPPORTED_INCOMPAT. - */ - #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \ - | EXT4_FEATURE_INCOMPAT_MMP \ -- | EXT4_FEATURE_INCOMPAT_CSUM_SEED) -+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED \ -+ | EXT4_FEATURE_INCOMPAT_LARGEDIR) - - #define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U - --- -2.40.1 - diff --git a/0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch b/0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch deleted file mode 100644 index d7b68d6..0000000 --- a/0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 7c11f4f3d71c3fc8acff820b1fd449c94095dab9 Mon Sep 17 00:00:00 2001 -From: Erwan Velu -Date: Wed, 25 Aug 2021 15:31:52 +0200 -Subject: [PATCH] fs/xfs: Fix unreadable filesystem with v4 superblock - -The commit 8b1e5d193 (fs/xfs: Add bigtime incompat feature support) -introduced the bigtime support by adding some features in v3 inodes. -This change extended grub_xfs_inode struct by 76 bytes but also changed -the computation of XFS_V2_INODE_SIZE and XFS_V3_INODE_SIZE. Prior this -commit, XFS_V2_INODE_SIZE was 100 bytes. After the commit it's 84 bytes -XFS_V2_INODE_SIZE becomes 16 bytes too small. - -As a result, the data structures aren't properly aligned and the GRUB -generates "attempt to read or write outside of partition" errors when -trying to read the XFS filesystem: - - GNU GRUB version 2.11 - .... - grub> set debug=efi,gpt,xfs - grub> insmod part_gpt - grub> ls (hd0,gpt1)/ - partmap/gpt.c:93: Read a valid GPT header - partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125 - fs/xfs.c:931: Reading sb - fs/xfs.c:270: Validating superblock - fs/xfs.c:295: XFS v4 superblock detected - fs/xfs.c:962: Reading root ino 128 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (739521961424144223) - 344365866970255880, 3840 - error: attempt to read or write outside of partition. - -This commit change the XFS_V2_INODE_SIZE computation by subtracting 76 -bytes instead of 92 bytes from the actual size of grub_xfs_inode struct. -This 76 bytes value comes from added members: - 20 grub_uint8_t unused5 - 1 grub_uint64_t flags2 - 48 grub_uint8_t unused6 - -This patch explicitly splits the v2 and v3 parts of the structure. -The unused4 is still ending of the v2 structures and the v3 starts -at unused5. Thanks to this we will avoid future corruptions of v2 -or v3 inodes. - -The XFS_V2_INODE_SIZE is returning to its expected size and the -filesystem is back to a readable state: - - GNU GRUB version 2.11 - .... - grub> set debug=efi,gpt,xfs - grub> insmod part_gpt - grub> ls (hd0,gpt1)/ - partmap/gpt.c:93: Read a valid GPT header - partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125 - fs/xfs.c:931: Reading sb - fs/xfs.c:270: Validating superblock - fs/xfs.c:295: XFS v4 superblock detected - fs/xfs.c:962: Reading root ino 128 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:931: Reading sb - fs/xfs.c:270: Validating superblock - fs/xfs.c:295: XFS v4 superblock detected - fs/xfs.c:962: Reading root ino 128 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (131) - 64, 768 - efi/ fs/xfs.c:515: Reading inode (3145856) - 1464904, 0 - grub2/ fs/xfs.c:515: Reading inode (132) - 64, 1024 - grub/ fs/xfs.c:515: Reading inode (139) - 64, 2816 - grub> - -Fixes: 8b1e5d193 (fs/xfs: Add bigtime incompat feature support) - -Signed-off-by: Erwan Velu -Tested-by: Carlos Maiolino -Reviewed-by: Daniel Kiper ---- - grub-core/fs/xfs.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 0f524c3a8..e3816d1ec 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -192,6 +192,11 @@ struct grub_xfs_time_legacy - grub_uint32_t nanosec; - } GRUB_PACKED; - -+/* -+ * The struct grub_xfs_inode layout was taken from the -+ * struct xfs_dinode_core which is described here: -+ * https://mirrors.edge.kernel.org/pub/linux/utils/fs/xfs/docs/xfs_filesystem_structure.pdf -+ */ - struct grub_xfs_inode - { - grub_uint8_t magic[2]; -@@ -208,14 +213,15 @@ struct grub_xfs_inode - grub_uint32_t nextents; - grub_uint16_t unused3; - grub_uint8_t fork_offset; -- grub_uint8_t unused4[37]; -+ grub_uint8_t unused4[17]; /* Last member of inode v2. */ -+ grub_uint8_t unused5[20]; /* First member of inode v3. */ - grub_uint64_t flags2; -- grub_uint8_t unused5[48]; -+ grub_uint8_t unused6[48]; /* Last member of inode v3. */ - } GRUB_PACKED; - - #define XFS_V3_INODE_SIZE sizeof(struct grub_xfs_inode) --/* Size of struct grub_xfs_inode until fork_offset (included). */ --#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 92) -+/* Size of struct grub_xfs_inode v2, up to unused4 member included. */ -+#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76) - - struct grub_xfs_dirblock_tail - { --- -2.31.1 - diff --git a/0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch b/0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch deleted file mode 100644 index 38eeb64..0000000 --- a/0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 1eee02bbf2c11167e94f424846ce1de0b6e7fa8e Mon Sep 17 00:00:00 2001 -From: Mukesh Kumar Chaurasiya -Date: Fri, 3 Feb 2023 10:10:43 +0530 -Subject: [PATCH] grub-core: modify sector by sysfs as disk sector - -The disk sector size provided by sysfs file system considers the -sector size of 512 irrespective of disk sector size, Thus -causing the read by grub to an incorrect offset from what was -originally intended. - -Considering the 512 sector size of sysfs data the actual sector -needs to be modified corresponding to disk sector size. - -Signed-off-by: Mukesh Kumar Chaurasiya ---- - grub-core/osdep/linux/hostdisk.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - ---- a/grub-core/osdep/linux/hostdisk.c -+++ b/grub-core/osdep/linux/hostdisk.c -@@ -199,8 +199,15 @@ - - #pragma GCC diagnostic ignored "-Wformat-nonliteral" - -+static inline grub_disk_addr_t -+transform_sector (grub_disk_t disk, grub_disk_addr_t sector) -+{ -+ return sector >> (disk->log_sector_size - GRUB_DISK_SECTOR_BITS); -+} -+ - static int --grub_hostdisk_linux_find_partition (char *dev, grub_disk_addr_t sector) -+grub_hostdisk_linux_find_partition (const grub_disk_t disk, char *dev, -+ grub_disk_addr_t sector) - { - size_t len = strlen (dev); - const char *format; -@@ -265,7 +272,8 @@ - if (fstat (fd, &st) < 0 - || !grub_util_device_is_mapped_stat (&st) - || !grub_util_get_dm_node_linear_info (st.st_rdev, 0, 0, &start)) -- start = grub_util_find_partition_start_os (real_dev); -+ start = transform_sector (disk, -+ grub_util_find_partition_start_os (real_dev)); - /* We don't care about errors here. */ - grub_errno = GRUB_ERR_NONE; - -@@ -346,7 +354,8 @@ - && strncmp (dev, "/dev/", 5) == 0) - { - if (sector >= part_start) -- is_partition = grub_hostdisk_linux_find_partition (dev, part_start); -+ is_partition = grub_hostdisk_linux_find_partition (disk, dev, -+ part_start); - else - *max = part_start - sector; - } diff --git a/0001-grub-install-Add-SUSE-signed-image-support-for-power.patch b/0001-grub-install-Add-SUSE-signed-image-support-for-power.patch index 082bb27..366e08d 100644 --- a/0001-grub-install-Add-SUSE-signed-image-support-for-power.patch +++ b/0001-grub-install-Add-SUSE-signed-image-support-for-power.patch @@ -10,11 +10,9 @@ Signed-off-by: Michal Suchanek util/grub-install.c | 29 ++++++++++++++++++++++++++--- 3 files changed, 42 insertions(+), 3 deletions(-) -diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index e28a79dab..2a12ed867 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c -@@ -154,3 +154,16 @@ grub_install_get_default_x86_platform (void) +@@ -154,3 +154,16 @@ grub_util_info ("... not found"); return "i386-pc"; } @@ -31,25 +29,21 @@ index e28a79dab..2a12ed867 100644 + } + return ret; +} -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index c241a2a40..154487b72 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h -@@ -233,6 +233,9 @@ grub_install_get_default_arm_platform (void); - const char * +@@ -233,6 +233,9 @@ grub_install_get_default_x86_platform (void); -+int + int +grub_install_get_powerpc_secure_boot (void); + - int ++int grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, -diff --git a/util/grub-install.c b/util/grub-install.c -index a2286b3dd..8fb5ea616 100644 + const char *efi_distributor); --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -321,10 +321,10 @@ static struct argp_option options[] = { +@@ -321,10 +321,10 @@ {"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0}, {"suse-force-signed", OPTION_SUSE_FORCE_SIGNED, 0, 0, N_("force installation of signed grub" "%s." @@ -62,7 +56,7 @@ index a2286b3dd..8fb5ea616 100644 {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, {"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2}, {"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2}, -@@ -1724,6 +1724,7 @@ main (int argc, char *argv[]) +@@ -1749,6 +1749,7 @@ char mkimage_target[200]; const char *core_name = NULL; char *signed_imgfile = NULL; @@ -70,7 +64,7 @@ index a2286b3dd..8fb5ea616 100644 switch (platform) { -@@ -1770,11 +1771,33 @@ main (int argc, char *argv[]) +@@ -1796,11 +1797,33 @@ grub_install_get_platform_platform (platform)); break; @@ -105,6 +99,3 @@ index a2286b3dd..8fb5ea616 100644 case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: --- -2.31.1 - diff --git a/0001-grub-install-bailout-root-device-probing.patch b/0001-grub-install-bailout-root-device-probing.patch index a70ef5a..36ab2a3 100644 --- a/0001-grub-install-bailout-root-device-probing.patch +++ b/0001-grub-install-bailout-root-device-probing.patch @@ -24,11 +24,9 @@ Signed-off-by: Michael Chang util/grub-install.c | 31 ++++++++++++++++++-------- 5 files changed, 70 insertions(+), 9 deletions(-) -diff --git a/grub-core/osdep/basic/no_platform.c b/grub-core/osdep/basic/no_platform.c -index a173dafe90..dfbdd58e4e 100644 --- a/grub-core/osdep/basic/no_platform.c +++ b/grub-core/osdep/basic/no_platform.c -@@ -51,3 +51,8 @@ grub_install_zipl (const char *d, int i, int f) +@@ -51,3 +51,8 @@ grub_util_error ("%s", _("no zIPL routines are available for your platform")); } @@ -37,11 +35,9 @@ index a173dafe90..dfbdd58e4e 100644 +{ + return NULL; +} -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 4df143671a..68186480b2 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c -@@ -250,3 +250,37 @@ grub_install_zipl (const char *dest, int install, int force) +@@ -250,3 +250,37 @@ "-z", dest, NULL })) grub_util_error (_("`%s' failed.\n"), PACKAGE"-zipl-setup"); } @@ -79,11 +75,9 @@ index 4df143671a..68186480b2 100644 + + return buf; +} -diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 733c36d72c..1d2e356e6b 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c -@@ -430,3 +430,9 @@ grub_install_zipl (const char *d, int i, int f) +@@ -440,3 +440,9 @@ { grub_util_error ("%s", _("no zIPL routines are available for your platform")); } @@ -93,25 +87,21 @@ index 733c36d72c..1d2e356e6b 100644 +{ + return NULL; +} -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 154487b72b..456955c3d7 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h -@@ -252,6 +252,9 @@ grub_install_sgi_setup (const char *install_device, +@@ -251,6 +251,9 @@ void grub_install_zipl (const char *d, int i, int f); +char * +grub_install_get_filesystem (const char *path); + - int + int grub_install_compress_gzip (const char *src, const char *dest); - int -diff --git a/util/grub-install.c b/util/grub-install.c -index 7bc5f84378..213f54a782 100644 + int --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -871,7 +871,6 @@ main (int argc, char *argv[]) +@@ -887,7 +887,6 @@ const char *efi_file = NULL; char **grub_devices; grub_fs_t grub_fs; @@ -119,7 +109,7 @@ index 7bc5f84378..213f54a782 100644 grub_device_t grub_dev = NULL; enum grub_install_plat platform; char *grubdir, *device_map; -@@ -1049,8 +1048,10 @@ main (int argc, char *argv[]) +@@ -1067,8 +1066,10 @@ grub_host_init (); { @@ -132,7 +122,7 @@ index 7bc5f84378..213f54a782 100644 char *t = grub_util_path_concat (2, "/", rootdir); rootdir_path = grub_canonicalize_file_name (t); -@@ -1071,20 +1072,32 @@ main (int argc, char *argv[]) +@@ -1089,20 +1090,32 @@ rootdir_devices[0]); rootdir_grub_dev = grub_device_open (rootdir_grub_devname); @@ -171,6 +161,3 @@ index 7bc5f84378..213f54a782 100644 } switch (platform) --- -2.34.1 - diff --git a/0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch b/0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch deleted file mode 100644 index 47696be..0000000 --- a/0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch +++ /dev/null @@ -1,32 +0,0 @@ -From grub-devel-bounces@gnu.org Thu Aug 25 08:11:08 2022 -From: Michael Chang -Date: Thu, 25 Aug 2022 14:05:01 +0800 -Subject: [PATCH] grub-install: set point of no return for powerpc-ieee1275 - install - -The point of no return is used to define a point where no change should -be reverted in a wake of fatal error that consequently aborts the -process. The powerpc-ieee1275 install apparently missed this point of no -return defintion that newly installed modules could be inadvertently -reverted after successful image embedding so that boot failure is -incurred due to inconsistent state. - -Signed-off-by: Michael Chang -[iluceno@suse.de: Backported to SLES-15-SP4] -Signed-off-by: Ismael Luceno ---- - util/grub-install.c | 1 + - 1 file changed, 1 insertion(+) - -Index: grub-2.06/util/grub-install.c -=================================================================== ---- grub-2.06.orig/util/grub-install.c -+++ grub-2.06/util/grub-install.c -@@ -2160,6 +2160,7 @@ main (int argc, char *argv[]) - { - grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); - } -+ grub_set_install_backup_ponr (); - - if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || ((signed_grub_mode == SIGNED_GRUB_AUTO) && (ppc_sb_state > 0))) - { diff --git a/0001-grub-mkconfig-restore-umask-for-grub.cfg.patch b/0001-grub-mkconfig-restore-umask-for-grub.cfg.patch deleted file mode 100644 index 63a0ebd..0000000 --- a/0001-grub-mkconfig-restore-umask-for-grub.cfg.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7a5022ea64fd6af859383a1731632abc8755b8f7 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 26 Aug 2021 15:52:00 +0800 -Subject: [PATCH] grub-mkconfig: restore umask for grub.cfg - -Since commit: - - ab2e53c8a grub-mkconfig: Honor a symlink when generating configuration -by grub-mkconfig - -has inadvertently discarded umask for creating grub.cfg in the process -of grub-mkconfig. The resulting wrong permission (0644) would allow -unprivileged users to read grub's configuration file content. This -presents a low confidentiality risk as grub.cfg may contain non-secured -plain-text passwords. - -This patch restores the missing umask and set the file mode of creation -to 0600 preventing unprivileged access. - -Fixes: CVE-2021-3981 - -Signed-off-by: Michael Chang -Reviewed-by: Daniel Kiper ---- - util/grub-mkconfig.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 7f6d961d2..4aca09d8e 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -351,7 +351,9 @@ and /etc/grub.d/* files or please file a bug report with - exit 1 - else - # none of the children aborted with error, install the new grub.cfg -+ oldumask=$(umask); umask 077 - cat ${grub_cfg}.new > ${grub_cfg} -+ umask $oldumask - rm -f ${grub_cfg}.new - # check if default entry need to be corrected for updated distributor version - # and/or use fallback entry if default kernel entry removed --- -2.31.1 - diff --git a/0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch b/0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch index 4cb7624..46f096a 100644 --- a/0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch +++ b/0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch @@ -34,11 +34,9 @@ Signed-off-by: Wen Xiong include/grub/util/ofpath.h | 9 +++++++ 4 files changed, 63 insertions(+), 3 deletions(-) -diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c -index 7d31cfd0f..7129099db 100644 --- a/grub-core/osdep/linux/ofpath.c +++ b/grub-core/osdep/linux/ofpath.c -@@ -209,7 +209,7 @@ find_obppath (const char *sysfs_path_orig) +@@ -209,7 +209,7 @@ } } @@ -47,7 +45,7 @@ index 7d31cfd0f..7129099db 100644 xrealpath (const char *in) { char *out; -@@ -224,7 +224,7 @@ xrealpath (const char *in) +@@ -224,7 +224,7 @@ return out; } @@ -56,7 +54,7 @@ index 7d31cfd0f..7129099db 100644 block_device_get_sysfs_path_and_link(const char *devicenode) { char *rpath; -@@ -535,7 +535,7 @@ of_path_get_nvme_nsid(const char* devname) +@@ -535,7 +535,7 @@ } @@ -65,8 +63,6 @@ index 7d31cfd0f..7129099db 100644 nvme_get_syspath(const char *nvmedev) { char *sysfs_path, *controller_node; -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 1e2961e00..db8fa4b95 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -19,6 +19,7 @@ @@ -77,7 +73,7 @@ index 1e2961e00..db8fa4b95 100644 #include #include #include -@@ -131,6 +132,51 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) +@@ -131,6 +132,51 @@ return rc; } @@ -129,7 +125,7 @@ index 1e2961e00..db8fa4b95 100644 int grub_install_register_efi (const grub_disk_t *efidir_grub_disk, const char *efifile_path, -@@ -242,6 +288,8 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, +@@ -242,6 +288,8 @@ } *ptr = '\0'; } @@ -138,11 +134,9 @@ index 1e2961e00..db8fa4b95 100644 else boot_device = get_ofpathname (install_device); -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index c144f3e4d..15f24efac 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h -@@ -240,6 +240,9 @@ grub_install_register_efi (const grub_disk_t *efidir_grub_disk, +@@ -241,6 +241,9 @@ const char *efi_distributor, const char *force_disk); @@ -152,11 +146,9 @@ index c144f3e4d..15f24efac 100644 void grub_install_register_ieee1275 (int is_prep, const char *install_device, int partno, const char *relpath); -diff --git a/include/grub/util/ofpath.h b/include/grub/util/ofpath.h -index a0ec30620..5b1f6a56d 100644 --- a/include/grub/util/ofpath.h +++ b/include/grub/util/ofpath.h -@@ -32,4 +32,13 @@ void find_file(char* filename, char* directory, struct ofpath_files_list_root* r +@@ -32,4 +32,13 @@ char* of_find_fc_host(char* host_wwpn); @@ -170,6 +162,3 @@ index a0ec30620..5b1f6a56d 100644 + + #endif /* ! GRUB_OFPATH_MACHINE_UTIL_HEADER */ --- -2.35.3 - diff --git a/0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch b/0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch deleted file mode 100644 index f3f26ea..0000000 --- a/0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch +++ /dev/null @@ -1,239 +0,0 @@ -From f86bd28391e6d92f8084f0b789ba4a8f6d789dfa Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Sun, 15 Mar 2020 12:37:10 -0400 -Subject: [PATCH 1/2] ibmvtpm: Add support for trusted boot using a vTPM 2.0 - -Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275 -PowerPC platform. With this patch grub now measures text and binary data -into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform -does. - -This patch requires Daniel Axtens's patches for claiming more memory. - -For vTPM support to work on PowerVM, system driver levels 1010.30 -or 1020.00 are required. - -Note: Previous versions of firmware levels with the 2hash-ext-log -API call have a bug that, once this API call is invoked, has the -effect of disabling the vTPM driver under Linux causing an error -message to be displayed in the Linux kernel log. Those users will -have to update their machines to the firmware levels mentioned -above. - -Cc: Eric Snowberg -Signed-off-by: Stefan Berger ---- - docs/grub.texi | 3 +- - grub-core/Makefile.core.def | 7 ++ - grub-core/commands/ieee1275/ibmvtpm.c | 152 ++++++++++++++++++++++++++ - include/grub/ieee1275/ieee1275.h | 3 + - 4 files changed, 164 insertions(+), 1 deletion(-) - create mode 100644 grub-core/commands/ieee1275/ibmvtpm.c - -diff --git a/docs/grub.texi b/docs/grub.texi -index 4504bcabe..026aacacf 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -6204,7 +6204,8 @@ tpm module is loaded. As such it is recommended that the tpm module be built - into @file{core.img} in order to avoid a potential gap in measurement between - @file{core.img} being loaded and the tpm module being loaded. - --Measured boot is currently only supported on EFI platforms. -+Measured boot is currently only supported on EFI and IBM IEEE1275 PowerPC -+platforms. - - @node Lockdown - @section Lockdown when booting on a secure setup -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index cee596872..54733425c 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1141,6 +1141,13 @@ module = { - enable = powerpc_ieee1275; - }; - -+module = { -+ name = tpm; -+ common = commands/tpm.c; -+ ieee1275 = commands/ieee1275/ibmvtpm.c; -+ enable = powerpc_ieee1275; -+}; -+ - module = { - name = terminal; - common = commands/terminal.c; -diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c -new file mode 100644 -index 000000000..e68b8448b ---- /dev/null -+++ b/grub-core/commands/ieee1275/ibmvtpm.c -@@ -0,0 +1,152 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2021 Free Software Foundation, Inc. -+ * Copyright (C) 2021 IBM Corporation -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ * -+ * IBM vTPM support code. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static grub_ieee1275_ihandle_t tpm_ihandle; -+static grub_uint8_t tpm_version; -+ -+#define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_ihandle_t)0) -+ -+static void -+tpm_get_tpm_version (void) -+{ -+ grub_ieee1275_phandle_t vtpm; -+ char buffer[20]; -+ -+ if (!grub_ieee1275_finddevice ("/vdevice/vtpm", &vtpm) && -+ !grub_ieee1275_get_property (vtpm, "compatible", buffer, -+ sizeof (buffer), NULL) && -+ !grub_strcmp (buffer, "IBM,vtpm20")) -+ tpm_version = 2; -+} -+ -+static grub_err_t -+tpm_init (void) -+{ -+ static int init_success = 0; -+ -+ if (!init_success) -+ { -+ if (grub_ieee1275_open ("/vdevice/vtpm", &tpm_ihandle) < 0) { -+ tpm_ihandle = IEEE1275_IHANDLE_INVALID; -+ return GRUB_ERR_UNKNOWN_DEVICE; -+ } -+ -+ init_success = 1; -+ -+ tpm_get_tpm_version (); -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+static int -+ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex, -+ grub_uint32_t eventtype, -+ const char *description, -+ grub_size_t description_size, -+ void *buf, grub_size_t size) -+{ -+ struct tpm_2hash_ext_log -+ { -+ struct grub_ieee1275_common_hdr common; -+ grub_ieee1275_cell_t method; -+ grub_ieee1275_cell_t ihandle; -+ grub_ieee1275_cell_t size; -+ grub_ieee1275_cell_t buf; -+ grub_ieee1275_cell_t description_size; -+ grub_ieee1275_cell_t description; -+ grub_ieee1275_cell_t eventtype; -+ grub_ieee1275_cell_t pcrindex; -+ grub_ieee1275_cell_t catch_result; -+ grub_ieee1275_cell_t rc; -+ } -+ args; -+ -+ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2); -+ args.method = (grub_ieee1275_cell_t) "2hash-ext-log"; -+ args.ihandle = tpm_ihandle; -+ args.pcrindex = pcrindex; -+ args.eventtype = eventtype; -+ args.description = (grub_ieee1275_cell_t) description; -+ args.description_size = description_size; -+ args.buf = (grub_ieee1275_cell_t) buf; -+ args.size = (grub_ieee1275_cell_t) size; -+ -+ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) -+ return -1; -+ -+ /* -+ * catch_result is set if firmware does not support 2hash-ext-log -+ * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure -+ */ -+ if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE) -+ return -1; -+ -+ return 0; -+} -+ -+static grub_err_t -+tpm2_log_event (unsigned char *buf, -+ grub_size_t size, grub_uint8_t pcr, -+ const char *description) -+{ -+ static int error_displayed = 0; -+ int err; -+ -+ err = ibmvtpm_2hash_ext_log (pcr, EV_IPL, -+ description, -+ grub_strlen(description) + 1, -+ buf, size); -+ if (err && !error_displayed) -+ { -+ error_displayed++; -+ return grub_error (GRUB_ERR_BAD_DEVICE, -+ "2HASH-EXT-LOG failed: Firmware is likely too old.\n"); -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+grub_err_t -+grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, -+ const char *description) -+{ -+ grub_err_t err = tpm_init(); -+ -+ /* Absence of a TPM isn't a failure. */ -+ if (err != GRUB_ERR_NONE) -+ return GRUB_ERR_NONE; -+ -+ grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", -+ pcr, size, description); -+ -+ if (tpm_version == 2) -+ return tpm2_log_event (buf, size, pcr, description); -+ -+ return GRUB_ERR_NONE; -+} -diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h -index 591f4f12c..8a621af7c 100644 ---- a/include/grub/ieee1275/ieee1275.h -+++ b/include/grub/ieee1275/ieee1275.h -@@ -24,6 +24,9 @@ - #include - #include - -+#define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) -+#define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) -+ - struct grub_ieee1275_mem_region - { - unsigned int start; --- -2.35.3 - diff --git a/0001-ieee1275-Avoiding-many-unecessary-open-close.patch b/0001-ieee1275-Avoiding-many-unecessary-open-close.patch index d6fbe71..68364aa 100644 --- a/0001-ieee1275-Avoiding-many-unecessary-open-close.patch +++ b/0001-ieee1275-Avoiding-many-unecessary-open-close.patch @@ -16,11 +16,9 @@ Signed-off-by: Diego Domingos grub-core/disk/ieee1275/ofdisk.c | 64 +++++++++++++++++--------------- 1 file changed, 35 insertions(+), 29 deletions(-) -diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index 03674cb47..ea7f78ac7 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c -@@ -44,7 +44,7 @@ struct ofdisk_hash_ent +@@ -44,7 +44,7 @@ }; static grub_err_t @@ -29,7 +27,7 @@ index 03674cb47..ea7f78ac7 100644 struct ofdisk_hash_ent *op); #define OFDISK_HASH_SZ 8 -@@ -461,6 +461,7 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) +@@ -461,6 +461,7 @@ grub_ssize_t actual; grub_uint32_t block_size = 0; grub_err_t err; @@ -37,7 +35,7 @@ index 03674cb47..ea7f78ac7 100644 if (grub_strncmp (name, "ieee1275/", sizeof ("ieee1275/") - 1) != 0) return grub_error (GRUB_ERR_UNKNOWN_DEVICE, -@@ -471,6 +472,35 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) +@@ -471,6 +472,35 @@ grub_dprintf ("disk", "Opening `%s'.\n", devpath); @@ -73,7 +71,7 @@ index 03674cb47..ea7f78ac7 100644 if (grub_ieee1275_finddevice (devpath, &dev)) { grub_free (devpath); -@@ -491,25 +521,18 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) +@@ -491,25 +521,18 @@ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "not a block device"); } @@ -102,7 +100,7 @@ index 03674cb47..ea7f78ac7 100644 if (err) { grub_free (devpath); -@@ -532,13 +555,6 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) +@@ -528,13 +551,6 @@ static void grub_ofdisk_close (grub_disk_t disk) { @@ -116,7 +114,7 @@ index 03674cb47..ea7f78ac7 100644 disk->data = 0; } -@@ -685,7 +701,7 @@ grub_ofdisk_init (void) +@@ -681,7 +697,7 @@ } static grub_err_t @@ -125,7 +123,7 @@ index 03674cb47..ea7f78ac7 100644 struct ofdisk_hash_ent *op) { struct size_args_ieee1275 -@@ -698,16 +714,6 @@ grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size, +@@ -694,16 +710,6 @@ grub_ieee1275_cell_t size2; } args_ieee1275; @@ -142,6 +140,3 @@ index 03674cb47..ea7f78ac7 100644 *block_size = 0; if (op->block_size_fails >= 2) --- -2.26.2 - diff --git a/0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch b/0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch deleted file mode 100644 index 08a1480..0000000 --- a/0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 41589d37934c7e4c464a584939de0137af7a181b Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 20 Jul 2021 17:14:46 -0400 -Subject: [PATCH 01/23] ieee1275: Drop HEAP_MAX_ADDR and HEAP_MIN_SIZE - constants - -The HEAP_MAX_ADDR is confusing. Currently it is set to 32MB, except on -ieee1275 on x86, where it is 64MB. - -There is a comment which purports to explain it: - - /* If possible, we will avoid claiming heap above this address, because it - seems to cause relocation problems with OSes that link at 4 MiB */ - -This doesn't make a lot of sense when the constants are well above 4MB -already. It was not always this way. Prior to commit 7b5d0fe4440c -(Increase heap limit) in 2010, HEAP_MAX_SIZE and HEAP_MAX_ADDR were -indeed 4MB. However, when the constants were increased the comment was -left unchanged. - -It's been over a decade. It doesn't seem like we have problems with -claims over 4MB on powerpc or x86 ieee1275. The SPARC does things -completely differently and never used the constant. - -Drop the constant and the check. - -The only use of HEAP_MIN_SIZE was to potentially override the -HEAP_MAX_ADDR check. It is now unused. Remove it too. - -Signed-off-by: Daniel Axtens -Signed-off-by: Stefan Berger -Tested-by: Stefan Berger -Reviewed-by: Daniel Kiper ---- - grub-core/kern/ieee1275/init.c | 17 ----------------- - 1 file changed, 17 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 1187492ae..c15d40e55 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -45,9 +45,6 @@ - #include - #endif - --/* The minimal heap size we can live with. */ --#define HEAP_MIN_SIZE (unsigned long) (2 * 1024 * 1024) -- - /* The maximum heap size we're going to claim */ - #ifdef __i386__ - #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) -@@ -55,14 +52,6 @@ - #define HEAP_MAX_SIZE (unsigned long) (32 * 1024 * 1024) - #endif - --/* If possible, we will avoid claiming heap above this address, because it -- seems to cause relocation problems with OSes that link at 4 MiB */ --#ifdef __i386__ --#define HEAP_MAX_ADDR (unsigned long) (64 * 1024 * 1024) --#else --#define HEAP_MAX_ADDR (unsigned long) (32 * 1024 * 1024) --#endif -- - extern char _start[]; - extern char _end[]; - -@@ -184,12 +173,6 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - if (*total + len > HEAP_MAX_SIZE) - len = HEAP_MAX_SIZE - *total; - -- /* Avoid claiming anything above HEAP_MAX_ADDR, if possible. */ -- if ((addr < HEAP_MAX_ADDR) && /* if it's too late, don't bother */ -- (addr + len > HEAP_MAX_ADDR) && /* if it wasn't available anyway, don't bother */ -- (*total + (HEAP_MAX_ADDR - addr) > HEAP_MIN_SIZE)) /* only limit ourselves when we can afford to */ -- len = HEAP_MAX_ADDR - addr; -- - /* In theory, firmware should already prevent this from happening by not - listing our own image in /memory/available. The check below is intended - as a safeguard in case that doesn't happen. However, it doesn't protect --- -2.31.1 - diff --git a/0001-ieee1275-Further-increase-initially-allocated-heap-f.patch b/0001-ieee1275-Further-increase-initially-allocated-heap-f.patch deleted file mode 100644 index ddbc17b..0000000 --- a/0001-ieee1275-Further-increase-initially-allocated-heap-f.patch +++ /dev/null @@ -1,46 +0,0 @@ -From d44e0a892621a744e9a64e17ed5676470ef4f023 Mon Sep 17 00:00:00 2001 -From: Wen Xiong -Date: Mon, 20 Feb 2023 15:58:14 -0500 -Subject: [PATCH 1/2] ieee1275: Further increase initially allocated heap from - 1/3 to 1/2 - -The memory increase to 1/3 of 391MB (~127MB) was still insufficient -to boot the kernel and initrd of the SuSE distribution: - -initrd 2023-Jan-18 04:27 114.9M -linux 2023-Jan-17 05:23 45.9M - -Therefore, further increase the initially allocated heap to 1/2 -of 391MB to ~191MB, which now allows to boot the system from an -ISO. - -Signed-off-by: Stefan Berger ---- - grub-core/kern/ieee1275/init.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 2a2409d45..e1dbff86a 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -47,7 +47,7 @@ - #include - - /* The maximum heap size we're going to claim. Not used by sparc. -- We allocate 1/3 of the available memory under 4G, up to this limit. */ -+ We allocate 1/2 of the available memory under 4G, up to this limit. */ - #ifdef __i386__ - #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) - #else // __powerpc__ -@@ -417,7 +417,7 @@ grub_claim_heap (void) - - grub_machine_mmap_iterate (heap_size, &total); - -- total = total / 3; -+ total = total / 2; - if (total > HEAP_MAX_SIZE) - total = HEAP_MAX_SIZE; - --- -2.39.1 - diff --git a/0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch b/0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch deleted file mode 100644 index 09e9be1..0000000 --- a/0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 41965e194599af42e77bcf2462bd9c0db2823b16 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Tue, 1 Nov 2022 11:06:03 -0400 -Subject: [PATCH] ieee1275: Increase initially allocated heap from 1/4 to 1/3 - -The patch 'ieee1275: claim more memory' (commit 910676645d) states: - -"[...] This leaves us 381MB. 1/4 of 381MB is ~95MB. That should be enough -to verify a 30MB vmlinux and should eave plenty of space to load Linux -and the initrd." - -As it turns out the memory limit of ~95MB is insufficient for the FADUMP -use case as described here: - -https://bugzilla.redhat.com/show_bug.cgi?id=2139000#c1 - -Adjust the current memory limitation by increasing the allocation to -1/3 of 381 MB, so ~127MB. - -Signed-off-by: Stefan Berger ---- - grub-core/kern/ieee1275/init.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 0bacc2348..f75a36493 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -47,7 +47,7 @@ - #include - - /* The maximum heap size we're going to claim. Not used by sparc. -- We allocate 1/4 of the available memory under 4G, up to this limit. */ -+ We allocate 1/3 of the available memory under 4G, up to this limit. */ - #ifdef __i386__ - #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) - #else // __powerpc__ -@@ -415,7 +415,7 @@ grub_claim_heap (void) - - grub_machine_mmap_iterate (heap_size, &total); - -- total = total / 4; -+ total = total / 3; - if (total > HEAP_MAX_SIZE) - total = HEAP_MAX_SIZE; - --- -2.35.3 - diff --git a/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch b/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch index ad9e0a3..230df6a 100644 --- a/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch +++ b/0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch @@ -17,8 +17,6 @@ Signed-off-by: Mukesh Kumar Chaurasiya grub-core/disk/ieee1275/ofdisk.c | 65 +++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 2 deletions(-) -diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index c6cba0c8a..f4183a531 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c @@ -24,6 +24,9 @@ @@ -31,7 +29,7 @@ index c6cba0c8a..f4183a531 100644 static char *last_devpath; static grub_ieee1275_ihandle_t last_ihandle; -@@ -452,7 +455,7 @@ compute_dev_path (const char *name) +@@ -783,7 +786,7 @@ } static grub_err_t @@ -40,7 +38,7 @@ index c6cba0c8a..f4183a531 100644 { grub_ieee1275_phandle_t dev; char *devpath; -@@ -525,6 +528,41 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) +@@ -879,6 +882,41 @@ return 0; } @@ -82,7 +80,7 @@ index c6cba0c8a..f4183a531 100644 static void grub_ofdisk_close (grub_disk_t disk) { -@@ -568,7 +606,7 @@ grub_ofdisk_prepare (grub_disk_t disk, grub_disk_addr_t sector) +@@ -915,7 +953,7 @@ } static grub_err_t @@ -91,11 +89,10 @@ index c6cba0c8a..f4183a531 100644 grub_size_t size, char *buf) { grub_err_t err; -@@ -587,6 +625,29 @@ grub_ofdisk_read (grub_disk_t disk, grub_disk_addr_t sector, - return 0; +@@ -935,6 +973,29 @@ } -+static grub_err_t + static grub_err_t +grub_ofdisk_read (grub_disk_t disk, grub_disk_addr_t sector, + grub_size_t size, char *buf) +{ @@ -118,9 +115,7 @@ index c6cba0c8a..f4183a531 100644 + return err; +} + - static grub_err_t ++static grub_err_t grub_ofdisk_write (grub_disk_t disk, grub_disk_addr_t sector, grub_size_t size, const char *buf) --- -2.39.2 - + { diff --git a/0001-install-fix-software-raid1-on-esp.patch b/0001-install-fix-software-raid1-on-esp.patch index e752342..e0a4ee5 100644 --- a/0001-install-fix-software-raid1-on-esp.patch +++ b/0001-install-fix-software-raid1-on-esp.patch @@ -39,11 +39,9 @@ Signed-off-by: Michael Chang util/grub-install.c | 107 ++++++++++++++++++++++++++-- 8 files changed, 171 insertions(+), 37 deletions(-) -diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index 39d74cb867..de0c02cf94 100644 --- a/grub-core/disk/diskfilter.c +++ b/grub-core/disk/diskfilter.c -@@ -159,8 +159,8 @@ scan_disk_partition_iter (grub_disk_t disk, grub_partition_t p, void *data) +@@ -159,8 +159,8 @@ for (m = arr->pvs; m; m = m->next) if (m->disk && m->disk->id == disk->id && m->disk->dev->id == disk->dev->id @@ -54,8 +52,8 @@ index 39d74cb867..de0c02cf94 100644 return 0; } -@@ -1330,19 +1330,23 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, - ? (grub_memcmp (pv->id.uuid, id->uuid, id->uuidlen) == 0) +@@ -1340,19 +1340,23 @@ + ? (grub_memcmp (pv->id.uuid, id->uuid, id->uuidlen) == 0) : (pv->id.id == id->id)) { + char *part_name = NULL; @@ -85,7 +83,7 @@ index 39d74cb867..de0c02cf94 100644 #ifdef GRUB_UTIL { -@@ -1359,7 +1363,6 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, +@@ -1369,7 +1373,6 @@ #endif if (start_sector != (grub_uint64_t)-1) pv->start_sector = start_sector; @@ -93,7 +91,7 @@ index 39d74cb867..de0c02cf94 100644 /* Add the device to the array. */ for (lv = array->lvs; lv; lv = lv->next) if (!lv->became_readable_at && lv->fullname && is_lv_readable (lv, 0)) -@@ -1447,8 +1450,8 @@ grub_diskfilter_get_pv_from_disk (grub_disk_t disk, +@@ -1457,8 +1460,8 @@ { if (pv->disk && pv->disk->id == disk->id && pv->disk->dev->id == disk->dev->id @@ -104,11 +102,9 @@ index 39d74cb867..de0c02cf94 100644 { if (vg_out) *vg_out = vg; -diff --git a/grub-core/disk/mdraid1x_linux.c b/grub-core/disk/mdraid1x_linux.c -index 38444b02c7..a2aafb69fb 100644 --- a/grub-core/disk/mdraid1x_linux.c +++ b/grub-core/disk/mdraid1x_linux.c -@@ -208,6 +208,9 @@ grub_mdraid_detect (grub_disk_t disk, +@@ -208,6 +208,9 @@ grub_le_to_cpu32 (sb.chunksize), grub_le_to_cpu32 (sb.layout), grub_le_to_cpu32 (sb.level)); @@ -118,11 +114,9 @@ index 38444b02c7..a2aafb69fb 100644 return array; } -diff --git a/grub-core/osdep/basic/no_platform.c b/grub-core/osdep/basic/no_platform.c -index dfbdd58e4e..37b9570dbc 100644 --- a/grub-core/osdep/basic/no_platform.c +++ b/grub-core/osdep/basic/no_platform.c -@@ -33,7 +33,8 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, +@@ -33,7 +33,8 @@ void grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, @@ -132,11 +126,9 @@ index dfbdd58e4e..37b9570dbc 100644 { grub_util_error ("%s", _("no EFI routines are available for your platform")); } -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 68186480b2..c7cf74c677 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c -@@ -132,15 +132,14 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) +@@ -132,15 +132,14 @@ } int @@ -157,7 +149,7 @@ index 68186480b2..c7cf74c677 100644 if (grub_util_exec_redirect_null ((const char * []){ "efibootmgr", "--version", NULL })) { -@@ -158,22 +157,50 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, +@@ -158,22 +157,50 @@ if (ret) return ret; @@ -194,7 +186,7 @@ index 68186480b2..c7cf74c677 100644 + ret = grub_util_exec ((const char * []){ "efibootmgr", "-q", "-c", "-d", efidir_disk, "-p", efidir_part_str, "-w", -- "-L", efi_distributor, "-l", +- "-L", efi_distributor, "-l", + "-L", new_efi_distributor ? : efi_distributor, "-l", efifile_path, NULL }); - else @@ -203,7 +195,7 @@ index 68186480b2..c7cf74c677 100644 + ret = grub_util_exec ((const char * []){ "efibootmgr", "-c", "-d", efidir_disk, "-p", efidir_part_str, "-w", -- "-L", efi_distributor, "-l", +- "-L", efi_distributor, "-l", + "-L", new_efi_distributor ? : efi_distributor, "-l", efifile_path, NULL }); - free (efidir_part_str); @@ -217,11 +209,9 @@ index 68186480b2..c7cf74c677 100644 } void -diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 1d2e356e6b..3517803251 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c -@@ -204,7 +204,8 @@ set_efi_variable_bootn (grub_uint16_t n, void *in, grub_size_t len) +@@ -204,7 +204,8 @@ int grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, @@ -231,11 +221,9 @@ index 1d2e356e6b..3517803251 100644 { grub_uint16_t *boot_order, *new_boot_order; grub_uint16_t *distributor16; -diff --git a/include/grub/diskfilter.h b/include/grub/diskfilter.h -index 8deb1a8c30..94ed8673d7 100644 --- a/include/grub/diskfilter.h +++ b/include/grub/diskfilter.h -@@ -49,6 +49,7 @@ struct grub_diskfilter_vg { +@@ -49,6 +49,7 @@ #ifdef GRUB_UTIL struct grub_diskfilter *driver; @@ -243,7 +231,7 @@ index 8deb1a8c30..94ed8673d7 100644 #endif }; -@@ -66,8 +67,6 @@ struct grub_diskfilter_pv { +@@ -66,8 +67,6 @@ /* Optional. */ char *name; grub_disk_t disk; @@ -252,11 +240,9 @@ index 8deb1a8c30..94ed8673d7 100644 grub_disk_addr_t start_sector; /* Sector number where the data area starts. */ struct grub_diskfilter_pv *next; /* Optional. */ -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 456955c3d7..9f9e0b2ac1 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h -@@ -237,9 +237,10 @@ int +@@ -236,9 +236,10 @@ grub_install_get_powerpc_secure_boot (void); int @@ -269,11 +255,9 @@ index 456955c3d7..9f9e0b2ac1 100644 void grub_install_register_ieee1275 (int is_prep, const char *install_device, -diff --git a/util/grub-install.c b/util/grub-install.c -index 213f54a782..0cabc79119 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -1694,6 +1694,40 @@ main (int argc, char *argv[]) +@@ -1719,6 +1719,40 @@ } } prefix_drive = xasprintf ("(%s)", grub_drives[0]); @@ -314,7 +298,7 @@ index 213f54a782..0cabc79119 100644 } #ifdef __linux__ -@@ -2232,9 +2266,13 @@ main (int argc, char *argv[]) +@@ -2258,9 +2292,13 @@ { /* Try to make this image bootable using the EFI Boot Manager, if available. */ int ret; @@ -330,7 +314,7 @@ index 213f54a782..0cabc79119 100644 if (ret) grub_util_error (_("efibootmgr failed to register the boot entry: %s"), strerror (ret)); -@@ -2287,7 +2325,11 @@ main (int argc, char *argv[]) +@@ -2314,7 +2352,11 @@ { char * efifile_path; char * part; @@ -342,7 +326,7 @@ index 213f54a782..0cabc79119 100644 /* Try to make this image bootable using the EFI Boot Manager, if available. */ if (!efi_distributor || efi_distributor[0] == '\0') -@@ -2304,8 +2346,65 @@ main (int argc, char *argv[]) +@@ -2331,8 +2373,65 @@ efidir_grub_dev->disk->name, (part ? ",": ""), (part ? : "")); grub_free (part); @@ -410,6 +394,3 @@ index 213f54a782..0cabc79119 100644 if (ret) grub_util_error (_("efibootmgr failed to register the boot entry: %s"), strerror (ret)); --- -2.34.1 - diff --git a/0001-kern-efi-mm-Enlarge-the-default-heap-size.patch b/0001-kern-efi-mm-Enlarge-the-default-heap-size.patch deleted file mode 100644 index 149c5c1..0000000 --- a/0001-kern-efi-mm-Enlarge-the-default-heap-size.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3e08d9afd273b5dade84fec5f7f17113c47b6b75 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 2 Sep 2022 11:26:39 +0800 -Subject: [PATCH 1/2] kern/efi/mm: Enlarge the default heap size - -The default heap size (0x100000, 1MB) is not enough for the -openSUSE/SUSE theme, and the additional dynamical allocation of memory -regions significantly slows down the loading of the grub2 menu theme. -This commit increases the default heap size to 0x2000000, 32MB, and this -should be enough to cover the theme files. - -Signed-off-by: Gary Lin ---- - grub-core/kern/efi/mm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 48380d3..70d3e3d 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -39,7 +39,7 @@ - #define MEMORY_MAP_SIZE 0x3000 - - /* The default heap size for GRUB itself in bytes. */ --#define DEFAULT_HEAP_SIZE 0x100000 -+#define DEFAULT_HEAP_SIZE 0x2000000 - - static void *finish_mmap_buf = 0; - static grub_efi_uintn_t finish_mmap_size = 0; --- -2.35.3 - diff --git a/0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch b/0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch deleted file mode 100644 index 0851176..0000000 --- a/0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 10f3a89078f9a6da7104e0978e385362e16af971 Mon Sep 17 00:00:00 2001 -From: Avnish Chouhan -Date: Mon, 27 Mar 2023 12:25:39 +0530 -Subject: [PATCH 1/2] kern/ieee1275/init: Convert plain numbers to constants in - Vec5 - -This patch converts the plain numbers used in Vec5 properties to constants. - -1. LPAR: Client program supports logical partitioning and - associated hcall()s. -2. SPLPAR: Client program supports the Shared - Processor LPAR Option. -3. CMO: Enables the Cooperative Memory Over-commitment Option. -4. MAX_CPU: Defines maximum number of CPUs supported. - -Signed-off-by: Avnish Chouhan -Reviewed-by: Daniel Kiper ---- - grub-core/kern/ieee1275/init.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index e1dbff86a..eaa25d0db 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -61,6 +61,12 @@ extern char _end[]; - grub_addr_t grub_ieee1275_original_stack; - #endif - -+#define LPAR 0x80 -+#define SPLPAR 0x40 -+#define BYTE2 (LPAR | SPLPAR) -+#define CMO 0x80 -+#define MAX_CPU 256 -+ - void - grub_exit (void) - { -@@ -378,7 +384,7 @@ grub_ieee1275_ibm_cas (void) - .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */ - .vec5_size = 1 + sizeof (struct option_vector5) - 2, - .vec5 = { -- 0, 192, 0, 128, 0, 0, 0, 0, 256 -+ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU - } - }; - --- -2.39.2 - diff --git a/0001-kern-mm.c-Make-grub_calloc-inline.patch b/0001-kern-mm.c-Make-grub_calloc-inline.patch index 033eb65..380a9e7 100644 --- a/0001-kern-mm.c-Make-grub_calloc-inline.patch +++ b/0001-kern-mm.c-Make-grub_calloc-inline.patch @@ -11,11 +11,9 @@ as stage1 that can be too old to load updated modules. include/grub/mm.h | 32 +++++++++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 29 deletions(-) -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index f2822a836..dacdaa239 100644 --- a/grub-core/kern/mm.c +++ b/grub-core/kern/mm.c -@@ -60,14 +60,10 @@ +@@ -63,14 +63,10 @@ #include #include @@ -30,7 +28,7 @@ index f2822a836..dacdaa239 100644 #ifdef MM_DEBUG # undef grub_calloc -@@ -377,30 +373,6 @@ grub_memalign (grub_size_t align, grub_size_t size) +@@ -553,30 +549,6 @@ return 0; } @@ -61,11 +59,9 @@ index f2822a836..dacdaa239 100644 /* Allocate SIZE bytes and return the pointer. */ void * grub_malloc (grub_size_t size) -diff --git a/include/grub/mm.h b/include/grub/mm.h -index 9c38dd3ca..1754635e7 100644 --- a/include/grub/mm.h +++ b/include/grub/mm.h -@@ -29,7 +29,6 @@ +@@ -47,7 +47,6 @@ #endif void grub_mm_init_region (void *addr, grub_size_t size); @@ -73,7 +69,7 @@ index 9c38dd3ca..1754635e7 100644 void *EXPORT_FUNC(grub_malloc) (grub_size_t size); void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); void EXPORT_FUNC(grub_free) (void *ptr); -@@ -37,6 +36,37 @@ void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size); +@@ -55,6 +54,37 @@ #ifndef GRUB_MACHINE_EMU void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size); #endif @@ -111,6 +107,3 @@ index 9c38dd3ca..1754635e7 100644 void grub_mm_check_real (const char *file, int line); #define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__); --- -2.26.2 - diff --git a/0001-libc-config-merge-from-glibc.patch b/0001-libc-config-merge-from-glibc.patch deleted file mode 100644 index 9954908..0000000 --- a/0001-libc-config-merge-from-glibc.patch +++ /dev/null @@ -1,339 +0,0 @@ -From 88d0ba220763f99c6c98e44918435cdceef56ed7 Mon Sep 17 00:00:00 2001 -From: Paul Eggert -Date: Tue, 5 Jan 2021 13:12:39 -0800 -Subject: [PATCH] libc-config: merge from glibc - -Use a better way of keeping glibc and gnulib -lib/cdefs.h mostly in sync, by using lib/cdefs.h only on platforms -where does not work well enough for Gnulib. -* lib/cdefs.h: Go back to using _SYS_CDEFS_H rather than -_GL_DEFS_H as an include guard. -(__THROW, __THROWNL, __NTH, __NTHNL): -Define to noexcept for C++11 and later. -(__glibc_objsize, __glibc_objsize0): New, for _FORTIFY_SOURCE=3. -(__warndecl): Remove. -(__attribute_copy__): New macro, for GCC 9 support. -(__LDBL_REDIR, __LDBL_REDIR_DECL, __LDBL_REDIR1) -(__LDBL_REDIR1_DECL, __LDBL_REDIR1_NTH, __REDIRECT_NTH_LDBL) -(__REDIRECT_LDBL, __LDBL_REDIR_NTH): -Redirections for IEEE long double on powerpc64le. -(__LDBL_REDIR2_DECL): New macro. -(__attr_access): New macro, for GCC 10 bounds checking. -(__attribute_returns_twice__): New macro, for setjmp etc. -* lib/libc-config.h: Include only if __glibc_likely is -undefined. The following changes apply only if __glibc_likely -is not defined. -(__LDBL_REDIR2_DECL, __attr_access, __attribute_returns_twice__) -(__glibc_clang_has_attribute, __glibc_clang_has_extension) -(__glibc_objsize, __glibc_objsize0): -Undef these new (or newer) macros. -(__P, __PMT, __always_inline): Do not undef, since cdefs.h does that. -(__glibc_likely): Do not undef, since this is inside -ifndef __glibc_likely. -(__warndecl): Do not undef; no longer defined. ---- - ChangeLog | 32 +++++++++++++++ - grub-core/lib/gnulib/cdefs.h | 99 ++++++++++++++++++++++++++++++++++++++++------- - grub-core/lib/gnulib/libc-config.h | 51 +++++++++++++----------- - 3 files changed, 147 insertions(+), 35 deletions(-) - -diff --git a/grub-core/lib/gnulib/cdefs.h b/grub-core/lib/gnulib/cdefs.h -index 4b696590c..71813d635 100644 ---- a/grub-core/lib/gnulib/cdefs.h -+++ b/grub-core/lib/gnulib/cdefs.h -@@ -25,7 +25,7 @@ - - /* The GNU libc does not support any K&R compilers or the traditional mode - of ISO C compilers anymore. Check for some of the combinations not -- anymore supported. */ -+ supported anymore. */ - #if defined __GNUC__ && !defined __STDC__ - # error "You need a ISO C conforming compiler to use the glibc headers" - #endif -@@ -47,7 +47,7 @@ - # endif - - /* GCC can always grok prototypes. For C++ programs we add throw() -- to help it optimize the function calls. But this works only with -+ to help it optimize the function calls. But this only works with - gcc 2.8.x and egcs. For gcc 3.2 and up we even mark C functions - as non-throwing using a function attribute since programs can use - the -fexceptions options for C code as well. */ -@@ -58,10 +58,14 @@ - # define __NTHNL(fct) __attribute__ ((__nothrow__)) fct - # else - # if defined __cplusplus && __GNUC_PREREQ (2,8) --# define __THROW throw () --# define __THROWNL throw () --# define __NTH(fct) __LEAF_ATTR fct throw () --# define __NTHNL(fct) fct throw () -+# if __cplusplus >= 201103L -+# define __THROW noexcept (true) -+# else -+# define __THROW throw () -+# endif -+# define __THROWNL __THROW -+# define __NTH(fct) __LEAF_ATTR fct __THROW -+# define __NTHNL(fct) fct __THROW - # else - # define __THROW - # define __THROWNL -@@ -123,14 +127,20 @@ - #define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1) - #define __bos0(ptr) __builtin_object_size (ptr, 0) - -+/* Use __builtin_dynamic_object_size at _FORTIFY_SOURCE=3 when available. */ -+#if __USE_FORTIFY_LEVEL == 3 && __glibc_clang_prereq (9, 0) -+# define __glibc_objsize0(__o) __builtin_dynamic_object_size (__o, 0) -+# define __glibc_objsize(__o) __builtin_dynamic_object_size (__o, 1) -+#else -+# define __glibc_objsize0(__o) __bos0 (__o) -+# define __glibc_objsize(__o) __bos (__o) -+#endif -+ - #if __GNUC_PREREQ (4,3) --# define __warndecl(name, msg) \ -- extern void name (void) __attribute__((__warning__ (msg))) - # define __warnattr(msg) __attribute__((__warning__ (msg))) - # define __errordecl(name, msg) \ - extern void name (void) __attribute__((__error__ (msg))) - #else --# define __warndecl(name, msg) extern void name (void) - # define __warnattr(msg) - # define __errordecl(name, msg) extern void name (void) - #endif -@@ -256,8 +266,8 @@ - /* Since version 4.5, gcc also allows one to specify the message printed - when a deprecated function is used. clang claims to be gcc 4.2, but - may also support this feature. */ --#if __GNUC_PREREQ (4,5) || \ -- __glibc_clang_has_extension (__attribute_deprecated_with_message__) -+#if __GNUC_PREREQ (4,5) \ -+ || __glibc_clang_has_extension (__attribute_deprecated_with_message__) - # define __attribute_deprecated_msg__(msg) \ - __attribute__ ((__deprecated__ (msg))) - #else -@@ -434,6 +444,16 @@ - # define __attribute_nonstring__ - #endif - -+/* Undefine (also defined in libc-symbols.h). */ -+#undef __attribute_copy__ -+#if __GNUC_PREREQ (9, 0) -+/* Copies attributes from the declaration or type referenced by -+ the argument. */ -+# define __attribute_copy__(arg) __attribute__ ((__copy__ (arg))) -+#else -+# define __attribute_copy__(arg) -+#endif -+ - #if (!defined _Static_assert && !defined __cplusplus \ - && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ - && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) -@@ -449,7 +469,37 @@ - # include - #endif - --#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH -+#if __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1 -+# ifdef __REDIRECT -+ -+/* Alias name defined automatically. */ -+# define __LDBL_REDIR(name, proto) ... unused__ldbl_redir -+# define __LDBL_REDIR_DECL(name) \ -+ extern __typeof (name) name __asm (__ASMNAME ("__" #name "ieee128")); -+ -+/* Alias name defined automatically, with leading underscores. */ -+# define __LDBL_REDIR2_DECL(name) \ -+ extern __typeof (__##name) __##name \ -+ __asm (__ASMNAME ("__" #name "ieee128")); -+ -+/* Alias name defined manually. */ -+# define __LDBL_REDIR1(name, proto, alias) ... unused__ldbl_redir1 -+# define __LDBL_REDIR1_DECL(name, alias) \ -+ extern __typeof (name) name __asm (__ASMNAME (#alias)); -+ -+# define __LDBL_REDIR1_NTH(name, proto, alias) \ -+ __REDIRECT_NTH (name, proto, alias) -+# define __REDIRECT_NTH_LDBL(name, proto, alias) \ -+ __LDBL_REDIR1_NTH (name, proto, __##alias##ieee128) -+ -+/* Unused. */ -+# define __REDIRECT_LDBL(name, proto, alias) ... unused__redirect_ldbl -+# define __LDBL_REDIR_NTH(name, proto) ... unused__ldbl_redir_nth -+ -+# else -+_Static_assert (0, "IEEE 128-bits long double requires redirection on this platform"); -+# endif -+#elif defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH - # define __LDBL_COMPAT 1 - # ifdef __REDIRECT - # define __LDBL_REDIR1(name, proto, alias) __REDIRECT (name, proto, alias) -@@ -458,6 +508,8 @@ - # define __LDBL_REDIR1_NTH(name, proto, alias) __REDIRECT_NTH (name, proto, alias) - # define __LDBL_REDIR_NTH(name, proto) \ - __LDBL_REDIR1_NTH (name, proto, __nldbl_##name) -+# define __LDBL_REDIR2_DECL(name) \ -+ extern __typeof (__##name) __##name __asm (__ASMNAME ("__nldbl___" #name)); - # define __LDBL_REDIR1_DECL(name, alias) \ - extern __typeof (name) name __asm (__ASMNAME (#alias)); - # define __LDBL_REDIR_DECL(name) \ -@@ -468,11 +520,13 @@ - __LDBL_REDIR1_NTH (name, proto, __nldbl_##alias) - # endif - #endif --#if !defined __LDBL_COMPAT || !defined __REDIRECT -+#if (!defined __LDBL_COMPAT && __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 0) \ -+ || !defined __REDIRECT - # define __LDBL_REDIR1(name, proto, alias) name proto - # define __LDBL_REDIR(name, proto) name proto - # define __LDBL_REDIR1_NTH(name, proto, alias) name proto __THROW - # define __LDBL_REDIR_NTH(name, proto) name proto __THROW -+# define __LDBL_REDIR2_DECL(name) - # define __LDBL_REDIR_DECL(name) - # ifdef __REDIRECT - # define __REDIRECT_LDBL(name, proto, alias) __REDIRECT (name, proto, alias) -@@ -511,4 +565,23 @@ - # define __HAVE_GENERIC_SELECTION 0 - #endif - -+#if __GNUC_PREREQ (10, 0) -+/* Designates a 1-based positional argument ref-index of pointer type -+ that can be used to access size-index elements of the pointed-to -+ array according to access mode, or at least one element when -+ size-index is not provided: -+ access (access-mode, [, ]) */ -+#define __attr_access(x) __attribute__ ((__access__ x)) -+#else -+# define __attr_access(x) -+#endif -+ -+/* Specify that a function such as setjmp or vfork may return -+ twice. */ -+#if __GNUC_PREREQ (4, 1) -+# define __attribute_returns_twice__ __attribute__ ((__returns_twice__)) -+#else -+# define __attribute_returns_twice__ /* Ignore. */ -+#endif -+ - #endif /* sys/cdefs.h */ -diff --git a/grub-core/lib/gnulib/libc-config.h b/grub-core/lib/gnulib/libc-config.h -index f24fbfa6a..5a0b69685 100644 ---- a/grub-core/lib/gnulib/libc-config.h -+++ b/grub-core/lib/gnulib/libc-config.h -@@ -62,21 +62,24 @@ - # endif - #endif - -- --/* Prepare to include , which is our copy of glibc -- . */ -+#ifndef __glibc_likely -+/* either does not exist, or predates glibc commit -+ 2012-12-28T06:33:01Z!siddhesh@redhat.com -+ (91998e449e0ce758db55aecf2abc3ee510fcbc8f) -+ and so does not suffice for Gnulib. Prepare to include , -+ which is Gnulib's copy of a more-recent glibc . */ - - /* Define _FEATURES_H so that does not include . */ --#ifndef _FEATURES_H --# define _FEATURES_H 1 --#endif -+# ifndef _FEATURES_H -+# define _FEATURES_H 1 -+# endif - /* Define __WORDSIZE so that does not attempt to include - nonexistent files. Make it a syntax error, since Gnulib does not - use __WORDSIZE now, and if Gnulib uses it later the syntax error - will let us know that __WORDSIZE needs configuring. */ --#ifndef __WORDSIZE --# define __WORDSIZE %%% --#endif -+# ifndef __WORDSIZE -+# define __WORDSIZE %%% -+# endif - /* Undef the macros unconditionally defined by our copy of glibc - , so that they do not clash with any system-defined - versions. */ -@@ -92,14 +95,13 @@ - #undef __LDBL_REDIR1 - #undef __LDBL_REDIR1_DECL - #undef __LDBL_REDIR1_NTH -+#undef __LDBL_REDIR2_DECL - #undef __LDBL_REDIR_DECL - #undef __LDBL_REDIR_NTH - #undef __LEAF - #undef __LEAF_ATTR - #undef __NTH - #undef __NTHNL --#undef __P --#undef __PMT - #undef __REDIRECT - #undef __REDIRECT_LDBL - #undef __REDIRECT_NTH -@@ -108,7 +110,7 @@ - #undef __STRING - #undef __THROW - #undef __THROWNL --#undef __always_inline -+#undef __attr_access - #undef __attribute__ - #undef __attribute_alloc_size__ - #undef __attribute_artificial__ -@@ -121,6 +123,7 @@ - #undef __attribute_noinline__ - #undef __attribute_nonstring__ - #undef __attribute_pure__ -+#undef __attribute_returns_twice__ - #undef __attribute_used__ - #undef __attribute_warn_unused_result__ - #undef __bos -@@ -132,10 +135,13 @@ - #undef __flexarr - #undef __fortify_function - #undef __glibc_c99_flexarr_available -+#undef __glibc_clang_has_attribute -+#undef __glibc_clang_has_builtin - #undef __glibc_clang_has_extension --#undef __glibc_likely - #undef __glibc_macro_warning - #undef __glibc_macro_warning1 -+#undef __glibc_objsize -+#undef __glibc_objsize0 - #undef __glibc_unlikely - #undef __inline - #undef __ptr_t -@@ -144,20 +150,21 @@ - #undef __va_arg_pack - #undef __va_arg_pack_len - #undef __warnattr --#undef __warndecl - - /* Include our copy of glibc . */ --#include -+# include - - /* __inline is too pessimistic for non-GCC. */ --#undef __inline --#ifndef HAVE___INLINE --# if 199901 <= __STDC_VERSION__ || defined inline --# define __inline inline --# else --# define __inline -+# undef __inline -+# ifndef HAVE___INLINE -+# if 199901 <= __STDC_VERSION__ || defined inline -+# define __inline inline -+# else -+# define __inline -+# endif - # endif --#endif -+ -+#endif /* defined __glibc_likely */ - - - /* A substitute for glibc , good enough for Gnulib. */ --- -2.34.1 - diff --git a/0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch b/0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch deleted file mode 100644 index b2a7ec1..0000000 --- a/0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 1dcab5bf3843abc997f7e7dba32e5dbcb9bf66b2 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 25 Nov 2022 15:37:35 +0800 -Subject: [PATCH 1/2] loader/linux: Ensure the newc pathname is NULL-terminated - -Per "man 5 cpio", the namesize in the cpio header includes the trailing -NUL byte of the pathname and the pathname is followed by NUL bytes, but -the current implementation ignores the trailing NUL byte when making -the newc header. Although make_header() tries to pad the pathname string, -the padding won't happen when strlen(name) + sizeof(struct newc_head) -is a multiple of 4, and the non-NULL-terminated pathname may lead to -unexpected results. - -Assume that a file is created with 'echo -n aaaa > /boot/test12' and -loaded by grub2: - - linux /boot/vmlinuz - initrd newc:test12:/boot/test12 /boot/initrd - -The initrd command eventually invoked grub_initrd_load() and sent -'t''e''s''t''1''2' to make_header() to generate the header: - -00000070 30 37 30 37 30 31 33 30 31 43 41 30 44 45 30 30 |070701301CA0DE00| -00000080 30 30 38 31 41 34 30 30 30 30 30 33 45 38 30 30 |0081A4000003E800| -00000090 30 30 30 30 36 34 30 30 30 30 30 30 30 31 36 33 |0000640000000163| -000000a0 37 36 45 34 35 32 30 30 30 30 30 30 30 34 30 30 |76E4520000000400| -000000b0 30 30 30 30 30 38 30 30 30 30 30 30 31 33 30 30 |0000080000001300| -000000c0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 |0000000000000000| -000000d0 30 30 30 30 30 36 30 30 30 30 30 30 30 30 74 65 |00000600000000te| - ^namesize -000000e0 73 74 31 32 61 61 61 61 30 37 30 37 30 31 30 30 |st12aaaa07070100| - ^^ end of the pathname - -Since strlen("test12") + sizeof(struct newc_head) is 116 = 29 * 4, -make_header() didn't pad the pathname, and the file content followed -"test12" immediately. This violates the cpio format and may trigger such -error during linux boot: - - Initramfs unpacking failed: ZSTD-compressed data is trunc - -To avoid the potential problems, this commit counts the trailing NUL byte -in when calling make_header() and adjusts the initrd size accordingly. - -Now the header becomes - -00000070 30 37 30 37 30 31 33 30 31 43 41 30 44 45 30 30 |070701301CA0DE00| -00000080 30 30 38 31 41 34 30 30 30 30 30 33 45 38 30 30 |0081A4000003E800| -00000090 30 30 30 30 36 34 30 30 30 30 30 30 30 31 36 33 |0000640000000163| -000000a0 37 36 45 34 35 32 30 30 30 30 30 30 30 34 30 30 |76E4520000000400| -000000b0 30 30 30 30 30 38 30 30 30 30 30 30 31 33 30 30 |0000080000001300| -000000c0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 |0000000000000000| -000000d0 30 30 30 30 30 37 30 30 30 30 30 30 30 30 74 65 |00000700000000te| - ^namesize -000000e0 73 74 31 32 00 00 00 00 61 61 61 61 30 37 30 37 |st12....aaaa0707| - ^^ end of the pathname - -Besides the trailing NUL byte, make_header() pads 3 more NUL bytes, and -the user can safely read the pathname without a further check. - -To conform to the cpio format, the headers for "TRAILER!!!" are also -adjusted to include the trailing NUL byte, not ignore it. - -Signed-off-by: Gary Lin -Reviewed-by: Daniel Kiper ---- - grub-core/loader/linux.c | 25 ++++++++++++++++++------- - 1 file changed, 18 insertions(+), 7 deletions(-) - -diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index 8f0fad805..e4018e65e 100644 ---- a/grub-core/loader/linux.c -+++ b/grub-core/loader/linux.c -@@ -130,12 +130,23 @@ insert_dir (const char *name, struct dir **root, - n->name = grub_strndup (cb, ce - cb); - if (ptr) - { -+ /* -+ * Create the substring with the trailing NUL byte -+ * to be included in the cpio header. -+ */ -+ char *tmp_name = grub_strndup (name, ce - name); -+ if (!tmp_name) { -+ grub_free (n->name); -+ grub_free (n); -+ return grub_errno; -+ } - grub_dprintf ("linux", "Creating directory %s, %s\n", name, ce); -- ptr = make_header (ptr, name, ce - name, -+ ptr = make_header (ptr, tmp_name, ce - name + 1, - 040777, 0); -+ grub_free (tmp_name); - } - if (grub_add (*size, -- ALIGN_UP ((ce - (char *) name) -+ ALIGN_UP ((ce - (char *) name + 1) - + sizeof (struct newc_head), 4), - size)) - { -@@ -260,7 +271,7 @@ grub_initrd_init (int argc, char *argv[], - grub_initrd_close (initrd_ctx); - return grub_errno; - } -- name_len = grub_strlen (initrd_ctx->components[i].newc_name); -+ name_len = grub_strlen (initrd_ctx->components[i].newc_name) + 1; - if (grub_add (initrd_ctx->size, - ALIGN_UP (sizeof (struct newc_head) + name_len, 4), - &initrd_ctx->size) || -@@ -274,7 +285,7 @@ grub_initrd_init (int argc, char *argv[], - { - if (grub_add (initrd_ctx->size, - ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4), -+ + sizeof ("TRAILER!!!"), 4), - &initrd_ctx->size)) - goto overflow; - free_dir (root); -@@ -302,7 +313,7 @@ grub_initrd_init (int argc, char *argv[], - initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); - if (grub_add (initrd_ctx->size, - ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4), -+ + sizeof ("TRAILER!!!"), 4), - &initrd_ctx->size)) - goto overflow; - free_dir (root); -@@ -378,7 +389,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - } - else if (newc) - { -- ptr = make_header (ptr, "TRAILER!!!", sizeof ("TRAILER!!!") - 1, -+ ptr = make_header (ptr, "TRAILER!!!", sizeof ("TRAILER!!!"), - 0, 0); - free_dir (root); - root = 0; -@@ -406,7 +417,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - { - grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); - ptr += ALIGN_UP_OVERHEAD (cursize, 4); -- ptr = make_header (ptr, "TRAILER!!!", sizeof ("TRAILER!!!") - 1, 0, 0); -+ ptr = make_header (ptr, "TRAILER!!!", sizeof ("TRAILER!!!"), 0, 0); - } - free_dir (root); - root = 0; --- -2.39.2 - diff --git a/0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch b/0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch deleted file mode 100644 index 20d869e..0000000 --- a/0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 8eae4c33a32d9951641e289d2809a92a223b1642 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:50 -0600 -Subject: [PATCH 01/14] luks2: Add debug message to align with luks and geli - modules - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/luks2.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index 371a53b837..fea196dd4a 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -370,7 +370,10 @@ luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot) - uuid[j] = '\0'; - - if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0) -- return NULL; -+ { -+ grub_dprintf ("luks2", "%s != %s\n", uuid, check_uuid); -+ return NULL; -+ } - - cryptodisk = grub_zalloc (sizeof (*cryptodisk)); - if (!cryptodisk) --- -2.34.1 - diff --git a/0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch b/0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch deleted file mode 100644 index 770636f..0000000 --- a/0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch +++ /dev/null @@ -1,86 +0,0 @@ -From a0fcb7f7075901aa12079c39a534837755652d9d Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 16 Mar 2022 14:17:32 +0800 -Subject: [PATCH 1/3] mkimage: Fix dangling pointer may be used error - -The warning is real as long as dangling pointer to 'tmp_' may be used if -o32 and o64 are both null. However that is not going to happen and can -be ignored safely because the PE_OHDR is being used in a context that -either o32 or o64 must have been properly initialized. Sadly compiler -seems not to always optimize that unused _tmp away so explicit -suppression remain needed here. - -../util/mkimage.c: In function 'grub_install_generate_image': -../util/mkimage.c:1422:41: error: dangling pointer to 'tmp_' may be used [-Werror=dangling-pointer=] - 1422 | PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); -../util/mkimage.c:857:28: note: 'tmp_' declared here - 857 | __typeof__((o64)->field) tmp_; \ - | ^~~~ - -Signed-off-by: Michael Chang ---- - util/mkimage.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 5a8021a213..659824c140 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1419,6 +1419,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - section = (struct grub_pe32_section_table *)(o64 + 1); - } - -+#if __GNUC__ >= 12 -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wdangling-pointer" -+#endif - PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); - PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); - PE_OHDR (o32, o64, image_base) = 0; -@@ -1438,6 +1442,9 @@ grub_install_generate_image (const char *dir, const char *prefix, - /* The sections. */ - PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (vma); - PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); -+#if __GNUC__ >= 12 -+#pragma GCC diagnostic pop -+#endif - section = init_pe_section (image_target, section, ".text", - &vma, layout.exec_size, - image_target->section_align, -@@ -1447,10 +1454,17 @@ grub_install_generate_image (const char *dir, const char *prefix, - GRUB_PE32_SCN_MEM_READ); - - scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); -+#if __GNUC__ >= 12 -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wdangling-pointer" -+#endif - /* ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT) is done earlier. */ - PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + sbat_size + - ALIGN_UP (total_module_size, - GRUB_PE32_FILE_ALIGNMENT)); -+#if __GNUC__ >= 12 -+#pragma GCC diagnostic pop -+#endif - - section = init_pe_section (image_target, section, ".data", - &vma, scn_size, image_target->section_align, -@@ -1481,8 +1495,15 @@ grub_install_generate_image (const char *dir, const char *prefix, - } - - scn_size = layout.reloc_size; -+#if __GNUC__ >= 12 -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wdangling-pointer" -+#endif - PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma); - PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size); -+#if __GNUC__ >= 12 -+#pragma GCC diagnostic pop -+#endif - memcpy (pe_img + raw_data, layout.reloc_section, scn_size); - init_pe_section (image_target, section, ".reloc", - &vma, scn_size, image_target->section_align, --- -2.34.1 - diff --git a/0001-mm-Allow-dynamically-requesting-additional-memory-re.patch b/0001-mm-Allow-dynamically-requesting-additional-memory-re.patch deleted file mode 100644 index 364e106..0000000 --- a/0001-mm-Allow-dynamically-requesting-additional-memory-re.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 23bca58a68264657f176885c3564d07c9938b7f6 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:18 +1000 -Subject: [PATCH 1/5] mm: Allow dynamically requesting additional memory - regions - -Currently, all platforms will set up their heap on initialization of the -platform code. While this works mostly fine, it poses some limitations -on memory management on us. Most notably, allocating big chunks of -memory in the gigabyte range would require us to pre-request this many -bytes from the firmware and add it to the heap from the beginning on -some platforms like EFI. As this isn't needed for most configurations, -it is inefficient and may even negatively impact some usecases when, -e.g., chainloading. Nonetheless, allocating big chunks of memory is -required sometimes, where one example is the upcoming support for the -Argon2 key derival function in LUKS2. - -In order to avoid pre-allocating big chunks of memory, this commit -implements a runtime mechanism to add more pages to the system. When -a given allocation cannot be currently satisfied, we'll call a given -callback set up by the platform's own memory management subsystem, -asking it to add a memory area with at least "n" bytes. If this -succeeds, we retry searching for a valid memory region, which should -now succeed. - -If this fails, we try asking for "n" bytes, possibly spread across -multiple regions, in hopes that region merging means that we end up -with enough memory for things to work out. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Tested-by: Stefan Berger -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt ---- - grub-core/kern/mm.c | 30 ++++++++++++++++++++++++++++++ - include/grub/mm.h | 18 ++++++++++++++++++ - 2 files changed, 48 insertions(+) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 5c0a624..0bd9f75 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -28,6 +28,9 @@ - - multiple regions may be used as free space. They may not be - contiguous. - -+ - if existing regions are insufficient to satisfy an allocation, a new -+ region can be requested from firmware. -+ - Regions are managed by a singly linked list, and the meta information is - stored in the beginning of each region. Space after the meta information - is used to allocate memory. -@@ -77,6 +80,7 @@ - - - grub_mm_region_t grub_mm_base; -+grub_mm_add_region_func_t grub_mm_add_region_fn; - - /* Get a header from the pointer PTR, and set *P and *R to a pointer - to the header and a pointer to its region, respectively. PTR must -@@ -364,6 +368,32 @@ grub_memalign (grub_size_t align, grub_size_t size) - goto again; - #endif - -+ case 1: -+ /* Request additional pages, contiguous */ -+ count++; -+ -+ if (grub_mm_add_region_fn != NULL && -+ grub_mm_add_region_fn (size, GRUB_MM_ADD_REGION_CONSECUTIVE) == GRUB_ERR_NONE) -+ goto again; -+ -+ /* fallthrough */ -+ -+ case 2: -+ /* Request additional pages, anything at all */ -+ count++; -+ -+ if (grub_mm_add_region_fn != NULL) -+ { -+ /* -+ * Try again even if this fails, in case it was able to partially -+ * satisfy the request -+ */ -+ grub_mm_add_region_fn (size, GRUB_MM_ADD_REGION_NONE); -+ goto again; -+ } -+ -+ /* fallthrough */ -+ - default: - break; - } -diff --git a/include/grub/mm.h b/include/grub/mm.h -index 1754635..67faebf 100644 ---- a/include/grub/mm.h -+++ b/include/grub/mm.h -@@ -20,6 +20,7 @@ - #ifndef GRUB_MM_H - #define GRUB_MM_H 1 - -+#include - #include - #include - #include -@@ -28,6 +29,23 @@ - # define NULL ((void *) 0) - #endif - -+#define GRUB_MM_ADD_REGION_NONE 0 -+#define GRUB_MM_ADD_REGION_CONSECUTIVE (1 << 0) -+ -+/* -+ * Function used to request memory regions of `grub_size_t` bytes. The second -+ * parameter is a bitfield of `GRUB_MM_ADD_REGION` flags. -+ */ -+typedef grub_err_t (*grub_mm_add_region_func_t) (grub_size_t, unsigned int); -+ -+/* -+ * Set this function pointer to enable adding memory-regions at runtime in case -+ * a memory allocation cannot be satisfied with existing regions. -+ */ -+#ifndef GRUB_MACHINE_EMU -+extern grub_mm_add_region_func_t EXPORT_VAR(grub_mm_add_region_fn); -+#endif -+ - void grub_mm_init_region (void *addr, grub_size_t size); - void *EXPORT_FUNC(grub_malloc) (grub_size_t size); - void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); --- -2.35.3 - diff --git a/0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch b/0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch index df28bfe..c23a3a8 100644 --- a/0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch +++ b/0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch @@ -27,11 +27,9 @@ Signed-off-by: Michael Chang grub-core/disk/ieee1275/ofdisk.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) -diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index 258a6e3891..410f4b849f 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c -@@ -491,10 +491,11 @@ grub_ofdisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data, +@@ -491,10 +491,11 @@ { unsigned i; @@ -42,10 +40,10 @@ index 258a6e3891..410f4b849f 100644 - scan (); + if (pull == GRUB_DISK_PULL_REMOVABLE) + scan (); - + for (i = 0; i < ARRAY_SIZE (ofdisk_hash); i++) { -@@ -532,6 +533,12 @@ grub_ofdisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data, +@@ -532,6 +533,12 @@ if (!ent->is_boot && ent->is_removable) continue; @@ -58,6 +56,3 @@ index 258a6e3891..410f4b849f 100644 if (hook (ent->grub_shortest, hook_data)) return 1; } --- -2.34.1 - diff --git a/0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch b/0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch deleted file mode 100644 index f40af92..0000000 --- a/0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch +++ /dev/null @@ -1,158 +0,0 @@ -From e94b4f23277f7572aacbbeae50b8927e03be148a Mon Sep 17 00:00:00 2001 -From: Petr Vorel -Date: Thu, 15 Jul 2021 17:35:27 +0200 -Subject: [PATCH 1/2] osdep: Introduce include/grub/osdep/major.h and use it - -... to factor out fix for glibc 2.25 introduced in 7a5b301e3 (build: Use -AC_HEADER_MAJOR to find device macros). - -Note: Once glibc 2.25 is old enough and this fix is not needed also -AC_HEADER_MAJOR in configure.ac should be removed. - -Signed-off-by: Petr Vorel -Reviewed-by: Daniel Kiper -[ upstream status: e94b4f232 ("osdep: Introduce include/grub/osdep/major.h and use it") ] ---- - configure.ac | 2 +- - grub-core/osdep/devmapper/getroot.c | 7 +----- - grub-core/osdep/devmapper/hostdisk.c | 7 +----- - grub-core/osdep/linux/getroot.c | 7 +----- - grub-core/osdep/unix/getroot.c | 7 +----- - include/grub/osdep/major.h | 33 ++++++++++++++++++++++++++++ - 6 files changed, 38 insertions(+), 25 deletions(-) - create mode 100644 include/grub/osdep/major.h - -diff --git a/configure.ac b/configure.ac -index b025e1e84..bee28dbeb 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -424,7 +424,7 @@ AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h) - - # glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation - # warning which causes compilation failure later with -Werror. So use -Werror here --# as well to force proper sys/sysmacros.h detection. -+# as well to force proper sys/sysmacros.h detection. Used in include/grub/osdep/major.h. - SAVED_CFLAGS="$CFLAGS" - CFLAGS="$HOST_CFLAGS -Werror" - AC_HEADER_MAJOR -diff --git a/grub-core/osdep/devmapper/getroot.c b/grub-core/osdep/devmapper/getroot.c -index a13a39c96..9ba5c9865 100644 ---- a/grub-core/osdep/devmapper/getroot.c -+++ b/grub-core/osdep/devmapper/getroot.c -@@ -40,12 +40,7 @@ - #include - #endif - --#if defined(MAJOR_IN_MKDEV) --#include --#elif defined(MAJOR_IN_SYSMACROS) --#include --#endif -- -+#include - #include - - #include -diff --git a/grub-core/osdep/devmapper/hostdisk.c b/grub-core/osdep/devmapper/hostdisk.c -index a8afc0c94..c8053728b 100644 ---- a/grub-core/osdep/devmapper/hostdisk.c -+++ b/grub-core/osdep/devmapper/hostdisk.c -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -24,12 +25,6 @@ - #include - #include - --#if defined(MAJOR_IN_MKDEV) --#include --#elif defined(MAJOR_IN_SYSMACROS) --#include --#endif -- - #ifdef HAVE_DEVICE_MAPPER - # include - -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 001b818fe..cd588588e 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -35,12 +35,7 @@ - #include - #endif - --#if defined(MAJOR_IN_MKDEV) --#include --#elif defined(MAJOR_IN_SYSMACROS) --#include --#endif -- -+#include - #include - #include /* ioctl */ - #include -diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c -index 46d7116c6..74f69116d 100644 ---- a/grub-core/osdep/unix/getroot.c -+++ b/grub-core/osdep/unix/getroot.c -@@ -51,12 +51,7 @@ - #endif /* ! FLOPPY_MAJOR */ - #endif - --#include --#if defined(MAJOR_IN_MKDEV) --#include --#elif defined(MAJOR_IN_SYSMACROS) --#include --#endif -+#include - - #if defined(HAVE_LIBZFS) && defined(HAVE_LIBNVPAIR) - # include -diff --git a/include/grub/osdep/major.h b/include/grub/osdep/major.h -new file mode 100644 -index 000000000..84a9159af ---- /dev/null -+++ b/include/grub/osdep/major.h -@@ -0,0 +1,33 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2021 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ * -+ * Fix for glibc 2.25 which is deprecating the namespace pollution of -+ * sys/types.h injecting major(), minor(), and makedev() into the -+ * compilation environment. -+ */ -+ -+#ifndef GRUB_OSDEP_MAJOR_H -+#define GRUB_OSDEP_MAJOR_H 1 -+ -+#include -+ -+#ifdef MAJOR_IN_MKDEV -+# include -+#elif defined (MAJOR_IN_SYSMACROS) -+# include -+#endif -+#endif /* GRUB_OSDEP_MAJOR_H */ --- -2.32.0 - diff --git a/0001-powerpc-do-CAS-in-a-more-compatible-way.patch b/0001-powerpc-do-CAS-in-a-more-compatible-way.patch deleted file mode 100644 index f1d5dc4..0000000 --- a/0001-powerpc-do-CAS-in-a-more-compatible-way.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 91c9ff5515821fa579961a4c3a411a29384fbfd6 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 8 Apr 2022 12:35:28 +1000 -Subject: [PATCH] powerpc: do CAS in a more compatible way - -I wrongly assumed that the most compatible way to perform CAS -negotiation was to only set the minimum number of vectors required -to ask for more memory. It turns out that this messes up booting -if the minimum VP capacity would be less than the default 10% in -vector 4. - -Linux configures the minimum capacity to be 1%, so copy it for that -and for vector 3 which we now need to specify as well. - -Signed-off-by: Daniel Axtens ---- - grub-core/kern/ieee1275/init.c | 54 +++++++++++++++++++--------------- - 1 file changed, 31 insertions(+), 23 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d77d896043..7d7178d3e1 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -298,33 +298,37 @@ grub_ieee1275_total_mem (grub_uint64_t *total) - - /* Based on linux - arch/powerpc/kernel/prom_init.c */ - struct option_vector2 { -- grub_uint8_t byte1; -- grub_uint16_t reserved; -- grub_uint32_t real_base; -- grub_uint32_t real_size; -- grub_uint32_t virt_base; -- grub_uint32_t virt_size; -- grub_uint32_t load_base; -- grub_uint32_t min_rma; -- grub_uint32_t min_load; -- grub_uint8_t min_rma_percent; -- grub_uint8_t max_pft_size; -+ grub_uint8_t byte1; -+ grub_uint16_t reserved; -+ grub_uint32_t real_base; -+ grub_uint32_t real_size; -+ grub_uint32_t virt_base; -+ grub_uint32_t virt_size; -+ grub_uint32_t load_base; -+ grub_uint32_t min_rma; -+ grub_uint32_t min_load; -+ grub_uint8_t min_rma_percent; -+ grub_uint8_t max_pft_size; - } __attribute__((packed)); - - struct pvr_entry { -- grub_uint32_t mask; -- grub_uint32_t entry; -+ grub_uint32_t mask; -+ grub_uint32_t entry; - }; - - struct cas_vector { -- struct { -- struct pvr_entry terminal; -- } pvr_list; -- grub_uint8_t num_vecs; -- grub_uint8_t vec1_size; -- grub_uint8_t vec1; -- grub_uint8_t vec2_size; -- struct option_vector2 vec2; -+ struct { -+ struct pvr_entry terminal; -+ } pvr_list; -+ grub_uint8_t num_vecs; -+ grub_uint8_t vec1_size; -+ grub_uint8_t vec1; -+ grub_uint8_t vec2_size; -+ struct option_vector2 vec2; -+ grub_uint8_t vec3_size; -+ grub_uint16_t vec3; -+ grub_uint8_t vec4_size; -+ grub_uint16_t vec4; - } __attribute__((packed)); - - /* Call ibm,client-architecture-support to try to get more RMA. -@@ -345,13 +349,17 @@ grub_ieee1275_ibm_cas (void) - } args; - struct cas_vector vector = { - .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ -- .num_vecs = 2 - 1, -+ .num_vecs = 4 - 1, - .vec1_size = 0, - .vec1 = 0x80, /* ignore */ - .vec2_size = 1 + sizeof(struct option_vector2) - 2, - .vec2 = { - 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48 - }, -+ .vec3_size = 2 - 1, -+ .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied -+ .vec4_size = 2 - 1, -+ .vec4 = 0x0001, // set required minimum capacity % to the lowest value - }; - - INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); -@@ -364,7 +372,7 @@ grub_ieee1275_ibm_cas (void) - args.ihandle = root; - args.cas_addr = (grub_ieee1275_cell_t)&vector; - -- grub_printf("Calling ibm,client-architecture-support..."); -+ grub_printf("Calling ibm,client-architecture-support from grub..."); - IEEE1275_CALL_ENTRY_FN (&args); - grub_printf("done\n"); - --- -2.34.1 - diff --git a/0001-protectors-Add-key-protectors-framework.patch b/0001-protectors-Add-key-protectors-framework.patch index 1d40095..e412879 100644 --- a/0001-protectors-Add-key-protectors-framework.patch +++ b/0001-protectors-Add-key-protectors-framework.patch @@ -26,11 +26,9 @@ Signed-off-by: Gary Lin create mode 100644 grub-core/kern/protectors.c create mode 100644 include/grub/protector.h -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 80e7a83ed..79d17a3d2 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am -@@ -90,6 +90,7 @@ endif +@@ -90,6 +90,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h @@ -38,11 +36,9 @@ index 80e7a83ed..79d17a3d2 100644 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index d83c9f7b6..0335d9add 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -144,6 +144,7 @@ kernel = { +@@ -149,6 +149,7 @@ common = kern/misc.c; common = kern/parser.c; common = kern/partition.c; @@ -50,9 +46,6 @@ index d83c9f7b6..0335d9add 100644 common = kern/rescue_parser.c; common = kern/rescue_reader.c; common = kern/term.c; -diff --git a/grub-core/kern/protectors.c b/grub-core/kern/protectors.c -new file mode 100644 -index 000000000..5ee059565 --- /dev/null +++ b/grub-core/kern/protectors.c @@ -0,0 +1,75 @@ @@ -131,9 +124,6 @@ index 000000000..5ee059565 + + return kp->recover_key (key, key_size); +} -diff --git a/include/grub/protector.h b/include/grub/protector.h -new file mode 100644 -index 000000000..3d9f69bce --- /dev/null +++ b/include/grub/protector.h @@ -0,0 +1,48 @@ @@ -185,6 +175,3 @@ index 000000000..3d9f69bce + grub_size_t *key_size); + +#endif /* ! GRUB_PROTECTOR_HEADER */ --- -2.35.3 - diff --git a/0001-protectors-Implement-NV-index.patch b/0001-protectors-Implement-NV-index.patch new file mode 100644 index 0000000..e183767 --- /dev/null +++ b/0001-protectors-Implement-NV-index.patch @@ -0,0 +1,80 @@ +From c3efb4ecbe91b63c127b92122dad3fa53d4efc69 Mon Sep 17 00:00:00 2001 +From: Patrick Colp +Date: Mon, 31 Jul 2023 07:01:45 -0700 +Subject: [PATCH 1/4] protectors: Implement NV index + +Currently with the TPM2 protector, only SRK mode is supported and +NV index support is just a stub. Implement the NV index option. + +Note: This only extends support on the unseal path. grub2_protect +has not been updated. tpm2-tools can be used to insert a key into +the NV index. + +An example of inserting a key using tpm2-tools: + + # Get random key. + tpm2_getrandom 32 > key.dat + + # Create primary object. + tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx + + # Create policy object. `pcrs.dat` contains the PCR values to seal against. + tpm2_startauthsession -S session.dat + tpm2_policypcr -S session.dat -l sha256:7,11 -f pcrs.dat -L policy.dat + tpm2_flushcontext session.dat + + # Seal key into TPM. + cat key.dat | tpm2_create -C primary.ctx -u key.pub -r key.priv -L policy.dat -i- + tpm2_load -C primary.ctx -u key.pub -r key.priv -n sealing.name -c sealing.ctx + tpm2_evictcontrol -C o -c sealing.ctx 0x81000000 + +Then to unseal the key in grub, add this to grub.cfg: + + tpm2_key_protector_init --mode=nv --nvindex=0x81000000 --pcrs=7,11 + cryptomount -u --protector tpm2 + +Signed-off-by: Patrick Colp +--- + grub-core/tpm2/module.c | 25 ++++++++++++++++++++----- + 1 file changed, 20 insertions(+), 5 deletions(-) + +diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c +index 5274296b7..d3a64187a 100644 +--- a/grub-core/tpm2/module.c ++++ b/grub-core/tpm2/module.c +@@ -757,12 +757,27 @@ static grub_err_t + grub_tpm2_protector_nv_recover (const struct grub_tpm2_protector_context *ctx, + grub_uint8_t **key, grub_size_t *key_size) + { +- (void)ctx; +- (void)key; +- (void)key_size; ++ TPM_HANDLE sealed_handle = ctx->nv; ++ tpm2key_policy_t policy_seq = NULL; ++ grub_err_t err; ++ ++ /* Create a basic policy sequence based on the given PCR selection */ ++ err = grub_tpm2_protector_simple_policy_seq (ctx, &policy_seq); ++ if (err != GRUB_ERR_NONE) ++ goto exit; ++ ++ err = grub_tpm2_protector_unseal (policy_seq, sealed_handle, key, key_size); ++ ++ /* Pop error messages on success */ ++ if (err == GRUB_ERR_NONE) ++ while (grub_error_pop ()); ++ ++exit: ++ TPM2_FlushContext (sealed_handle); + +- return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, +- N_("NV Index mode is not implemented yet")); ++ grub_tpm2key_free_policy_seq (policy_seq); ++ ++ return err; + } + + static grub_err_t +-- +2.35.3 + diff --git a/0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch b/0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch index e95c412..c2b9f08 100644 --- a/0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch +++ b/0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch @@ -16,11 +16,9 @@ Signed-off-by: Michael Chang util/grub.d/20_linux_xen.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 7f3e79b09..00e351802 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -307,7 +307,7 @@ while [ "x$list" != "x" ] ; do +@@ -351,7 +351,7 @@ fi config= @@ -29,11 +27,9 @@ index 7f3e79b09..00e351802 100644 if test -e "${i}" ; then config="${i}" break -diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 8813435b7..318b6d320 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in -@@ -304,7 +304,7 @@ for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do +@@ -307,7 +307,7 @@ version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") dirname=$(dirname $i) config= @@ -42,6 +38,3 @@ index 8813435b7..318b6d320 100644 if test -e "${j}" ; then config="${j}" break --- -2.33.0 - diff --git a/0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch b/0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch deleted file mode 100644 index b37dfb4..0000000 --- a/0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2cecb472ffba4dbc534f4ce3346a453762371c52 Mon Sep 17 00:00:00 2001 -From: Mathieu Trudel-Lapierre -Date: Fri, 25 Oct 2019 10:27:54 -0400 -Subject: [PATCH] tpm: Pass unknown error as non-fatal, but debug print the - error we got - -Signed-off-by: Mathieu Trudel-Lapierre -Patch-Name: ubuntu-tpm-unknown-error-non-fatal.patch ---- - grub-core/commands/efi/tpm.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index a97d85368..1e399a964 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -145,7 +145,8 @@ grub_efi_log_event_status (grub_efi_status_t status) - case GRUB_EFI_NOT_FOUND: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); - default: -- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); -+ grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); -+ return 0; - } - } - --- -2.31.1 - diff --git a/0001-video-Remove-trailing-whitespaces.patch b/0001-video-Remove-trailing-whitespaces.patch deleted file mode 100644 index 70e60cf..0000000 --- a/0001-video-Remove-trailing-whitespaces.patch +++ /dev/null @@ -1,686 +0,0 @@ -From efa2ddca2c7167e98f12e9ad8963e9201fa87e75 Mon Sep 17 00:00:00 2001 -From: Elyes Haouas -Date: Fri, 4 Mar 2022 07:42:13 +0100 -Subject: [PATCH 01/32] video: Remove trailing whitespaces - -Signed-off-by: Elyes Haouas -Reviewed-by: Daniel Kiper ---- - grub-core/video/bochs.c | 2 +- - grub-core/video/capture.c | 2 +- - grub-core/video/cirrus.c | 4 ++-- - grub-core/video/coreboot/cbfb.c | 2 +- - grub-core/video/efi_gop.c | 22 +++++++++---------- - grub-core/video/fb/fbblit.c | 8 +++---- - grub-core/video/fb/video_fb.c | 10 ++++----- - grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++--------------- - grub-core/video/i386/pc/vga.c | 6 ++--- - grub-core/video/ieee1275.c | 4 ++-- - grub-core/video/radeon_fuloong2e.c | 6 ++--- - grub-core/video/radeon_yeeloong3a.c | 6 ++--- - grub-core/video/readers/png.c | 2 +- - grub-core/video/readers/tga.c | 2 +- - grub-core/video/sis315_init.c | 2 +- - grub-core/video/sis315pro.c | 8 +++---- - grub-core/video/sm712.c | 10 ++++----- - grub-core/video/video.c | 8 +++---- - 18 files changed, 69 insertions(+), 69 deletions(-) - -diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c -index 30ea1bd828..edc651697a 100644 ---- a/grub-core/video/bochs.c -+++ b/grub-core/video/bochs.c -@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - - if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234) - return 0; -- -+ - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); - framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK; - if (!framebuffer.base) -diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c -index 4d3195e017..c653d89f91 100644 ---- a/grub-core/video/capture.c -+++ b/grub-core/video/capture.c -@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, - framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); - if (!framebuffer.ptr) - return grub_errno; -- -+ - err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target, - &framebuffer.mode_info, - framebuffer.ptr); -diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c -index e2149e8ced..f5542ccdc6 100644 ---- a/grub-core/video/cirrus.c -+++ b/grub-core/video/cirrus.c -@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height, - grub_uint8_t sr_ext = 0, hidden_dac = 0; - - grub_vga_set_geometry (&config, grub_vga_cr_write); -- -+ - grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1, - GRUB_VGA_GR_MODE); - grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6); -- -+ - grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE); - - grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT) -diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c -index 9af81fa5b0..986003c516 100644 ---- a/grub-core/video/coreboot/cbfb.c -+++ b/grub-core/video/coreboot/cbfb.c -@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height, - - grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, - grub_video_fbstd_colors); -- -+ - return err; - } - -diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c -index 5a37385398..cdf0e100fa 100644 ---- a/grub-core/video/efi_gop.c -+++ b/grub-core/video/efi_gop.c -@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo - grub_efi_status_t status; - struct grub_efi_gop_mode_info *info = NULL; - struct grub_video_mode_info mode_info; -- -+ - status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); - - if (status) -@@ -402,7 +402,7 @@ again: - found = 1; - } - } -- -+ - if (!found) - { - unsigned mode; -@@ -411,7 +411,7 @@ again: - { - grub_efi_uintn_t size; - grub_efi_status_t status; -- -+ - status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); - if (status) - { -@@ -489,11 +489,11 @@ again: - framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; - framebuffer.offscreen - = grub_malloc (framebuffer.mode_info.height -- * framebuffer.mode_info.width -+ * framebuffer.mode_info.width - * sizeof (struct grub_efi_gop_blt_pixel)); - - buffer = framebuffer.offscreen; -- -+ - if (!buffer) - { - grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); -@@ -502,11 +502,11 @@ again: - &framebuffer.mode_info); - buffer = framebuffer.ptr; - } -- -+ - grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n", - framebuffer.ptr, framebuffer.mode_info.width, - framebuffer.mode_info.height, framebuffer.mode_info.bpp); -- -+ - err = grub_video_fb_create_render_target_from_pointer - (&framebuffer.render_target, &framebuffer.mode_info, buffer); - -@@ -515,15 +515,15 @@ again: - grub_dprintf ("video", "GOP: Couldn't create FB target\n"); - return err; - } -- -+ - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - { - grub_dprintf ("video", "GOP: Couldn't set FB target\n"); - return err; - } -- -+ - err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, - grub_video_fbstd_colors); - -@@ -531,7 +531,7 @@ again: - grub_dprintf ("video", "GOP: Couldn't set palette\n"); - else - grub_dprintf ("video", "GOP: Success\n"); -- -+ - return err; - } - -diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c -index d55924837d..1010ef3930 100644 ---- a/grub-core/video/fb/fbblit.c -+++ b/grub-core/video/fb/fbblit.c -@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, - for (i = 0; i < width; i++) - { - register grub_uint32_t col; -- if (*srcptr == 0xf0) -+ if (*srcptr == 0xf0) - col = palette[16]; - else - col = palette[*srcptr & 0xf]; -@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, - *dstptr++ = col >> 0; - *dstptr++ = col >> 8; - *dstptr++ = col >> 16; --#endif -+#endif - srcptr++; - } - -@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, - for (i = 0; i < width; i++) - { - register grub_uint32_t col; -- if (*srcptr != 0xf0) -+ if (*srcptr != 0xf0) - { - col = palette[*srcptr & 0xf]; - #ifdef GRUB_CPU_WORDS_BIGENDIAN -@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, - *dstptr++ = col >> 0; - *dstptr++ = col >> 8; - *dstptr++ = col >> 16; --#endif -+#endif - } - else - dstptr += 3; -diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c -index ae6b89f9ae..fa4ebde260 100644 ---- a/grub-core/video/fb/video_fb.c -+++ b/grub-core/video/fb/video_fb.c -@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source, - *alpha = 0; - return; - } -- -+ - /* If we have an out-of-bounds color, return transparent black. */ - if (color > 255) - { -@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) - /* If everything is aligned on 32-bit use 32-bit copy. */ - if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) - % sizeof (grub_uint32_t) == 0 -- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) -+ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) - % sizeof (grub_uint32_t) == 0 - && linelen % sizeof (grub_uint32_t) == 0 - && linedelta % sizeof (grub_uint32_t) == 0) -@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) - else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) - % sizeof (grub_uint16_t) == 0 - && (grub_addr_t) grub_video_fb_get_video_ptr (&target, -- dst_x, dst_y) -+ dst_x, dst_y) - % sizeof (grub_uint16_t) == 0 - && linelen % sizeof (grub_uint16_t) == 0 - && linedelta % sizeof (grub_uint16_t) == 0) -@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) - { - grub_uint8_t *src, *dst; - DO_SCROLL -- } -+ } - } - - /* 4. Fill empty space with specified color. In this implementation -@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask, - framebuffer.render_target = framebuffer.back_target; - return GRUB_ERR_NONE; - } -- -+ - mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED - | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); - -diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c -index 8c8cbf07eb..8b72810f85 100644 ---- a/grub-core/video/i386/pc/vbe.c -+++ b/grub-core/video/i386/pc/vbe.c -@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr) - } - - /* Call VESA BIOS 0x4f09 to set palette data, return status. */ --static grub_vbe_status_t -+static grub_vbe_status_t - grub_vbe_bios_set_palette_data (grub_uint32_t color_count, - grub_uint32_t start_index, - struct grub_vbe_palette_data *palette_data) -@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count, - } - - /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) - { - struct grub_bios_int_registers regs; -@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) - } - - /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_mode_info (grub_uint32_t mode, - struct grub_vbe_mode_info_block *mode_info) - { -@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode, - } - - /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_mode (grub_uint32_t *mode) - { - struct grub_bios_int_registers regs; -@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode) - return regs.eax & 0xffff; - } - --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size) - { - struct grub_bios_int_registers regs; -@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window, - } - - /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_set_scanline_length (grub_uint32_t length) - { - struct grub_bios_int_registers regs; -@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length) - regs.ecx = length; - regs.eax = 0x4f06; - /* BL = 2, Set Scan Line in Bytes. */ -- regs.ebx = 0x0002; -+ regs.ebx = 0x0002; - regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; - grub_bios_interrupt (0x10, ®s); - return regs.eax & 0xffff; - } - - /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_scanline_length (grub_uint32_t *length) - { - struct grub_bios_int_registers regs; -@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length) - } - - /* Call VESA BIOS 0x4f07 to set display start, return status. */ --static grub_vbe_status_t -+static grub_vbe_status_t - grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) - { - struct grub_bios_int_registers regs; -@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) - regs.edx = y; - regs.eax = 0x4f07; - /* BL = 80h, Set Display Start during Vertical Retrace. */ -- regs.ebx = 0x0080; -+ regs.ebx = 0x0080; - regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; - grub_bios_interrupt (0x10, ®s); - -@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) - } - - /* Call VESA BIOS 0x4f07 to get display start, return status. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_display_start (grub_uint32_t *x, - grub_uint32_t *y) - { -@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x, - } - - /* Call VESA BIOS 0x4f0a. */ --grub_vbe_status_t -+grub_vbe_status_t - grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset, - grub_uint16_t *length) - { -@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode, - case GRUB_VBE_MEMORY_MODEL_YUV: - mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV; - break; -- -+ - case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR: - mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB; - break; -@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode, - break; - case 8: - mode_info->bytes_per_pixel = 1; -- break; -+ break; - case 4: - mode_info->bytes_per_pixel = 0; -- break; -+ break; - } - - if (controller_info.version >= 0x300) -@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo - - static grub_err_t - grub_video_vbe_setup (unsigned int width, unsigned int height, -- grub_video_mode_type_t mode_type, -+ grub_video_mode_type_t mode_type, - grub_video_mode_type_t mode_mask) - { - grub_uint16_t *p; -@@ -1208,7 +1208,7 @@ grub_video_vbe_print_adapter_specific_info (void) - controller_info.version & 0xFF, - controller_info.oem_software_rev >> 8, - controller_info.oem_software_rev & 0xFF); -- -+ - /* The total_memory field is in 64 KiB units. */ - grub_printf_ (N_(" total memory: %d KiB\n"), - (controller_info.total_memory << 6)); -diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c -index b2f776c997..50d0b5e028 100644 ---- a/grub-core/video/i386/pc/vga.c -+++ b/grub-core/video/i386/pc/vga.c -@@ -48,7 +48,7 @@ static struct - int back_page; - } framebuffer; - --static unsigned char -+static unsigned char - grub_vga_set_mode (unsigned char mode) - { - struct grub_bios_int_registers regs; -@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height, - - is_target = 1; - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - return err; -- -+ - err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, - grub_video_fbstd_colors); - -diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c -index b8e4b3feb3..0a89fa334d 100644 ---- a/grub-core/video/ieee1275.c -+++ b/grub-core/video/ieee1275.c -@@ -234,7 +234,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, - /* TODO. */ - return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height); - } -- -+ - err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info); - if (err) - { -@@ -261,7 +261,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, - - grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors, - grub_video_fbstd_colors); -- -+ - return err; - } - -diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c -index b4da34b5ee..40917acb76 100644 ---- a/grub-core/video/radeon_fuloong2e.c -+++ b/grub-core/video/radeon_fuloong2e.c -@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != 0x515a1002) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, - framebuffer.mapped = 1; - - /* Prevent garbage from appearing on the screen. */ -- grub_memset (framebuffer.ptr, 0x55, -+ grub_memset (framebuffer.ptr, 0x55, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - - #ifndef TEST -@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, - return err; - - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - return err; - -diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c -index 52614feb69..48631c1815 100644 ---- a/grub-core/video/radeon_yeeloong3a.c -+++ b/grub-core/video/radeon_yeeloong3a.c -@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != 0x96151002) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, - #endif - - /* Prevent garbage from appearing on the screen. */ -- grub_memset (framebuffer.ptr, 0, -+ grub_memset (framebuffer.ptr, 0, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - - #ifndef TEST -@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, - return err; - - err = grub_video_fb_set_active_render_target (framebuffer.render_target); -- -+ - if (err) - return err; - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 0157ff7420..54dfedf435 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data) - } - return; - } -- -+ - if (data->is_gray) - { - switch (data->bpp) -diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c -index 7cb9d1d2a0..a9ec3a1b6e 100644 ---- a/grub-core/video/readers/tga.c -+++ b/grub-core/video/readers/tga.c -@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data) - - if (len > sizeof (data->palette)) - len = sizeof (data->palette); -- -+ - if (grub_file_read (data->file, &data->palette, len) - != (grub_ssize_t) len) - return grub_errno; -diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c -index ae5c1419c1..09c3c7bbea 100644 ---- a/grub-core/video/sis315_init.c -+++ b/grub-core/video/sis315_init.c -@@ -1,4 +1,4 @@ --static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = -+static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = - { - { 0x28, 0x81 }, - { 0x2a, 0x00 }, -diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c -index 22a0c85a64..4d2f9999a9 100644 ---- a/grub-core/video/sis315pro.c -+++ b/grub-core/video/sis315pro.c -@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != GRUB_SIS315PRO_PCIID) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, - - #ifndef TEST - /* Prevent garbage from appearing on the screen. */ -- grub_memset (framebuffer.ptr, 0, -+ grub_memset (framebuffer.ptr, 0, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - grub_arch_sync_dma_caches (framebuffer.ptr, - framebuffer.mode_info.height -@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, - | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 - | GRUB_VGA_IO_MISC_28MHZ - | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS -- | GRUB_VGA_IO_MISC_COLOR, -+ | GRUB_VGA_IO_MISC_COLOR, - GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE); - - grub_vga_sr_write (0x86, 5); -@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, - { - if (read_sis_cmd (0x5) != 0xa1) - write_sis_cmd (0x86, 0x5); -- -+ - write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20); - write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e); - -diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c -index 10c46eb654..65f59f84b1 100644 ---- a/grub-core/video/sm712.c -+++ b/grub-core/video/sm712.c -@@ -167,7 +167,7 @@ enum - GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46, - GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47, - GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48, -- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, -+ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, - GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a, - GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b, - GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c, -@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) - if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA - || pciid != GRUB_SM712_PCIID) - return 0; -- -+ - *found = 1; - - addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); -@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, - - #if !defined (TEST) && !defined(GENINIT) - /* Prevent garbage from appearing on the screen. */ -- grub_memset ((void *) framebuffer.cached_ptr, 0, -+ grub_memset ((void *) framebuffer.cached_ptr, 0, - framebuffer.mode_info.height * framebuffer.mode_info.pitch); - #endif - -@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, - grub_sm712_sr_write (0x2, 0x6b); - grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK); - grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET); -- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY -+ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY - | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY - | GRUB_VGA_IO_MISC_UPPER_64K - | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 -@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, - for (i = 0; i < ARRAY_SIZE (dda_lookups); i++) - grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda, - dda_lookups[i].vcentering); -- -+ - /* Undocumented */ - grub_sm712_cr_write (0, 0x9c); - grub_sm712_cr_write (0, 0x9d); -diff --git a/grub-core/video/video.c b/grub-core/video/video.c -index 983424107c..8937da745d 100644 ---- a/grub-core/video/video.c -+++ b/grub-core/video/video.c -@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) - current_mode); - - param++; -- -+ - *width = grub_strtoul (value, 0, 0); - if (grub_errno != GRUB_ERR_NONE) - return grub_error (GRUB_ERR_BAD_ARGUMENT, - N_("invalid video mode specification `%s'"), - current_mode); -- -+ - /* Find height value. */ - value = param; - param = grub_strchr(param, 'x'); -@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) - { - /* We have optional color depth value. */ - param++; -- -+ - *height = grub_strtoul (value, 0, 0); - if (grub_errno != GRUB_ERR_NONE) - return grub_error (GRUB_ERR_BAD_ARGUMENT, - N_("invalid video mode specification `%s'"), - current_mode); -- -+ - /* Convert color depth value. */ - value = param; - *depth = grub_strtoul (value, 0, 0); --- -2.34.1 - diff --git a/0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch b/0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch new file mode 100644 index 0000000..ee5e3b9 --- /dev/null +++ b/0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch @@ -0,0 +1,83 @@ +From 6c06378c1bf6ae21788427e62ab0011b7f1bc2f0 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Fri, 25 Nov 2022 16:11:24 +0800 +Subject: [PATCH] xen_boot: add missing grub_arch_efi_linux_load_image_header + +The new xen_boot module has used grub_arch_efi_linux_load_image_header +exported by grub-core/loader/arm64/linux.c. It is not a problem for +upstream but many downstream projects may not use it and take +grub-core/loader/arm64/efi/linux.c as a replacement as PE entry is the +preferred way in combination with shim loader. + +This patch did a trivial workaround just adding back the dropped +defintion to the xen_boot itself. + +Signed-off-by: Michael Chang +--- + grub-core/loader/arm64/xen_boot.c | 50 +++++++++++++++++++++++++++++++ + 1 file changed, 50 insertions(+) + +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index 26e1472c9..b82a2db89 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -84,6 +84,56 @@ static int loaded; + static struct xen_boot_binary *xen_hypervisor; + static struct xen_boot_binary *module_head; + ++/* The function is exported by grub-core/loader/arm64/linux.c that is not built ++ * because we use PE entry provided by grub-core/loader/arm64/efi/linux.c ++ */ ++static bool initrd_use_loadfile2 = false; ++ ++grub_err_t ++grub_arch_efi_linux_load_image_header (grub_file_t file, ++ struct linux_arch_kernel_header * lh) ++{ ++ grub_file_seek (file, 0); ++ if (grub_file_read (file, lh, sizeof (*lh)) < (grub_ssize_t) sizeof (*lh)) ++ return grub_error(GRUB_ERR_FILE_READ_ERROR, "failed to read Linux image header"); ++ ++ if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC) ++ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); ++ ++ grub_dprintf ("linux", "UEFI stub kernel:\n"); ++ grub_dprintf ("linux", "PE/COFF header @ %08x\n", lh->hdr_offset); ++ ++ /* ++ * The PE/COFF spec permits the COFF header to appear anywhere in the file, so ++ * we need to double check whether it was where we expected it, and if not, we ++ * must load it from the correct offset into the pe_image_header field of ++ * struct linux_arch_kernel_header. ++ */ ++ if ((grub_uint8_t *) lh + lh->hdr_offset != (grub_uint8_t *) &lh->pe_image_header) ++ { ++ if (grub_file_seek (file, lh->hdr_offset) == (grub_off_t) -1 ++ || grub_file_read (file, &lh->pe_image_header, ++ sizeof (struct grub_pe_image_header)) ++ != sizeof (struct grub_pe_image_header)) ++ return grub_error (GRUB_ERR_FILE_READ_ERROR, "failed to read COFF image header"); ++ } ++ ++ /* ++ * Linux kernels built for any architecture are guaranteed to support the ++ * LoadFile2 based initrd loading protocol if the image version is >= 1. ++ */ ++ if (lh->pe_image_header.optional_header.major_image_version >= 1) ++ initrd_use_loadfile2 = true; ++ else ++ initrd_use_loadfile2 = false; ++ ++ grub_dprintf ("linux", "LoadFile2 initrd loading %sabled\n", ++ initrd_use_loadfile2 ? "en" : "dis"); ++ ++ return GRUB_ERR_NONE; ++} ++ + static __inline grub_addr_t + xen_boot_address_align (grub_addr_t start, grub_size_t align) + { +-- +2.41.0 + diff --git a/0002-AUDIT-0-http-boot-tracker-bug.patch b/0002-AUDIT-0-http-boot-tracker-bug.patch index 040c93d..7b1a798 100644 --- a/0002-AUDIT-0-http-boot-tracker-bug.patch +++ b/0002-AUDIT-0-http-boot-tracker-bug.patch @@ -49,7 +49,7 @@ Signed-off-by: Michael Chang }; -@@ -78,6 +79,8 @@ +@@ -86,6 +87,8 @@ if (data->in_chunk_len == 2) { data->chunk_rem = grub_strtoul (ptr, 0, 16); diff --git a/0002-Add-grub_disk_write_tail-helper-function.patch b/0002-Add-grub_disk_write_tail-helper-function.patch index c8b6190..fda6d9d 100644 --- a/0002-Add-grub_disk_write_tail-helper-function.patch +++ b/0002-Add-grub_disk_write_tail-helper-function.patch @@ -12,15 +12,12 @@ Signed-off-by: Michael Chang include/grub/disk.h | 3 +++ 2 files changed, 21 insertions(+) -diff --git a/grub-core/lib/disk.c b/grub-core/lib/disk.c -index b4eb064a81..08e24485f0 100644 --- a/grub-core/lib/disk.c +++ b/grub-core/lib/disk.c -@@ -51,6 +51,24 @@ grub_disk_cache_invalidate (unsigned long dev_id, unsigned long disk_id, - } +@@ -52,6 +52,24 @@ } -+grub_err_t + grub_err_t +grub_disk_write_tail (grub_disk_t disk, grub_size_t size, const void *buf) +{ + grub_partition_t part; @@ -38,14 +35,13 @@ index b4eb064a81..08e24485f0 100644 + return grub_disk_write (disk, sector, offset, size, buf); +} + - grub_err_t ++grub_err_t grub_disk_write (grub_disk_t disk, grub_disk_addr_t sector, grub_off_t offset, grub_size_t size, const void *buf) -diff --git a/include/grub/disk.h b/include/grub/disk.h -index f95aca929a..6d656c4315 100644 + { --- a/include/grub/disk.h +++ b/include/grub/disk.h -@@ -232,6 +232,9 @@ grub_err_t EXPORT_FUNC(grub_disk_read) (grub_disk_t disk, +@@ -252,6 +252,9 @@ grub_off_t offset, grub_size_t size, void *buf); @@ -55,6 +51,3 @@ index f95aca929a..6d656c4315 100644 grub_err_t grub_disk_write (grub_disk_t disk, grub_disk_addr_t sector, grub_off_t offset, --- -2.34.1 - diff --git a/0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch b/0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch index 6e49e42..cf62fcb 100644 --- a/0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch +++ b/0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch @@ -24,11 +24,9 @@ Signed-off-by: Peter Jones include/grub/arm64/linux.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 4da49a182..87cb2f97c 100644 --- a/grub-core/loader/arm64/efi/linux.c +++ b/grub-core/loader/arm64/efi/linux.c -@@ -376,7 +376,7 @@ parse_pe_header (void *kernel, grub_uint64_t *total_size, +@@ -376,7 +376,7 @@ pe = (void *)((unsigned long)kernel + lh->hdr_offset); @@ -37,30 +35,23 @@ index 4da49a182..87cb2f97c 100644 return grub_error(GRUB_ERR_BAD_OS, "Invalid PE optional header magic"); *total_size = pe->opt.image_size; -diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index b582f67f6..966a5074f 100644 --- a/include/grub/arm/linux.h +++ b/include/grub/arm/linux.h -@@ -44,6 +44,7 @@ struct grub_arm_linux_pe_header +@@ -33,6 +33,7 @@ + }; #if defined(__arm__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE +# define GRUB_PE32_PEXX_MAGIC GRUB_PE32_PE32_MAGIC - # define linux_arch_kernel_header linux_arm_kernel_header # define grub_armxx_linux_pe_header grub_arm_linux_pe_header #endif -diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index de99d39c0..b4b91473a 100644 + --- a/include/grub/arm64/linux.h +++ b/include/grub/arm64/linux.h -@@ -48,6 +48,7 @@ struct grub_arm64_linux_pe_header +@@ -33,6 +33,7 @@ #if defined(__aarch64__) # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE +# define GRUB_PE32_PEXX_MAGIC GRUB_PE32_PE64_MAGIC - # define linux_arch_kernel_header linux_arm64_kernel_header # define grub_armxx_linux_pe_header grub_arm64_linux_pe_header #endif --- -2.31.1 - + diff --git a/0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch b/0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch deleted file mode 100644 index 0979b7e..0000000 --- a/0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch +++ /dev/null @@ -1,533 +0,0 @@ -From 04de53cb4adc0ae6429b0715c3f1dd8a62ff9a0f Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 16 Mar 2022 17:05:01 +0800 -Subject: [PATCH 2/3] Fix -Werror=array-bounds array subscript 0 is outside - array bounds - -The grub is failing to build with gcc-12 in many places like this: - -In function 'init_cbfsdisk', - inlined from 'grub_mod_init' at ../../grub-core/fs/cbfs.c:391:3: -../../grub-core/fs/cbfs.c:345:7: error: array subscript 0 is outside array bounds of 'grub_uint32_t[0]' {aka 'unsigned int[]'} [-Werror=array-bounds] - 345 | ptr = *(grub_uint32_t *) 0xfffffffc; - | ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This is caused by gcc regression in 11/12 [1]. In a nut shell, the -warning is about detected invalid accesses at non-zero offsets to null -pointers. Since hardwired constant address is treated as NULL plus an -offset in the same underlying code, the warning is therefore triggered. - -Instead of inserting #pragma all over the places where literal pointers -are accessed to avoid diagnosing array-bounds, we can try to borrow the -idea from linux kernel that the absolute_pointer macro [2][3] is used to -disconnect a pointer using literal address from it's original object, -hence gcc won't be able to make assumptions on the boundary while doing -pointer arithmetic. With that we can greatly reduce the code we have to -cover up by making initial literal pointer assignment to use the new -wrapper but not having to track everywhere literal pointers are -accessed. This also makes code looks cleaner. - -[1] -https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 -[2] -https://elixir.bootlin.com/linux/v5.16.14/source/include/linux/compiler.h#L180 -[3] -https://elixir.bootlin.com/linux/v5.16.14/source/include/linux/compiler-gcc.h#L31 - -Signed-off-by: Michael Chang ---- - grub-core/bus/cs5536.c | 4 ++-- - grub-core/commands/acpi.c | 4 ++-- - grub-core/commands/efi/loadbios.c | 9 +++++---- - grub-core/commands/i386/pc/drivemap.c | 9 ++++++--- - grub-core/commands/i386/pc/sendkey.c | 12 ++++++------ - grub-core/disk/i386/pc/biosdisk.c | 4 ++-- - grub-core/fs/cbfs.c | 2 +- - grub-core/kern/i386/pc/acpi.c | 4 ++-- - grub-core/kern/i386/pc/mmap.c | 2 +- - grub-core/loader/i386/multiboot_mbi.c | 2 +- - grub-core/loader/multiboot_mbi2.c | 4 ++-- - grub-core/mmap/i386/pc/mmap.c | 26 +++++++++++++------------- - grub-core/net/drivers/i386/pc/pxe.c | 12 ++++++------ - grub-core/term/i386/pc/console.c | 5 ++--- - grub-core/term/i386/pc/vga_text.c | 6 +++--- - grub-core/term/ns8250.c | 7 ++++++- - grub-core/video/i386/pc/vbe.c | 6 +++--- - include/grub/compiler.h | 11 +++++++++++ - 18 files changed, 74 insertions(+), 55 deletions(-) - -diff --git a/grub-core/bus/cs5536.c b/grub-core/bus/cs5536.c -index bb9aa27e5b..bccaeeeccb 100644 ---- a/grub-core/bus/cs5536.c -+++ b/grub-core/bus/cs5536.c -@@ -331,8 +331,8 @@ grub_cs5536_init_geode (grub_pci_device_t dev) - - { - volatile grub_uint32_t *oc; -- oc = grub_pci_device_map_range (dev, 0x05022000, -- GRUB_CS5536_USB_OPTION_REGS_SIZE); -+ oc = grub_absolute_pointer (grub_pci_device_map_range (dev, 0x05022000, -+ GRUB_CS5536_USB_OPTION_REGS_SIZE)); - - oc[GRUB_CS5536_USB_OPTION_REG_UOCMUX] = - (oc[GRUB_CS5536_USB_OPTION_REG_UOCMUX] -diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c -index 1215f2a62e..4721730b39 100644 ---- a/grub-core/commands/acpi.c -+++ b/grub-core/commands/acpi.c -@@ -168,7 +168,7 @@ grub_acpi_create_ebda (void) - struct grub_acpi_rsdp_v10 *v1; - struct grub_acpi_rsdp_v20 *v2; - -- ebda = (grub_uint8_t *) (grub_addr_t) ((*((grub_uint16_t *)0x40e)) << 4); -+ ebda = (grub_uint8_t *) (grub_addr_t) ((*((grub_uint16_t *)grub_absolute_pointer(0x40e))) << 4); - grub_dprintf ("acpi", "EBDA @%p\n", ebda); - if (ebda) - ebda_kb_len = *(grub_uint16_t *) ebda; -@@ -298,7 +298,7 @@ grub_acpi_create_ebda (void) - *target = 0; - - grub_dprintf ("acpi", "Switching EBDA\n"); -- (*((grub_uint16_t *) 0x40e)) = ((grub_addr_t) targetebda) >> 4; -+ (*((grub_uint16_t *) grub_absolute_pointer(0x40e))) = ((grub_addr_t) targetebda) >> 4; - grub_dprintf ("acpi", "EBDA switched\n"); - - return GRUB_ERR_NONE; -diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c -index 5c7725f8bd..574e410466 100644 ---- a/grub-core/commands/efi/loadbios.c -+++ b/grub-core/commands/efi/loadbios.c -@@ -46,7 +46,7 @@ enable_rom_area (void) - grub_uint32_t *rom_ptr; - grub_pci_device_t dev = { .bus = 0, .device = 0, .function = 0}; - -- rom_ptr = (grub_uint32_t *) VBIOS_ADDR; -+ rom_ptr = grub_absolute_pointer (VBIOS_ADDR); - if (*rom_ptr != BLANK_MEM) - { - grub_puts_ (N_("ROM image is present.")); -@@ -96,8 +96,8 @@ fake_bios_data (int use_rom) - void *acpi, *smbios; - grub_uint16_t *ebda_seg_ptr, *low_mem_ptr; - -- ebda_seg_ptr = (grub_uint16_t *) EBDA_SEG_ADDR; -- low_mem_ptr = (grub_uint16_t *) LOW_MEM_ADDR; -+ ebda_seg_ptr = grub_absolute_pointer (EBDA_SEG_ADDR); -+ low_mem_ptr = grub_absolute_pointer (LOW_MEM_ADDR); - if ((*ebda_seg_ptr) || (*low_mem_ptr)) - return; - -@@ -132,7 +132,8 @@ fake_bios_data (int use_rom) - *ebda_seg_ptr = FAKE_EBDA_SEG; - *low_mem_ptr = (FAKE_EBDA_SEG >> 6); - -- *((grub_uint16_t *) (FAKE_EBDA_SEG << 4)) = 640 - *low_mem_ptr; -+ /* *((grub_uint16_t *) (FAKE_EBDA_SEG << 4)) = 640 - *low_mem_ptr; */ -+ *((grub_uint16_t *) (grub_absolute_pointer (FAKE_EBDA_SEG << 4))) = 640 - *low_mem_ptr; - - if (acpi) - grub_memcpy ((char *) ((FAKE_EBDA_SEG << 4) + 16), acpi, 1024 - 16); -diff --git a/grub-core/commands/i386/pc/drivemap.c b/grub-core/commands/i386/pc/drivemap.c -index 7f7f2d41c0..6a4d923613 100644 ---- a/grub-core/commands/i386/pc/drivemap.c -+++ b/grub-core/commands/i386/pc/drivemap.c -@@ -31,9 +31,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --/* Real mode IVT slot (seg:off far pointer) for interrupt 0x13. */ --static grub_uint32_t *const int13slot = (grub_uint32_t *) (4 * 0x13); -- - /* Remember to update enum opt_idxs accordingly. */ - static const struct grub_arg_option options[] = { - /* TRANSLATORS: In this file "mapping" refers to a change GRUB makes so if -@@ -280,6 +277,9 @@ install_int13_handler (int noret __attribute__ ((unused))) - grub_uint8_t *handler_base = 0; - /* Address of the map within the deployed bundle. */ - int13map_node_t *handler_map; -+ /* Real mode IVT slot (seg:off far pointer) for interrupt 0x13. */ -+ grub_uint32_t *int13slot = (grub_uint32_t *) grub_absolute_pointer (4 * 0x13); -+ - - int i; - int entries = 0; -@@ -354,6 +354,9 @@ install_int13_handler (int noret __attribute__ ((unused))) - static grub_err_t - uninstall_int13_handler (void) - { -+ /* Real mode IVT slot (seg:off far pointer) for interrupt 0x13. */ -+ grub_uint32_t *int13slot = (grub_uint32_t *) grub_absolute_pointer (4 * 0x13); -+ - if (! grub_drivemap_oldhandler) - return GRUB_ERR_NONE; - -diff --git a/grub-core/commands/i386/pc/sendkey.c b/grub-core/commands/i386/pc/sendkey.c -index 26d9acd3de..532a66497f 100644 ---- a/grub-core/commands/i386/pc/sendkey.c -+++ b/grub-core/commands/i386/pc/sendkey.c -@@ -216,12 +216,12 @@ static grub_err_t - grub_sendkey_postboot (void) - { - /* For convention: pointer to flags. */ -- grub_uint32_t *flags = (grub_uint32_t *) 0x417; -+ grub_uint32_t *flags = grub_absolute_pointer (0x417); - - *flags = oldflags; - -- *((char *) 0x41a) = 0x1e; -- *((char *) 0x41c) = 0x1e; -+ *((char *) grub_absolute_pointer (0x41a)) = 0x1e; -+ *((char *) grub_absolute_pointer (0x41c)) = 0x1e; - - return GRUB_ERR_NONE; - } -@@ -231,13 +231,13 @@ static grub_err_t - grub_sendkey_preboot (int noret __attribute__ ((unused))) - { - /* For convention: pointer to flags. */ -- grub_uint32_t *flags = (grub_uint32_t *) 0x417; -+ grub_uint32_t *flags = grub_absolute_pointer (0x417); - - oldflags = *flags; - - /* Set the sendkey. */ -- *((char *) 0x41a) = 0x1e; -- *((char *) 0x41c) = keylen + 0x1e; -+ *((char *) grub_absolute_pointer (0x41a)) = 0x1e; -+ *((char *) grub_absolute_pointer (0x41c)) = keylen + 0x1e; - grub_memcpy ((char *) 0x41e, sendkey, 0x20); - - /* Transform "any ctrl" to "right ctrl" flag. */ -diff --git a/grub-core/disk/i386/pc/biosdisk.c b/grub-core/disk/i386/pc/biosdisk.c -index 8ca250c77b..89746ed940 100644 ---- a/grub-core/disk/i386/pc/biosdisk.c -+++ b/grub-core/disk/i386/pc/biosdisk.c -@@ -367,7 +367,7 @@ grub_biosdisk_open (const char *name, grub_disk_t disk) - if (version) - { - struct grub_biosdisk_drp *drp -- = (struct grub_biosdisk_drp *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ = (struct grub_biosdisk_drp *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - - /* Clear out the DRP. */ - grub_memset (drp, 0, sizeof (*drp)); -@@ -654,7 +654,7 @@ grub_disk_biosdisk_fini (void) - GRUB_MOD_INIT(biosdisk) - { - struct grub_biosdisk_cdrp *cdrp -- = (struct grub_biosdisk_cdrp *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ = (struct grub_biosdisk_cdrp *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - grub_uint8_t boot_drive; - - if (grub_disk_firmware_is_tainted) -diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c -index 581215ef18..8ab7106afb 100644 ---- a/grub-core/fs/cbfs.c -+++ b/grub-core/fs/cbfs.c -@@ -342,7 +342,7 @@ init_cbfsdisk (void) - grub_uint32_t ptr; - struct cbfs_header *head; - -- ptr = *(grub_uint32_t *) 0xfffffffc; -+ ptr = *((grub_uint32_t *) grub_absolute_pointer (0xfffffffc)); - head = (struct cbfs_header *) (grub_addr_t) ptr; - grub_dprintf ("cbfs", "head=%p\n", head); - -diff --git a/grub-core/kern/i386/pc/acpi.c b/grub-core/kern/i386/pc/acpi.c -index 297f5d05f3..0a69eba7b5 100644 ---- a/grub-core/kern/i386/pc/acpi.c -+++ b/grub-core/kern/i386/pc/acpi.c -@@ -27,7 +27,7 @@ grub_machine_acpi_get_rsdpv1 (void) - grub_uint8_t *ebda, *ptr; - - grub_dprintf ("acpi", "Looking for RSDP. Scanning EBDA\n"); -- ebda = (grub_uint8_t *) ((* ((grub_uint16_t *) 0x40e)) << 4); -+ ebda = (grub_uint8_t *) ((* ((grub_uint16_t *) grub_absolute_pointer (0x40e))) << 4); - ebda_len = * (grub_uint16_t *) ebda; - if (! ebda_len) /* FIXME do we really need this check? */ - goto scan_bios; -@@ -55,7 +55,7 @@ grub_machine_acpi_get_rsdpv2 (void) - grub_uint8_t *ebda, *ptr; - - grub_dprintf ("acpi", "Looking for RSDP. Scanning EBDA\n"); -- ebda = (grub_uint8_t *) ((* ((grub_uint16_t *) 0x40e)) << 4); -+ ebda = (grub_uint8_t *) ((* ((grub_uint16_t *) grub_absolute_pointer (0x40e))) << 4); - ebda_len = * (grub_uint16_t *) ebda; - if (! ebda_len) /* FIXME do we really need this check? */ - goto scan_bios; -diff --git a/grub-core/kern/i386/pc/mmap.c b/grub-core/kern/i386/pc/mmap.c -index c0c3c35858..a4a1a75af4 100644 ---- a/grub-core/kern/i386/pc/mmap.c -+++ b/grub-core/kern/i386/pc/mmap.c -@@ -143,7 +143,7 @@ grub_machine_mmap_iterate (grub_memory_hook_t hook, void *hook_data) - { - grub_uint32_t cont = 0; - struct grub_machine_mmap_entry *entry -- = (struct grub_machine_mmap_entry *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ = (struct grub_machine_mmap_entry *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - int e820_works = 0; - - while (1) -diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c -index a67d9d0a80..434e694ffb 100644 ---- a/grub-core/loader/i386/multiboot_mbi.c -+++ b/grub-core/loader/i386/multiboot_mbi.c -@@ -293,7 +293,7 @@ fill_vbe_info (struct multiboot_info *mbi, grub_uint8_t *ptrorig, - struct grub_vbe_mode_info_block *mode_info; - #if GRUB_MACHINE_HAS_VBE - grub_vbe_status_t status; -- void *scratch = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ void *scratch = grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - - status = grub_vbe_bios_get_controller_info (scratch); - if (status != GRUB_VBE_STATUS_OK) -diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c -index 9a943d7bdd..2ad210e7f9 100644 ---- a/grub-core/loader/multiboot_mbi2.c -+++ b/grub-core/loader/multiboot_mbi2.c -@@ -504,7 +504,7 @@ static void - fill_vbe_tag (struct multiboot_tag_vbe *tag) - { - grub_vbe_status_t status; -- void *scratch = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ void *scratch = grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - - tag->type = MULTIBOOT_TAG_TYPE_VBE; - tag->size = 0; -@@ -577,7 +577,7 @@ retrieve_video_parameters (grub_properly_aligned_t **ptrorig) - #if defined (GRUB_MACHINE_PCBIOS) - { - grub_vbe_status_t status; -- void *scratch = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ void *scratch = grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - status = grub_vbe_bios_get_mode (scratch); - vbe_mode = *(grub_uint32_t *) scratch; - if (status != GRUB_VBE_STATUS_OK) -diff --git a/grub-core/mmap/i386/pc/mmap.c b/grub-core/mmap/i386/pc/mmap.c -index 6ab4f67309..b9c5b0a002 100644 ---- a/grub-core/mmap/i386/pc/mmap.c -+++ b/grub-core/mmap/i386/pc/mmap.c -@@ -80,13 +80,13 @@ preboot (int noreturn __attribute__ ((unused))) - = min (grub_mmap_get_post64 (), 0xfc000000ULL) >> 16; - - /* Correct BDA. */ -- *((grub_uint16_t *) 0x413) = grub_mmap_get_lower () >> 10; -+ *((grub_uint16_t *) grub_absolute_pointer (0x413)) = grub_mmap_get_lower () >> 10; - - /* Save old interrupt handlers. */ -- grub_machine_mmaphook_int12offset = *((grub_uint16_t *) 0x48); -- grub_machine_mmaphook_int12segment = *((grub_uint16_t *) 0x4a); -- grub_machine_mmaphook_int15offset = *((grub_uint16_t *) 0x54); -- grub_machine_mmaphook_int15segment = *((grub_uint16_t *) 0x56); -+ grub_machine_mmaphook_int12offset = *((grub_uint16_t *) grub_absolute_pointer (0x48)); -+ grub_machine_mmaphook_int12segment = *((grub_uint16_t *) grub_absolute_pointer (0x4a)); -+ grub_machine_mmaphook_int15offset = *((grub_uint16_t *) grub_absolute_pointer (0x54)); -+ grub_machine_mmaphook_int15segment = *((grub_uint16_t *) grub_absolute_pointer (0x56)); - - grub_dprintf ("mmap", "hooktarget = %p\n", hooktarget); - -@@ -94,11 +94,11 @@ preboot (int noreturn __attribute__ ((unused))) - grub_memcpy (hooktarget, &grub_machine_mmaphook_start, - &grub_machine_mmaphook_end - &grub_machine_mmaphook_start); - -- *((grub_uint16_t *) 0x4a) = ((grub_addr_t) hooktarget) >> 4; -- *((grub_uint16_t *) 0x56) = ((grub_addr_t) hooktarget) >> 4; -- *((grub_uint16_t *) 0x48) = &grub_machine_mmaphook_int12 -+ *((grub_uint16_t *) grub_absolute_pointer (0x4a)) = ((grub_addr_t) hooktarget) >> 4; -+ *((grub_uint16_t *) grub_absolute_pointer (0x56)) = ((grub_addr_t) hooktarget) >> 4; -+ *((grub_uint16_t *) grub_absolute_pointer (0x48)) = &grub_machine_mmaphook_int12 - - &grub_machine_mmaphook_start; -- *((grub_uint16_t *) 0x54) = &grub_machine_mmaphook_int15 -+ *((grub_uint16_t *) grub_absolute_pointer (0x54)) = &grub_machine_mmaphook_int15 - - &grub_machine_mmaphook_start; - - return GRUB_ERR_NONE; -@@ -108,10 +108,10 @@ static grub_err_t - preboot_rest (void) - { - /* Restore old interrupt handlers. */ -- *((grub_uint16_t *) 0x48) = grub_machine_mmaphook_int12offset; -- *((grub_uint16_t *) 0x4a) = grub_machine_mmaphook_int12segment; -- *((grub_uint16_t *) 0x54) = grub_machine_mmaphook_int15offset; -- *((grub_uint16_t *) 0x56) = grub_machine_mmaphook_int15segment; -+ *((grub_uint16_t *) grub_absolute_pointer (0x48)) = grub_machine_mmaphook_int12offset; -+ *((grub_uint16_t *) grub_absolute_pointer (0x4a)) = grub_machine_mmaphook_int12segment; -+ *((grub_uint16_t *) grub_absolute_pointer (0x54)) = grub_machine_mmaphook_int15offset; -+ *((grub_uint16_t *) grub_absolute_pointer (0x56)) = grub_machine_mmaphook_int15segment; - - return GRUB_ERR_NONE; - } -diff --git a/grub-core/net/drivers/i386/pc/pxe.c b/grub-core/net/drivers/i386/pc/pxe.c -index 3f4152d036..313ed250e8 100644 ---- a/grub-core/net/drivers/i386/pc/pxe.c -+++ b/grub-core/net/drivers/i386/pc/pxe.c -@@ -174,7 +174,7 @@ grub_pxe_recv (struct grub_net_card *dev __attribute__ ((unused))) - grub_uint8_t *ptr, *end; - struct grub_net_buff *buf; - -- isr = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ isr = (void *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - - if (!in_progress) - { -@@ -256,11 +256,11 @@ grub_pxe_send (struct grub_net_card *dev __attribute__ ((unused)), - struct grub_pxe_undi_tbd *tbd; - char *buf; - -- trans = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ trans = (void *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - grub_memset (trans, 0, sizeof (*trans)); -- tbd = (void *) (GRUB_MEMORY_MACHINE_SCRATCH_ADDR + 128); -+ tbd = (void *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR + 128); - grub_memset (tbd, 0, sizeof (*tbd)); -- buf = (void *) (GRUB_MEMORY_MACHINE_SCRATCH_ADDR + 256); -+ buf = (void *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR + 256); - grub_memcpy (buf, pack->data, pack->tail - pack->data); - - trans->tbd = SEGOFS ((grub_addr_t) tbd); -@@ -287,7 +287,7 @@ static grub_err_t - grub_pxe_open (struct grub_net_card *dev __attribute__ ((unused))) - { - struct grub_pxe_undi_open *ou; -- ou = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ ou = (void *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - grub_memset (ou, 0, sizeof (*ou)); - ou->pkt_filter = 4; - grub_pxe_call (GRUB_PXENV_UNDI_OPEN, ou, pxe_rm_entry); -@@ -382,7 +382,7 @@ GRUB_MOD_INIT(pxe) - if (! pxenv) - return; - -- ui = (void *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ ui = (void *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - grub_memset (ui, 0, sizeof (*ui)); - grub_pxe_call (GRUB_PXENV_UNDI_GET_INFORMATION, ui, pxe_rm_entry); - -diff --git a/grub-core/term/i386/pc/console.c b/grub-core/term/i386/pc/console.c -index f6142a2dea..d70ee4af05 100644 ---- a/grub-core/term/i386/pc/console.c -+++ b/grub-core/term/i386/pc/console.c -@@ -238,12 +238,11 @@ grub_console_getkey (struct grub_term_input *term __attribute__ ((unused))) - return (regs.eax & 0xff) + (('a' - 1) | GRUB_TERM_CTRL); - } - --static const struct grub_machine_bios_data_area *bios_data_area = -- (struct grub_machine_bios_data_area *) GRUB_MEMORY_MACHINE_BIOS_DATA_AREA_ADDR; -- - static int - grub_console_getkeystatus (struct grub_term_input *term __attribute__ ((unused))) - { -+ const struct grub_machine_bios_data_area *bios_data_area = -+ (struct grub_machine_bios_data_area *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_BIOS_DATA_AREA_ADDR); - /* conveniently GRUB keystatus is modelled after BIOS one. */ - return bios_data_area->keyboard_flag_lower & ~0x80; - } -diff --git a/grub-core/term/i386/pc/vga_text.c b/grub-core/term/i386/pc/vga_text.c -index 88fecc5ea5..669d06fad7 100644 ---- a/grub-core/term/i386/pc/vga_text.c -+++ b/grub-core/term/i386/pc/vga_text.c -@@ -45,15 +45,15 @@ GRUB_MOD_LICENSE ("GPLv3+"); - static struct grub_term_coordinate grub_curr_pos; - - #ifdef __mips__ --#define VGA_TEXT_SCREEN ((grub_uint16_t *) 0xb00b8000) -+#define VGA_TEXT_SCREEN ((grub_uint16_t *) grub_absolute_pointer (0xb00b8000)) - #define cr_read grub_vga_cr_read - #define cr_write grub_vga_cr_write - #elif defined (MODE_MDA) --#define VGA_TEXT_SCREEN ((grub_uint16_t *) 0xb0000) -+#define VGA_TEXT_SCREEN ((grub_uint16_t *) grub_absolute_pointer (0xb0000)) - #define cr_read grub_vga_cr_bw_read - #define cr_write grub_vga_cr_bw_write - #else --#define VGA_TEXT_SCREEN ((grub_uint16_t *) 0xb8000) -+#define VGA_TEXT_SCREEN ((grub_uint16_t *) grub_absolute_pointer (0xb8000)) - #define cr_read grub_vga_cr_read - #define cr_write grub_vga_cr_write - #endif -diff --git a/grub-core/term/ns8250.c b/grub-core/term/ns8250.c -index 39809d0423..622670d179 100644 ---- a/grub-core/term/ns8250.c -+++ b/grub-core/term/ns8250.c -@@ -28,7 +28,6 @@ - - #ifdef GRUB_MACHINE_PCBIOS - #include --static const unsigned short *serial_hw_io_addr = (const unsigned short *) GRUB_MEMORY_MACHINE_BIOS_DATA_AREA_ADDR; - #define GRUB_SERIAL_PORT_NUM 4 - #else - #include -@@ -237,6 +236,9 @@ static struct grub_serial_port com_ports[GRUB_SERIAL_PORT_NUM]; - void - grub_ns8250_init (void) - { -+#ifdef GRUB_MACHINE_PCBIOS -+ const unsigned short *serial_hw_io_addr = (const unsigned short *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_BIOS_DATA_AREA_ADDR); -+#endif - unsigned i; - for (i = 0; i < GRUB_SERIAL_PORT_NUM; i++) - if (serial_hw_io_addr[i]) -@@ -272,6 +274,9 @@ grub_ns8250_init (void) - grub_port_t - grub_ns8250_hw_get_port (const unsigned int unit) - { -+#ifdef GRUB_MACHINE_PCBIOS -+ const unsigned short *serial_hw_io_addr = (const unsigned short *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_BIOS_DATA_AREA_ADDR); -+#endif - if (unit < GRUB_SERIAL_PORT_NUM - && !(dead_ports & (1 << unit))) - return serial_hw_io_addr[unit]; -diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c -index 68700ecda1..8c8cbf07eb 100644 ---- a/grub-core/video/i386/pc/vbe.c -+++ b/grub-core/video/i386/pc/vbe.c -@@ -514,7 +514,7 @@ grub_vbe_probe (struct grub_vbe_info_block *info_block) - - /* Use low memory scratch area as temporary storage - for VESA BIOS call. */ -- vbe_ib = (struct grub_vbe_info_block *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ vbe_ib = (struct grub_vbe_info_block *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - - /* Prepare info block. */ - grub_memset (vbe_ib, 0, sizeof (*vbe_ib)); -@@ -574,7 +574,7 @@ grub_vbe_get_preferred_mode (unsigned int *width, unsigned int *height) - - /* Use low memory scratch area as temporary storage for VESA BIOS calls. */ - flat_panel_info = (struct grub_vbe_flat_panel_info *) -- (GRUB_MEMORY_MACHINE_SCRATCH_ADDR + sizeof (struct grub_video_edid_info)); -+ grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR + sizeof (struct grub_video_edid_info)); - - if (controller_info.version >= 0x200 - && (grub_vbe_bios_get_ddc_capabilities (&ddc_level) & 0xff) -@@ -676,7 +676,7 @@ grub_vbe_set_video_mode (grub_uint32_t vbe_mode, - == GRUB_VBE_MEMORY_MODEL_PACKED_PIXEL) - { - struct grub_vbe_palette_data *palette -- = (struct grub_vbe_palette_data *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR; -+ = (struct grub_vbe_palette_data *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR); - unsigned i; - - /* Make sure that the BIOS can reach the palette. */ -diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index 8f3be3ae70..e159f0e292 100644 ---- a/include/grub/compiler.h -+++ b/include/grub/compiler.h -@@ -56,4 +56,15 @@ - # define CLANG_PREREQ(maj,min) 0 - #endif - -+#if defined(__GNUC__) -+# define grub_absolute_pointer(val) \ -+({ \ -+ unsigned long __ptr; \ -+ __asm__ ("" : "=r"(__ptr) : "0"((void *)(val))); \ -+ (void *) (__ptr); \ -+}) -+#else -+# define grub_absolute_pointer(val) ((void *)(val)) -+#endif -+ - #endif /* ! GRUB_COMPILER_HEADER */ --- -2.34.1 - diff --git a/0002-Mark-environmet-blocks-as-used-for-image-embedding.patch b/0002-Mark-environmet-blocks-as-used-for-image-embedding.patch index 5378617..119dc57 100644 --- a/0002-Mark-environmet-blocks-as-used-for-image-embedding.patch +++ b/0002-Mark-environmet-blocks-as-used-for-image-embedding.patch @@ -16,11 +16,9 @@ Signed-off-by: Michael Chang util/grub-editenv.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 979ba1b28..7017248d1 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c -@@ -2551,7 +2551,7 @@ struct embed_region { +@@ -2637,7 +2637,7 @@ static const struct { struct embed_region available; @@ -29,7 +27,7 @@ index 979ba1b28..7017248d1 100644 } btrfs_head = { .available = {0, GRUB_DISK_KiB_TO_SECTORS (1024)}, /* The first 1 MiB. */ .used = { -@@ -2559,6 +2559,7 @@ static const struct { +@@ -2645,6 +2645,7 @@ {GRUB_DISK_KiB_TO_SECTORS (64) - 1, 1}, /* Overflow guard. */ {GRUB_DISK_KiB_TO_SECTORS (64), GRUB_DISK_KiB_TO_SECTORS (4)}, /* 4 KiB superblock. */ {GRUB_DISK_KiB_TO_SECTORS (68), 1}, /* Overflow guard. */ @@ -37,22 +35,18 @@ index 979ba1b28..7017248d1 100644 {GRUB_DISK_KiB_TO_SECTORS (1024) - 1, 1}, /* Overflow guard. */ {0, 0} /* Array terminator. */ } -diff --git a/include/grub/fs.h b/include/grub/fs.h -index 026bc3bb8..4c380e334 100644 --- a/include/grub/fs.h +++ b/include/grub/fs.h -@@ -128,4 +128,6 @@ grub_fs_unregister (grub_fs_t fs) +@@ -128,4 +128,6 @@ grub_fs_t EXPORT_FUNC(grub_fs_probe) (grub_device_t device); +#define ENV_BTRFS_OFFSET (256) + #endif /* ! GRUB_FS_HEADER */ -diff --git a/util/grub-editenv.c b/util/grub-editenv.c -index a02d3f2a6..af30aabe7 100644 --- a/util/grub-editenv.c +++ b/util/grub-editenv.c -@@ -128,7 +128,7 @@ struct fs_envblk_spec { +@@ -128,7 +128,7 @@ int offset; int size; } fs_envblk_spec[] = { @@ -61,6 +55,3 @@ index a02d3f2a6..af30aabe7 100644 { NULL, 0, 0 } }; --- -2.35.3 - diff --git a/0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch b/0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch index e7caa33..0501dd6 100644 --- a/0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch +++ b/0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch @@ -14,11 +14,9 @@ Signed-off-by: Michael Chang grub-core/loader/linux.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index e4018e65e..fc71a78d7 100644 --- a/grub-core/loader/linux.c +++ b/grub-core/loader/linux.c -@@ -32,6 +32,7 @@ struct grub_linux_initrd_component +@@ -32,6 +32,7 @@ char *buf; char *newc_name; grub_off_t size; @@ -26,7 +24,7 @@ index e4018e65e..fc71a78d7 100644 }; struct dir -@@ -202,6 +203,7 @@ grub_initrd_component (const char *buf, int bufsz, const char *newc_name, +@@ -203,6 +204,7 @@ grub_memcpy (comp->buf, buf, bufsz); initrd_ctx->nfiles++; comp->size = bufsz; @@ -34,7 +32,7 @@ index e4018e65e..fc71a78d7 100644 if (grub_add (initrd_ctx->size, comp->size, &initrd_ctx->size)) goto overflow; -@@ -271,6 +273,7 @@ grub_initrd_init (int argc, char *argv[], +@@ -272,6 +274,7 @@ grub_initrd_close (initrd_ctx); return grub_errno; } @@ -42,7 +40,7 @@ index e4018e65e..fc71a78d7 100644 name_len = grub_strlen (initrd_ctx->components[i].newc_name) + 1; if (grub_add (initrd_ctx->size, ALIGN_UP (sizeof (struct newc_head) + name_len, 4), -@@ -372,6 +375,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, +@@ -374,6 +377,7 @@ if (initrd_ctx->components[i].newc_name) { grub_size_t dir_size; @@ -50,7 +48,7 @@ index e4018e65e..fc71a78d7 100644 if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, &dir_size)) -@@ -383,7 +387,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, +@@ -385,7 +389,7 @@ ptr += dir_size; ptr = make_header (ptr, initrd_ctx->components[i].newc_name, grub_strlen (initrd_ctx->components[i].newc_name) + 1, @@ -59,6 +57,3 @@ index e4018e65e..fc71a78d7 100644 initrd_ctx->components[i].size); newc = 1; } --- -2.39.2 - diff --git a/0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch b/0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch index 6938346..fa2c6a0 100644 --- a/0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch +++ b/0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch @@ -13,11 +13,9 @@ make sure they exist. grub-core/loader/arm64/efi/linux.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index d81a6d843..98c4f038b 100644 --- a/grub-core/loader/arm64/efi/linux.c +++ b/grub-core/loader/arm64/efi/linux.c -@@ -126,7 +126,21 @@ finalize_params_linux (void) +@@ -99,7 +99,21 @@ node = grub_fdt_find_subnode (fdt, 0, "chosen"); if (node < 0) @@ -40,6 +38,3 @@ index d81a6d843..98c4f038b 100644 if (node < 1) goto failure; --- -2.26.2 - diff --git a/0002-cmdline-Provide-cmdline-functions-as-module.patch b/0002-cmdline-Provide-cmdline-functions-as-module.patch index 12dae60..fe21079 100644 --- a/0002-cmdline-Provide-cmdline-functions-as-module.patch +++ b/0002-cmdline-Provide-cmdline-functions-as-module.patch @@ -14,29 +14,25 @@ Signed-off-by: Michael Chang grub-core/lib/cmdline.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c413267a0..6045da47b 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -1790,7 +1790,6 @@ module = { - riscv64 = loader/riscv/linux.c; +@@ -1860,7 +1860,6 @@ + x86_64_efi = loader/efi/linux.c; emu = loader/emu/linux.c; common = loader/linux.c; - common = lib/cmdline.c; }; module = { -@@ -2518,3 +2517,8 @@ module = { - common = commands/i386/wrmsr.c; - enable = x86; +@@ -2611,3 +2610,8 @@ + efi = commands/bli.c; + enable = efi; }; + +module = { + name = cmdline; + common = lib/cmdline.c; +}; -diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c -index ed0b149dc..bd392e30f 100644 --- a/grub-core/lib/cmdline.c +++ b/grub-core/lib/cmdline.c @@ -19,6 +19,9 @@ @@ -49,6 +45,3 @@ index ed0b149dc..bd392e30f 100644 static unsigned int check_arg (char *c, int *has_space) { --- -2.26.2 - diff --git a/0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch b/0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch deleted file mode 100644 index 77b5555..0000000 --- a/0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 1f41f020f73131574cd7aee4e0e09d4c56277d1e Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Wed, 13 Jul 2022 10:06:11 +0800 -Subject: [PATCH 2/3] commands/efi/tpm: Use grub_strcpy() instead of - grub_memcpy() - -The event description is a string, so using grub_strcpy() is cleaner than -using grub_memcpy(). - -Signed-off-by: Lu Ken -Reviewed-by: Daniel Kiper ---- - grub-core/commands/efi/tpm.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index 19737b462..e032617d8 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -177,7 +177,7 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, - event->PCRIndex = pcr; - event->EventType = EV_IPL; - event->EventSize = grub_strlen (description) + 1; -- grub_memcpy (event->Event, description, event->EventSize); -+ grub_strcpy ((char *) event->Event, description); - - algorithm = TCG_ALG_SHA; - status = efi_call_7 (tpm->log_extend_event, tpm, (grub_addr_t) buf, (grub_uint64_t) size, -@@ -299,7 +299,7 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, - event->Header.EventType = EV_IPL; - event->Size = - sizeof (*event) - sizeof (event->Event) + grub_strlen (description) + 1; -- grub_memcpy (event->Event, description, grub_strlen (description) + 1); -+ grub_strcpy ((char *) event->Event, description); - - status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (grub_addr_t) buf, - (grub_uint64_t) size, event); --- -2.35.3 - diff --git a/0002-cryptodisk-Fallback-to-passphrase.patch b/0002-cryptodisk-Fallback-to-passphrase.patch new file mode 100644 index 0000000..3b0c921 --- /dev/null +++ b/0002-cryptodisk-Fallback-to-passphrase.patch @@ -0,0 +1,41 @@ +From 7cc578baf26986c2badce998125b429a2aeb4d33 Mon Sep 17 00:00:00 2001 +From: Patrick Colp +Date: Sun, 30 Jul 2023 12:58:18 -0700 +Subject: [PATCH 2/4] cryptodisk: Fallback to passphrase + +If a protector is specified, but it fails to unlock the disk, fall back +to asking for the passphrase. However, an error was set indicating that +the protector(s) failed. Later code (e.g., LUKS code) fails as +`grub_errno` is now set. Print the existing errors out first, before +proceeding with the passphrase. + +Signed-off-by: Patrick Colp +--- + grub-core/disk/cryptodisk.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index 6620fca00..cf37a0934 100644 +--- a/grub-core/disk/cryptodisk.c ++++ b/grub-core/disk/cryptodisk.c +@@ -1191,11 +1191,16 @@ grub_cryptodisk_scan_device_real (const char *name, + source->name, source->partition != NULL ? "," : "", + part != NULL ? part : N_("UNKNOWN"), dev->uuid); + grub_free (part); +- goto error; + } + + if (!cargs->key_len) + { ++ if (grub_errno) ++ { ++ grub_print_error (); ++ grub_errno = GRUB_ERR_NONE; ++ } ++ + /* Get the passphrase from the user, if no key data. */ + askpass = 1; + part = grub_partition_get_name (source->partition); +-- +2.35.3 + diff --git a/0002-cryptodisk-Refactor-to-discard-have_it-global.patch b/0002-cryptodisk-Refactor-to-discard-have_it-global.patch deleted file mode 100644 index a7a0555..0000000 --- a/0002-cryptodisk-Refactor-to-discard-have_it-global.patch +++ /dev/null @@ -1,187 +0,0 @@ -From 4ace73cc192bc63a00f4208b34981a6d91947811 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:51 -0600 -Subject: [PATCH 02/14] cryptodisk: Refactor to discard have_it global - -The global "have_it" was never used by the crypto-backends, but was used to -determine if a crypto-backend successfully mounted a cryptodisk with a given -UUID. This is not needed however, because grub_device_iterate() will return -1 if and only if grub_cryptodisk_scan_device() returns 1. And -grub_cryptodisk_scan_device() will now only return 1 if a search_uuid has -been specified and a cryptodisk was successfully setup by a crypto-backend or -a cryptodisk of the requested UUID is already open. - -To implement this grub_cryptodisk_scan_device_real() is modified to return -a cryptodisk or NULL on failure and having the appropriate grub_errno set to -indicated failure. Note that grub_cryptodisk_scan_device_real() will fail now -with a new errno GRUB_ERR_BAD_MODULE when none of the cryptodisk backend -modules succeed in identifying the source disk. - -With this change grub_device_iterate() will return 1 when a crypto device is -successfully decrypted or when the source device has already been successfully -opened. Prior to this change, trying to mount an already successfully opened -device would trigger an error with the message "no such cryptodisk found", -which is at best misleading. The mount should silently succeed in this case, -which is what happens with this patch. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 56 +++++++++++++++++++++++-------------- - 1 file changed, 35 insertions(+), 21 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 90f82b2d39..9df3d310fe 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -983,7 +983,7 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk) - - #endif - --static int check_boot, have_it; -+static int check_boot; - static char *search_uuid; - - static void -@@ -995,7 +995,7 @@ cryptodisk_close (grub_cryptodisk_t dev) - grub_free (dev); - } - --static grub_err_t -+static grub_cryptodisk_t - grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) - { - grub_err_t err; -@@ -1005,13 +1005,13 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) - dev = grub_cryptodisk_get_by_source_disk (source); - - if (dev) -- return GRUB_ERR_NONE; -+ return dev; - - FOR_CRYPTODISK_DEVS (cr) - { - dev = cr->scan (source, search_uuid, check_boot); - if (grub_errno) -- return grub_errno; -+ return NULL; - if (!dev) - continue; - -@@ -1019,16 +1019,16 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) - if (err) - { - cryptodisk_close (dev); -- return err; -+ return NULL; - } - - grub_cryptodisk_insert (dev, name, source); - -- have_it = 1; -- -- return GRUB_ERR_NONE; -+ return dev; - } -- return GRUB_ERR_NONE; -+ -+ grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk module can handle this device"); -+ return NULL; - } - - #ifdef GRUB_UTIL -@@ -1082,8 +1082,10 @@ static int - grub_cryptodisk_scan_device (const char *name, - void *data __attribute__ ((unused))) - { -- grub_err_t err; -+ int ret = 0; - grub_disk_t source; -+ grub_cryptodisk_t dev; -+ grub_errno = GRUB_ERR_NONE; - - /* Try to open disk. */ - source = grub_disk_open (name); -@@ -1093,13 +1095,26 @@ grub_cryptodisk_scan_device (const char *name, - return 0; - } - -- err = grub_cryptodisk_scan_device_real (name, source); -+ dev = grub_cryptodisk_scan_device_real (name, source); -+ if (dev) -+ { -+ ret = (search_uuid != NULL && grub_strcasecmp (search_uuid, dev->uuid) == 0); -+ goto cleanup; -+ } - -- grub_disk_close (source); -- -- if (err) -+ /* -+ * Do not print error when err is GRUB_ERR_BAD_MODULE to avoid many unhelpful -+ * error messages. -+ */ -+ if (grub_errno == GRUB_ERR_BAD_MODULE) -+ grub_error_pop (); -+ -+ if (grub_errno != GRUB_ERR_NONE) - grub_print_error (); -- return have_it && search_uuid ? 1 : 0; -+ -+ cleanup: -+ grub_disk_close (source); -+ return ret; - } - - static grub_err_t -@@ -1110,9 +1125,9 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - if (argc < 1 && !state[1].set && !state[2].set) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); - -- have_it = 0; - if (state[0].set) - { -+ int found_uuid; - grub_cryptodisk_t dev; - - dev = grub_cryptodisk_get_by_uuid (args[0]); -@@ -1125,10 +1140,10 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - - check_boot = state[2].set; - search_uuid = args[0]; -- grub_device_iterate (&grub_cryptodisk_scan_device, NULL); -+ found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, NULL); - search_uuid = NULL; - -- if (!have_it) -+ if (!found_uuid) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found"); - return GRUB_ERR_NONE; - } -@@ -1142,7 +1157,6 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - } - else - { -- grub_err_t err; - grub_disk_t disk; - grub_cryptodisk_t dev; - char *diskname; -@@ -1178,13 +1192,13 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - return GRUB_ERR_NONE; - } - -- err = grub_cryptodisk_scan_device_real (diskname, disk); -+ dev = grub_cryptodisk_scan_device_real (diskname, disk); - - grub_disk_close (disk); - if (disklast) - *disklast = ')'; - -- return err; -+ return (dev == NULL) ? grub_errno : GRUB_ERR_NONE; - } - } - --- -2.34.1 - diff --git a/0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch b/0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch deleted file mode 100644 index a03e641..0000000 --- a/0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch +++ /dev/null @@ -1,127 +0,0 @@ -From a25627c13b7e1e6998a14b5dd23b04b28465d737 Mon Sep 17 00:00:00 2001 -From: Josselin Poiret via Grub-devel -Date: Tue, 14 Jun 2022 15:47:30 +0200 -Subject: [PATCH 02/10] devmapper/getroot: Set up cheated LUKS2 cryptodisk - mount from DM parameters - -This lets a LUKS2 cryptodisk have its cipher and hash filled out, -otherwise they wouldn't be initialized if cheat mounted. ---- - grub-core/osdep/devmapper/getroot.c | 91 +++++++++++++++++++++++++++++++++++- - 1 file changed, 90 insertions(+), 1 deletion(-) - ---- a/grub-core/osdep/devmapper/getroot.c -+++ b/grub-core/osdep/devmapper/getroot.c -@@ -51,6 +51,8 @@ - #include - #include - -+#include -+ - static int - grub_util_open_dm (const char *os_dev, struct dm_tree **tree, - struct dm_tree_node **node) -@@ -186,7 +188,6 @@ - && lastsubdev) - { - char *grdev = grub_util_get_grub_dev (lastsubdev); -- dm_tree_free (tree); - if (grdev) - { - grub_err_t err; -@@ -194,7 +195,95 @@ - if (err) - grub_util_error (_("can't mount encrypted volume `%s': %s"), - lastsubdev, grub_errmsg); -+ if (strncmp (uuid, "CRYPT-LUKS2-", sizeof ("CRYPT-LUKS2-") - 1) == 0) -+ { -+ /* set LUKS2 cipher from dm parameters, since it is not -+ * possible to determine the correct one without -+ * unlocking, as there might be multiple segments. -+ */ -+ grub_disk_t source; -+ grub_cryptodisk_t cryptodisk; -+ grub_uint64_t start, length; -+ char *target_type; -+ char *params; -+ const char *name; -+ char *cipher, *cipher_mode; -+ struct dm_task *dmt; -+ char *seek_head, *c; -+ unsigned int remaining; -+ -+ source = grub_disk_open (grdev); -+ cryptodisk = grub_cryptodisk_get_by_source_disk (source); -+ grub_disk_close (source); -+ -+ name = dm_tree_node_get_name (node); -+ -+ grub_util_info ("populating parameters of cryptomount `%s' from DM device `%s'", -+ uuid, name); -+ -+ dmt = dm_task_create (DM_DEVICE_TABLE); -+ if (dmt == 0) -+ grub_util_error (_("can't create dm task DM_DEVICE_TABLE")); -+ if (dm_task_set_name (dmt, name) == 0) -+ grub_util_error (_("can't set dm task name to `%s'"), name); -+ if (dm_task_run (dmt) == 0) -+ grub_util_error (_("can't run dm task for `%s'"), name); -+ /* dm_get_next_target doesn't have any error modes, everything has -+ * been handled by dm_task_run. -+ */ -+ dm_get_next_target (dmt, NULL, &start, &length, -+ &target_type, ¶ms); -+ if (strncmp (target_type, "crypt", sizeof ("crypt")) != 0) -+ grub_util_error (_("dm target of type `%s' is not `crypt'"), -+ target_type); -+ -+ /* dm target parameters for dm-crypt is -+ * [<#opt_params> ...] -+ */ -+ c = params; -+ remaining = grub_strlen (c); -+ -+ /* first, get the cipher name from the cipher */ -+ if (!(seek_head = grub_memchr (c, '-', remaining))) -+ grub_util_error (_("can't get cipher from dm-crypt parameters `%s'"), -+ params); -+ cipher = grub_strndup (c, seek_head - c); -+ remaining -= seek_head - c + 1; -+ c = seek_head + 1; -+ -+ /* now, the cipher mode */ -+ if (!(seek_head = grub_memchr (c, ' ', remaining))) -+ grub_util_error (_("can't get cipher mode from dm-crypt parameters `%s'"), -+ params); -+ cipher_mode = grub_strndup (c, seek_head - c); -+ remaining -= seek_head - c + 1; -+ c = seek_head + 1; -+ -+ err = grub_cryptodisk_setcipher (cryptodisk, cipher, cipher_mode); -+ if (err) -+ { -+ grub_util_error (_("can't set cipher of cryptodisk `%s' to `%s' with mode `%s'"), -+ uuid, cipher, cipher_mode); -+ } -+ -+ grub_free (cipher); -+ grub_free (cipher_mode); -+ -+ /* This is the only hash usable by PBKDF2, and we don't -+ * have Argon2 support yet, so set it by default, -+ * otherwise grub-probe would miss the required -+ * abstraction -+ */ -+ cryptodisk->hash = grub_crypto_lookup_md_by_name ("sha256"); -+ if (cryptodisk->hash == 0) -+ { -+ grub_util_error (_("can't lookup hash sha256 by name")); -+ } -+ -+ dm_task_destroy (dmt); -+ } - } -+ dm_tree_free (tree); - grub_free (grdev); - } - else diff --git a/0002-discard-cached-key-before-entering-grub-shell-and-ed.patch b/0002-discard-cached-key-before-entering-grub-shell-and-ed.patch index 95faef3..e80daec 100644 --- a/0002-discard-cached-key-before-entering-grub-shell-and-ed.patch +++ b/0002-discard-cached-key-before-entering-grub-shell-and-ed.patch @@ -17,7 +17,7 @@ Signed-off-by: Michael Chang --- a/grub-core/commands/crypttab.c +++ b/grub-core/commands/crypttab.c -@@ -49,6 +49,22 @@ +@@ -53,6 +53,22 @@ return GRUB_ERR_NONE; } @@ -50,7 +50,7 @@ Signed-off-by: Michael Chang GRUB_MOD_LICENSE ("GPLv3+"); -@@ -477,6 +478,7 @@ +@@ -478,6 +479,7 @@ return; } diff --git a/0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch deleted file mode 100644 index 35e83b8..0000000 --- a/0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 84c4323c004b495993a3d0dbfa94d8675ae06f03 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 00:51:20 +0800 -Subject: [PATCH 02/12] font: Fix size overflow in - grub_font_get_glyph_internal() - -The length of memory allocation and file read may overflow. This patch -fixes the problem by using safemath macros. - -There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe -if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). -It is safe replacement for such code. It has safemath-like prototype. - -This patch also introduces grub_cast(value, pointer), it casts value to -typeof(*pointer) then store the value to *pointer. It returns true when -overflow occurs or false if there is no overflow. The semantics of arguments -and return value are designed to be consistent with other safemath macros. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 17 +++++++++++++---- - include/grub/bitmap.h | 18 ++++++++++++++++++ - include/grub/safemath.h | 2 ++ - 3 files changed, 33 insertions(+), 4 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 2f09a4a55..6a3fbebbd 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - grub_int16_t xoff; - grub_int16_t yoff; - grub_int16_t dwidth; -- int len; -+ grub_ssize_t len; -+ grub_size_t sz; - - if (index_entry->glyph) - /* Return cached glyph. */ -@@ -768,9 +769,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - return 0; - } - -- len = (width * height + 7) / 8; -- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); -- if (!glyph) -+ /* Calculate real struct size of current glyph. */ -+ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || -+ grub_add (sizeof (struct grub_font_glyph), len, &sz)) -+ { -+ remove_font (font); -+ return 0; -+ } -+ -+ /* Allocate and initialize the glyph struct. */ -+ glyph = grub_malloc (sz); -+ if (glyph == NULL) - { - remove_font (font); - return 0; -diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h -index 5728f8ca3..0d9603f61 100644 ---- a/include/grub/bitmap.h -+++ b/include/grub/bitmap.h -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - struct grub_video_bitmap - { -@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) - return bitmap->mode_info.height; - } - -+/* -+ * Calculate and store the size of data buffer of 1bit bitmap in result. -+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. -+ * Return true when overflow occurs or false if there is no overflow. -+ * This function is intentionally implemented as a macro instead of -+ * an inline function. Although a bit awkward, it preserves data types for -+ * safemath macros and reduces macro side effects as much as possible. -+ * -+ * XXX: Will report false overflow if width * height > UINT64_MAX. -+ */ -+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ -+({ \ -+ grub_uint64_t _bitmap_pixels; \ -+ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ -+ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ -+}) -+ - void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, - struct grub_video_mode_info *mode_info); - -diff --git a/include/grub/safemath.h b/include/grub/safemath.h -index c17b89bba..bb0f826de 100644 ---- a/include/grub/safemath.h -+++ b/include/grub/safemath.h -@@ -30,6 +30,8 @@ - #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) - #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) - -+#define grub_cast(a, res) grub_add ((a), 0, (res)) -+ - #else - #error gcc 5.1 or newer or clang 3.8 or newer is required - #endif --- -2.35.3 - diff --git a/0002-ieee1275-claim-more-memory.patch b/0002-ieee1275-claim-more-memory.patch deleted file mode 100644 index a7aaae0..0000000 --- a/0002-ieee1275-claim-more-memory.patch +++ /dev/null @@ -1,242 +0,0 @@ -From 7f2590e8715b634ffea9cb7b538ac076d86fab40 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Wed, 15 Apr 2020 23:28:29 +1000 -Subject: [PATCH 02/23] ieee1275: claim more memory - -On powerpc-ieee1275, we are running out of memory trying to verify -anything. This is because: - - - we have to load an entire file into memory to verify it. This is - extremely difficult to change with appended signatures. - - We only have 32MB of heap. - - Distro kernels are now often around 30MB. - -So we want to claim more memory from OpenFirmware for our heap. - -There are some complications: - - - The grub mm code isn't the only thing that will make claims on - memory from OpenFirmware: - - * PFW/SLOF will have claimed some for their own use. - - * The ieee1275 loader will try to find other bits of memory that we - haven't claimed to place the kernel and initrd when we go to boot. - - * Once we load Linux, it will also try to claim memory. It claims - memory without any reference to /memory/available, it just starts - at min(top of RMO, 768MB) and works down. So we need to avoid this - area. See arch/powerpc/kernel/prom_init.c as of v5.11. - - - The smallest amount of memory a ppc64 KVM guest can have is 256MB. - It doesn't work with distro kernels but can work with custom kernels. - We should maintain support for that. (ppc32 can boot with even less, - and we shouldn't break that either.) - - - Even if a VM has more memory, the memory OpenFirmware makes available - as Real Memory Area can be restricted. A freshly created LPAR on a - PowerVM machine is likely to have only 256MB available to OpenFirmware - even if it has many gigabytes of memory allocated. - -EFI systems will attempt to allocate 1/4th of the available memory, -clamped to between 1M and 1600M. That seems like a good sort of -approach, we just need to figure out if 1/4 is the right fraction -for us. - -We don't know in advance how big the kernel and initrd are going to be, -which makes figuring out how much memory we can take a bit tricky. - -To figure out how much memory we should leave unused, I looked at: - - - an Ubuntu 20.04.1 ppc64le pseries KVM guest: - vmlinux: ~30MB - initrd: ~50MB - - - a RHEL8.2 ppc64le pseries KVM guest: - vmlinux: ~30MB - initrd: ~30MB - -Ubuntu VMs struggle to boot with just 256MB under SLOF. -RHEL likewise has a higher minimum supported memory figure. -So lets first consider a distro kernel and 512MB of addressible memory. -(This is the default case for anything booting under PFW.) Say we lose -131MB to PFW (based on some tests). This leaves us 381MB. 1/4 of 381MB -is ~95MB. That should be enough to verify a 30MB vmlinux and should -leave plenty of space to load Linux and the initrd. - -If we consider 256MB of RMA under PFW, we have just 125MB remaining. 1/4 -of that is a smidge under 32MB, which gives us very poor odds of verifying -a distro-sized kernel. However, if we need 80MB just to put the kernel -and initrd in memory, we can't claim any more than 45MB anyway. So 1/4 -will do. We'll come back to this later. - -grub is always built as a 32-bit binary, even if it's loading a ppc64 -kernel. So we can't address memory beyond 4GB. This gives a natural cap -of 1GB for powerpc-ieee1275. - -Also apply this 1/4 approach to i386-ieee1275, but keep the 32MB cap. - -make check still works for both i386 and powerpc and I've booted -powerpc grub with this change under SLOF and PFW. - -Signed-off-by: Daniel Axtens ---- - docs/grub-dev.texi | 6 ++- - grub-core/kern/ieee1275/init.c | 70 ++++++++++++++++++++++++++++------ - 2 files changed, 62 insertions(+), 14 deletions(-) - -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index 6c629a23e..c11f1ac46 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -1047,7 +1047,9 @@ space is limited to 4GiB. GRUB allocates pages from EFI for its heap, at most - 1.6 GiB. - - On i386-ieee1275 and powerpc-ieee1275 GRUB uses same stack as IEEE1275. --It allocates at most 32MiB for its heap. -+ -+On i386-ieee1275, GRUB allocates at most 32MiB for its heap. On -+powerpc-ieee1275, GRUB allocates up to 1GiB. - - On sparc64-ieee1275 stack is 256KiB and heap is 2MiB. - -@@ -1075,7 +1077,7 @@ In short: - @item i386-qemu @tab 60 KiB @tab < 4 GiB - @item *-efi @tab ? @tab < 1.6 GiB - @item i386-ieee1275 @tab ? @tab < 32 MiB --@item powerpc-ieee1275 @tab ? @tab < 32 MiB -+@item powerpc-ieee1275 @tab ? @tab < 1 GiB - @item sparc64-ieee1275 @tab 256KiB @tab 2 MiB - @item arm-uboot @tab 256KiB @tab 2 MiB - @item mips(el)-qemu_mips @tab 2MiB @tab 253 MiB -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index c15d40e55..d661a8da5 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -45,11 +45,12 @@ - #include - #endif - --/* The maximum heap size we're going to claim */ -+/* The maximum heap size we're going to claim. Not used by sparc. -+ We allocate 1/4 of the available memory under 4G, up to this limit. */ - #ifdef __i386__ - #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) --#else --#define HEAP_MAX_SIZE (unsigned long) (32 * 1024 * 1024) -+#else // __powerpc__ -+#define HEAP_MAX_SIZE (unsigned long) (1 * 1024 * 1024 * 1024) - #endif - - extern char _start[]; -@@ -146,16 +147,45 @@ grub_claim_heap (void) - + GRUB_KERNEL_MACHINE_STACK_SIZE), 0x200000); - } - #else --/* Helper for grub_claim_heap. */ -+/* Helper for grub_claim_heap on powerpc. */ -+static int -+heap_size (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, -+ void *data) -+{ -+ grub_uint32_t total = *(grub_uint32_t *)data; -+ -+ if (type != GRUB_MEMORY_AVAILABLE) -+ return 0; -+ -+ /* Do not consider memory beyond 4GB */ -+ if (addr > 0xffffffffUL) -+ return 0; -+ -+ if (addr + len > 0xffffffffUL) -+ len = 0xffffffffUL - addr; -+ -+ total += len; -+ *(grub_uint32_t *)data = total; -+ -+ return 0; -+} -+ - static int - heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - void *data) - { -- unsigned long *total = data; -+ grub_uint32_t total = *(grub_uint32_t *)data; - - if (type != GRUB_MEMORY_AVAILABLE) - return 0; - -+ /* Do not consider memory beyond 4GB */ -+ if (addr > 0xffffffffUL) -+ return 0; -+ -+ if (addr + len > 0xffffffffUL) -+ len = 0xffffffffUL - addr; -+ - if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_PRE1_5M_CLAIM)) - { - if (addr + len <= 0x180000) -@@ -169,10 +199,6 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - } - len -= 1; /* Required for some firmware. */ - -- /* Never exceed HEAP_MAX_SIZE */ -- if (*total + len > HEAP_MAX_SIZE) -- len = HEAP_MAX_SIZE - *total; -- - /* In theory, firmware should already prevent this from happening by not - listing our own image in /memory/available. The check below is intended - as a safeguard in case that doesn't happen. However, it doesn't protect -@@ -184,6 +210,18 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - len = 0; - } - -+ /* If this block contains 0x30000000 (768MB), do not claim below that. -+ Linux likes to claim memory at min(RMO top, 768MB) and works down -+ without reference to /memory/available. */ -+ if ((addr < 0x30000000) && ((addr + len) > 0x30000000)) -+ { -+ len = len - (0x30000000 - addr); -+ addr = 0x30000000; -+ } -+ -+ if (len > total) -+ len = total; -+ - if (len) - { - grub_err_t err; -@@ -192,10 +230,12 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - if (err) - return err; - grub_mm_init_region ((void *) (grub_addr_t) addr, len); -+ total -= len; - } - -- *total += len; -- if (*total >= HEAP_MAX_SIZE) -+ *(grub_uint32_t *)data = total; -+ -+ if (total == 0) - return 1; - - return 0; -@@ -204,7 +244,13 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - static void - grub_claim_heap (void) - { -- unsigned long total = 0; -+ grub_uint32_t total = 0; -+ -+ grub_machine_mmap_iterate (heap_size, &total); -+ -+ total = total / 4; -+ if (total > HEAP_MAX_SIZE) -+ total = HEAP_MAX_SIZE; - - if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_FORCE_CLAIM)) - heap_init (GRUB_IEEE1275_STATIC_HEAP_START, GRUB_IEEE1275_STATIC_HEAP_LEN, --- -2.31.1 - diff --git a/0002-ieee1275-implement-vec5-for-cas-negotiation.patch b/0002-ieee1275-implement-vec5-for-cas-negotiation.patch deleted file mode 100644 index 8976b0a..0000000 --- a/0002-ieee1275-implement-vec5-for-cas-negotiation.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 03056f35a73258fa68a809fba4aeab654ff35734 Mon Sep 17 00:00:00 2001 -From: Diego Domingos -Date: Thu, 25 Aug 2022 11:37:56 -0400 -Subject: [PATCH] ieee1275: implement vec5 for cas negotiation - -As a legacy support, if the vector 5 is not implemented, Power Hypervisor will -consider the max CPUs as 64 instead 256 currently supported during -client-architecture-support negotiation. - -This patch implements the vector 5 and set the MAX CPUs to 256 while setting the -others values to 0 (default). - -Signed-off-by: Diego Domingos -Acked-by: Daniel Axtens -Signed-off-by: Stefan Berger -Signed-off-by: Avnish Chouhan ---- - grub-core/kern/ieee1275/init.c | 28 ++++++++++++++++++++++++---- - 1 file changed, 24 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 7d7178d3e..0e902ff62 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -311,7 +311,21 @@ struct option_vector2 { - grub_uint8_t max_pft_size; - } __attribute__((packed)); - --struct pvr_entry { -+struct option_vector5 -+{ -+ grub_uint8_t byte1; -+ grub_uint8_t byte2; -+ grub_uint8_t byte3; -+ grub_uint8_t cmo; -+ grub_uint8_t associativity; -+ grub_uint8_t bin_opts; -+ grub_uint8_t micro_checkpoint; -+ grub_uint8_t reserved0; -+ grub_uint32_t max_cpus; -+} GRUB_PACKED; -+ -+struct pvr_entry -+{ - grub_uint32_t mask; - grub_uint32_t entry; - }; -@@ -329,7 +343,9 @@ struct cas_vector { - grub_uint16_t vec3; - grub_uint8_t vec4_size; - grub_uint16_t vec4; --} __attribute__((packed)); -+ grub_uint8_t vec5_size; -+ struct option_vector5 vec5; -+} GRUB_PACKED; - - /* Call ibm,client-architecture-support to try to get more RMA. - We ask for 512MB which should be enough to verify a distro kernel. -@@ -349,7 +365,7 @@ grub_ieee1275_ibm_cas (void) - } args; - struct cas_vector vector = { - .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ -- .num_vecs = 4 - 1, -+ .num_vecs = 5 - 1, - .vec1_size = 0, - .vec1 = 0x80, /* ignore */ - .vec2_size = 1 + sizeof(struct option_vector2) - 2, -@@ -359,7 +375,11 @@ grub_ieee1275_ibm_cas (void) - .vec3_size = 2 - 1, - .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied - .vec4_size = 2 - 1, -- .vec4 = 0x0001, // set required minimum capacity % to the lowest value -+ .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */ -+ .vec5_size = 1 + sizeof (struct option_vector5) - 2, -+ .vec5 = { -+ 0, 192, 0, 128, 0, 0, 0, 0, 256 -+ } - }; - - INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); --- -2.39.1 - diff --git a/0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch b/0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch deleted file mode 100644 index b0f3ed4..0000000 --- a/0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 834cb2ca9ed2d9d7a6926e598accdfe280b615da Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:19 +1000 -Subject: [PATCH 2/5] kern/efi/mm: Always request a fixed number of pages on - init - -When initializing the EFI memory subsystem, we will by default request -a quarter of the available memory, bounded by a minimum/maximum value. -Given that we're about to extend the EFI memory system to dynamically -request additional pages from the firmware as required, this scaling of -requested memory based on available memory will not make a lot of sense -anymore. - -Remove this logic as a preparatory patch such that we'll instead defer -to the runtime memory allocator. Note that ideally, we'd want to change -this after dynamic requesting of pages has been implemented for the EFI -platform. But because we'll need to split up initialization of the -memory subsystem and the request of pages from the firmware, we'd have -to duplicate quite some logic at first only to remove it afterwards -again. This seems quite pointless, so we instead have patches slightly -out of order. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt ---- - grub-core/kern/efi/mm.c | 35 +++-------------------------------- - 1 file changed, 3 insertions(+), 32 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 67a691d..2874522 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -38,9 +38,8 @@ - a multiplier of 4KB. */ - #define MEMORY_MAP_SIZE 0x3000 - --/* The minimum and maximum heap size for GRUB itself. */ --#define MIN_HEAP_SIZE 0x100000 --#define MAX_HEAP_SIZE (1600 * 0x100000) -+/* The default heap size for GRUB itself in bytes. */ -+#define DEFAULT_HEAP_SIZE 0x100000 - - static void *finish_mmap_buf = 0; - static grub_efi_uintn_t finish_mmap_size = 0; -@@ -514,23 +513,6 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, - return filtered_desc; - } - --/* Return the total number of pages. */ --static grub_efi_uint64_t --get_total_pages (grub_efi_memory_descriptor_t *memory_map, -- grub_efi_uintn_t desc_size, -- grub_efi_memory_descriptor_t *memory_map_end) --{ -- grub_efi_memory_descriptor_t *desc; -- grub_efi_uint64_t total = 0; -- -- for (desc = memory_map; -- desc < memory_map_end; -- desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) -- total += desc->num_pages; -- -- return total; --} -- - /* Add memory regions. */ - static void - add_memory_regions (grub_efi_memory_descriptor_t *memory_map, -@@ -619,8 +601,6 @@ grub_efi_mm_init (void) - grub_efi_memory_descriptor_t *filtered_memory_map_end; - grub_efi_uintn_t map_size; - grub_efi_uintn_t desc_size; -- grub_efi_uint64_t total_pages; -- grub_efi_uint64_t required_pages; - int mm_status; - - /* Prepare a memory region to store two memory maps. */ -@@ -660,22 +640,13 @@ grub_efi_mm_init (void) - filtered_memory_map_end = filter_memory_map (memory_map, filtered_memory_map, - desc_size, memory_map_end); - -- /* By default, request a quarter of the available memory. */ -- total_pages = get_total_pages (filtered_memory_map, desc_size, -- filtered_memory_map_end); -- required_pages = (total_pages >> 2); -- if (required_pages < BYTES_TO_PAGES (MIN_HEAP_SIZE)) -- required_pages = BYTES_TO_PAGES (MIN_HEAP_SIZE); -- else if (required_pages > BYTES_TO_PAGES (MAX_HEAP_SIZE)) -- required_pages = BYTES_TO_PAGES (MAX_HEAP_SIZE); -- - /* Sort the filtered descriptors, so that GRUB can allocate pages - from smaller regions. */ - sort_memory_map (filtered_memory_map, desc_size, filtered_memory_map_end); - - /* Allocate memory regions for GRUB's memory management. */ - add_memory_regions (filtered_memory_map, desc_size, -- filtered_memory_map_end, required_pages); -+ filtered_memory_map_end, BYTES_TO_PAGES (DEFAULT_HEAP_SIZE)); - - #if 0 - /* For debug. */ --- -2.35.3 - diff --git a/0002-kern-ieee1275-init-Extended-support-in-Vec5.patch b/0002-kern-ieee1275-init-Extended-support-in-Vec5.patch deleted file mode 100644 index daad074..0000000 --- a/0002-kern-ieee1275-init-Extended-support-in-Vec5.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 6c9a76053006f7532d9fb3e0e80eb11ebd80df98 Mon Sep 17 00:00:00 2001 -From: Avnish Chouhan -Date: Mon, 27 Mar 2023 12:25:40 +0530 -Subject: [PATCH 2/2] kern/ieee1275/init: Extended support in Vec5 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch enables multiple options in Vec5 which are required and -solves the boot issues seen on some machines which are looking for -these specific options. - -1. LPAR: Client program supports logical partitioning and - associated hcall()s. -2. SPLPAR: Client program supports the Shared - Processor LPAR Option. -3. DYN_RCON_MEM: Client program supports the - “ibm,dynamic-reconfiguration-memory” property and it may be - presented in the device tree. -4. LARGE_PAGES: Client supports pages larger than 4 KB. -5. DONATE_DCPU_CLS: Client supports donating dedicated processor cycles. -6. PCI_EXP: Client supports PCI Express implementations - utilizing Message Signaled Interrupts (MSIs). - -7. CMOC: Enables the Cooperative Memory Over-commitment Option. -8. EXT_CMO: Enables the Extended Cooperative Memory Over-commit Option. - -9. ASSOC_REF: Enables “ibm,associativity” and - “ibm,associativity-reference-points” properties. -10. AFFINITY: Enables Platform Resource Reassignment Notification. -11. NUMA: Supports NUMA Distance Lookup Table Option. - -12. HOTPLUG_INTRPT: Supports Hotplug Interrupts. -13. HPT_RESIZE: Enable Hash Page Table Resize Option. - -14. MAX_CPU: Defines maximum number of CPUs supported. - -15. PFO_HWRNG: Supports Random Number Generator. -16. PFO_HW_COMP: Supports Compression Engine. -17. PFO_ENCRYPT: Supports Encryption Engine. - -18. SUB_PROCESSORS: Supports Sub-Processors. - -19. DY_MEM_V2: Client program supports the “ibm,dynamic-memory-v2” property in the - “ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree. -20. DRC_INFO: Client program supports the “ibm,drc-info” property definition and it may be - presented in the device tree. - -Signed-off-by: Avnish Chouhan -Reviewed-by: Daniel Kiper ---- - grub-core/kern/ieee1275/init.c | 47 +++++++++++++++++++++++++++++----- - 1 file changed, 41 insertions(+), 6 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index eaa25d0db..00f892ebe 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -61,11 +61,41 @@ extern char _end[]; - grub_addr_t grub_ieee1275_original_stack; - #endif - --#define LPAR 0x80 --#define SPLPAR 0x40 --#define BYTE2 (LPAR | SPLPAR) --#define CMO 0x80 --#define MAX_CPU 256 -+/* Options vector5 properties. */ -+ -+#define LPAR 0x80 -+#define SPLPAR 0x40 -+#define DYN_RCON_MEM 0x20 -+#define LARGE_PAGES 0x10 -+#define DONATE_DCPU_CLS 0x02 -+#define PCI_EXP 0x01 -+#define BYTE2 (LPAR | SPLPAR | DYN_RCON_MEM | LARGE_PAGES | DONATE_DCPU_CLS | PCI_EXP) -+ -+#define CMOC 0x80 -+#define EXT_CMO 0x40 -+#define CMO (CMOC | EXT_CMO) -+ -+#define ASSOC_REF 0x80 -+#define AFFINITY 0x40 -+#define NUMA 0x20 -+#define ASSOCIATIVITY (ASSOC_REF | AFFINITY | NUMA) -+ -+#define HOTPLUG_INTRPT 0x04 -+#define HPT_RESIZE 0x01 -+#define BIN_OPTS (HOTPLUG_INTRPT | HPT_RESIZE) -+ -+#define MAX_CPU 256 -+ -+#define PFO_HWRNG 0x80000000 -+#define PFO_HW_COMP 0x40000000 -+#define PFO_ENCRYPT 0x20000000 -+#define PLATFORM_FACILITIES (PFO_HWRNG | PFO_HW_COMP | PFO_ENCRYPT) -+ -+#define SUB_PROCESSORS 1 -+ -+#define DY_MEM_V2 0x80 -+#define DRC_INFO 0x40 -+#define BYTE22 (DY_MEM_V2 | DRC_INFO) - - void - grub_exit (void) -@@ -328,6 +358,11 @@ struct option_vector5 - grub_uint8_t micro_checkpoint; - grub_uint8_t reserved0; - grub_uint32_t max_cpus; -+ grub_uint16_t base_papr; -+ grub_uint16_t mem_reference; -+ grub_uint32_t platform_facilities; -+ grub_uint8_t sub_processors; -+ grub_uint8_t byte22; - } GRUB_PACKED; - - struct pvr_entry -@@ -384,7 +419,7 @@ grub_ieee1275_ibm_cas (void) - .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */ - .vec5_size = 1 + sizeof (struct option_vector5) - 2, - .vec5 = { -- 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU -+ 0, BYTE2, 0, CMO, ASSOCIATIVITY, BIN_OPTS, 0, 0, MAX_CPU, 0, 0, PLATFORM_FACILITIES, SUB_PROCESSORS, BYTE22 - } - }; - --- -2.39.2 - diff --git a/0002-loader-efi-chainloader-Simplify-the-loader-state.patch b/0002-loader-efi-chainloader-Simplify-the-loader-state.patch deleted file mode 100644 index edd06c5..0000000 --- a/0002-loader-efi-chainloader-Simplify-the-loader-state.patch +++ /dev/null @@ -1,125 +0,0 @@ -From c111176648717645284865e15d7c6713cf29e982 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 5 Apr 2022 10:02:04 +0100 -Subject: [PATCH 02/32] loader/efi/chainloader: Simplify the loader state - -The chainloader command retains the source buffer and device path passed -to LoadImage(), requiring the unload hook passed to grub_loader_set() to -free them. It isn't required to retain this state though - they aren't -required by StartImage() or anything else in the boot hook, so clean them -up before grub_cmd_chainloader() finishes. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/loader/efi/chainloader.c | 37 ++++++++++++++++-------------- - 1 file changed, 20 insertions(+), 17 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 625f1d26da..1ec09a166c 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -53,12 +53,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_physical_address_t address; --static grub_efi_uintn_t pages; - static grub_ssize_t fsize; --static grub_efi_device_path_t *file_path; - static grub_efi_handle_t image_handle; --static grub_efi_char16_t *cmdline; - static grub_ssize_t cmdline_len; - static grub_efi_handle_t dev_handle; - -@@ -70,16 +66,16 @@ static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_e - static grub_err_t - grub_chainloader_unload (void) - { -+ grub_efi_loaded_image_t *loaded_image; - grub_efi_boot_services_t *b; - -+ loaded_image = grub_efi_get_loaded_image (image_handle); -+ if (loaded_image != NULL) -+ grub_free (loaded_image->load_options); -+ - b = grub_efi_system_table->boot_services; - efi_call_1 (b->unload_image, image_handle); -- efi_call_2 (b->free_pages, address, pages); - -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; - dev_handle = 0; - - grub_dl_unref (my_mod); -@@ -158,7 +154,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - char *dir_start; - char *dir_end; - grub_size_t size; -- grub_efi_device_path_t *d; -+ grub_efi_device_path_t *d, *file_path; - - dir_start = grub_strchr (filename, ')'); - if (! dir_start) -@@ -641,10 +637,13 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_status_t status; - grub_efi_boot_services_t *b; - grub_device_t dev = 0; -- grub_efi_device_path_t *dp = 0; -+ grub_efi_device_path_t *dp = NULL, *file_path = NULL; - grub_efi_loaded_image_t *loaded_image; - char *filename; - void *boot_image = 0; -+ grub_efi_physical_address_t address = 0; -+ grub_efi_uintn_t pages = 0; -+ grub_efi_char16_t *cmdline = NULL; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -652,10 +651,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - grub_dl_ref (my_mod); - -- /* Initialize some global variables. */ -- address = 0; -- image_handle = 0; -- file_path = 0; - dev_handle = 0; - - b = grub_efi_system_table->boot_services; -@@ -857,6 +852,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_file_close (file); - grub_device_close (dev); - -+ /* We're finished with the source image buffer and file path now. */ -+ efi_call_2 (b->free_pages, address, pages); -+ grub_free (file_path); -+ - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); - return 0; - -@@ -868,13 +867,17 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - if (file) - grub_file_close (file); - -+ grub_free (cmdline); - grub_free (file_path); - - if (address) - efi_call_2 (b->free_pages, address, pages); - -- if (cmdline) -- grub_free (cmdline); -+ if (image_handle != NULL) -+ { -+ efi_call_1 (b->unload_image, image_handle); -+ image_handle = NULL; -+ } - - grub_dl_unref (my_mod); - --- -2.34.1 - diff --git a/0002-mm-Defer-the-disk-cache-invalidation.patch b/0002-mm-Defer-the-disk-cache-invalidation.patch deleted file mode 100644 index ddab6ba..0000000 --- a/0002-mm-Defer-the-disk-cache-invalidation.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 4284d40799aaf5aab11c690f232ce0a191dcfbdb Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 16 Sep 2022 10:59:55 +0800 -Subject: [PATCH 2/2] mm: Defer the disk cache invalidation - -When the heap memory is used up, the memory management code invalidates -the disk caches first and then requests the additional memory regioins. -Although this could minimize the memory usage, it hurts the loading time -since the disk caches may always miss. - -This patch defers the disk cache invalidation to avoid the possible -delays. - -Signen-off-by: Gary Lin ---- - grub-core/kern/mm.c | 22 +++++++--------------- - 1 file changed, 7 insertions(+), 15 deletions(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 0bd9f75..5280e8c 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -355,20 +355,6 @@ grub_memalign (grub_size_t align, grub_size_t size) - switch (count) - { - case 0: -- /* Invalidate disk caches. */ -- grub_disk_cache_invalidate_all (); -- count++; -- goto again; -- --#if 0 -- case 1: -- /* Unload unneeded modules. */ -- grub_dl_unload_unneeded (); -- count++; -- goto again; --#endif -- -- case 1: - /* Request additional pages, contiguous */ - count++; - -@@ -378,7 +364,7 @@ grub_memalign (grub_size_t align, grub_size_t size) - - /* fallthrough */ - -- case 2: -+ case 1: - /* Request additional pages, anything at all */ - count++; - -@@ -394,6 +380,12 @@ grub_memalign (grub_size_t align, grub_size_t size) - - /* fallthrough */ - -+ case 2: -+ /* Invalidate disk caches. */ -+ grub_disk_cache_invalidate_all (); -+ count++; -+ goto again; -+ - default: - break; - } --- -2.35.3 - diff --git a/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch b/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch deleted file mode 100644 index 0ef43b1..0000000 --- a/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch +++ /dev/null @@ -1,246 +0,0 @@ -From 4a00be0176a459fa6e199f2709eabbe8dc0d7979 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 29 Jul 2016 17:41:38 +0800 -Subject: [PATCH 2/8] net: read bracketed ipv6 addrs and port numbers - -From: Aaron Miller - -Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses -to be recognized with brackets around them, which is required to specify a port -number ---- - grub-core/net/http.c | 21 ++++++++++--- - grub-core/net/net.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++--- - grub-core/net/tftp.c | 6 +++- - include/grub/net.h | 1 + - 4 files changed, 104 insertions(+), 10 deletions(-) - -Index: grub-2.06~rc1/grub-core/net/http.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/net/http.c -+++ grub-2.06~rc1/grub-core/net/http.c -@@ -312,12 +312,14 @@ http_establish (struct grub_file *file, - int i; - struct grub_net_buff *nb; - grub_err_t err; -+ char* server = file->device->net->server; -+ int port = file->device->net->port; - - nb = grub_netbuff_alloc (GRUB_NET_TCP_RESERVE_SIZE - + sizeof ("GET ") - 1 - + grub_strlen (data->filename) - + sizeof (" HTTP/1.1\r\nHost: ") - 1 -- + grub_strlen (file->device->net->server) -+ + grub_strlen (server) + sizeof (":XXXXXXXXXX") - + sizeof ("\r\nUser-Agent: " PACKAGE_STRING - "\r\n") - 1 - + sizeof ("Range: bytes=XXXXXXXXXXXXXXXXXXXX" -@@ -356,7 +358,7 @@ http_establish (struct grub_file *file, - sizeof (" HTTP/1.1\r\nHost: ") - 1); - - ptr = nb->tail; -- err = grub_netbuff_put (nb, grub_strlen (file->device->net->server)); -+ err = grub_netbuff_put (nb, grub_strlen (server)); - if (err) - { - grub_netbuff_free (nb); -@@ -365,6 +367,15 @@ http_establish (struct grub_file *file, - grub_memcpy (ptr, file->device->net->server, - grub_strlen (file->device->net->server)); - -+ if (port) -+ { -+ ptr = nb->tail; -+ grub_snprintf ((char *) ptr, -+ sizeof (":XXXXXXXXXX"), -+ ":%d", -+ port); -+ } -+ - ptr = nb->tail; - err = grub_netbuff_put (nb, - sizeof ("\r\nUser-Agent: " PACKAGE_STRING "\r\n") -@@ -390,8 +401,10 @@ http_establish (struct grub_file *file, - grub_netbuff_put (nb, 2); - grub_memcpy (ptr, "\r\n", 2); - -- data->sock = grub_net_tcp_open (file->device->net->server, -- HTTP_PORT, http_receive, -+ grub_dprintf ("http", "opening path %s on host %s TCP port %d\n", -+ data->filename, server, port ? port : HTTP_PORT); -+ data->sock = grub_net_tcp_open (server, -+ port ? port : HTTP_PORT, http_receive, - http_err, NULL, - file); - if (!data->sock) -Index: grub-2.06~rc1/grub-core/net/net.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/net/net.c -+++ grub-2.06~rc1/grub-core/net/net.c -@@ -442,6 +442,12 @@ parse_ip6 (const char *val, grub_uint64_ - grub_uint16_t newip[8]; - const char *ptr = val; - int word, quaddot = -1; -+ int bracketed = 0; -+ -+ if (ptr[0] == '[') { -+ bracketed = 1; -+ ptr++; -+ } - - if (ptr[0] == ':' && ptr[1] != ':') - return 0; -@@ -480,6 +486,9 @@ parse_ip6 (const char *val, grub_uint64_ - grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); - } - grub_memcpy (ip, newip, 16); -+ if (bracketed && *ptr == ']') { -+ ptr++; -+ } - if (rest) - *rest = ptr; - return 1; -@@ -1265,8 +1274,10 @@ grub_net_open_real (const char *name) - { - grub_net_app_level_t proto; - const char *protname, *server; -+ char *host; - grub_size_t protnamelen; - int try; -+ int port = 0; - - if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) - { -@@ -1304,6 +1315,72 @@ grub_net_open_real (const char *name) - return NULL; - } - -+ char* port_start; -+ /* ipv6 or port specified? */ -+ if ((port_start = grub_strchr (server, ':'))) -+ { -+ char* ipv6_begin; -+ if((ipv6_begin = grub_strchr (server, '['))) -+ { -+ char* ipv6_end = grub_strchr (server, ']'); -+ if(!ipv6_end) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("mismatched [ in address")); -+ return NULL; -+ } -+ /* port number after bracketed ipv6 addr */ -+ if(ipv6_end[1] == ':') -+ { -+ port = grub_strtoul (ipv6_end + 2, NULL, 10); -+ if(port > 65535) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("bad port number")); -+ return NULL; -+ } -+ } -+ host = grub_strndup (ipv6_begin, (ipv6_end - ipv6_begin) + 1); -+ } -+ else -+ { -+ if (grub_strchr (port_start + 1, ':')) -+ { -+ int iplen = grub_strlen (server); -+ /* bracket bare ipv6 addrs */ -+ host = grub_malloc (iplen + 3); -+ if(!host) -+ { -+ return NULL; -+ } -+ host[0] = '['; -+ grub_memcpy (host + 1, server, iplen); -+ host[iplen + 1] = ']'; -+ host[iplen + 2] = '\0'; -+ } -+ else -+ { -+ /* hostname:port or ipv4:port */ -+ port = grub_strtol (port_start + 1, NULL, 10); -+ if(port > 65535) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("bad port number")); -+ return NULL; -+ } -+ host = grub_strndup (server, port_start - server); -+ } -+ } -+ } -+ else -+ { -+ host = grub_strdup (server); -+ } -+ if (!host) -+ { -+ return NULL; -+ } -+ - for (try = 0; try < 2; try++) - { - FOR_NET_APP_LEVEL (proto) -@@ -1313,14 +1390,13 @@ grub_net_open_real (const char *name) - { - grub_net_t ret = grub_zalloc (sizeof (*ret)); - if (!ret) -- return NULL; -- ret->protocol = proto; -- ret->server = grub_strdup (server); -- if (!ret->server) - { -- grub_free (ret); -+ grub_free (host); - return NULL; - } -+ ret->protocol = proto; -+ ret->port = port; -+ ret->server = host; - ret->fs = &grub_net_fs; - return ret; - } -Index: grub-2.06~rc1/grub-core/net/tftp.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/net/tftp.c -+++ grub-2.06~rc1/grub-core/net/tftp.c -@@ -295,6 +295,7 @@ tftp_open (struct grub_file *file, const - grub_err_t err; - grub_uint8_t *nbd; - grub_net_network_level_address_t addr; -+ int port = file->device->net->port; - - data = grub_zalloc (sizeof (*data)); - if (!data) -@@ -361,12 +362,15 @@ tftp_open (struct grub_file *file, const - err = grub_net_resolve_address (file->device->net->server, &addr); - if (err) - { -+ grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", -+ (unsigned long long)data->file_size, -+ (unsigned long long)data->block_size); - grub_free (data); - return err; - } - - data->sock = grub_net_udp_open (addr, -- TFTP_SERVER_PORT, tftp_receive, -+ port ? port : TFTP_SERVER_PORT, tftp_receive, - file); - if (!data->sock) - { -Index: grub-2.06~rc1/include/grub/net.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/net.h -+++ grub-2.06~rc1/include/grub/net.h -@@ -270,6 +270,7 @@ typedef struct grub_net - { - char *server; - char *name; -+ int port; - grub_net_app_level_t protocol; - grub_net_packets_t packs; - grub_off_t offset; diff --git a/0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch b/0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch deleted file mode 100644 index a5ec7f2..0000000 --- a/0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 1ea4e5ef09c06552402bf676ce262a661372f08d Mon Sep 17 00:00:00 2001 -From: Jeff Mahoney -Date: Thu, 15 Jul 2021 17:35:28 +0200 -Subject: [PATCH 2/2] osdep/linux/hostdisk: Use stat() instead of udevadm for - partition lookup - -The sysfs_partition_path() calls udevadm to resolve the sysfs path for -a block device. That can be accomplished by stating the device node -and using the major/minor to follow the symlinks in /sys/dev/block/. - -This cuts the execution time of grub-mkconfig to somewhere near 55% on -system without LVM (which uses libdevmapper instead sysfs_partition_path()). - -Remove udevadm call as it does not help us more than calling stat() directly. - -Signed-off-by: Jeff Mahoney -Signed-off-by: Petr Vorel -Reviewed-by: Daniel Kiper -[ upstream status: 1ea4e5ef0 ("osdep/linux/hostdisk: Use stat() instead of udevadm for partition lookup") ---- - grub-core/osdep/linux/hostdisk.c | 52 ++++---------------------------- - 1 file changed, 6 insertions(+), 46 deletions(-) - -diff --git a/grub-core/osdep/linux/hostdisk.c b/grub-core/osdep/linux/hostdisk.c -index da62f924e..d3326d095 100644 ---- a/grub-core/osdep/linux/hostdisk.c -+++ b/grub-core/osdep/linux/hostdisk.c -@@ -31,6 +31,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -98,54 +99,13 @@ grub_util_get_fd_size_os (grub_util_fd_t fd, const char *name, unsigned *log_sec - static char * - sysfs_partition_path (const char *dev, const char *entry) - { -- const char *argv[7]; -- int fd; -- pid_t pid; -- FILE *udevadm; -- char *buf = NULL; -- size_t len = 0; -- char *path = NULL; -- -- argv[0] = "udevadm"; -- argv[1] = "info"; -- argv[2] = "--query"; -- argv[3] = "path"; -- argv[4] = "--name"; -- argv[5] = dev; -- argv[6] = NULL; -- -- pid = grub_util_exec_pipe (argv, &fd); -- -- if (!pid) -- return NULL; -- -- /* Parent. Read udevadm's output. */ -- udevadm = fdopen (fd, "r"); -- if (!udevadm) -- { -- grub_util_warn (_("Unable to open stream from %s: %s"), -- "udevadm", strerror (errno)); -- close (fd); -- goto out; -- } -- -- if (getline (&buf, &len, udevadm) > 0) -- { -- char *newline; -- -- newline = strchr (buf, '\n'); -- if (newline) -- *newline = '\0'; -- path = xasprintf ("/sys%s/%s", buf, entry); -- } -+ struct stat st; - --out: -- if (udevadm) -- fclose (udevadm); -- waitpid (pid, NULL, 0); -- free (buf); -+ if (stat (dev, &st) == 0 && S_ISBLK (st.st_mode)) -+ return xasprintf ("/sys/dev/block/%u:%u/%s", -+ major (st.st_rdev), minor (st.st_rdev), entry); - -- return path; -+ return NULL; - } - - static int --- -2.32.0 - diff --git a/0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch b/0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch deleted file mode 100644 index 80adb1d..0000000 --- a/0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch +++ /dev/null @@ -1,128 +0,0 @@ -From e5bba1012e34597215684aa948bbc30093faa750 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 7 Oct 2022 13:37:10 +0800 -Subject: [PATCH 2/2] tpm: Disable tpm verifier if tpm is not present - -This helps to prevent out of memory error when reading large files via -disabling tpm device as verifier has to read all content into memory in -one chunk to measure the hash and extend to tpm. - -For ibmvtpm driver support this change here would be needed. It helps to -prevent much memory consuming tpm subsystem from being activated when no -vtpm device present. - -Signed-off-by: Michael Chang -Signed-off-by: Stefan Berger ---- - grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++ - grub-core/commands/ieee1275/ibmvtpm.c | 16 +++++++----- - grub-core/commands/tpm.c | 4 +++ - include/grub/tpm.h | 1 + - 4 files changed, 52 insertions(+), 6 deletions(-) - ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -397,3 +397,40 @@ - - return result; - } -+ -+int -+grub_tpm_present (void) -+{ -+ grub_efi_handle_t tpm_handle; -+ grub_efi_uint8_t protocol_version; -+ -+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) -+ return 0; -+ -+ if (protocol_version == 1) -+ { -+ grub_efi_tpm_protocol_t *tpm; -+ -+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ if (!tpm) -+ { -+ grub_dprintf ("tpm", "Cannot open TPM protocol\n"); -+ return 0; -+ } -+ return grub_tpm1_present (tpm); -+ } -+ else -+ { -+ grub_efi_tpm2_protocol_t *tpm; -+ -+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ if (!tpm) -+ { -+ grub_dprintf ("tpm", "Cannot open TPM protocol\n"); -+ return 0; -+ } -+ return grub_tpm2_present (tpm); -+ } -+} ---- a/grub-core/commands/ieee1275/ibmvtpm.c -+++ b/grub-core/commands/ieee1275/ibmvtpm.c -@@ -136,12 +136,6 @@ - grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, - const char *description) - { -- grub_err_t err = tpm_init(); -- -- /* Absence of a TPM isn't a failure. */ -- if (err != GRUB_ERR_NONE) -- return GRUB_ERR_NONE; -- - grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", - pcr, size, description); - -@@ -150,3 +144,13 @@ - - return GRUB_ERR_NONE; - } -+ -+int -+grub_tpm_present (void) -+{ -+ /* -+ * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes -+ * can be found. -+ */ -+ return tpm_init() == GRUB_ERR_NONE; -+} ---- a/grub-core/commands/tpm.c -+++ b/grub-core/commands/tpm.c -@@ -311,16 +311,19 @@ - - GRUB_MOD_INIT (tpm) - { -- grub_verifier_register (&grub_tpm_verifier); -- - cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0, - N_("LIST_OF_PCRS"), - N_("Snapshot one or more PCR values and record them in an EFI variable."), - grub_tpm_record_pcrs_options); -+ if (!grub_tpm_present()) -+ return; -+ grub_verifier_register (&grub_tpm_verifier); - } - - GRUB_MOD_FINI (tpm) - { -- grub_verifier_unregister (&grub_tpm_verifier); - grub_unregister_extcmd (cmd); -+ if (!grub_tpm_present()) -+ return; -+ grub_verifier_unregister (&grub_tpm_verifier); - } ---- a/include/grub/tpm.h -+++ b/include/grub/tpm.h -@@ -44,5 +44,6 @@ - grub_uint8_t pcr, const char *description); - struct grub_tpm_digest *grub_tpm_read_pcr (grub_uint8_t index, const char *algo); - void grub_tpm_digest_free (struct grub_tpm_digest *d); -+int grub_tpm_present (void); - - #endif diff --git a/0002-tpm2-Add-TPM-Software-Stack-TSS.patch b/0002-tpm2-Add-TPM-Software-Stack-TSS.patch index 278c413..d280f0b 100644 --- a/0002-tpm2-Add-TPM-Software-Stack-TSS.patch +++ b/0002-tpm2-Add-TPM-Software-Stack-TSS.patch @@ -55,9 +55,6 @@ Signed-off-by: Gary Lin create mode 100644 include/grub/tpm2/tcg2.h create mode 100644 include/grub/tpm2/tpm2.h -diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c -new file mode 100644 -index 000000000..cb9f29497 --- /dev/null +++ b/grub-core/tpm2/buffer.c @@ -0,0 +1,145 @@ @@ -206,9 +203,6 @@ index 000000000..cb9f29497 + buffer->offset += sizeof (tmp); + *value = grub_be_to_cpu32 (tmp); +} -diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c -new file mode 100644 -index 000000000..1617f37cd --- /dev/null +++ b/grub-core/tpm2/mu.c @@ -0,0 +1,807 @@ @@ -1019,9 +1013,6 @@ index 000000000..1617f37cd + for (grub_uint32_t i = 0; i < digest->count; i++) + grub_tpm2_mu_TPM2B_DIGEST_Unmarshal (buf, &digest->digests[i]); +} -diff --git a/grub-core/tpm2/tcg2.c b/grub-core/tpm2/tcg2.c -new file mode 100644 -index 000000000..d350e3a24 --- /dev/null +++ b/grub-core/tpm2/tcg2.c @@ -0,0 +1,143 @@ @@ -1064,7 +1055,7 @@ index 000000000..d350e3a24 + if (has_caps) + goto exit; + -+ status = efi_call_2 (protocol->get_capability, protocol, &caps); ++ status = protocol->get_capability (protocol, &caps); + if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag) + return GRUB_ERR_FILE_NOT_FOUND; + @@ -1082,7 +1073,7 @@ index 000000000..d350e3a24 +static grub_err_t +grub_tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol) +{ -+ static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID; ++ static grub_guid_t tpm2_guid = EFI_TPM2_GUID; + static grub_efi_tpm2_protocol_t *tpm2_protocol = NULL; + + int tpm2; @@ -1161,16 +1152,13 @@ index 000000000..d350e3a24 + if (err) + return err; + -+ status = efi_call_5 (protocol->submit_command, protocol, input_size, input, ++ status = protocol->submit_command (protocol, input_size, input, + output_size, output); + if (status != GRUB_EFI_SUCCESS) + return GRUB_ERR_INVALID_COMMAND; + + return GRUB_ERR_NONE; +} -diff --git a/grub-core/tpm2/tpm2.c b/grub-core/tpm2/tpm2.c -new file mode 100644 -index 000000000..d67699a24 --- /dev/null +++ b/grub-core/tpm2/tpm2.c @@ -0,0 +1,761 @@ @@ -1935,9 +1923,6 @@ index 000000000..d67699a24 + + return TPM_RC_SUCCESS; +} -diff --git a/include/grub/tpm2/buffer.h b/include/grub/tpm2/buffer.h -new file mode 100644 -index 000000000..87dcd8d6c --- /dev/null +++ b/include/grub/tpm2/buffer.h @@ -0,0 +1,65 @@ @@ -2006,9 +1991,6 @@ index 000000000..87dcd8d6c +grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t* value); + +#endif /* ! GRUB_TPM2_BUFFER_HEADER */ -diff --git a/include/grub/tpm2/internal/functions.h b/include/grub/tpm2/internal/functions.h -new file mode 100644 -index 000000000..9380f26a2 --- /dev/null +++ b/include/grub/tpm2/internal/functions.h @@ -0,0 +1,117 @@ @@ -2129,9 +2111,6 @@ index 000000000..9380f26a2 + TPMS_AUTH_RESPONSE *authResponse); + +#endif /* ! GRUB_TPM2_INTERNAL_FUNCTIONS_HEADER */ -diff --git a/include/grub/tpm2/internal/structs.h b/include/grub/tpm2/internal/structs.h -new file mode 100644 -index 000000000..72d71eb70 --- /dev/null +++ b/include/grub/tpm2/internal/structs.h @@ -0,0 +1,675 @@ @@ -2810,9 +2789,6 @@ index 000000000..72d71eb70 +typedef struct TPMT_TK_CREATION TPMT_TK_CREATION; + +#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */ -diff --git a/include/grub/tpm2/internal/types.h b/include/grub/tpm2/internal/types.h -new file mode 100644 -index 000000000..9714f75d4 --- /dev/null +++ b/include/grub/tpm2/internal/types.h @@ -0,0 +1,372 @@ @@ -3188,9 +3164,6 @@ index 000000000..9714f75d4 +typedef TPM_HANDLE TPMI_DH_PERSISTENT; + +#endif /* ! GRUB_TPM2_INTERNAL_TYPES_HEADER */ -diff --git a/include/grub/tpm2/mu.h b/include/grub/tpm2/mu.h -new file mode 100644 -index 000000000..c545976db --- /dev/null +++ b/include/grub/tpm2/mu.h @@ -0,0 +1,292 @@ @@ -3486,9 +3459,6 @@ index 000000000..c545976db + TPML_DIGEST* digest); + +#endif /* ! GRUB_TPM2_MU_HEADER */ -diff --git a/include/grub/tpm2/tcg2.h b/include/grub/tpm2/tcg2.h -new file mode 100644 -index 000000000..553b3fd93 --- /dev/null +++ b/include/grub/tpm2/tcg2.h @@ -0,0 +1,34 @@ @@ -3526,9 +3496,6 @@ index 000000000..553b3fd93 + grub_uint8_t *output); + +#endif /* ! GRUB_TPM2_TCG2_HEADER */ -diff --git a/include/grub/tpm2/tpm2.h b/include/grub/tpm2/tpm2.h -new file mode 100644 -index 000000000..cfdc9edcd --- /dev/null +++ b/include/grub/tpm2/tpm2.h @@ -0,0 +1,34 @@ @@ -3566,6 +3533,3 @@ index 000000000..cfdc9edcd +} TPM2_SEALED_KEY; + +#endif /* ! GRUB_TPM2_TPM2_HEADER */ --- -2.35.3 - diff --git a/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch b/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch index 33b81ef..26912f2 100644 --- a/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch +++ b/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch @@ -12,44 +12,9 @@ Signed-off-by: Peter Jones include/grub/i386/linux.h | 7 +- 3 files changed, 97 insertions(+), 48 deletions(-) -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 442627dc2..9265cf420 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -30,11 +30,16 @@ - typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); - - grub_err_t --grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, -+grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - void *kernel_params) - { - grub_efi_loaded_image_t *loaded_image = NULL; - handover_func hf; -+ int offset = 0; -+ -+#ifdef __x86_64__ -+ offset = 512; -+#endif - - /* - * Since the EFI loader is not calling the LoadImage() and StartImage() -@@ -48,8 +53,8 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, - grub_dprintf ("linux", "Loaded Image base address could not be set\n"); - - grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", -- kernel_addr, (void *)(grub_efi_uintn_t)offset, kernel_params); -- hf = (handover_func)((char *)kernel_addr + offset); -+ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); -+ hf = (handover_func)((char *)kernel_addr + handover_offset + offset); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - - return GRUB_ERR_BUG; -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 1e09c88ab..0b3d20875 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c -@@ -44,14 +44,10 @@ static char *linux_cmdline; +@@ -44,14 +44,10 @@ static grub_err_t grub_linuxefi_boot (void) { @@ -66,7 +31,7 @@ index 1e09c88ab..0b3d20875 100644 params); } -@@ -147,14 +143,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -147,14 +143,20 @@ return grub_errno; } @@ -89,7 +54,7 @@ index 1e09c88ab..0b3d20875 100644 grub_err_t err; grub_dl_ref (my_mod); -@@ -185,45 +187,79 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -185,45 +187,79 @@ goto fail; } @@ -104,14 +69,12 @@ index 1e09c88ab..0b3d20875 100644 } - grub_memset (params, 0, 16384); -- -- grub_memcpy (&lh, kernel, sizeof (lh)); -- -- if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) + grub_dprintf ("linux", "params = %p\n", params); -+ + +- grub_memcpy (&lh, kernel, sizeof (lh)); + grub_memset (params, 0, sizeof(*params)); -+ + +- if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) + setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); + grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", + MIN((grub_size_t)0x202+setup_header_end_offset, @@ -164,7 +127,7 @@ index 1e09c88ab..0b3d20875 100644 + goto fail; + } +#endif -+ + +#if defined(__i386__) + if ((lh->xloadflags & LINUX_XLF_KERNEL_64) && + !(lh->xloadflags & LINUX_XLF_EFI_HANDOVER_32)) @@ -174,14 +137,14 @@ index 1e09c88ab..0b3d20875 100644 + goto fail; + } +#endif - ++ + grub_dprintf ("linux", "setting up cmdline\n"); + linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, + BYTES_TO_PAGES(lh->cmdline_size + 1)); if (!linux_cmdline) { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -@@ -233,27 +269,26 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -233,27 +269,26 @@ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); err = grub_create_loader_cmdline (argc, argv, linux_cmdline + sizeof (LINUX_IMAGE) - 1, @@ -220,7 +183,7 @@ index 1e09c88ab..0b3d20875 100644 if (!kernel_mem) { -@@ -261,21 +296,23 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -261,21 +296,23 @@ goto fail; } @@ -254,7 +217,7 @@ index 1e09c88ab..0b3d20875 100644 fail: -@@ -291,8 +328,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -291,8 +328,10 @@ loaded = 0; } @@ -267,11 +230,9 @@ index 1e09c88ab..0b3d20875 100644 if (kernel_mem && !loaded) grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); -diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index eddf9251d..25ef52c04 100644 --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h -@@ -138,7 +138,12 @@ struct linux_i386_kernel_header +@@ -138,7 +138,12 @@ grub_uint32_t kernel_alignment; grub_uint8_t relocatable; grub_uint8_t min_alignment; @@ -285,6 +246,34 @@ index eddf9251d..25ef52c04 100644 grub_uint32_t cmdline_size; grub_uint32_t hardware_subarch; grub_uint64_t hardware_subarch_data; --- -2.31.1 - +--- a/grub-core/loader/efi/linux_boot.c ++++ b/grub-core/loader/efi/linux_boot.c +@@ -30,11 +30,16 @@ + typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); + + grub_err_t +-grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, ++grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + void *kernel_params) + { + grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; ++ int offset = 0; ++ ++#ifdef __x86_64__ ++ offset = 512; ++#endif + + /* + * Since the EFI loader is not calling the LoadImage() and StartImage() +@@ -48,8 +53,8 @@ + grub_dprintf ("linux", "Loaded Image base address could not be set\n"); + + grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", +- kernel_addr, (void *)(grub_efi_uintn_t)offset, kernel_params); +- hf = (handover_func)((char *)kernel_addr + offset); ++ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); ++ hf = (handover_func)((char *)kernel_addr + handover_offset + offset); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + + return GRUB_ERR_BUG; diff --git a/0003-Make-grub_error-more-verbose.patch b/0003-Make-grub_error-more-verbose.patch index c41317e..4a54152 100644 --- a/0003-Make-grub_error-more-verbose.patch +++ b/0003-Make-grub_error-more-verbose.patch @@ -10,11 +10,9 @@ Signed-off-by: Peter Jones include/grub/err.h | 5 ++++- 3 files changed, 29 insertions(+), 6 deletions(-) -Index: grub-2.06~rc1/grub-core/kern/err.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/kern/err.c -+++ grub-2.06~rc1/grub-core/kern/err.c -@@ -33,15 +33,24 @@ static struct grub_error_saved grub_erro +--- a/grub-core/kern/err.c ++++ b/grub-core/kern/err.c +@@ -33,15 +33,24 @@ static int grub_error_stack_pos; static int grub_error_stack_assert; @@ -41,11 +39,9 @@ Index: grub-2.06~rc1/grub-core/kern/err.c va_end (ap); return n; -Index: grub-2.06~rc1/include/grub/err.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/err.h -+++ grub-2.06~rc1/include/grub/err.h -@@ -85,8 +85,11 @@ struct grub_error_saved +--- a/include/grub/err.h ++++ b/include/grub/err.h +@@ -86,8 +86,11 @@ extern grub_err_t EXPORT_VAR(grub_errno); extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG]; diff --git a/0003-bootp-New-net_bootp6-command.patch b/0003-bootp-New-net_bootp6-command.patch index 8ecdef6..c4a4edd 100644 --- a/0003-bootp-New-net_bootp6-command.patch +++ b/0003-bootp-New-net_bootp6-command.patch @@ -19,10 +19,8 @@ V1: include/grub/net.h | 72 ++++ 3 files changed, 1018 insertions(+), 1 deletion(-) -Index: grub-2.06/grub-core/net/bootp.c -=================================================================== ---- grub-2.06.orig/grub-core/net/bootp.c -+++ grub-2.06/grub-core/net/bootp.c +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c @@ -24,6 +24,98 @@ #include #include @@ -122,7 +120,7 @@ Index: grub-2.06/grub-core/net/bootp.c struct grub_dhcp_discover_options { -@@ -607,6 +699,578 @@ out: +@@ -610,6 +702,578 @@ return err; } @@ -701,7 +699,7 @@ Index: grub-2.06/grub-core/net/bootp.c /* * This is called directly from net/ip.c:handle_dgram(), because those * BOOTP/DHCP packets are a bit special due to their improper -@@ -675,6 +1339,77 @@ grub_net_process_dhcp (struct grub_net_b +@@ -678,6 +1342,77 @@ } } @@ -779,7 +777,7 @@ Index: grub-2.06/grub-core/net/bootp.c static grub_err_t grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)), int argc, char **args) -@@ -900,7 +1635,174 @@ grub_cmd_bootp (struct grub_command *cmd +@@ -903,7 +1638,174 @@ return err; } @@ -955,7 +953,7 @@ Index: grub-2.06/grub-core/net/bootp.c void grub_bootp_init (void) -@@ -914,6 +1816,9 @@ grub_bootp_init (void) +@@ -917,6 +1819,9 @@ cmd_getdhcp = grub_register_command ("net_get_dhcp_option", grub_cmd_dhcpopt, N_("VAR INTERFACE NUMBER DESCRIPTION"), N_("retrieve DHCP option and save it into VAR. If VAR is - then print the value.")); @@ -965,17 +963,15 @@ Index: grub-2.06/grub-core/net/bootp.c } void -@@ -922,4 +1827,5 @@ grub_bootp_fini (void) +@@ -925,4 +1830,5 @@ grub_unregister_command (cmd_getdhcp); grub_unregister_command (cmd_bootp); grub_unregister_command (cmd_dhcp); + grub_unregister_command (cmd_bootp6); } -Index: grub-2.06/grub-core/net/ip.c -=================================================================== ---- grub-2.06.orig/grub-core/net/ip.c -+++ grub-2.06/grub-core/net/ip.c -@@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -240,6 +240,45 @@ { struct udphdr *udph; udph = (struct udphdr *) nb->data; @@ -1021,11 +1017,9 @@ Index: grub-2.06/grub-core/net/ip.c if (proto == GRUB_NET_IP_UDP && grub_be_to_cpu16 (udph->dst) == 68) { const struct grub_net_bootp_packet *bootp; -Index: grub-2.06/include/grub/net.h -=================================================================== ---- grub-2.06.orig/include/grub/net.h -+++ grub-2.06/include/grub/net.h -@@ -448,6 +448,66 @@ struct grub_net_bootp_packet +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -450,6 +450,66 @@ grub_uint8_t vendor[0]; } GRUB_PACKED; @@ -1092,7 +1086,7 @@ Index: grub-2.06/include/grub/net.h #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 #define GRUB_NET_BOOTP_RFC1048_MAGIC_2 0x53 -@@ -483,6 +543,14 @@ grub_net_configure_by_dhcp_ack (const ch +@@ -485,6 +545,14 @@ grub_size_t size, int is_def, char **device, char **path); @@ -1107,7 +1101,7 @@ Index: grub-2.06/include/grub/net.h grub_err_t grub_net_add_ipv4_local (struct grub_net_network_level_interface *inf, int mask); -@@ -491,6 +559,10 @@ void +@@ -493,6 +561,10 @@ grub_net_process_dhcp (struct grub_net_buff *nb, struct grub_net_network_level_interface *iface); diff --git a/0003-commands-boot-Add-API-to-pass-context-to-loader.patch b/0003-commands-boot-Add-API-to-pass-context-to-loader.patch deleted file mode 100644 index 1035664..0000000 --- a/0003-commands-boot-Add-API-to-pass-context-to-loader.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 8bb57923d39f00b6f850cf6138ff5973cfd0d25f Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 5 Apr 2022 10:58:28 +0100 -Subject: [PATCH 03/32] commands/boot: Add API to pass context to loader - -Loaders rely on global variables for saving context which is consumed -in the boot hook and freed in the unload hook. In the case where a loader -command is executed twice, calling grub_loader_set() a second time executes -the unload hook, but in some cases this runs when the loader's global -context has already been updated, resulting in the updated context being -freed and potential use-after-free bugs when the boot hook is subsequently -called. - -This adds a new API, grub_loader_set_ex(), which allows a loader to specify -context that is passed to its boot and unload hooks. This is an alternative -to requiring that loaders call grub_loader_unset() before mutating their -global context. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++----- - include/grub/loader.h | 5 +++ - 2 files changed, 63 insertions(+), 8 deletions(-) - -diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c -index bbca81e947..61514788e2 100644 ---- a/grub-core/commands/boot.c -+++ b/grub-core/commands/boot.c -@@ -27,10 +27,20 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --static grub_err_t (*grub_loader_boot_func) (void); --static grub_err_t (*grub_loader_unload_func) (void); -+static grub_err_t (*grub_loader_boot_func) (void *context); -+static grub_err_t (*grub_loader_unload_func) (void *context); -+static void *grub_loader_context; - static int grub_loader_flags; - -+struct grub_simple_loader_hooks -+{ -+ grub_err_t (*boot) (void); -+ grub_err_t (*unload) (void); -+}; -+ -+/* Don't heap allocate this to avoid making grub_loader_set() fallible. */ -+static struct grub_simple_loader_hooks simple_loader_hooks; -+ - struct grub_preboot - { - grub_err_t (*preboot_func) (int); -@@ -44,6 +54,29 @@ static int grub_loader_loaded; - static struct grub_preboot *preboots_head = 0, - *preboots_tail = 0; - -+static grub_err_t -+grub_simple_boot_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ return hooks->boot (); -+} -+ -+static grub_err_t -+grub_simple_unload_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ grub_err_t ret; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ -+ ret = hooks->unload (); -+ grub_memset (hooks, 0, sizeof (*hooks)); -+ -+ return ret; -+} -+ - int - grub_loader_is_loaded (void) - { -@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) - } - - void --grub_loader_set (grub_err_t (*boot) (void), -- grub_err_t (*unload) (void), -- int flags) -+grub_loader_set_ex (grub_err_t (*boot) (void *context), -+ grub_err_t (*unload) (void *context), -+ void *context, -+ int flags) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = boot; - grub_loader_unload_func = unload; -+ grub_loader_context = context; - grub_loader_flags = flags; - - grub_loader_loaded = 1; - } - -+void -+grub_loader_set (grub_err_t (*boot) (void), -+ grub_err_t (*unload) (void), -+ int flags) -+{ -+ grub_loader_set_ex (grub_simple_boot_hook, -+ grub_simple_unload_hook, -+ &simple_loader_hooks, -+ flags); -+ -+ simple_loader_hooks.boot = boot; -+ simple_loader_hooks.unload = unload; -+} -+ - void - grub_loader_unset(void) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = 0; - grub_loader_unload_func = 0; -+ grub_loader_context = 0; - - grub_loader_loaded = 0; - } -@@ -158,7 +208,7 @@ grub_loader_boot (void) - return err; - } - } -- err = (grub_loader_boot_func) (); -+ err = (grub_loader_boot_func) (grub_loader_context); - - for (cur = preboots_tail; cur; cur = cur->prev) - if (! err) -diff --git a/include/grub/loader.h b/include/grub/loader.h -index b208642821..97f2310545 100644 ---- a/include/grub/loader.h -+++ b/include/grub/loader.h -@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), - grub_err_t (*unload) (void), - int flags); - -+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context), -+ grub_err_t (*unload) (void *context), -+ void *context, -+ int flags); -+ - /* Unset current loader, if any. */ - void EXPORT_FUNC (grub_loader_unset) (void); - --- -2.34.1 - diff --git a/0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch b/0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch deleted file mode 100644 index a720702..0000000 --- a/0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 86fe3bbbf75e62387cc9842654fd6c852e9457a6 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:52 -0600 -Subject: [PATCH 03/14] cryptodisk: Return failure in cryptomount when no - cryptodisk modules are loaded - -This displays an error notifying the user that they'll want to load -a backend module to make cryptomount useful. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 9df3d310fe..27491871a5 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1125,6 +1125,9 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - if (argc < 1 && !state[1].set && !state[2].set) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); - -+ if (grub_cryptodisk_list == NULL) -+ return grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk modules loaded"); -+ - if (state[0].set) - { - int found_uuid; --- -2.34.1 - diff --git a/0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch b/0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch new file mode 100644 index 0000000..bec13f3 --- /dev/null +++ b/0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch @@ -0,0 +1,36 @@ +From 64494ffc442a5de05b237ad48d27c70d22849a44 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 3 Aug 2023 15:52:52 +0800 +Subject: [PATCH 3/4] cryptodisk: wipe out the cached keys from protectors + +An attacker may insert a malicious disk with the same crypto UUID and +trick grub2 to mount the fake root. Even though the key from the key +protector fails to unlock the fake root, it's not wiped out cleanly so +the attacker could dump the memory to retrieve the secret key. To defend +such attack, wipe out the cached key when we don't need it. + +Signed-off-by: Gary Lin +--- + grub-core/disk/cryptodisk.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index cf37a0934..f42437f4e 100644 +--- a/grub-core/disk/cryptodisk.c ++++ b/grub-core/disk/cryptodisk.c +@@ -1348,7 +1348,11 @@ grub_cryptodisk_clear_key_cache (struct grub_cryptomount_args *cargs) + return; + + for (i = 0; cargs->protectors[i]; i++) +- grub_free (cargs->key_cache[i].key); ++ { ++ if (cargs->key_cache[i].key) ++ grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len); ++ grub_free (cargs->key_cache[i].key); ++ } + + grub_free (cargs->key_cache); + } +-- +2.35.3 + diff --git a/0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch b/0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch deleted file mode 100644 index a80501d..0000000 --- a/0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 5b694a13545224c2d21afc3e94831be1bcc85770 Mon Sep 17 00:00:00 2001 -From: Fabian Vogt -Date: Tue, 14 Jun 2022 15:55:21 +0200 -Subject: [PATCH 03/10] disk/cryptodisk: When cheatmounting, use the sector - info of the cheat device - -When using grub-probe with cryptodisk, the mapped block device from the host -is used directly instead of decrypting the source device in GRUB code. -In that case, the sector size and count of the host device needs to be used. -This is especially important when using luks2, which does not assign -total_sectors and log_sector_size when scanning, but only later when the -segments in the JSON area are evaluated. With an unset log_sector_size, -grub_open_device complains. - -This fixes grub-probe failing with -"error: sector sizes of 1 bytes aren't supported yet." - -Signed-off-by: Fabian Vogt ---- - grub-core/disk/cryptodisk.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 6d22bf871c..ae8790f10f 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -698,16 +698,31 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) - if (!dev) - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device"); - -- disk->log_sector_size = dev->log_sector_size; -- - #ifdef GRUB_UTIL - if (dev->cheat) - { -+ grub_uint64_t cheat_dev_size; -+ unsigned int cheat_log_sector_size; -+ - if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd)) - dev->cheat_fd = grub_util_fd_open (dev->cheat, GRUB_UTIL_FD_O_RDONLY); - if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd)) - return grub_error (GRUB_ERR_IO, N_("cannot open `%s': %s"), - dev->cheat, grub_util_fd_strerror ()); -+ -+ /* Use the sector size and count of the cheat device */ -+ cheat_dev_size = grub_util_get_fd_size (dev->cheat_fd, dev->cheat, &cheat_log_sector_size); -+ if (cheat_dev_size == -1) -+ { -+ const char *errmsg = grub_util_fd_strerror (); -+ grub_util_fd_close (dev->cheat_fd); -+ dev->cheat_fd = GRUB_UTIL_FD_INVALID; -+ return grub_error (GRUB_ERR_IO, N_("failed to query size of device `%s': %s"), -+ dev->cheat, errmsg); -+ } -+ -+ dev->log_sector_size = cheat_log_sector_size; -+ dev->total_sectors = cheat_dev_size >> cheat_log_sector_size; - } - #endif - -@@ -721,6 +736,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) - } - - disk->data = dev; -+ disk->log_sector_size = dev->log_sector_size; - disk->total_sectors = dev->total_sectors; - disk->max_agglomerate = GRUB_DISK_MAX_MAX_AGGLOMERATE; - disk->id = dev->id; --- -2.34.1 - diff --git a/0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch b/0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch deleted file mode 100644 index ffe842f..0000000 --- a/0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch +++ /dev/null @@ -1,260 +0,0 @@ -From 029c952f37dedb086c85bfb5fbc0de15cd4dbf0f Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Wed, 13 Jul 2022 10:06:12 +0800 -Subject: [PATCH 3/3] efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support - -The EFI_CC_MEASUREMENT_PROTOCOL abstracts the measurement for virtual firmware -in confidential computing environment. It is similar to the EFI_TCG2_PROTOCOL. -It was proposed by Intel and ARM and approved by UEFI organization. - -It is defined in Intel GHCI specification: https://cdrdv2.intel.com/v1/dl/getContent/726790 . -The EDKII header file is available at https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/CcMeasurement.h . - -Signed-off-by: Lu Ken -Reviewed-by: Daniel Kiper ---- - grub-core/commands/efi/tpm.c | 48 +++++++++++ - include/grub/efi/cc.h | 151 +++++++++++++++++++++++++++++++++++ - 2 files changed, 199 insertions(+) - create mode 100644 include/grub/efi/cc.h - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index e032617d8..630fd8a82 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -32,6 +33,7 @@ typedef TCG_PCR_EVENT grub_tpm_event_t; - - static grub_efi_guid_t tpm_guid = EFI_TPM_GUID; - static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID; -+static grub_efi_guid_t cc_measurement_guid = GRUB_EFI_CC_MEASUREMENT_PROTOCOL_GUID; - - static grub_efi_handle_t *grub_tpm_handle; - static grub_uint8_t grub_tpm_version; -@@ -308,6 +310,50 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, - return grub_efi_log_event_status (status); - } - -+static void -+grub_cc_log_event (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, -+ const char *description) -+{ -+ grub_efi_cc_event_t *event; -+ grub_efi_status_t status; -+ grub_efi_cc_protocol_t *cc; -+ grub_efi_cc_mr_index_t mr; -+ -+ cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL); -+ if (cc == NULL) -+ return; -+ -+ status = efi_call_3 (cc->map_pcr_to_mr_index, cc, pcr, &mr); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_efi_log_event_status (status); -+ return; -+ } -+ -+ event = grub_zalloc (sizeof (grub_efi_cc_event_t) + -+ grub_strlen (description) + 1); -+ if (event == NULL) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate CC event buffer")); -+ return; -+ } -+ -+ event->Header.HeaderSize = sizeof (grub_efi_cc_event_header_t); -+ event->Header.HeaderVersion = GRUB_EFI_CC_EVENT_HEADER_VERSION; -+ event->Header.MrIndex = mr; -+ event->Header.EventType = EV_IPL; -+ event->Size = sizeof (*event) + grub_strlen (description) + 1; -+ grub_strcpy ((char *) event->Event, description); -+ -+ status = efi_call_5 (cc->hash_log_extend_event, cc, 0, -+ (grub_efi_physical_address_t)(grub_addr_t) buf, -+ (grub_efi_uint64_t) size, event); -+ grub_free (event); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ grub_efi_log_event_status (status); -+} -+ - grub_err_t - grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, - const char *description) -@@ -315,6 +361,8 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, - grub_efi_handle_t tpm_handle; - grub_efi_uint8_t protocol_version; - -+ grub_cc_log_event(buf, size, pcr, description); -+ - if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) - return 0; - -diff --git a/include/grub/efi/cc.h b/include/grub/efi/cc.h -new file mode 100644 -index 000000000..896030689 ---- /dev/null -+++ b/include/grub/efi/cc.h -@@ -0,0 +1,151 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2022 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_EFI_CC_H -+#define GRUB_EFI_CC_H 1 -+ -+#include -+#include -+#include -+ -+#define GRUB_EFI_CC_MEASUREMENT_PROTOCOL_GUID \ -+ { 0x96751a3d, 0x72f4, 0x41a6, \ -+ { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } \ -+ }; -+ -+struct grub_efi_cc_version -+{ -+ grub_efi_uint8_t Major; -+ grub_efi_uint8_t Minor; -+}; -+typedef struct grub_efi_cc_version grub_efi_cc_version_t; -+ -+/* EFI_CC Type/SubType definition. */ -+#define GRUB_EFI_CC_TYPE_NONE 0 -+#define GRUB_EFI_CC_TYPE_SEV 1 -+#define GRUB_EFI_CC_TYPE_TDX 2 -+ -+struct grub_efi_cc_type -+{ -+ grub_efi_uint8_t Type; -+ grub_efi_uint8_t SubType; -+}; -+typedef struct grub_efi_cc_type grub_efi_cc_type_t; -+ -+typedef grub_efi_uint32_t grub_efi_cc_event_log_bitmap_t; -+typedef grub_efi_uint32_t grub_efi_cc_event_log_format_t; -+typedef grub_efi_uint32_t grub_efi_cc_event_algorithm_bitmap_t; -+typedef grub_efi_uint32_t grub_efi_cc_mr_index_t; -+ -+/* Intel TDX measure register index. */ -+#define GRUB_TDX_MR_INDEX_MRTD 0 -+#define GRUB_TDX_MR_INDEX_RTMR0 1 -+#define GRUB_TDX_MR_INDEX_RTMR1 2 -+#define GRUB_TDX_MR_INDEX_RTMR2 3 -+#define GRUB_TDX_MR_INDEX_RTMR3 4 -+ -+#define GRUB_EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002 -+#define GRUB_EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004 -+#define GRUB_EFI_CC_EVENT_HEADER_VERSION 1 -+ -+struct grub_efi_cc_event_header -+{ -+ /* Size of the event header itself (sizeof(EFI_TD_EVENT_HEADER)). */ -+ grub_efi_uint32_t HeaderSize; -+ -+ /* -+ * Header version. For this version of this specification, -+ * the value shall be 1. -+ */ -+ grub_efi_uint16_t HeaderVersion; -+ -+ /* Index of the MR that shall be extended. */ -+ grub_efi_cc_mr_index_t MrIndex; -+ -+ /* Type of the event that shall be extended (and optionally logged). */ -+ grub_efi_uint32_t EventType; -+} GRUB_PACKED; -+typedef struct grub_efi_cc_event_header grub_efi_cc_event_header_t; -+ -+struct grub_efi_cc_event -+{ -+ /* Total size of the event including the Size component, the header and the Event data. */ -+ grub_efi_uint32_t Size; -+ grub_efi_cc_event_header_t Header; -+ grub_efi_uint8_t Event[0]; -+} GRUB_PACKED; -+typedef struct grub_efi_cc_event grub_efi_cc_event_t; -+ -+struct grub_efi_cc_boot_service_capability -+{ -+ /* Allocated size of the structure. */ -+ grub_efi_uint8_t Size; -+ -+ /* -+ * Version of the grub_efi_cc_boot_service_capability_t structure itself. -+ * For this version of the protocol, the Major version shall be set to 1 -+ * and the Minor version shall be set to 1. -+ */ -+ grub_efi_cc_version_t StructureVersion; -+ -+ /* -+ * Version of the EFI TD protocol. -+ * For this version of the protocol, the Major version shall be set to 1 -+ * and the Minor version shall be set to 1. -+ */ -+ grub_efi_cc_version_t ProtocolVersion; -+ -+ /* Supported hash algorithms. */ -+ grub_efi_cc_event_algorithm_bitmap_t HashAlgorithmBitmap; -+ -+ /* Bitmap of supported event log formats. */ -+ grub_efi_cc_event_log_bitmap_t SupportedEventLogs; -+ -+ /* Indicates the CC type. */ -+ grub_efi_cc_type_t CcType; -+}; -+typedef struct grub_efi_cc_boot_service_capability grub_efi_cc_boot_service_capability_t; -+ -+struct grub_efi_cc_protocol -+{ -+ grub_efi_status_t -+ (*get_capability) (struct grub_efi_cc_protocol *this, -+ grub_efi_cc_boot_service_capability_t *ProtocolCapability); -+ -+ grub_efi_status_t -+ (*get_event_log) (struct grub_efi_cc_protocol *this, -+ grub_efi_cc_event_log_format_t EventLogFormat, -+ grub_efi_physical_address_t *EventLogLocation, -+ grub_efi_physical_address_t *EventLogLastEntry, -+ grub_efi_boolean_t *EventLogTruncated); -+ -+ grub_efi_status_t -+ (*hash_log_extend_event) (struct grub_efi_cc_protocol *this, -+ grub_efi_uint64_t Flags, -+ grub_efi_physical_address_t DataToHash, -+ grub_efi_uint64_t DataToHashLen, -+ grub_efi_cc_event_t *EfiCcEvent); -+ -+ grub_efi_status_t -+ (*map_pcr_to_mr_index) (struct grub_efi_cc_protocol *this, -+ grub_efi_uint32_t PcrIndex, -+ grub_efi_cc_mr_index_t *MrIndex); -+}; -+typedef struct grub_efi_cc_protocol grub_efi_cc_protocol_t; -+ -+#endif --- -2.35.3 - diff --git a/0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch b/0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch deleted file mode 100644 index 2b6971c..0000000 --- a/0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch +++ /dev/null @@ -1,81 +0,0 @@ -From a63cbda5bbfa4696c97dc8231e7b81aedaef2fc7 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 01:58:27 +0800 -Subject: [PATCH 03/12] font: Fix several integer overflows in - grub_font_construct_glyph() - -This patch fixes several integer overflows in grub_font_construct_glyph(). -Glyphs of invalid size, zero or leading to an overflow, are rejected. -The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() -returns NULL is fixed too. - -Fixes: CVE-2022-2601 - -Reported-by: Zhang Boyang -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 29 +++++++++++++++++------------ - 1 file changed, 17 insertions(+), 12 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 6a3fbebbd..1fa181d4c 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1517,6 +1517,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, - struct grub_video_signed_rect bounds; - static struct grub_font_glyph *glyph = 0; - static grub_size_t max_glyph_size = 0; -+ grub_size_t cur_glyph_size; - - ensure_comb_space (glyph_id); - -@@ -1533,29 +1534,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, - if (!glyph_id->ncomb && !glyph_id->attributes) - return main_glyph; - -- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) -+ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || -+ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) -+ return main_glyph; -+ -+ if (max_glyph_size < cur_glyph_size) - { - grub_free (glyph); -- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; -- if (max_glyph_size < 8) -- max_glyph_size = 8; -- glyph = grub_malloc (max_glyph_size); -+ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) -+ max_glyph_size = 0; -+ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; - } - if (!glyph) - { -+ max_glyph_size = 0; - grub_errno = GRUB_ERR_NONE; - return main_glyph; - } - -- grub_memset (glyph, 0, sizeof (*glyph) -- + (bounds.width * bounds.height -- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); -+ grub_memset (glyph, 0, cur_glyph_size); - - glyph->font = main_glyph->font; -- glyph->width = bounds.width; -- glyph->height = bounds.height; -- glyph->offset_x = bounds.x; -- glyph->offset_y = bounds.y; -+ if (bounds.width == 0 || bounds.height == 0 || -+ grub_cast (bounds.width, &glyph->width) || -+ grub_cast (bounds.height, &glyph->height) || -+ grub_cast (bounds.x, &glyph->offset_x) || -+ grub_cast (bounds.y, &glyph->offset_y)) -+ return main_glyph; - - if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) - grub_font_blit_glyph_mirror (glyph, main_glyph, --- -2.35.3 - diff --git a/0003-grub-install-support-prep-environment-block.patch b/0003-grub-install-support-prep-environment-block.patch index 9a27092..f7c598d 100644 --- a/0003-grub-install-support-prep-environment-block.patch +++ b/0003-grub-install-support-prep-environment-block.patch @@ -22,8 +22,6 @@ Signed-off-by: Michael Chang util/grub-install.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) -diff --git a/include/grub/lib/envblk.h b/include/grub/lib/envblk.h -index 83f3fcf841..d01927bcf7 100644 --- a/include/grub/lib/envblk.h +++ b/include/grub/lib/envblk.h @@ -24,6 +24,9 @@ @@ -36,8 +34,6 @@ index 83f3fcf841..d01927bcf7 100644 struct grub_envblk { char *buf; -diff --git a/util/grub-install.c b/util/grub-install.c -index 8fb5ea616b..7bc5f84378 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -43,6 +43,7 @@ @@ -48,10 +44,10 @@ index 8fb5ea616b..7bc5f84378 100644 #include -@@ -2112,6 +2113,43 @@ main (int argc, char *argv[]) - { - grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); - } +@@ -2138,6 +2139,43 @@ + if (write_to_disk (ins_dev, imgfile)) + grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); + grub_set_install_backup_ponr (); + + if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || ((signed_grub_mode == SIGNED_GRUB_AUTO) && (ppc_sb_state > 0))) + { @@ -92,6 +88,3 @@ index 8fb5ea616b..7bc5f84378 100644 grub_device_close (ins_dev); if (update_nvram) grub_install_register_ieee1275 (1, grub_util_get_os_disk (install_device), --- -2.34.1 - diff --git a/0003-ieee1275-request-memory-with-ibm-client-architecture.patch b/0003-ieee1275-request-memory-with-ibm-client-architecture.patch deleted file mode 100644 index 4255248..0000000 --- a/0003-ieee1275-request-memory-with-ibm-client-architecture.patch +++ /dev/null @@ -1,263 +0,0 @@ -From bbfcae1cd408c4922ddcefc0528bfe19da845c90 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 16 Apr 2021 11:48:46 +1000 -Subject: [PATCH 03/23] ieee1275: request memory with - ibm,client-architecture-support - -On PowerVM, the first time we boot a Linux partition, we may only get -256MB of real memory area, even if the partition has more memory. - -This isn't really enough. Fortunately, the Power Architecture Platform -Reference (PAPR) defines a method we can call to ask for more memory. -This is part of the broad and powerful ibm,client-architecture-support -(CAS) method. - -CAS can do an enormous amount of things on a PAPR platform: as well as -asking for memory, you can set the supported processor level, the interrupt -controller, hash vs radix mmu, and so on. We want to touch as little of -this as possible because we don't want to step on the toes of the future OS. - -If: - - - we are running under what we think is PowerVM (compatible property of / - begins with "IBM"), and - - - the full amount of RMA is less than 512MB (as determined by the reg - property of /memory) - -then call CAS as follows: (refer to the Linux on Power Architecture -Reference, LoPAR, which is public, at B.5.2.3): - - - Use the "any" PVR value and supply 2 option vectors. - - - Set option vector 1 (PowerPC Server Processor Architecture Level) - to "ignore". - - - Set option vector 2 with default or Linux-like options, including a - min-rma-size of 512MB. - -This will cause a CAS reboot and the partition will restart with 512MB -of RMA. Grub will notice the 512MB and not call CAS again. - -(A partition can be configured with only 256MB of memory, which would -mean this request couldn't be satisfied, but PFW refuses to load with -only 256MB of memory, so it's a bit moot. SLOF will run fine with 256MB, -but we will never call CAS under qemu/SLOF because /compatible won't -begin with "IBM".) - -One of the first things Linux does while still running under OpenFirmware -is to call CAS with a much fuller set of options (including asking for -512MB of memory). This includes a much more restrictive set of PVR values -and processor support levels, and this will induce another reboot. On this -reboot grub will again notice the higher RMA, and not call CAS. We will get -to Linux, Linux will call CAS but because the values are now set for Linux -this will not induce another CAS reboot and we will finally boot. - -On all subsequent boots, everything will be configured with 512MB of RMA -and all the settings Linux likes, so there will be no further CAS reboots. - -(phyp is super sticky with the RMA size - it persists even on cold boots. -So if you've ever booted Linux in a partition, you'll probably never have -grub call CAS. It'll only ever fire the first time a partition loads grub, -or if you deliberately lower the amount of memory your partition has below -512MB.) - -Signed-off-by: Daniel Axtens ---- - grub-core/kern/ieee1275/cmain.c | 3 + - grub-core/kern/ieee1275/init.c | 140 +++++++++++++++++++++++++++++++ - include/grub/ieee1275/ieee1275.h | 8 +- - 3 files changed, 150 insertions(+), 1 deletion(-) - -diff --git a/grub-core/kern/ieee1275/cmain.c b/grub-core/kern/ieee1275/cmain.c -index e9a184657..ee63c7b71 100644 ---- a/grub-core/kern/ieee1275/cmain.c -+++ b/grub-core/kern/ieee1275/cmain.c -@@ -127,6 +127,9 @@ grub_ieee1275_find_options (void) - break; - } - } -+ -+ if (grub_strncmp (tmp, "IBM,", 4) == 0) -+ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY); - } - - if (is_smartfirmware) -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d661a8da5..446201165 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -241,11 +241,151 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - return 0; - } - -+/* How much memory does OF believe it has? (regardless of whether -+ it's accessible or not) */ -+static grub_err_t -+grub_ieee1275_total_mem (grub_uint64_t *total) -+{ -+ grub_ieee1275_phandle_t root; -+ grub_ieee1275_phandle_t memory; -+ grub_uint32_t reg[4]; -+ grub_ssize_t reg_size; -+ grub_uint32_t address_cells = 1; -+ grub_uint32_t size_cells = 1; -+ grub_uint64_t size; -+ -+ /* If we fail to get to the end, report 0. */ -+ *total = 0; -+ -+ /* Determine the format of each entry in `reg'. */ -+ grub_ieee1275_finddevice ("/", &root); -+ grub_ieee1275_get_integer_property (root, "#address-cells", &address_cells, -+ sizeof address_cells, 0); -+ grub_ieee1275_get_integer_property (root, "#size-cells", &size_cells, -+ sizeof size_cells, 0); -+ -+ if (size_cells > address_cells) -+ address_cells = size_cells; -+ -+ /* Load `/memory/reg'. */ -+ if (grub_ieee1275_finddevice ("/memory", &memory)) -+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, -+ "couldn't find /memory node"); -+ if (grub_ieee1275_get_integer_property (memory, "reg", reg, -+ sizeof reg, ®_size)) -+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, -+ "couldn't examine /memory/reg property"); -+ if (reg_size < 0 || (grub_size_t) reg_size > sizeof (reg)) -+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, -+ "/memory response buffer exceeded"); -+ -+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_BROKEN_ADDRESS_CELLS)) -+ { -+ address_cells = 1; -+ size_cells = 1; -+ } -+ -+ /* Decode only the size */ -+ size = reg[address_cells]; -+ if (size_cells == 2) -+ size = (size << 32) | reg[address_cells + 1]; -+ -+ *total = size; -+ -+ return grub_errno; -+} -+ -+/* Based on linux - arch/powerpc/kernel/prom_init.c */ -+struct option_vector2 { -+ grub_uint8_t byte1; -+ grub_uint16_t reserved; -+ grub_uint32_t real_base; -+ grub_uint32_t real_size; -+ grub_uint32_t virt_base; -+ grub_uint32_t virt_size; -+ grub_uint32_t load_base; -+ grub_uint32_t min_rma; -+ grub_uint32_t min_load; -+ grub_uint8_t min_rma_percent; -+ grub_uint8_t max_pft_size; -+} __attribute__((packed)); -+ -+struct pvr_entry { -+ grub_uint32_t mask; -+ grub_uint32_t entry; -+}; -+ -+struct cas_vector { -+ struct { -+ struct pvr_entry terminal; -+ } pvr_list; -+ grub_uint8_t num_vecs; -+ grub_uint8_t vec1_size; -+ grub_uint8_t vec1; -+ grub_uint8_t vec2_size; -+ struct option_vector2 vec2; -+} __attribute__((packed)); -+ -+/* Call ibm,client-architecture-support to try to get more RMA. -+ We ask for 512MB which should be enough to verify a distro kernel. -+ We ignore most errors: if we don't succeed we'll proceed with whatever -+ memory we have. */ -+static void -+grub_ieee1275_ibm_cas (void) -+{ -+ int rc; -+ grub_ieee1275_ihandle_t root; -+ struct cas_args { -+ struct grub_ieee1275_common_hdr common; -+ grub_ieee1275_cell_t method; -+ grub_ieee1275_ihandle_t ihandle; -+ grub_ieee1275_cell_t cas_addr; -+ grub_ieee1275_cell_t result; -+ } args; -+ struct cas_vector vector = { -+ .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ -+ .num_vecs = 2 - 1, -+ .vec1_size = 0, -+ .vec1 = 0x80, /* ignore */ -+ .vec2_size = 1 + sizeof(struct option_vector2) - 2, -+ .vec2 = { -+ 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48 -+ }, -+ }; -+ -+ INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); -+ args.method = (grub_ieee1275_cell_t)"ibm,client-architecture-support"; -+ rc = grub_ieee1275_open("/", &root); -+ if (rc) { -+ grub_error (GRUB_ERR_IO, "could not open root when trying to call CAS"); -+ return; -+ } -+ args.ihandle = root; -+ args.cas_addr = (grub_ieee1275_cell_t)&vector; -+ -+ grub_printf("Calling ibm,client-architecture-support..."); -+ IEEE1275_CALL_ENTRY_FN (&args); -+ grub_printf("done\n"); -+ -+ grub_ieee1275_close(root); -+} -+ - static void - grub_claim_heap (void) - { - grub_uint32_t total = 0; - -+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY)) -+ { -+ grub_uint64_t rma_size; -+ grub_err_t err; -+ -+ err = grub_ieee1275_total_mem (&rma_size); -+ /* if we have an error, don't call CAS, just hope for the best */ -+ if (!err && rma_size < (512 * 1024 * 1024)) -+ grub_ieee1275_ibm_cas(); -+ } -+ - grub_machine_mmap_iterate (heap_size, &total); - - total = total / 4; -diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h -index debb7086a..591f4f12c 100644 ---- a/include/grub/ieee1275/ieee1275.h -+++ b/include/grub/ieee1275/ieee1275.h -@@ -155,7 +155,13 @@ enum grub_ieee1275_flag - - GRUB_IEEE1275_FLAG_RAW_DEVNAMES, - -- GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT -+ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT, -+ -+ /* On PFW, the first time we boot a Linux partition, we may only get 256MB -+ of real memory area, even if the partition has more memory. Set this flag -+ if we think we're running under PFW. Then, if this flag is set, and the -+ RMA is only 256MB in size, try asking for more with CAS. */ -+ GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY, - }; - - extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum grub_ieee1275_flag flag); --- -2.31.1 - diff --git a/0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch b/0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch deleted file mode 100644 index e8cf6cd..0000000 --- a/0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch +++ /dev/null @@ -1,86 +0,0 @@ -From b4500ff77efe3b36256fae1e456ded65fd77cf04 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:20 +1000 -Subject: [PATCH 3/5] kern/efi/mm: Extract function to add memory regions - -In preparation of support for runtime-allocating additional memory -region, this patch extracts the function to retrieve the EFI memory -map and add a subset of it to GRUB's own memory regions. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt ---- - grub-core/kern/efi/mm.c | 21 +++++++++++++++------ - 1 file changed, 15 insertions(+), 6 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 2874522..087272f 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -592,8 +592,8 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map, - } - #endif - --void --grub_efi_mm_init (void) -+static grub_err_t -+grub_efi_mm_add_regions (grub_size_t required_bytes) - { - grub_efi_memory_descriptor_t *memory_map; - grub_efi_memory_descriptor_t *memory_map_end; -@@ -606,7 +606,7 @@ grub_efi_mm_init (void) - /* Prepare a memory region to store two memory maps. */ - memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); - if (! memory_map) -- grub_fatal ("cannot allocate memory"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory for memory map"); - - /* Obtain descriptors for available memory. */ - map_size = MEMORY_MAP_SIZE; -@@ -624,14 +624,14 @@ grub_efi_mm_init (void) - - memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (map_size)); - if (! memory_map) -- grub_fatal ("cannot allocate memory"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory for new memory map"); - - mm_status = grub_efi_get_memory_map (&map_size, memory_map, 0, - &desc_size, 0); - } - - if (mm_status < 0) -- grub_fatal ("cannot get memory map"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "error fetching memory map from EFI"); - - memory_map_end = NEXT_MEMORY_DESCRIPTOR (memory_map, map_size); - -@@ -646,7 +646,7 @@ grub_efi_mm_init (void) - - /* Allocate memory regions for GRUB's memory management. */ - add_memory_regions (filtered_memory_map, desc_size, -- filtered_memory_map_end, BYTES_TO_PAGES (DEFAULT_HEAP_SIZE)); -+ filtered_memory_map_end, BYTES_TO_PAGES (required_bytes)); - - #if 0 - /* For debug. */ -@@ -664,6 +664,15 @@ grub_efi_mm_init (void) - /* Release the memory maps. */ - grub_efi_free_pages ((grub_addr_t) memory_map, - 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); -+ -+ return GRUB_ERR_NONE; -+} -+ -+void -+grub_efi_mm_init (void) -+{ -+ if (grub_efi_mm_add_regions (DEFAULT_HEAP_SIZE) != GRUB_ERR_NONE) -+ grub_fatal ("%s", grub_errmsg); - } - - #if defined (__aarch64__) || defined (__arm__) || defined (__riscv) --- -2.35.3 - diff --git a/0003-protectors-Add-TPM2-Key-Protector.patch b/0003-protectors-Add-TPM2-Key-Protector.patch index 026ea93..b74afb6 100644 --- a/0003-protectors-Add-TPM2-Key-Protector.patch +++ b/0003-protectors-Add-TPM2-Key-Protector.patch @@ -133,15 +133,12 @@ Signed-off-by: Gary Lin create mode 100644 include/grub/tpm2/internal/args.h create mode 100644 include/grub/tpm2/tpm2key.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 0335d9add..4a8ff26a8 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2525,6 +2525,19 @@ module = { - enable = efi; +@@ -2599,6 +2599,19 @@ }; -+module = { + module = { + name = tpm2; + common = tpm2/args.c; + common = tpm2/buffer.c; @@ -154,12 +151,10 @@ index 0335d9add..4a8ff26a8 100644 + enable = efi; +}; + - module = { ++module = { name = tr; common = commands/tr.c; -diff --git a/grub-core/tpm2/args.c b/grub-core/tpm2/args.c -new file mode 100644 -index 000000000..0113f64a8 + }; --- /dev/null +++ b/grub-core/tpm2/args.c @@ -0,0 +1,131 @@ @@ -294,9 +289,6 @@ index 000000000..0113f64a8 + + return GRUB_ERR_NONE; +} -diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c -new file mode 100644 -index 000000000..5274296b7 --- /dev/null +++ b/grub-core/tpm2/module.c @@ -0,0 +1,1033 @@ @@ -1333,9 +1325,6 @@ index 000000000..5274296b7 + grub_unregister_extcmd (grub_tpm2_protector_clear_cmd); + grub_unregister_extcmd (grub_tpm2_protector_init_cmd); +} -diff --git a/grub-core/tpm2/tpm2key.asn b/grub-core/tpm2/tpm2key.asn -new file mode 100644 -index 000000000..e3b6a03e0 --- /dev/null +++ b/grub-core/tpm2/tpm2key.asn @@ -0,0 +1,31 @@ @@ -1370,9 +1359,6 @@ index 000000000..e3b6a03e0 +} + +END -diff --git a/grub-core/tpm2/tpm2key.c b/grub-core/tpm2/tpm2key.c -new file mode 100644 -index 000000000..62f6d865b --- /dev/null +++ b/grub-core/tpm2/tpm2key.c @@ -0,0 +1,440 @@ @@ -1816,9 +1802,6 @@ index 000000000..62f6d865b + grub_free (authpol); + } +} -diff --git a/grub-core/tpm2/tpm2key_asn1_tab.c b/grub-core/tpm2/tpm2key_asn1_tab.c -new file mode 100644 -index 000000000..551fc46ec --- /dev/null +++ b/grub-core/tpm2/tpm2key_asn1_tab.c @@ -0,0 +1,41 @@ @@ -1863,9 +1846,6 @@ index 000000000..551fc46ec + { "privkey", 7, NULL }, + { NULL, 0, NULL } +}; -diff --git a/include/grub/tpm2/internal/args.h b/include/grub/tpm2/internal/args.h -new file mode 100644 -index 000000000..df3341913 --- /dev/null +++ b/include/grub/tpm2/internal/args.h @@ -0,0 +1,39 @@ @@ -1908,9 +1888,6 @@ index 000000000..df3341913 +grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE *handle); + +#endif /* ! GRUB_TPM2_INTERNAL_ARGS_HEADER */ -diff --git a/include/grub/tpm2/tpm2key.h b/include/grub/tpm2/tpm2key.h -new file mode 100644 -index 000000000..df46203e3 --- /dev/null +++ b/include/grub/tpm2/tpm2key.h @@ -0,0 +1,83 @@ @@ -1997,6 +1974,3 @@ index 000000000..df46203e3 +grub_tpm2key_free_authpolicy_seq (tpm2key_authpolicy_t authpol_seq); + +#endif /* GRUB_TPM2_TPM2KEY_HEADER */ --- -2.35.3 - diff --git a/0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch b/0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch deleted file mode 100644 index 8ae764e..0000000 --- a/0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0b1b1666ecd98d577cb72b3f4acdbe3af2e86a84 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 16 Mar 2022 17:59:30 +0800 -Subject: [PATCH 3/3] reed_solomon: Fix array subscript 0 is outside array - bounds - -The grub_absolute_pointer() is a compound expression that can only work -within a function. We are out of luck here when the pointer variables -require global definition due to ATTRIBUTE_TEXT that have to use fully -initialized global definition because of the way linkers work. - - static gf_single_t * const gf_powx ATTRIBUTE_TEXT = (void *) 0x100000; - -For the reason given above, use gcc diagnostic pragmas to suppress the -array-bounds warning. - -Signed-off-by: Michael Chang ---- - grub-core/lib/reed_solomon.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c -index 467305b46a..817db6a234 100644 ---- a/grub-core/lib/reed_solomon.c -+++ b/grub-core/lib/reed_solomon.c -@@ -102,6 +102,11 @@ static gf_single_t errvals[256]; - static gf_single_t eqstat[65536 + 256]; - #endif - -+#if __GNUC__ == 12 -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Warray-bounds" -+#endif -+ - static gf_single_t - gf_mul (gf_single_t a, gf_single_t b) - { -@@ -319,6 +324,10 @@ decode_block (gf_single_t *ptr, grub_size_t s, - } - } - -+#if __GNUC__ == 12 -+#pragma GCC diagnostic pop -+#endif -+ - #if !defined (STANDALONE) - static void - encode_block (gf_single_t *ptr, grub_size_t s, --- -2.34.1 - diff --git a/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch b/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch index 938abd0..876be56 100644 --- a/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch +++ b/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch @@ -51,8 +51,6 @@ Platform Reference (PAPR). util/mkimage.c | 13 +++++++------ 6 files changed, 76 insertions(+), 14 deletions(-) -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 9e83e1339..0b2e8a06d 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -67,6 +67,9 @@ @@ -65,7 +63,7 @@ index 9e83e1339..0b2e8a06d 100644 { "verbose", 'v', 0, 0, \ N_("print verbose messages."), 1 } -@@ -129,7 +132,8 @@ enum grub_install_options { +@@ -130,7 +133,8 @@ GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS, GRUB_INSTALL_OPTIONS_DTB, GRUB_INSTALL_OPTIONS_SBAT, @@ -75,7 +73,7 @@ index 9e83e1339..0b2e8a06d 100644 }; extern char *grub_install_source_directory; -@@ -189,7 +193,7 @@ grub_install_generate_image (const char *dir, const char *prefix, +@@ -190,7 +194,7 @@ size_t npubkeys, char *config_path, const struct grub_install_image_target_desc *image_target, @@ -84,11 +82,9 @@ index 9e83e1339..0b2e8a06d 100644 grub_compression_t comp, const char *dtb_file, const char *sbat_path, const int disable_shim_lock); -diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h -index 3819a6744..6f1da89b9 100644 --- a/include/grub/util/mkimage.h +++ b/include/grub/util/mkimage.h -@@ -51,12 +51,12 @@ grub_mkimage_load_image64 (const char *kernel_path, +@@ -51,12 +51,12 @@ const struct grub_install_image_target_desc *image_target); void grub_mkimage_generate_elf32 (const struct grub_install_image_target_desc *image_target, @@ -103,11 +99,9 @@ index 3819a6744..6f1da89b9 100644 Elf64_Addr target_addr, struct grub_mkimage_layout *layout); -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index c6c561292..954df20eb 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c -@@ -461,10 +461,12 @@ static size_t npubkeys; +@@ -466,10 +466,12 @@ static char *sbat; static int disable_shim_lock; static grub_compression_t compression; @@ -119,8 +113,8 @@ index c6c561292..954df20eb 100644 + const char *end; switch (key) { - case 'C': -@@ -562,6 +564,12 @@ grub_install_parse (int key, char *arg) + case GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS: +@@ -567,6 +569,12 @@ grub_util_error (_("Unrecognized compression `%s'"), arg); case GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE: return 1; @@ -133,7 +127,7 @@ index c6c561292..954df20eb 100644 default: return 0; } -@@ -661,10 +669,11 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, +@@ -666,10 +674,11 @@ " --output '%s' " " --dtb '%s' " "--sbat '%s' " @@ -147,7 +141,7 @@ index c6c561292..954df20eb 100644 disable_shim_lock ? "--disable-shim-lock" : "", s); free (s); -@@ -675,7 +684,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, +@@ -680,7 +689,7 @@ grub_install_generate_image (dir, prefix, fp, outname, modules.entries, memdisk_path, pubkeys, npubkeys, config_path, tgt, @@ -156,11 +150,9 @@ index c6c561292..954df20eb 100644 disable_shim_lock); while (dc--) grub_install_pop_module (); -diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index c0d559937..d01eaeb84 100644 --- a/util/grub-mkimage.c +++ b/util/grub-mkimage.c -@@ -84,6 +84,7 @@ static struct argp_option options[] = { +@@ -84,6 +84,7 @@ {"sbat", 's', N_("FILE"), 0, N_("SBAT metadata"), 0}, {"disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, N_("disable shim_lock verifier"), 0}, {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, @@ -168,7 +160,7 @@ index c0d559937..d01eaeb84 100644 { 0, 0, 0, 0, 0, 0 } }; -@@ -128,6 +129,7 @@ struct arguments +@@ -128,6 +129,7 @@ char *sbat; int note; int disable_shim_lock; @@ -176,7 +168,7 @@ index c0d559937..d01eaeb84 100644 const struct grub_install_image_target_desc *image_target; grub_compression_t comp; }; -@@ -138,6 +140,7 @@ argp_parser (int key, char *arg, struct argp_state *state) +@@ -138,6 +140,7 @@ /* Get the input argument from argp_parse, which we know is a pointer to our arguments structure. */ struct arguments *arguments = state->input; @@ -184,7 +176,7 @@ index c0d559937..d01eaeb84 100644 switch (key) { -@@ -170,6 +173,13 @@ argp_parser (int key, char *arg, struct argp_state *state) +@@ -170,6 +173,13 @@ arguments->note = 1; break; @@ -198,7 +190,7 @@ index c0d559937..d01eaeb84 100644 case 'm': if (arguments->memdisk) free (arguments->memdisk); -@@ -324,6 +334,7 @@ main (int argc, char *argv[]) +@@ -324,6 +334,7 @@ arguments.memdisk, arguments.pubkeys, arguments.npubkeys, arguments.config, arguments.image_target, arguments.note, @@ -206,11 +198,9 @@ index c0d559937..d01eaeb84 100644 arguments.comp, arguments.dtb, arguments.sbat, arguments.disable_shim_lock); -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index d78fa3e53..393119486 100644 --- a/util/grub-mkimagexx.c +++ b/util/grub-mkimagexx.c -@@ -84,6 +84,15 @@ struct grub_ieee1275_note +@@ -85,6 +85,15 @@ struct grub_ieee1275_note_desc descriptor; }; @@ -226,7 +216,7 @@ index d78fa3e53..393119486 100644 #define GRUB_XEN_NOTE_NAME "Xen" struct fixup_block_list -@@ -207,7 +216,7 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr) +@@ -208,7 +217,7 @@ void SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc *image_target, @@ -235,7 +225,7 @@ index d78fa3e53..393119486 100644 Elf_Addr target_addr, struct grub_mkimage_layout *layout) { -@@ -221,6 +230,12 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc +@@ -222,6 +231,12 @@ int shnum = 4; int string_size = sizeof (".text") + sizeof ("mods") + 1; @@ -248,7 +238,7 @@ index d78fa3e53..393119486 100644 if (image_target->id != IMAGE_LOONGSON_ELF) phnum += 2; -@@ -484,6 +499,28 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc +@@ -485,6 +500,28 @@ phdr->p_offset = grub_host_to_target32 (header_size + program_size); } @@ -277,11 +267,9 @@ index d78fa3e53..393119486 100644 { char *str_start = (elf_img + sizeof (*ehdr) + phnum * sizeof (*phdr) + shnum * sizeof (*shdr)); -diff --git a/util/mkimage.c b/util/mkimage.c -index a26cf76f7..d2cb33883 100644 --- a/util/mkimage.c +++ b/util/mkimage.c -@@ -869,8 +869,9 @@ grub_install_generate_image (const char *dir, const char *prefix, +@@ -885,8 +885,9 @@ char *memdisk_path, char **pubkey_paths, size_t npubkeys, char *config_path, const struct grub_install_image_target_desc *image_target, @@ -293,7 +281,7 @@ index a26cf76f7..d2cb33883 100644 { char *kernel_img, *core_img; size_t total_module_size, core_size; -@@ -1773,11 +1774,11 @@ grub_install_generate_image (const char *dir, const char *prefix, +@@ -1810,11 +1811,11 @@ else target_addr = image_target->link_addr; if (image_target->voidp_sizeof == 4) @@ -309,6 +297,3 @@ index a26cf76f7..d2cb33883 100644 } break; } --- -2.31.1 - diff --git a/0004-Introduce-prep_load_env-command.patch b/0004-Introduce-prep_load_env-command.patch index 97431cf..7baaedd 100644 --- a/0004-Introduce-prep_load_env-command.patch +++ b/0004-Introduce-prep_load_env-command.patch @@ -27,7 +27,7 @@ Signed-off-by: Michael Chang --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2624,3 +2624,9 @@ +@@ -2673,3 +2673,9 @@ common = lib/libtasn1_wrap/tests/Test_strings.c; common = lib/libtasn1_wrap/wrap_tests.c; }; @@ -99,7 +99,7 @@ Signed-off-by: Michael Chang + if (grub_disk_read (dev->disk, p->offset, p->index, + sizeof (gptdata), &gptdata) == 0) + { -+ const grub_gpt_part_guid_t template = { ++ const grub_guid_t template = { + grub_cpu_to_le32_compile_time (0x9e1a2d38), + grub_cpu_to_le16_compile_time (0xc612), + grub_cpu_to_le16_compile_time (0x4316), diff --git a/0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch b/0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch index 9af8154..f0a8ade 100644 --- a/0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch +++ b/0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch @@ -33,11 +33,9 @@ Signed-off-by: Peter Jones include/grub/x86_64/efi/memory.h | 4 +++- 7 files changed, 28 insertions(+), 13 deletions(-) -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 4ff75a8ce..67a691d89 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c -@@ -122,7 +122,7 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max, +@@ -121,7 +121,7 @@ grub_efi_boot_services_t *b; grub_efi_physical_address_t address = max; @@ -46,7 +44,7 @@ index 4ff75a8ce..67a691d89 100644 return 0; b = grub_efi_system_table->boot_services; -@@ -480,7 +480,7 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, +@@ -481,7 +481,7 @@ { if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY #if 1 @@ -55,7 +53,7 @@ index 4ff75a8ce..67a691d89 100644 #endif && desc->physical_start + PAGES_TO_BYTES (desc->num_pages) > 0x100000 && desc->num_pages != 0) -@@ -498,9 +498,9 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, +@@ -499,9 +499,9 @@ #if 1 if (BYTES_TO_PAGES (filtered_desc->physical_start) + filtered_desc->num_pages @@ -67,8 +65,6 @@ index 4ff75a8ce..67a691d89 100644 - BYTES_TO_PAGES (filtered_desc->physical_start)); #endif -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 0b3d20875..f3abbd025 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -27,6 +27,7 @@ @@ -79,7 +75,7 @@ index 0b3d20875..f3abbd025 100644 GRUB_MOD_LICENSE ("GPLv3+"); -@@ -102,8 +103,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -102,8 +103,9 @@ size += ALIGN_UP (grub_file_size (files[i]), 4); } @@ -91,7 +87,7 @@ index 0b3d20875..f3abbd025 100644 if (!initrd_mem) { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); -@@ -187,8 +189,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -187,8 +189,11 @@ goto fail; } @@ -104,7 +100,7 @@ index 0b3d20875..f3abbd025 100644 if (! params) { grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -@@ -258,8 +263,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -258,8 +263,11 @@ #endif grub_dprintf ("linux", "setting up cmdline\n"); @@ -118,7 +114,7 @@ index 0b3d20875..f3abbd025 100644 if (!linux_cmdline) { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -@@ -285,11 +293,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -285,11 +293,12 @@ kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, BYTES_TO_PAGES(lh->init_size)); @@ -134,8 +130,6 @@ index 0b3d20875..f3abbd025 100644 if (!kernel_mem) { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); -diff --git a/include/grub/arm/efi/memory.h b/include/grub/arm/efi/memory.h -index 2c64918e3..a4c2ec835 100644 --- a/include/grub/arm/efi/memory.h +++ b/include/grub/arm/efi/memory.h @@ -2,5 +2,6 @@ @@ -145,8 +139,6 @@ index 2c64918e3..a4c2ec835 100644 +#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/arm64/efi/memory.h b/include/grub/arm64/efi/memory.h -index c6cb32417..acb61dca4 100644 --- a/include/grub/arm64/efi/memory.h +++ b/include/grub/arm64/efi/memory.h @@ -2,5 +2,6 @@ @@ -156,8 +148,6 @@ index c6cb32417..acb61dca4 100644 +#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/i386/efi/memory.h b/include/grub/i386/efi/memory.h -index 2c64918e3..a4c2ec835 100644 --- a/include/grub/i386/efi/memory.h +++ b/include/grub/i386/efi/memory.h @@ -2,5 +2,6 @@ @@ -167,8 +157,6 @@ index 2c64918e3..a4c2ec835 100644 +#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/ia64/efi/memory.h b/include/grub/ia64/efi/memory.h -index 2c64918e3..a4c2ec835 100644 --- a/include/grub/ia64/efi/memory.h +++ b/include/grub/ia64/efi/memory.h @@ -2,5 +2,6 @@ @@ -178,8 +166,6 @@ index 2c64918e3..a4c2ec835 100644 +#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/x86_64/efi/memory.h b/include/grub/x86_64/efi/memory.h -index 46e9145a3..e81cfb322 100644 --- a/include/grub/x86_64/efi/memory.h +++ b/include/grub/x86_64/efi/memory.h @@ -2,9 +2,11 @@ @@ -195,6 +181,3 @@ index 46e9145a3..e81cfb322 100644 #endif #endif /* ! GRUB_MEMORY_CPU_HEADER */ --- -2.31.1 - diff --git a/0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch index 1a83e9d..2f226b4 100644 --- a/0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch +++ b/0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch @@ -77,11 +77,9 @@ Signed-off-by: Michael Chang grub-core/loader/arm64/efi/linux.c | 78 ++++++++++++++++++++++-------- 2 files changed, 84 insertions(+), 27 deletions(-) -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 15595a46e..324e1dca0 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c -@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, +@@ -153,6 +153,7 @@ { grub_efi_status_t status; grub_efi_boot_services_t *b; @@ -89,12 +87,12 @@ index 15595a46e..324e1dca0 100644 /* Limit the memory access to less than 4GB for 32-bit platforms. */ if (address > GRUB_EFI_MAX_USABLE_ADDRESS) -@@ -165,19 +166,22 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, +@@ -169,19 +170,22 @@ } b = grub_efi_system_table->boot_services; -- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); +- status = b->allocate_pages (alloctype, memtype, pages, &address); ++ status = b->allocate_pages (alloctype, memtype, pages, &ret); if (status != GRUB_EFI_SUCCESS) { + grub_dprintf ("efi", @@ -110,13 +108,13 @@ index 15595a46e..324e1dca0 100644 /* Uggh, the address 0 was allocated... This is too annoying, so reallocate another one. */ - address = GRUB_EFI_MAX_USABLE_ADDRESS; -- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); +- status = b->allocate_pages (alloctype, memtype, pages, &address); + ret = address; -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); ++ status = b->allocate_pages (alloctype, memtype, pages, &ret); grub_efi_free_pages (0, pages); if (status != GRUB_EFI_SUCCESS) { -@@ -186,9 +190,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, +@@ -190,9 +194,9 @@ } } @@ -128,7 +126,7 @@ index 15595a46e..324e1dca0 100644 } void * -@@ -699,8 +703,21 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) +@@ -711,8 +715,21 @@ for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS; (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) @@ -152,11 +150,9 @@ index 15595a46e..324e1dca0 100644 grub_free(memory_map); -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 98c4f038b..4d084950a 100644 --- a/grub-core/loader/arm64/efi/linux.c +++ b/grub-core/loader/arm64/efi/linux.c -@@ -116,13 +116,15 @@ finalize_params_linux (void) +@@ -89,13 +89,15 @@ { grub_efi_loaded_image_t *loaded_image = NULL; int node, retval, len; @@ -175,7 +171,7 @@ index 98c4f038b..4d084950a 100644 node = grub_fdt_find_subnode (fdt, 0, "chosen"); if (node < 0) -@@ -133,17 +135,26 @@ finalize_params_linux (void) +@@ -106,17 +108,26 @@ */ retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2); if (retval) @@ -205,7 +201,7 @@ index 98c4f038b..4d084950a 100644 /* Set initrd info */ if (initrd_start && initrd_end > initrd_start) -@@ -154,15 +165,26 @@ finalize_params_linux (void) +@@ -127,15 +138,26 @@ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", initrd_start); if (retval) @@ -236,7 +232,7 @@ index 98c4f038b..4d084950a 100644 grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", fdt); -@@ -170,14 +192,20 @@ finalize_params_linux (void) +@@ -143,14 +165,20 @@ /* Convert command line to UCS-2 */ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); if (!loaded_image) @@ -259,7 +255,7 @@ index 98c4f038b..4d084950a 100644 loaded_image->load_options_size = 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, -@@ -187,7 +215,7 @@ finalize_params_linux (void) +@@ -160,7 +188,7 @@ failure: grub_fdt_unload(); @@ -268,7 +264,7 @@ index 98c4f038b..4d084950a 100644 } static void -@@ -272,16 +300,28 @@ grub_linux_unload (void) +@@ -246,16 +274,28 @@ static void * allocate_initrd_mem (int initrd_pages) { @@ -303,6 +299,3 @@ index 98c4f038b..4d084950a 100644 } static grub_err_t --- -2.26.2 - diff --git a/0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch b/0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch deleted file mode 100644 index 775368a..0000000 --- a/0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch +++ /dev/null @@ -1,58 +0,0 @@ -From f41488d0e361a34f4d3f8fb6c92729a2901a5c76 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:53 -0600 -Subject: [PATCH 04/14] cryptodisk: Improve error messaging in cryptomount - invocations - -Update such that "cryptomount -u UUID" will not print two error messages -when an invalid passphrase is given and the most relevant error message -will be displayed. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 21 +++++++++++++++++---- - 1 file changed, 17 insertions(+), 4 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 27491871a5..3a896c6634 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1109,7 +1109,10 @@ grub_cryptodisk_scan_device (const char *name, - if (grub_errno == GRUB_ERR_BAD_MODULE) - grub_error_pop (); - -- if (grub_errno != GRUB_ERR_NONE) -+ if (search_uuid != NULL) -+ /* Push error onto stack to save for cryptomount. */ -+ grub_error_push (); -+ else - grub_print_error (); - - cleanup: -@@ -1146,9 +1149,19 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, NULL); - search_uuid = NULL; - -- if (!found_uuid) -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found"); -- return GRUB_ERR_NONE; -+ if (found_uuid) -+ return GRUB_ERR_NONE; -+ else if (grub_errno == GRUB_ERR_NONE) -+ { -+ /* -+ * Try to pop the next error on the stack. If there is not one, then -+ * no device matched the given UUID. -+ */ -+ grub_error_pop (); -+ if (grub_errno == GRUB_ERR_NONE) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found"); -+ } -+ return grub_errno; - } - else if (state[1].set || (argc == 0 && state[2].set)) - { --- -2.34.1 - diff --git a/0004-cryptodisk-Support-key-protectors.patch b/0004-cryptodisk-Support-key-protectors.patch index 4884875..e5f2b87 100644 --- a/0004-cryptodisk-Support-key-protectors.patch +++ b/0004-cryptodisk-Support-key-protectors.patch @@ -16,11 +16,9 @@ Signed-off-by: include/grub/cryptodisk.h | 14 +++ 3 files changed, 151 insertions(+), 30 deletions(-) -diff --git a/Makefile.util.def b/Makefile.util.def -index ef5c818e0e..b3ec2a4bb6 100644 --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -35,6 +35,7 @@ library = { +@@ -35,6 +35,7 @@ common = grub-core/kern/list.c; common = grub-core/kern/misc.c; common = grub-core/kern/partition.c; @@ -28,8 +26,6 @@ index ef5c818e0e..b3ec2a4bb6 100644 common = grub-core/lib/crypto.c; common = grub-core/lib/json/json.c; common = grub-core/disk/luks.c; -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 497097394f..00c44773fb 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -26,6 +26,7 @@ @@ -40,30 +36,38 @@ index 497097394f..00c44773fb 100644 #ifdef GRUB_UTIL #include -@@ -42,6 +43,8 @@ static const struct grub_arg_option options[] = - {"all", 'a', 0, N_("Mount all."), 0, 0}, - {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0}, - {"password", 'p', 0, N_("Password to open volumes."), 0, ARG_TYPE_STRING}, -+ {"protector", 'k', GRUB_ARG_OPTION_REPEATABLE, +@@ -44,7 +45,8 @@ + OPTION_KEYFILE, + OPTION_KEYFILE_OFFSET, + OPTION_KEYFILE_SIZE, +- OPTION_HEADER ++ OPTION_HEADER, ++ OPTION_PROTECTOR + }; + + static const struct grub_arg_option options[] = +@@ -58,6 +60,8 @@ + {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT}, + {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT}, + {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING}, ++ {"protector", 'P', GRUB_ARG_OPTION_REPEATABLE, + N_("Unlock volume(s) using key protector(s)."), 0, ARG_TYPE_STRING}, {0, 0, 0, 0, 0, 0} }; -@@ -1000,7 +1003,8 @@ grub_cryptodisk_scan_device_real (const char *name, - { +@@ -1061,6 +1065,7 @@ grub_err_t ret = GRUB_ERR_NONE; grub_cryptodisk_t dev; -- grub_cryptodisk_dev_t cr; -+ grub_cryptodisk_dev_t cr, crd = NULL; + grub_cryptodisk_dev_t cr; + int i; + struct cryptodisk_read_hook_ctx read_hook_data = {0}; int askpass = 0; char *part = NULL; - -@@ -1016,39 +1020,108 @@ grub_cryptodisk_scan_device_real (const char *name, - return NULL; +@@ -1113,41 +1118,112 @@ + goto error_no_close; if (!dev) continue; -+ crd = cr; ++ break; + } - if (!cargs->key_len) @@ -79,8 +83,14 @@ index 497097394f..00c44773fb 100644 - - cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE); - if (cargs->key_data == NULL) -- return NULL; -- +- goto error_no_close; ++ if (dev == NULL) ++ { ++ grub_error (GRUB_ERR_BAD_MODULE, ++ "no cryptodisk module can handle this device"); ++ goto error_no_close; ++ } + - if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE)) - { - grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied"); @@ -88,107 +98,106 @@ index 497097394f..00c44773fb 100644 - } - cargs->key_len = grub_strlen ((char *) cargs->key_data); - } -+ if (!dev) -+ { -+ grub_error (GRUB_ERR_BAD_MODULE, -+ "no cryptodisk module can handle this device"); -+ return NULL; -+ } - -- ret = cr->recover_key (source, dev, cargs); -- if (ret != GRUB_ERR_NONE) + if (cargs->protectors) + { + for (i = 0; cargs->protectors[i]; i++) -+ { -+ if (cargs->key_cache[i].invalid) -+ continue; ++ { ++ if (cargs->key_cache[i].invalid) ++ continue; + +- ret = cr->recover_key (source, dev, cargs); +- if (ret != GRUB_ERR_NONE) +- goto error; ++ if (cargs->key_cache[i].key == NULL) ++ { ++ ret = grub_key_protector_recover_key (cargs->protectors[i], ++ &cargs->key_cache[i].key, ++ &cargs->key_cache[i].key_len); ++ if (ret != GRUB_ERR_NONE) ++ { ++ if (grub_errno) ++ { ++ grub_print_error (); ++ grub_errno = GRUB_ERR_NONE; ++ } + -+ if (!cargs->key_cache[i].key) -+ { -+ ret = grub_key_protector_recover_key (cargs->protectors[i], -+ &cargs->key_cache[i].key, -+ &cargs->key_cache[i].key_len); -+ if (ret) -+ { -+ if (grub_errno) -+ { -+ grub_print_error (); -+ grub_errno = GRUB_ERR_NONE; -+ } ++ grub_dprintf ("cryptodisk", ++ "failed to recover a key from key protector " ++ "%s, will not try it again for any other " ++ "disks, if any, during this invocation of " ++ "cryptomount\n", ++ cargs->protectors[i]); + -+ grub_dprintf ("cryptodisk", -+ "failed to recover a key from key protector " -+ "%s, will not try it again for any other " -+ "disks, if any, during this invocation of " -+ "cryptomount\n", -+ cargs->protectors[i]); ++ cargs->key_cache[i].invalid = 1; ++ continue; ++ } ++ } + -+ cargs->key_cache[i].invalid = 1; -+ continue; -+ } -+ } -+ -+ cargs->key_data = cargs->key_cache[i].key; -+ cargs->key_len = cargs->key_cache[i].key_len; -+ -+ ret = crd->recover_key (source, dev, cargs); -+ if (ret) -+ { -+ part = grub_partition_get_name (source->partition); -+ grub_dprintf ("cryptodisk", -+ "recovered a key from key protector %s but it " -+ "failed to unlock %s%s%s (%s)\n", -+ cargs->protectors[i], source->name, -+ source->partition != NULL ? "," : "", -+ part != NULL ? part : N_("UNKNOWN"), dev->uuid); -+ grub_free (part); -+ continue; -+ } -+ else -+ { -+ grub_cryptodisk_insert (dev, name, source); -+ goto cleanup; -+ }; -+ } ++ cargs->key_data = cargs->key_cache[i].key; ++ cargs->key_len = cargs->key_cache[i].key_len; + ++ ret = cr->recover_key (source, dev, cargs); ++ if (ret != GRUB_ERR_NONE) ++ { ++ part = grub_partition_get_name (source->partition); ++ grub_dprintf ("cryptodisk", ++ "recovered a key from key protector %s but it " ++ "failed to unlock %s%s%s (%s)\n", ++ cargs->protectors[i], source->name, ++ source->partition != NULL ? "," : "", ++ part != NULL ? part : N_("UNKNOWN"), dev->uuid); ++ grub_free (part); ++ continue; ++ } ++ else ++ { ++ ret = grub_cryptodisk_insert (dev, name, source); ++ if (ret != GRUB_ERR_NONE) ++ goto error; ++ goto cleanup; ++ } ++ } + +- ret = grub_cryptodisk_insert (dev, name, source); +- if (ret != GRUB_ERR_NONE) + part = grub_partition_get_name (source->partition); + grub_error (GRUB_ERR_ACCESS_DENIED, -+ N_("no key protector provided a usable key for %s%s%s (%s)"), -+ source->name, source->partition != NULL ? "," : "", -+ part != NULL ? part : N_("UNKNOWN"), dev->uuid); ++ N_("no key protector provided a usable key for %s%s%s (%s)"), ++ source->name, source->partition != NULL ? "," : "", ++ part != NULL ? part : N_("UNKNOWN"), dev->uuid); + grub_free (part); goto error; + } - -- grub_cryptodisk_insert (dev, name, source); ++ + if (!cargs->key_len) + { + /* Get the passphrase from the user, if no key data. */ + askpass = 1; + part = grub_partition_get_name (source->partition); + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -+ source->partition != NULL ? "," : "", -+ part != NULL ? part : N_("UNKNOWN"), dev->uuid); ++ source->partition != NULL ? "," : "", ++ part != NULL ? part : N_("UNKNOWN"), dev->uuid); + grub_free (part); + + cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE); + if (cargs->key_data == NULL) -+ goto error; ++ goto error; + + if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE)) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied"); -+ goto error; -+ } ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied"); ++ goto error; ++ } + cargs->key_len = grub_strlen ((char *) cargs->key_data); + } + -+ ret = crd->recover_key (source, dev, cargs); ++ ret = cr->recover_key (source, dev, cargs); + if (ret != GRUB_ERR_NONE) + goto error; + -+ grub_cryptodisk_insert (dev, name, source); ++ ret = grub_cryptodisk_insert (dev, name, source); ++ if (ret != GRUB_ERR_NONE) ++ goto error; - goto cleanup; - } @@ -196,7 +205,7 @@ index 497097394f..00c44773fb 100644 goto cleanup; error: -@@ -1155,6 +1228,20 @@ grub_cryptodisk_scan_device (const char *name, +@@ -1258,6 +1334,20 @@ return ret; } @@ -205,7 +214,7 @@ index 497097394f..00c44773fb 100644 +{ + int i; + -+ if (!cargs->key_cache) ++ if (cargs->key_cache == NULL || cargs->protectors == NULL) + return; + + for (i = 0; cargs->protectors[i]; i++) @@ -217,69 +226,70 @@ index 497097394f..00c44773fb 100644 static grub_err_t grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) { -@@ -1167,12 +1254,25 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -1270,6 +1360,10 @@ if (grub_cryptodisk_list == NULL) return grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk modules loaded"); -+ if (state[3].set && state[4].set) /* password and key protector */ ++ if (state[OPTION_PASSWORD].set && state[OPTION_PROTECTOR].set) /* password and key protector */ + return grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "a password and a key protector cannot both be set"); ++ "a password and a key protector cannot both be set"); + - if (state[3].set) /* password */ + if (state[OPTION_PASSWORD].set) /* password */ { - cargs.key_data = (grub_uint8_t *) state[3].arg; - cargs.key_len = grub_strlen (state[3].arg); + cargs.key_data = (grub_uint8_t *) state[OPTION_PASSWORD].arg; +@@ -1362,6 +1456,15 @@ + return grub_errno; } -+ if (state[4].set) /* key protector(s) */ ++ if (state[OPTION_PROTECTOR].set) /* key protector(s) */ + { -+ cargs.key_cache = grub_zalloc (state[4].set * sizeof (*cargs.key_cache)); -+ if (!cargs.key_cache) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "no memory for key protector key cache"); -+ cargs.protectors = state[4].args; ++ cargs.key_cache = grub_zalloc (state[OPTION_PROTECTOR].set * sizeof (*cargs.key_cache)); ++ if (cargs.key_cache == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "no memory for key protector key cache"); ++ cargs.protectors = state[OPTION_PROTECTOR].args; + } + - if (state[0].set) /* uuid */ + if (state[OPTION_UUID].set) /* uuid */ { int found_uuid; -@@ -1181,6 +1281,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -1370,6 +1473,7 @@ dev = grub_cryptodisk_get_by_uuid (args[0]); if (dev) { -+ grub_cryptodisk_clear_key_cache (&cargs); ++ grub_cryptodisk_clear_key_cache (&cargs); grub_dprintf ("cryptodisk", "already mounted as crypto%lu\n", dev->id); return GRUB_ERR_NONE; -@@ -1189,6 +1290,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - cargs.check_boot = state[2].set; +@@ -1378,6 +1482,7 @@ + cargs.check_boot = state[OPTION_BOOT].set; cargs.search_uuid = args[0]; found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, &cargs); + grub_cryptodisk_clear_key_cache (&cargs); if (found_uuid) return GRUB_ERR_NONE; -@@ -1208,6 +1310,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -1397,6 +1502,7 @@ { - cargs.check_boot = state[2].set; + cargs.check_boot = state[OPTION_BOOT].set; grub_device_iterate (&grub_cryptodisk_scan_device, &cargs); + grub_cryptodisk_clear_key_cache (&cargs); return GRUB_ERR_NONE; } else -@@ -1231,6 +1334,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -1420,6 +1526,7 @@ disk = grub_disk_open (diskname); if (!disk) { -+ grub_cryptodisk_clear_key_cache (&cargs); ++ grub_cryptodisk_clear_key_cache (&cargs); if (disklast) *disklast = ')'; return grub_errno; -@@ -1241,12 +1345,14 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -1430,12 +1537,14 @@ { grub_dprintf ("cryptodisk", "already mounted as crypto%lu\n", dev->id); grub_disk_close (disk); -+ grub_cryptodisk_clear_key_cache (&cargs); ++ grub_cryptodisk_clear_key_cache (&cargs); if (disklast) *disklast = ')'; return GRUB_ERR_NONE; @@ -290,20 +300,17 @@ index 497097394f..00c44773fb 100644 grub_disk_close (disk); if (disklast) -@@ -1385,7 +1491,7 @@ GRUB_MOD_INIT (cryptodisk) - { - grub_disk_dev_register (&grub_cryptodisk_dev); +@@ -1576,6 +1685,7 @@ cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0, -- N_("[-p password] "), -+ N_("[-p password] [-k protector [-k protector ...]] "), + N_("[ [-p password] | [-k keyfile" + " [-O keyoffset] [-S keysize] ] ] [-H file]" ++ " [-P protector [-P protector ...]]" + " "), N_("Mount a crypto device."), options); grub_procfs_register ("luks_script", &luks_script); - } -diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h -index c6524c9ea9..b556498fba 100644 --- a/include/grub/cryptodisk.h +++ b/include/grub/cryptodisk.h -@@ -67,6 +67,16 @@ typedef gcry_err_code_t +@@ -70,6 +70,18 @@ (*grub_cryptodisk_rekey_func_t) (struct grub_cryptodisk *dev, grub_uint64_t zoneno); @@ -312,18 +319,20 @@ index c6524c9ea9..b556498fba 100644 + grub_uint8_t *key; + grub_size_t key_len; + -+ /* The key protector associated with this cache entry failed, so avoid it -+ * even if the cached entry (an instance of this structure) is empty. */ ++ /* ++ * The key protector associated with this cache entry failed, so avoid it ++ * even if the cached entry (an instance of this structure) is empty. ++ */ + int invalid; +}; + struct grub_cryptomount_args { /* scan: Flag to indicate that only bootable volumes should be decrypted */ -@@ -77,6 +87,10 @@ struct grub_cryptomount_args - grub_uint8_t *key_data; +@@ -81,6 +93,10 @@ /* recover_key: Length of key_data */ grub_size_t key_len; + grub_file_t hdr_file; + /* recover_key: Names of the key protectors to use (NULL-terminated) */ + char **protectors; + /* recover_key: Key cache to avoid invoking the same key protector twice */ @@ -331,6 +340,3 @@ index c6524c9ea9..b556498fba 100644 }; typedef struct grub_cryptomount_args *grub_cryptomount_args_t; --- -2.34.1 - diff --git a/0004-diskfilter-look-up-cryptodisk-devices-first.patch b/0004-diskfilter-look-up-cryptodisk-devices-first.patch new file mode 100644 index 0000000..344023c --- /dev/null +++ b/0004-diskfilter-look-up-cryptodisk-devices-first.patch @@ -0,0 +1,89 @@ +From b7e2fb6a680447b7bb7eb18bb7570afa8d2b7f09 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 10 Aug 2023 10:19:29 +0800 +Subject: [PATCH 4/4] diskfilter: look up cryptodisk devices first + +When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may +look like this: + + tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm + cryptomount -u -P tpm2 + search --fs-uuid --set=root + +Since the disk search order is based on the order of module loading, the +attacker could insert a malicious disk with the same FS-UUID root to +trick grub2 to boot into th malicious root and further dump memory to +steal the unsealed key. + +To defend such attack, we can specify the hint provided by 'grub-probe' +to search the encrypted partition first: + +search --fs-uuid --set=root --hint='cryptouuid/' + +However, for LVM on a encrypted partition, the search hint provided by +'grub-probe' is: + + --hint='lvmid//' + +It doesn't guarantee to look up the logical volume from the encrypted +partition, so the attacker may have the chance to fool grub2 to boot +into the malicious disk. + +To mininize the attack surface, this commit tweaks the disk device search +in diskfilter to look up cryptodisk devices first and then others, so +that the auto-unlocked disk will be found first, not the attacker's disk. + +Signed-off-by: Gary Lin +--- + grub-core/disk/diskfilter.c | 35 ++++++++++++++++++++++++++--------- + 1 file changed, 26 insertions(+), 9 deletions(-) + +diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c +index 61a311efd..94832c8dd 100644 +--- a/grub-core/disk/diskfilter.c ++++ b/grub-core/disk/diskfilter.c +@@ -226,15 +226,32 @@ scan_devices (const char *arname) + int need_rescan; + + for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++) +- for (p = grub_disk_dev_list; p; p = p->next) +- if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID +- && p->disk_iterate) +- { +- if ((p->disk_iterate) (scan_disk_hook, NULL, pull)) +- return; +- if (arname && is_lv_readable (find_lv (arname), 1)) +- return; +- } ++ { ++ /* look up the crytodisk devices first */ ++ for (p = grub_disk_dev_list; p; p = p->next) ++ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID ++ && p->disk_iterate) ++ { ++ if ((p->disk_iterate) (scan_disk_hook, NULL, pull)) ++ return; ++ if (arname && is_lv_readable (find_lv (arname), 1)) ++ return; ++ break; ++ } ++ ++ /* check the devices other than crytodisk */ ++ for (p = grub_disk_dev_list; p; p = p->next) ++ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID) ++ continue; ++ else if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID ++ && p->disk_iterate) ++ { ++ if ((p->disk_iterate) (scan_disk_hook, NULL, pull)) ++ return; ++ if (arname && is_lv_readable (find_lv (arname), 1)) ++ return; ++ } ++ } + + scan_depth = 0; + need_rescan = 1; +-- +2.35.3 + diff --git a/0004-efinet-UEFI-IPv6-PXE-support.patch b/0004-efinet-UEFI-IPv6-PXE-support.patch index 4265950..2282609 100644 --- a/0004-efinet-UEFI-IPv6-PXE-support.patch +++ b/0004-efinet-UEFI-IPv6-PXE-support.patch @@ -14,20 +14,12 @@ Signed-off-by: Ken Lin include/grub/efi/api.h | 55 +++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 6 deletions(-) -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 5388f95..fc90415 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c -@@ -378,11 +378,25 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - if (! pxe) +@@ -400,6 +400,18 @@ continue; pxe_mode = pxe->mode; -- grub_net_configure_by_dhcp_ack (card->name, card, 0, -- (struct grub_net_bootp_packet *) -- &pxe_mode->dhcp_ack, -- sizeof (pxe_mode->dhcp_ack), -- 1, device, path); -+ + + if (pxe_mode->using_ipv6) + { + grub_net_configure_by_dhcpv6_reply (card->name, card, 0, @@ -40,20 +32,20 @@ index 5388f95..fc90415 100644 + } + else + { -+ grub_net_configure_by_dhcp_ack (card->name, card, 0, -+ (struct grub_net_bootp_packet *) -+ &pxe_mode->dhcp_ack, -+ sizeof (pxe_mode->dhcp_ack), -+ 1, device, path); + inter = grub_net_configure_by_dhcp_ack (card->name, card, 0, + (struct grub_net_bootp_packet *) + &pxe_mode->dhcp_ack, +@@ -428,6 +440,7 @@ + vlan_dp = (grub_efi_device_path_t *) ((grub_efi_uint8_t *) vlan_dp + vlan_dp_len); + } + } + } return; } } -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index c7c9f0e..92f9b5a 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h -@@ -1452,14 +1452,67 @@ typedef struct grub_efi_simple_text_output_interface grub_efi_simple_text_output +@@ -1523,14 +1523,67 @@ typedef grub_uint8_t grub_efi_pxe_packet_t[1472]; @@ -122,6 +114,3 @@ index c7c9f0e..92f9b5a 100644 } grub_efi_pxe_mode_t; typedef struct grub_efi_pxe --- -2.6.6 - diff --git a/0004-font-Remove-grub_font_dup_glyph.patch b/0004-font-Remove-grub_font_dup_glyph.patch deleted file mode 100644 index 56a0792..0000000 --- a/0004-font-Remove-grub_font_dup_glyph.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9c99a0d55bf69f25ad41668867f719bbb1828457 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 02:13:29 +0800 -Subject: [PATCH 04/12] font: Remove grub_font_dup_glyph() - -Remove grub_font_dup_glyph() since nobody is using it since 2013, and -I'm too lazy to fix the integer overflow problem in it. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 14 -------------- - 1 file changed, 14 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 1fa181d4c..a115a63b0 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1055,20 +1055,6 @@ grub_font_get_glyph_with_fallback (grub_font_t font, grub_uint32_t code) - return best_glyph; - } - --#if 0 --static struct grub_font_glyph * --grub_font_dup_glyph (struct grub_font_glyph *glyph) --{ -- static struct grub_font_glyph *ret; -- ret = grub_malloc (sizeof (*ret) + (glyph->width * glyph->height + 7) / 8); -- if (!ret) -- return NULL; -- grub_memcpy (ret, glyph, sizeof (*ret) -- + (glyph->width * glyph->height + 7) / 8); -- return ret; --} --#endif -- - /* FIXME: suboptimal. */ - static void - grub_font_blit_glyph (struct grub_font_glyph *target, --- -2.35.3 - diff --git a/0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch b/0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch deleted file mode 100644 index d2416a9..0000000 --- a/0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 4287786dde414d9b0517d12762904b4b2be19d2a Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:21 +1000 -Subject: [PATCH 4/5] kern/efi/mm: Pass up errors from add_memory_regions() - -The function add_memory_regions() is currently only called on system -initialization to allocate a fixed amount of pages. As such, it didn't -need to return any errors: in case it failed, we cannot proceed anyway. -This will change with the upcoming support for requesting more memory -from the firmware at runtime, where it doesn't make sense anymore to -fail hard. - -Refactor the function to return an error to prepare for this. Note that -this does not change the behaviour when initializing the memory system -because grub_efi_mm_init() knows to call grub_fatal() in case -grub_efi_mm_add_regions() returns an error. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt ---- - grub-core/kern/efi/mm.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 087272f..45ea6d5 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -514,7 +514,7 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, - } - - /* Add memory regions. */ --static void -+static grub_err_t - add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - grub_efi_uintn_t desc_size, - grub_efi_memory_descriptor_t *memory_map_end, -@@ -542,9 +542,9 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - GRUB_EFI_ALLOCATE_ADDRESS, - GRUB_EFI_LOADER_CODE); - if (! addr) -- grub_fatal ("cannot allocate conventional memory %p with %u pages", -- (void *) ((grub_addr_t) start), -- (unsigned) pages); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Memory starting at %p (%u pages) marked as free, but EFI would not allocate", -+ (void *) ((grub_addr_t) start), (unsigned) pages); - - grub_mm_init_region (addr, PAGES_TO_BYTES (pages)); - -@@ -554,7 +554,11 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - } - - if (required_pages > 0) -- grub_fatal ("too little memory"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "could not allocate all requested memory: %" PRIuGRUB_UINT64_T " pages still required after iterating EFI memory map", -+ required_pages); -+ -+ return GRUB_ERR_NONE; - } - - void -@@ -601,6 +605,7 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - grub_efi_memory_descriptor_t *filtered_memory_map_end; - grub_efi_uintn_t map_size; - grub_efi_uintn_t desc_size; -+ grub_err_t err; - int mm_status; - - /* Prepare a memory region to store two memory maps. */ -@@ -645,8 +650,11 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - sort_memory_map (filtered_memory_map, desc_size, filtered_memory_map_end); - - /* Allocate memory regions for GRUB's memory management. */ -- add_memory_regions (filtered_memory_map, desc_size, -- filtered_memory_map_end, BYTES_TO_PAGES (required_bytes)); -+ err = add_memory_regions (filtered_memory_map, desc_size, -+ filtered_memory_map_end, -+ BYTES_TO_PAGES (required_bytes)); -+ if (err != GRUB_ERR_NONE) -+ return err; - - #if 0 - /* For debug. */ --- -2.35.3 - diff --git a/0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch deleted file mode 100644 index 98cabcc..0000000 --- a/0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch +++ /dev/null @@ -1,83 +0,0 @@ -From e0cc6a601865a72cfe316f2cbbaaefcdd2ad8c69 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 5 Apr 2022 11:48:58 +0100 -Subject: [PATCH 04/32] loader/efi/chainloader: Use grub_loader_set_ex() - -This ports the EFI chainloader to use grub_loader_set_ex() in order to fix -a use-after-free bug that occurs when grub_cmd_chainloader() is executed -more than once before a boot attempt is performed. - -Fixes: CVE-2022-28736 - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/loader/efi/chainloader.c | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 1ec09a166c..b3e1e89302 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -54,7 +54,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); - static grub_dl_t my_mod; - - static grub_ssize_t fsize; --static grub_efi_handle_t image_handle; - static grub_ssize_t cmdline_len; - static grub_efi_handle_t dev_handle; - -@@ -64,8 +63,9 @@ static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_e - #endif - - static grub_err_t --grub_chainloader_unload (void) -+grub_chainloader_unload (void *context) - { -+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; - grub_efi_loaded_image_t *loaded_image; - grub_efi_boot_services_t *b; - -@@ -83,8 +83,9 @@ grub_chainloader_unload (void) - } - - static grub_err_t --grub_chainloader_boot (void) -+grub_chainloader_boot (void *context) - { -+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; - grub_efi_boot_services_t *b; - grub_efi_status_t status; - grub_efi_uintn_t exit_data_size; -@@ -644,6 +645,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_physical_address_t address = 0; - grub_efi_uintn_t pages = 0; - grub_efi_char16_t *cmdline = NULL; -+ grub_efi_handle_t image_handle = NULL; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -856,7 +858,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - efi_call_2 (b->free_pages, address, pages); - grub_free (file_path); - -- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); -+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); - return 0; - - fail: -@@ -874,10 +876,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - efi_call_2 (b->free_pages, address, pages); - - if (image_handle != NULL) -- { -- efi_call_1 (b->unload_image, image_handle); -- image_handle = NULL; -- } -+ efi_call_1 (b->unload_image, image_handle); - - grub_dl_unref (my_mod); - --- -2.34.1 - diff --git a/0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch b/0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch deleted file mode 100644 index cdfbc7a..0000000 --- a/0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch +++ /dev/null @@ -1,93 +0,0 @@ -From d4eb747f831d8b011c712f4335f12b572d6f32d9 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 11:30:32 +0100 -Subject: [PATCH 04/10] normal/menu: Don't show "Booting `%s'" msg when - auto-booting with TIMEOUT_STYLE_HIDDEN - -When the user has asked the menu code to be hidden/quiet and the current -entry is being autobooted because the timeout has expired don't show -the "Booting `%s'" msg. - -This is necessary to let flicker-free boots really be flicker free, -otherwise the "Booting `%s'" msg will kick the EFI fb into text mode -and show the msg, breaking the flicker-free experience. - -Signed-off-by: Hans de Goede ---- - grub-core/normal/menu.c | 24 ++++++++++++++++-------- - 1 file changed, 16 insertions(+), 8 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 47fc12551f..470bfc839b 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -651,13 +651,15 @@ workaround_snapshot_menu_default_entry (grub_menu_t menu, const char *name, int - entry to be executed is a result of an automatic default selection because - of the timeout. */ - static int --run_menu (grub_menu_t menu, int nested, int *auto_boot) -+run_menu (grub_menu_t menu, int nested, int *auto_boot, int *notify_boot) - { - grub_uint64_t saved_time; - int default_entry, current_entry; - int timeout; - enum timeout_style timeout_style; - -+ *notify_boot = 1; -+ - default_entry = get_entry_number (menu, "default"); - - workaround_snapshot_menu_default_entry (menu, "default", &default_entry); -@@ -734,6 +736,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) - if (timeout == 0) - { - *auto_boot = 1; -+ *notify_boot = timeout_style != TIMEOUT_STYLE_HIDDEN; - return default_entry; - } - -@@ -894,12 +897,16 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) - - /* Callback invoked immediately before a menu entry is executed. */ - static void --notify_booting (grub_menu_entry_t entry, -- void *userdata __attribute__((unused))) -+notify_booting (grub_menu_entry_t entry, void *userdata) - { -- grub_printf (" "); -- grub_printf_ (N_("Booting `%s'"), entry->title); -- grub_printf ("\n\n"); -+ int *notify_boot = userdata; -+ -+ if (*notify_boot) -+ { -+ grub_printf (" "); -+ grub_printf_ (N_("Booting `%s'"), entry->title); -+ grub_printf ("\n\n"); -+ } - } - - /* Callback invoked when a default menu entry executed because of a timeout -@@ -947,8 +954,9 @@ show_menu (grub_menu_t menu, int nested, int autobooted) - int boot_entry; - grub_menu_entry_t e; - int auto_boot; -+ int notify_boot; - -- boot_entry = run_menu (menu, nested, &auto_boot); -+ boot_entry = run_menu (menu, nested, &auto_boot, ¬ify_boot); - if (boot_entry < 0) - break; - -@@ -960,7 +968,7 @@ show_menu (grub_menu_t menu, int nested, int autobooted) - - if (auto_boot) - grub_menu_execute_with_fallback (menu, e, autobooted, -- &execution_callback, 0); -+ &execution_callback, ¬ify_boot); - else - grub_menu_execute_entry (e, 0); - if (autobooted) --- -2.34.1 - diff --git a/0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch b/0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch deleted file mode 100644 index 062fdf3..0000000 --- a/0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch +++ /dev/null @@ -1,45 +0,0 @@ -From d9c7bfe88ce7391618192401c426c218d2a17795 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 11:30:33 +0100 -Subject: [PATCH 05/10] EFI: suppress the "Welcome to GRUB!" message in EFI - builds - -Grub EFI builds are now often used in combination with flicker-free -boot, but this breaks with upstream grub because the "Welcome to GRUB!" -message will kick the EFI fb into text mode and show the msg, -breaking the flicker-free experience. - -EFI systems are so fast, that when the menu or the countdown are enabled -the message will be immediately overwritten, so in these cases not -printing the message does not matter. - -And in case when the timeout_style is set to TIMEOUT_STYLE_HIDDEN, -the user has asked grub to be quiet (for example to allow flickfree -boot) annd thus the message should not be printed. - -Signed-off-by: Hans de Goede ---- - grub-core/kern/main.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 42ea96e39e..35dee404e8 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -272,10 +272,13 @@ grub_main (void) - - grub_boot_time ("After machine init."); - -+ /* This breaks flicker-free boot on EFI systems, so disable it there. */ -+#ifndef GRUB_MACHINE_EFI - /* Hello. */ - grub_setcolorstate (GRUB_TERM_COLOR_HIGHLIGHT); - grub_printf ("Welcome to GRUB!\n\n"); - grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); -+#endif - - #ifndef GRUB_MACHINE_PCBIOS - /* Init verifiers API. */ --- -2.34.1 - diff --git a/0005-cryptodisk-Improve-cryptomount-u-error-message.patch b/0005-cryptodisk-Improve-cryptomount-u-error-message.patch deleted file mode 100644 index 64d03c6..0000000 --- a/0005-cryptodisk-Improve-cryptomount-u-error-message.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9ef619a7c1d38988f6d91496ea5c59062dcf6013 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:54 -0600 -Subject: [PATCH 05/14] cryptodisk: Improve cryptomount -u error message - -When a cryptmount is specified with a UUID, but no cryptodisk backends find -a disk with that UUID, return a more detailed message giving telling the -user that they might not have a needed cryptobackend module loaded. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 3a896c6634..5a9780b14c 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1159,7 +1159,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - */ - grub_error_pop (); - if (grub_errno == GRUB_ERR_NONE) -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found"); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found, perhaps a needed disk or cryptodisk module is not loaded"); - } - return grub_errno; - } --- -2.34.1 - diff --git a/0005-docs-grub-Document-signing-grub-under-UEFI.patch b/0005-docs-grub-Document-signing-grub-under-UEFI.patch index 133e08a..48dcbb7 100644 --- a/0005-docs-grub-Document-signing-grub-under-UEFI.patch +++ b/0005-docs-grub-Document-signing-grub-under-UEFI.patch @@ -12,11 +12,9 @@ Signed-off-by: Daniel Axtens docs/grub.texi | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) -diff --git a/docs/grub.texi b/docs/grub.texi -index e48018c5f..b1d808d93 100644 --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -5814,6 +5814,7 @@ environment variables and commands are listed in the same order. +@@ -6345,6 +6345,7 @@ * Secure Boot Advanced Targeting:: Embedded information for generation number based revocation * Measured Boot:: Measuring boot components * Lockdown:: Lockdown when booting on a secure setup @@ -24,7 +22,7 @@ index e48018c5f..b1d808d93 100644 @end menu @node Authentication and authorisation -@@ -5892,7 +5893,7 @@ commands. +@@ -6423,7 +6424,7 @@ GRUB's @file{core.img} can optionally provide enforcement that all files subsequently read from disk are covered by a valid digital signature. @@ -33,7 +31,7 @@ index e48018c5f..b1d808d93 100644 platform's firmware (e.g., Coreboot) validates @file{core.img}. If environment variable @code{check_signatures} -@@ -6054,6 +6055,25 @@ be restricted and some operations/commands cannot be executed. +@@ -6586,6 +6587,25 @@ The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down. Otherwise it does not exit. @@ -59,6 +57,3 @@ index e48018c5f..b1d808d93 100644 @node Platform limitations @chapter Platform limitations --- -2.31.1 - diff --git a/0005-export-environment-at-start-up.patch b/0005-export-environment-at-start-up.patch index 690877f..dc23832 100644 --- a/0005-export-environment-at-start-up.patch +++ b/0005-export-environment-at-start-up.patch @@ -19,13 +19,12 @@ Signed-off-by: Michael Chang --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2628,5 +2628,7 @@ - module = { +@@ -2678,4 +2678,6 @@ name = prep_loadenv; common = commands/prep_loadenv.c; + enable = powerpc_ieee1275; + cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; + cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB)'; - enable = powerpc_ieee1275; }; --- a/grub-core/commands/prep_loadenv.c +++ b/grub-core/commands/prep_loadenv.c @@ -144,7 +143,7 @@ Signed-off-by: Michael Chang grub_env_hashval (const char *s) --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c -@@ -310,6 +310,9 @@ +@@ -309,6 +309,9 @@ grub_boot_time ("Before execution of embedded config."); @@ -156,7 +155,7 @@ Signed-off-by: Michael Chang --- a/include/grub/env.h +++ b/include/grub/env.h -@@ -68,5 +68,6 @@ +@@ -69,5 +69,6 @@ grub_err_t grub_env_extractor_close (int source); diff --git a/0005-font-Fix-integer-overflow-in-ensure_comb_space.patch b/0005-font-Fix-integer-overflow-in-ensure_comb_space.patch deleted file mode 100644 index 329f261..0000000 --- a/0005-font-Fix-integer-overflow-in-ensure_comb_space.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 2ec7e27b2cac3746f2e658042fd56fe75fee28f2 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 02:27:05 +0800 -Subject: [PATCH 05/12] font: Fix integer overflow in ensure_comb_space() - -In fact it can't overflow at all because glyph_id->ncomb is only 8-bit -wide. But let's keep safe if somebody changes the width of glyph_id->ncomb -in the future. This patch also fixes the inconsistency between -render_max_comb_glyphs and render_combining_glyphs when grub_malloc() -returns NULL. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index a115a63b0..d0e634040 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1468,14 +1468,18 @@ ensure_comb_space (const struct grub_unicode_glyph *glyph_id) - if (glyph_id->ncomb <= render_max_comb_glyphs) - return; - -- render_max_comb_glyphs = 2 * glyph_id->ncomb; -- if (render_max_comb_glyphs < 8) -+ if (grub_mul (glyph_id->ncomb, 2, &render_max_comb_glyphs)) -+ render_max_comb_glyphs = 0; -+ if (render_max_comb_glyphs > 0 && render_max_comb_glyphs < 8) - render_max_comb_glyphs = 8; - grub_free (render_combining_glyphs); -- render_combining_glyphs = grub_malloc (render_max_comb_glyphs -- * sizeof (render_combining_glyphs[0])); -+ render_combining_glyphs = (render_max_comb_glyphs > 0) ? -+ grub_calloc (render_max_comb_glyphs, sizeof (render_combining_glyphs[0])) : NULL; - if (!render_combining_glyphs) -- grub_errno = 0; -+ { -+ render_max_comb_glyphs = 0; -+ grub_errno = GRUB_ERR_NONE; -+ } - } - - int --- -2.35.3 - diff --git a/0005-grub.texi-Add-net_bootp6-doument.patch b/0005-grub.texi-Add-net_bootp6-doument.patch index d1bae32..4382f40 100644 --- a/0005-grub.texi-Add-net_bootp6-doument.patch +++ b/0005-grub.texi-Add-net_bootp6-doument.patch @@ -11,11 +11,9 @@ Signed-off-by: Ken Lin docs/grub.texi | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) -Index: grub-2.06~rc1/docs/grub.texi -=================================================================== ---- grub-2.06~rc1.orig/docs/grub.texi -+++ grub-2.06~rc1/docs/grub.texi -@@ -5477,6 +5477,7 @@ This command is only available on AArch6 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5894,6 +5894,7 @@ * net_add_dns:: Add a DNS server * net_add_route:: Add routing entry * net_bootp:: Perform a bootp/DHCP autoconfiguration @@ -23,7 +21,7 @@ Index: grub-2.06~rc1/docs/grub.texi * net_del_addr:: Remove IP address from interface * net_del_dns:: Remove a DNS server * net_del_route:: Remove a route entry -@@ -5533,6 +5534,24 @@ command (@pxref{net_dhcp}). +@@ -5951,6 +5952,24 @@ @end deffn diff --git a/0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch b/0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch deleted file mode 100644 index 5790670..0000000 --- a/0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 3a2119e11b9c216f3b008a2c61aca52b91ad7547 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:22 +1000 -Subject: [PATCH 5/5] kern/efi/mm: Implement runtime addition of pages - -Adjust the interface of grub_efi_mm_add_regions() to take a set of -GRUB_MM_ADD_REGION_* flags, which most notably is currently only the -GRUB_MM_ADD_REGION_CONSECUTIVE flag. This allows us to set the function -up as callback for the memory subsystem and have it call out to us in -case there's not enough pages available in the current heap. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt ---- - grub-core/kern/efi/mm.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 45ea6d5..48380d3 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -518,7 +518,8 @@ static grub_err_t - add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - grub_efi_uintn_t desc_size, - grub_efi_memory_descriptor_t *memory_map_end, -- grub_efi_uint64_t required_pages) -+ grub_efi_uint64_t required_pages, -+ unsigned int flags) - { - grub_efi_memory_descriptor_t *desc; - -@@ -532,6 +533,10 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - - start = desc->physical_start; - pages = desc->num_pages; -+ -+ if (pages < required_pages && (flags & GRUB_MM_ADD_REGION_CONSECUTIVE)) -+ continue; -+ - if (pages > required_pages) - { - start += PAGES_TO_BYTES (pages - required_pages); -@@ -597,7 +602,7 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map, - #endif - - static grub_err_t --grub_efi_mm_add_regions (grub_size_t required_bytes) -+grub_efi_mm_add_regions (grub_size_t required_bytes, unsigned int flags) - { - grub_efi_memory_descriptor_t *memory_map; - grub_efi_memory_descriptor_t *memory_map_end; -@@ -652,7 +657,8 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - /* Allocate memory regions for GRUB's memory management. */ - err = add_memory_regions (filtered_memory_map, desc_size, - filtered_memory_map_end, -- BYTES_TO_PAGES (required_bytes)); -+ BYTES_TO_PAGES (required_bytes), -+ flags); - if (err != GRUB_ERR_NONE) - return err; - -@@ -679,8 +685,9 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - void - grub_efi_mm_init (void) - { -- if (grub_efi_mm_add_regions (DEFAULT_HEAP_SIZE) != GRUB_ERR_NONE) -+ if (grub_efi_mm_add_regions (DEFAULT_HEAP_SIZE, GRUB_MM_ADD_REGION_NONE) != GRUB_ERR_NONE) - grub_fatal ("%s", grub_errmsg); -+ grub_mm_add_region_fn = grub_efi_mm_add_regions; - } - - #if defined (__aarch64__) || defined (__arm__) || defined (__riscv) --- -2.35.3 - diff --git a/0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch deleted file mode 100644 index 96da21b..0000000 --- a/0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch +++ /dev/null @@ -1,103 +0,0 @@ -From ee99e452b9c1aafd3eb80592830ae2c6f69eb395 Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode -Date: Thu, 2 Dec 2021 15:03:53 +0100 -Subject: [PATCH 05/32] kern/efi/sb: Reject non-kernel files in the shim_lock - verifier - -We must not allow other verifiers to pass things like the GRUB modules. -Instead of maintaining a blocklist, maintain an allowlist of things -that we do not care about. - -This allowlist really should be made reusable, and shared by the -lockdown verifier, but this is the minimal patch addressing -security concerns where the TPM verifier was able to mark modules -as verified (or the OpenPGP verifier for that matter), when it -should not do so on shim-powered secure boot systems. - -Fixes: CVE-2022-28735 - -Signed-off-by: Julian Andres Klode -Reviewed-by: Daniel Kiper ---- - grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- - include/grub/verify.h | 1 + - 2 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index c52ec6226a..89c4bb3fd1 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - void **context __attribute__ ((unused)), - enum grub_verify_flags *flags) - { -- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ *flags = GRUB_VERIFY_FLAGS_NONE; - - switch (type & GRUB_FILE_TYPE_MASK) - { -+ /* Files we check. */ - case GRUB_FILE_TYPE_LINUX_KERNEL: - case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: - case GRUB_FILE_TYPE_BSD_KERNEL: -@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - case GRUB_FILE_TYPE_PLAN9_KERNEL: - case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: - *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -+ return GRUB_ERR_NONE; - -- /* Fall through. */ -+ /* Files that do not affect secureboot state. */ -+ case GRUB_FILE_TYPE_NONE: -+ case GRUB_FILE_TYPE_LOOPBACK: -+ case GRUB_FILE_TYPE_LINUX_INITRD: -+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: -+ case GRUB_FILE_TYPE_XNU_RAMDISK: -+ case GRUB_FILE_TYPE_SIGNATURE: -+ case GRUB_FILE_TYPE_PUBLIC_KEY: -+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: -+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: -+ case GRUB_FILE_TYPE_TESTLOAD: -+ case GRUB_FILE_TYPE_GET_SIZE: -+ case GRUB_FILE_TYPE_FONT: -+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: -+ case GRUB_FILE_TYPE_CAT: -+ case GRUB_FILE_TYPE_HEXCAT: -+ case GRUB_FILE_TYPE_CMP: -+ case GRUB_FILE_TYPE_HASHLIST: -+ case GRUB_FILE_TYPE_TO_HASH: -+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: -+ case GRUB_FILE_TYPE_PIXMAP: -+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: -+ case GRUB_FILE_TYPE_CONFIG: -+ case GRUB_FILE_TYPE_THEME: -+ case GRUB_FILE_TYPE_GETTEXT_CATALOG: -+ case GRUB_FILE_TYPE_FS_SEARCH: -+ case GRUB_FILE_TYPE_LOADENV: -+ case GRUB_FILE_TYPE_SAVEENV: -+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ return GRUB_ERR_NONE; - -+ /* Other files. */ - default: -- return GRUB_ERR_NONE; -+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); - } - } - -diff --git a/include/grub/verify.h b/include/grub/verify.h -index 6fde244fc6..67448165f4 100644 ---- a/include/grub/verify.h -+++ b/include/grub/verify.h -@@ -24,6 +24,7 @@ - - enum grub_verify_flags - { -+ GRUB_VERIFY_FLAGS_NONE = 0, - GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, - GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, - /* Defer verification to another authority. */ --- -2.34.1 - diff --git a/0005-util-grub-protect-Add-new-tool.patch b/0005-util-grub-protect-Add-new-tool.patch index 57bf0f0..8b1b6fa 100644 --- a/0005-util-grub-protect-Add-new-tool.patch +++ b/0005-util-grub-protect-Add-new-tool.patch @@ -60,11 +60,9 @@ Signed-off-by: Gary Lin 4 files changed, 1541 insertions(+) create mode 100644 util/grub-protect.c -Index: grub-2.06/Makefile.util.def -=================================================================== ---- grub-2.06.orig/Makefile.util.def -+++ grub-2.06/Makefile.util.def -@@ -207,6 +207,28 @@ program = { +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -208,6 +208,28 @@ }; program = { @@ -93,11 +91,9 @@ Index: grub-2.06/Makefile.util.def name = grub-mkrelpath; mansection = 1; -Index: grub-2.06/configure.ac -=================================================================== ---- grub-2.06.orig/configure.ac -+++ grub-2.06/configure.ac -@@ -71,6 +71,7 @@ grub_TRANSFORM([grub-mkpasswd-pbkdf2]) +--- a/configure.ac ++++ b/configure.ac +@@ -76,6 +76,7 @@ grub_TRANSFORM([grub-mkrelpath]) grub_TRANSFORM([grub-mkrescue]) grub_TRANSFORM([grub-probe]) @@ -105,7 +101,7 @@ Index: grub-2.06/configure.ac grub_TRANSFORM([grub-reboot]) grub_TRANSFORM([grub-script-check]) grub_TRANSFORM([grub-set-default]) -@@ -1926,6 +1927,14 @@ fi +@@ -1992,6 +1993,14 @@ AC_SUBST([LIBZFS]) AC_SUBST([LIBNVPAIR]) @@ -120,10 +116,8 @@ Index: grub-2.06/configure.ac LIBS="" AC_SUBST([FONT_SOURCE]) -Index: grub-2.06/util/grub-protect.c -=================================================================== --- /dev/null -+++ grub-2.06/util/grub-protect.c ++++ b/util/grub-protect.c @@ -0,0 +1,1508 @@ +/* + * GRUB -- GRand Unified Bootloader diff --git a/0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch b/0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch deleted file mode 100644 index f556bc1..0000000 --- a/0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 81339347bc10ec609227361434f75c5e36b85b9f Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 12:43:48 +0100 -Subject: [PATCH 06/10] EFI: console: Do not set colorstate until the first - text output - -GRUB_MOD_INIT(normal) does an unconditional: - -grub_env_set ("color_normal", "light-gray/black"); - -which triggers a grub_term_setcolorstate() call. The original version -of the "efi/console: Do not set text-mode until we actually need it" patch: -https://lists.gnu.org/archive/html/grub-devel/2018-03/msg00125.html - -Protected against this by caching the requested state in -grub_console_setcolorstate () and then only applying it when the first -text output actually happens. During refactoring to move the -grub_console_setcolorstate () up higher in the grub-core/term/efi/console.c -file the code to cache the color-state + bail early was accidentally -dropped. - -Restore the cache the color-state + bail early behavior from the original. - -Cc: Javier Martinez Canillas -Fixes: 2d7c3abd871f ("efi/console: Do not set text-mode until we actually need it") -Signed-off-by: Hans de Goede ---- - grub-core/term/efi/console.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c -index 2f1ae85ba7..c44b2ac318 100644 ---- a/grub-core/term/efi/console.c -+++ b/grub-core/term/efi/console.c -@@ -82,6 +82,16 @@ grub_console_setcolorstate (struct grub_term_output *term - { - grub_efi_simple_text_output_interface_t *o; - -+ if (grub_efi_is_finished || text_mode != GRUB_TEXT_MODE_AVAILABLE) -+ { -+ /* -+ * Cache colorstate changes before the first text-output, this avoids -+ * "color_normal" environment writes causing a switch to textmode. -+ */ -+ text_colorstate = state; -+ return; -+ } -+ - if (grub_efi_is_finished) - return; - --- -2.34.1 - diff --git a/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch b/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch index 306205e..776ba7a 100644 --- a/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch +++ b/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch @@ -21,11 +21,9 @@ Signed-off-by: Ken Lin include/grub/net.h | 1 + 2 files changed, 66 insertions(+), 2 deletions(-) -Index: grub-2.06~rc1/grub-core/net/bootp.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/net/bootp.c -+++ grub-2.06~rc1/grub-core/net/bootp.c -@@ -351,6 +351,53 @@ grub_net_configure_by_dhcp_ack (const ch +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -352,6 +352,53 @@ if (!inter) return 0; @@ -79,7 +77,7 @@ Index: grub-2.06~rc1/grub-core/net/bootp.c opt = find_dhcp_option (bp, size, GRUB_NET_DHCP_OVERLOAD, &opt_len); if (opt && opt_len == 1) overload = *opt; -@@ -427,6 +474,8 @@ grub_net_configure_by_dhcp_ack (const ch +@@ -428,6 +475,8 @@ } } @@ -88,11 +86,9 @@ Index: grub-2.06~rc1/grub-core/net/bootp.c if (boot_file) { grub_env_set_net_property (name, "boot_file", boot_file, boot_file_len); -Index: grub-2.06~rc1/include/grub/net.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/net.h -+++ grub-2.06~rc1/include/grub/net.h -@@ -528,6 +528,7 @@ enum +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -530,6 +530,7 @@ GRUB_NET_DHCP_MESSAGE_TYPE = 53, GRUB_NET_DHCP_SERVER_IDENTIFIER = 54, GRUB_NET_DHCP_PARAMETER_REQUEST_LIST = 55, diff --git a/0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch b/0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch deleted file mode 100644 index 91fb26d..0000000 --- a/0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch +++ /dev/null @@ -1,252 +0,0 @@ -From 0a5619abd170b3ad43e44cb8036062506d8623cc Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:55 -0600 -Subject: [PATCH 06/14] cryptodisk: Add infrastructure to pass data from - cryptomount to cryptodisk modules - -Previously, the cryptomount arguments were passed by global variable and -function call argument, neither of which are ideal. This change passes data -via a grub_cryptomount_args struct, which can be added to over time as -opposed to continually adding arguments to the cryptodisk scan and -recover_key. - -As an example, passing a password as a cryptomount argument is implemented. -However, the backends are not implemented, so testing this will return a not -implemented error. - -Also, add comments to cryptomount argument parsing to make it more obvious -which argument states are being handled. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 31 +++++++++++++++++++++---------- - grub-core/disk/geli.c | 6 +++++- - grub-core/disk/luks.c | 7 ++++++- - grub-core/disk/luks2.c | 7 ++++++- - include/grub/cryptodisk.h | 9 ++++++++- - 5 files changed, 46 insertions(+), 14 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 5a9780b14c..14c661a86e 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] = - /* TRANSLATORS: It's still restricted to cryptodisks only. */ - {"all", 'a', 0, N_("Mount all."), 0, 0}, - {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0}, -+ {"password", 'p', 0, N_("Password to open volumes."), 0, ARG_TYPE_STRING}, - {0, 0, 0, 0, 0, 0} - }; - -@@ -996,7 +997,9 @@ cryptodisk_close (grub_cryptodisk_t dev) - } - - static grub_cryptodisk_t --grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) -+grub_cryptodisk_scan_device_real (const char *name, -+ grub_disk_t source, -+ grub_cryptomount_args_t cargs) - { - grub_err_t err; - grub_cryptodisk_t dev; -@@ -1015,7 +1018,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) - if (!dev) - continue; - -- err = cr->recover_key (source, dev); -+ err = cr->recover_key (source, dev, cargs); - if (err) - { - cryptodisk_close (dev); -@@ -1080,11 +1083,12 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat) - - static int - grub_cryptodisk_scan_device (const char *name, -- void *data __attribute__ ((unused))) -+ void *data) - { - int ret = 0; - grub_disk_t source; - grub_cryptodisk_t dev; -+ grub_cryptomount_args_t cargs = data; - grub_errno = GRUB_ERR_NONE; - - /* Try to open disk. */ -@@ -1095,7 +1099,7 @@ grub_cryptodisk_scan_device (const char *name, - return 0; - } - -- dev = grub_cryptodisk_scan_device_real (name, source); -+ dev = grub_cryptodisk_scan_device_real (name, source, cargs); - if (dev) - { - ret = (search_uuid != NULL && grub_strcasecmp (search_uuid, dev->uuid) == 0); -@@ -1124,6 +1128,7 @@ static grub_err_t - grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - { - struct grub_arg_list *state = ctxt->state; -+ struct grub_cryptomount_args cargs = {0}; - - if (argc < 1 && !state[1].set && !state[2].set) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); -@@ -1131,7 +1136,13 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - if (grub_cryptodisk_list == NULL) - return grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk modules loaded"); - -- if (state[0].set) -+ if (state[3].set) /* password */ -+ { -+ cargs.key_data = (grub_uint8_t *) state[3].arg; -+ cargs.key_len = grub_strlen (state[3].arg); -+ } -+ -+ if (state[0].set) /* uuid */ - { - int found_uuid; - grub_cryptodisk_t dev; -@@ -1146,7 +1157,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - - check_boot = state[2].set; - search_uuid = args[0]; -- found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, NULL); -+ found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, &cargs); - search_uuid = NULL; - - if (found_uuid) -@@ -1163,11 +1174,11 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - } - return grub_errno; - } -- else if (state[1].set || (argc == 0 && state[2].set)) -+ else if (state[1].set || (argc == 0 && state[2].set)) /* -a|-b */ - { - search_uuid = NULL; - check_boot = state[2].set; -- grub_device_iterate (&grub_cryptodisk_scan_device, NULL); -+ grub_device_iterate (&grub_cryptodisk_scan_device, &cargs); - search_uuid = NULL; - return GRUB_ERR_NONE; - } -@@ -1208,7 +1219,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - return GRUB_ERR_NONE; - } - -- dev = grub_cryptodisk_scan_device_real (diskname, disk); -+ dev = grub_cryptodisk_scan_device_real (diskname, disk, &cargs); - - grub_disk_close (disk); - if (disklast) -@@ -1347,7 +1358,7 @@ GRUB_MOD_INIT (cryptodisk) - { - grub_disk_dev_register (&grub_cryptodisk_dev); - cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0, -- N_("SOURCE|-u UUID|-a|-b"), -+ N_("[-p password] "), - N_("Mount a crypto device."), options); - grub_procfs_register ("luks_script", &luks_script); - } -diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c -index 2f34a35e6b..777da3a055 100644 ---- a/grub-core/disk/geli.c -+++ b/grub-core/disk/geli.c -@@ -398,7 +398,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - } - - static grub_err_t --recover_key (grub_disk_t source, grub_cryptodisk_t dev) -+recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_args_t cargs) - { - grub_size_t keysize; - grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN]; -@@ -414,6 +414,10 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev) - grub_disk_addr_t sector; - grub_err_t err; - -+ /* Keyfiles are not implemented yet */ -+ if (cargs->key_data != NULL || cargs->key_len) -+ return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ - if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE) - return grub_error (GRUB_ERR_BUG, "cipher block is too long"); - -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 13103ea6a2..c5858fcf8a 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -152,7 +152,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - - static grub_err_t - luks_recover_key (grub_disk_t source, -- grub_cryptodisk_t dev) -+ grub_cryptodisk_t dev, -+ grub_cryptomount_args_t cargs) - { - struct grub_luks_phdr header; - grub_size_t keysize; -@@ -165,6 +166,10 @@ luks_recover_key (grub_disk_t source, - grub_size_t max_stripes = 1; - char *tmp; - -+ /* Keyfiles are not implemented yet */ -+ if (cargs->key_data != NULL || cargs->key_len) -+ return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ - err = grub_disk_read (source, 0, 0, sizeof (header), &header); - if (err) - return err; -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index fea196dd4a..2cbec8acc2 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -545,7 +545,8 @@ luks2_decrypt_key (grub_uint8_t *out_key, - - static grub_err_t - luks2_recover_key (grub_disk_t source, -- grub_cryptodisk_t crypt) -+ grub_cryptodisk_t crypt, -+ grub_cryptomount_args_t cargs) - { - grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN]; - char passphrase[MAX_PASSPHRASE], cipher[32]; -@@ -559,6 +560,10 @@ luks2_recover_key (grub_disk_t source, - grub_json_t *json = NULL, keyslots; - grub_err_t ret; - -+ /* Keyfiles are not implemented yet */ -+ if (cargs->key_data != NULL || cargs->key_len) -+ return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ - ret = luks2_read_header (source, &header); - if (ret) - return ret; -diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h -index dcf17fbb3a..282f8ac456 100644 ---- a/include/grub/cryptodisk.h -+++ b/include/grub/cryptodisk.h -@@ -66,6 +66,13 @@ typedef gcry_err_code_t - (*grub_cryptodisk_rekey_func_t) (struct grub_cryptodisk *dev, - grub_uint64_t zoneno); - -+struct grub_cryptomount_args -+{ -+ grub_uint8_t *key_data; -+ grub_size_t key_len; -+}; -+typedef struct grub_cryptomount_args *grub_cryptomount_args_t; -+ - struct grub_cryptodisk - { - struct grub_cryptodisk *next; -@@ -119,7 +126,7 @@ struct grub_cryptodisk_dev - - grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid, - int boot_only); -- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev); -+ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_cryptomount_args_t cargs); - }; - typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t; - --- -2.34.1 - diff --git a/0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch b/0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch index 4174b9f..27b63f5 100644 --- a/0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch +++ b/0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch @@ -13,11 +13,9 @@ Signed-off-by: Daniel Axtens docs/grub.texi | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) -diff --git a/docs/grub.texi b/docs/grub.texi -index b1d808d93..dc1c58304 100644 --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -6074,6 +6074,48 @@ image works under UEFI secure boot and can maintain the secure-boot chain. It +@@ -6606,6 +6606,48 @@ will also be necessary to enrol the public key used into a relevant firmware key database. @@ -66,6 +64,3 @@ index b1d808d93..dc1c58304 100644 @node Platform limitations @chapter Platform limitations --- -2.31.1 - diff --git a/0006-font-Fix-integer-overflow-in-BMP-index.patch b/0006-font-Fix-integer-overflow-in-BMP-index.patch deleted file mode 100644 index 8675f1d..0000000 --- a/0006-font-Fix-integer-overflow-in-BMP-index.patch +++ /dev/null @@ -1,65 +0,0 @@ -From a97e0ae72604fbd4ebea854ffee127ed59b10f75 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Mon, 15 Aug 2022 02:04:58 +0800 -Subject: [PATCH 06/12] font: Fix integer overflow in BMP index - -The BMP index (font->bmp_idx) is designed as a reverse lookup table of -char entries (font->char_index), in order to speed up lookups for BMP -chars (i.e. code < 0x10000). The values in BMP index are the subscripts -of the corresponding char entries, stored in grub_uint16_t, while 0xffff -means not found. - -This patch fixes the problem of large subscript truncated to grub_uint16_t, -leading BMP index to return wrong char entry or report false miss. The -code now checks for bounds and uses BMP index as a hint, and fallbacks -to binary-search if necessary. - -On the occasion add a comment about BMP index is initialized to 0xffff. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index d0e634040..b208a2871 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -300,6 +300,8 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct - font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); - if (!font->bmp_idx) - return 1; -+ -+ /* Init the BMP index array to 0xffff. */ - grub_memset (font->bmp_idx, 0xff, 0x10000 * sizeof (grub_uint16_t)); - - -@@ -328,7 +330,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct - return 1; - } - -- if (entry->code < 0x10000) -+ if (entry->code < 0x10000 && i < 0xffff) - font->bmp_idx[entry->code] = i; - - last_code = entry->code; -@@ -696,9 +698,12 @@ find_glyph (const grub_font_t font, grub_uint32_t code) - /* Use BMP index if possible. */ - if (code < 0x10000 && font->bmp_idx) - { -- if (font->bmp_idx[code] == 0xffff) -- return 0; -- return &table[font->bmp_idx[code]]; -+ if (font->bmp_idx[code] < 0xffff) -+ return &table[font->bmp_idx[code]]; -+ /* -+ * When we are here then lookup in BMP index result in miss, -+ * fallthough to binary-search. -+ */ - } - - /* Do a binary search in `char_index', which is ordered by code point. */ --- -2.35.3 - diff --git a/0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch b/0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch deleted file mode 100644 index 4274096..0000000 --- a/0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 77a70351615e0b6e66d663e063e9b4ba8ae129a0 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 25 Jun 2021 02:19:05 +1000 -Subject: [PATCH 06/32] kern/file: Do not leak device_name on error in - grub_file_open() - -If we have an error in grub_file_open() before we free device_name, we -will leak it. - -Free device_name in the error path and null out the pointer in the good -path once we free it there. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/kern/file.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index 58454458c4..ffdcaba05f 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -79,6 +79,7 @@ grub_file_open (const char *name, enum grub_file_type type) - - device = grub_device_open (device_name); - grub_free (device_name); -+ device_name = NULL; - if (! device) - goto fail; - -@@ -131,6 +132,7 @@ grub_file_open (const char *name, enum grub_file_type type) - return file; - - fail: -+ grub_free (device_name); - if (device) - grub_device_close (device); - --- -2.34.1 - diff --git a/0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch b/0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch deleted file mode 100644 index 531bec5..0000000 --- a/0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 9b12dc80d4254e22c41805cecf2494a8e6a50e3e Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 12:43:49 +0100 -Subject: [PATCH 07/10] EFI: console: Do not set cursor until the first text - output - -To allow flickerfree boot the EFI console code does not call -grub_efi_set_text_mode (1) until some text is actually output. - -Depending on if the output text is because of an error loading -e.g. the .cfg file; or because of showing the menu the cursor needs -to be on or off when the first text is shown. - -So far the cursor was hardcoded to being on, but this is causing -drawing artifacts + slow drawing of the menu as reported here: -https://bugzilla.redhat.com/show_bug.cgi?id=1946969 - -Handle the cursorstate in the same way as the colorstate to fix this, -when no text has been output yet, just cache the cursorstate and -then use the last set value when the first text is output. - -Fixes: 2d7c3abd871f ("efi/console: Do not set text-mode until we actually need it") -Signed-off-by: Hans de Goede ---- - grub-core/term/efi/console.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c -index c44b2ac318..a3622e4fe5 100644 ---- a/grub-core/term/efi/console.c -+++ b/grub-core/term/efi/console.c -@@ -31,7 +31,15 @@ typedef enum { - } - grub_text_mode; - -+typedef enum { -+ GRUB_CURSOR_MODE_UNDEFINED = -1, -+ GRUB_CURSOR_MODE_OFF = 0, -+ GRUB_CURSUR_MODE_ON -+} -+grub_cursor_mode; -+ - static grub_text_mode text_mode = GRUB_TEXT_MODE_UNDEFINED; -+static grub_cursor_mode cursor_mode = GRUB_CURSOR_MODE_UNDEFINED; - static grub_term_color_state text_colorstate = GRUB_TERM_COLOR_UNDEFINED; - - static grub_uint32_t -@@ -119,8 +127,12 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), - { - grub_efi_simple_text_output_interface_t *o; - -- if (grub_efi_is_finished) -- return; -+ if (grub_efi_is_finished || text_mode != GRUB_TEXT_MODE_AVAILABLE) -+ { -+ /* Cache cursor changes before the first text-output */ -+ cursor_mode = on; -+ return; -+ } - - o = grub_efi_system_table->con_out; - efi_call_2 (o->enable_cursor, o, on); -@@ -143,7 +155,8 @@ grub_prepare_for_text_output (struct grub_term_output *term) - return GRUB_ERR_BAD_DEVICE; - } - -- grub_console_setcursor (term, 1); -+ if (cursor_mode != GRUB_CURSOR_MODE_UNDEFINED) -+ grub_console_setcursor (term, cursor_mode); - if (text_colorstate != GRUB_TERM_COLOR_UNDEFINED) - grub_console_setcolorstate (term, text_colorstate); - text_mode = GRUB_TEXT_MODE_AVAILABLE; --- -2.34.1 - diff --git a/0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch b/0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch deleted file mode 100644 index 8f93c9a..0000000 --- a/0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch +++ /dev/null @@ -1,342 +0,0 @@ -From a3ae3f800f6aa3f6036351133ed69fa47c9fa371 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:56 -0600 -Subject: [PATCH 07/14] cryptodisk: Refactor password input out of crypto dev - modules into cryptodisk - -The crypto device modules should only be setting up the crypto devices and -not getting user input. This has the added benefit of simplifying the code -such that three essentially duplicate pieces of code are merged into one. - -Add documentation of passphrase option for cryptomount as it is now usable. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 8 ++++-- - grub-core/disk/cryptodisk.c | 56 +++++++++++++++++++++++++++++-------- - grub-core/disk/geli.c | 26 ++++------------- - grub-core/disk/luks.c | 27 +++--------------- - grub-core/disk/luks2.c | 25 +++-------------- - include/grub/cryptodisk.h | 1 + - 6 files changed, 64 insertions(+), 79 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index f4794fddac..4504bcabec 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -4310,9 +4310,11 @@ Alias for @code{hashsum --hash crc32 arg @dots{}}. See command @command{hashsum} - @node cryptomount - @subsection cryptomount - --@deffn Command cryptomount device|@option{-u} uuid|@option{-a}|@option{-b} --Setup access to encrypted device. If necessary, passphrase --is requested interactively. Option @var{device} configures specific grub device -+@deffn Command cryptomount [@option{-p} password] device|@option{-u} uuid|@option{-a}|@option{-b} -+Setup access to encrypted device. If @option{-p} is not given, a passphrase -+is requested interactively. Otherwise, the given @var{password} will be used and -+no passphrase will be requested interactively. -+Option @var{device} configures specific grub device - (@pxref{Naming convention}); option @option{-u} @var{uuid} configures device - with specified @var{uuid}; option @option{-a} configures all detected encrypted - devices; option @option{-b} configures all geli containers that have boot flag set. -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 14c661a86e..d12368a1f7 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1001,9 +1001,11 @@ grub_cryptodisk_scan_device_real (const char *name, - grub_disk_t source, - grub_cryptomount_args_t cargs) - { -- grub_err_t err; -+ grub_err_t ret = GRUB_ERR_NONE; - grub_cryptodisk_t dev; - grub_cryptodisk_dev_t cr; -+ int askpass = 0; -+ char *part = NULL; - - dev = grub_cryptodisk_get_by_source_disk (source); - -@@ -1017,21 +1019,53 @@ grub_cryptodisk_scan_device_real (const char *name, - return NULL; - if (!dev) - continue; -- -- err = cr->recover_key (source, dev, cargs); -- if (err) -- { -- cryptodisk_close (dev); -- return NULL; -- } -+ -+ if (!cargs->key_len) -+ { -+ /* Get the passphrase from the user, if no key data. */ -+ askpass = 1; -+ if (source->partition != NULL) -+ part = grub_partition_get_name (source->partition); -+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -+ source->partition != NULL ? "," : "", -+ part != NULL ? part : "", -+ dev->uuid); -+ grub_free (part); -+ -+ cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE); -+ if (cargs->key_data == NULL) -+ return NULL; -+ -+ if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE)) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied"); -+ goto error; -+ } -+ cargs->key_len = grub_strlen ((char *) cargs->key_data); -+ } -+ -+ ret = cr->recover_key (source, dev, cargs); -+ if (ret != GRUB_ERR_NONE) -+ goto error; - - grub_cryptodisk_insert (dev, name, source); - -- return dev; -+ goto cleanup; - } -- - grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk module can handle this device"); -- return NULL; -+ goto cleanup; -+ -+ error: -+ cryptodisk_close (dev); -+ dev = NULL; -+ -+ cleanup: -+ if (askpass) -+ { -+ cargs->key_len = 0; -+ grub_free (cargs->key_data); -+ } -+ return dev; - } - - #ifdef GRUB_UTIL -diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c -index 777da3a055..7299a47d19 100644 ---- a/grub-core/disk/geli.c -+++ b/grub-core/disk/geli.c -@@ -135,8 +135,6 @@ const char *algorithms[] = { - [0x16] = "aes" - }; - --#define MAX_PASSPHRASE 256 -- - static gcry_err_code_t - geli_rekey (struct grub_cryptodisk *dev, grub_uint64_t zoneno) - { -@@ -406,17 +404,14 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_args_t - grub_uint8_t verify_key[GRUB_CRYPTO_MAX_MDLEN]; - grub_uint8_t zero[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE]; - grub_uint8_t geli_cipher_key[64]; -- char passphrase[MAX_PASSPHRASE] = ""; - unsigned i; - gcry_err_code_t gcry_err; - struct grub_geli_phdr header; -- char *tmp; - grub_disk_addr_t sector; - grub_err_t err; - -- /* Keyfiles are not implemented yet */ -- if (cargs->key_data != NULL || cargs->key_len) -- return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ if (cargs->key_data == NULL || cargs->key_len == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data"); - - if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE) - return grub_error (GRUB_ERR_BUG, "cipher block is too long"); -@@ -438,23 +433,12 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_args_t - - grub_puts_ (N_("Attempting to decrypt master key...")); - -- /* Get the passphrase from the user. */ -- tmp = NULL; -- if (source->partition) -- tmp = grub_partition_get_name (source->partition); -- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -- source->partition ? "," : "", tmp ? : "", -- dev->uuid); -- grub_free (tmp); -- if (!grub_password_get (passphrase, MAX_PASSPHRASE)) -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -- - /* Calculate the PBKDF2 of the user supplied passphrase. */ - if (grub_le_to_cpu32 (header.niter) != 0) - { - grub_uint8_t pbkdf_key[64]; -- gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase, -- grub_strlen (passphrase), -+ gcry_err = grub_crypto_pbkdf2 (dev->hash, cargs->key_data, -+ cargs->key_len, - header.salt, - sizeof (header.salt), - grub_le_to_cpu32 (header.niter), -@@ -477,7 +461,7 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_args_t - return grub_crypto_gcry_error (GPG_ERR_OUT_OF_MEMORY); - - grub_crypto_hmac_write (hnd, header.salt, sizeof (header.salt)); -- grub_crypto_hmac_write (hnd, passphrase, grub_strlen (passphrase)); -+ grub_crypto_hmac_write (hnd, cargs->key_data, cargs->key_len); - - gcry_err = grub_crypto_hmac_fini (hnd, geomkey); - if (gcry_err) -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index c5858fcf8a..39a7af6a43 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -29,8 +29,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define MAX_PASSPHRASE 256 -- - #define LUKS_KEY_ENABLED 0x00AC71F3 - - /* On disk LUKS header */ -@@ -158,17 +156,14 @@ luks_recover_key (grub_disk_t source, - struct grub_luks_phdr header; - grub_size_t keysize; - grub_uint8_t *split_key = NULL; -- char passphrase[MAX_PASSPHRASE] = ""; - grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; - unsigned i; - grub_size_t length; - grub_err_t err; - grub_size_t max_stripes = 1; -- char *tmp; - -- /* Keyfiles are not implemented yet */ -- if (cargs->key_data != NULL || cargs->key_len) -- return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ if (cargs->key_data == NULL || cargs->key_len == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data"); - - err = grub_disk_read (source, 0, 0, sizeof (header), &header); - if (err) -@@ -188,20 +183,6 @@ luks_recover_key (grub_disk_t source, - if (!split_key) - return grub_errno; - -- /* Get the passphrase from the user. */ -- tmp = NULL; -- if (source->partition) -- tmp = grub_partition_get_name (source->partition); -- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -- source->partition ? "," : "", tmp ? : "", -- dev->uuid); -- grub_free (tmp); -- if (!grub_password_get (passphrase, MAX_PASSPHRASE)) -- { -- grub_free (split_key); -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -- } -- - /* Try to recover master key from each active keyslot. */ - for (i = 0; i < ARRAY_SIZE (header.keyblock); i++) - { -@@ -216,8 +197,8 @@ luks_recover_key (grub_disk_t source, - grub_dprintf ("luks", "Trying keyslot %d\n", i); - - /* Calculate the PBKDF2 of the user supplied passphrase. */ -- gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase, -- grub_strlen (passphrase), -+ gcry_err = grub_crypto_pbkdf2 (dev->hash, cargs->key_data, -+ cargs->key_len, - header.keyblock[i].passwordSalt, - sizeof (header.keyblock[i].passwordSalt), - grub_be_to_cpu32 (header.keyblock[i]. -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index 2cbec8acc2..09740b53f9 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -35,8 +35,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define LUKS_MAGIC_1ST "LUKS\xBA\xBE" - #define LUKS_MAGIC_2ND "SKUL\xBA\xBE" - --#define MAX_PASSPHRASE 256 -- - enum grub_luks2_kdf_type - { - LUKS2_KDF_TYPE_ARGON2I, -@@ -549,8 +547,7 @@ luks2_recover_key (grub_disk_t source, - grub_cryptomount_args_t cargs) - { - grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN]; -- char passphrase[MAX_PASSPHRASE], cipher[32]; -- char *json_header = NULL, *part = NULL, *ptr; -+ char cipher[32], *json_header = NULL, *ptr; - grub_size_t candidate_key_len = 0, json_idx, size; - grub_luks2_header_t header; - grub_luks2_keyslot_t keyslot; -@@ -560,9 +557,8 @@ luks2_recover_key (grub_disk_t source, - grub_json_t *json = NULL, keyslots; - grub_err_t ret; - -- /* Keyfiles are not implemented yet */ -- if (cargs->key_data != NULL || cargs->key_len) -- return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ if (cargs->key_data == NULL || cargs->key_len == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data"); - - ret = luks2_read_header (source, &header); - if (ret) -@@ -589,18 +585,6 @@ luks2_recover_key (grub_disk_t source, - goto err; - } - -- /* Get the passphrase from the user. */ -- if (source->partition) -- part = grub_partition_get_name (source->partition); -- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -- source->partition ? "," : "", part ? : "", -- crypt->uuid); -- if (!grub_password_get (passphrase, MAX_PASSPHRASE)) -- { -- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -- goto err; -- } -- - if (grub_json_getvalue (&keyslots, json, "keyslots") || - grub_json_getsize (&size, &keyslots)) - { -@@ -725,7 +709,7 @@ luks2_recover_key (grub_disk_t source, - } - - ret = luks2_decrypt_key (candidate_key, source, crypt, &keyslot, -- (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); -+ cargs->key_data, cargs->key_len); - if (ret) - { - grub_dprintf ("luks2", "Decryption with keyslot \"%" PRIuGRUB_UINT64_T "\" failed: %s\n", -@@ -777,7 +761,6 @@ luks2_recover_key (grub_disk_t source, - } - - err: -- grub_free (part); - grub_free (json_header); - grub_json_free (json); - return ret; -diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h -index 282f8ac456..5bd970692f 100644 ---- a/include/grub/cryptodisk.h -+++ b/include/grub/cryptodisk.h -@@ -59,6 +59,7 @@ typedef enum - #define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3) - #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES) - #define GRUB_CRYPTODISK_MAX_KEYLEN 128 -+#define GRUB_CRYPTODISK_MAX_PASSPHRASE 256 - - struct grub_cryptodisk; - --- -2.34.1 - diff --git a/0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch b/0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch index 652ad1a..f4b7f27 100644 --- a/0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch +++ b/0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch @@ -16,11 +16,9 @@ Signed-off-by: Daniel Axtens include/grub/dl.h | 11 +++++++++++ 1 file changed, 11 insertions(+) -diff --git a/include/grub/dl.h b/include/grub/dl.h -index b3753c9ca..5decbe2f2 100644 --- a/include/grub/dl.h +++ b/include/grub/dl.h -@@ -243,11 +243,22 @@ grub_dl_get (const char *name) +@@ -242,11 +242,22 @@ return 0; } @@ -43,6 +41,3 @@ index b3753c9ca..5decbe2f2 100644 static inline int grub_dl_is_persistent (grub_dl_t mod) --- -2.31.1 - diff --git a/0007-efinet-Setting-network-from-UEFI-device-path.patch b/0007-efinet-Setting-network-from-UEFI-device-path.patch index 5bcc72c..45feed6 100644 --- a/0007-efinet-Setting-network-from-UEFI-device-path.patch +++ b/0007-efinet-Setting-network-from-UEFI-device-path.patch @@ -31,8 +31,6 @@ Signed-off-by: Ken Lin include/grub/efi/api.h | 11 ++ 2 files changed, 270 insertions(+), 9 deletions(-) -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index fc90415..2d3b00f 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -23,6 +23,7 @@ @@ -43,7 +41,7 @@ index fc90415..2d3b00f 100644 GRUB_MOD_LICENSE ("GPLv3+"); -@@ -324,6 +325,221 @@ grub_efinet_findcards (void) +@@ -341,6 +342,221 @@ grub_free (handles); } @@ -265,7 +263,7 @@ index fc90415..2d3b00f 100644 static void grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, char **path) -@@ -340,6 +556,11 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, +@@ -361,6 +577,11 @@ grub_efi_device_path_t *cdp; struct grub_efi_pxe *pxe; struct grub_efi_pxe_mode *pxe_mode; @@ -277,7 +275,7 @@ index fc90415..2d3b00f 100644 if (card->driver != &efidriver) continue; cdp = grub_efi_get_device_path (card->efi_handle); -@@ -359,11 +580,21 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, +@@ -380,11 +601,21 @@ ldp = grub_efi_find_last_device_path (dp); if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE @@ -300,7 +298,7 @@ index fc90415..2d3b00f 100644 dup_ldp = grub_efi_find_last_device_path (dup_dp); dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -@@ -375,16 +606,31 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, +@@ -396,16 +627,31 @@ } pxe = grub_efi_open_protocol (hnd, &pxe_io_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); @@ -338,15 +336,20 @@ index fc90415..2d3b00f 100644 1, device, path); if (grub_errno) grub_print_error (); -@@ -393,10 +639,14 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, +@@ -414,8 +660,8 @@ { - grub_net_configure_by_dhcp_ack (card->name, card, 0, - (struct grub_net_bootp_packet *) -- &pxe_mode->dhcp_ack, -- sizeof (pxe_mode->dhcp_ack), -+ packet_buf, -+ packet_bufsz, - 1, device, path); + inter = grub_net_configure_by_dhcp_ack (card->name, card, 0, + (struct grub_net_bootp_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), ++ packet_buf, ++ packet_bufsz, + 1, device, path); + + if (inter != NULL) +@@ -441,6 +687,10 @@ + } + } } + + if (nb) @@ -355,11 +358,9 @@ index fc90415..2d3b00f 100644 return; } } -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 92f9b5a..d5a1256 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h -@@ -825,6 +825,8 @@ struct grub_efi_ipv4_device_path +@@ -876,6 +876,8 @@ grub_efi_uint16_t remote_port; grub_efi_uint16_t protocol; grub_efi_uint8_t static_ip_address; @@ -368,9 +369,9 @@ index 92f9b5a..d5a1256 100644 } GRUB_PACKED; typedef struct grub_efi_ipv4_device_path grub_efi_ipv4_device_path_t; -@@ -879,6 +881,15 @@ struct grub_efi_sata_device_path +@@ -939,6 +941,15 @@ } GRUB_PACKED; - typedef struct grub_efi_sata_device_path grub_efi_sata_device_path_t; + typedef struct grub_efi_vlan_device_path grub_efi_vlan_device_path_t; +#define GRUB_EFI_URI_DEVICE_PATH_SUBTYPE 24 + @@ -384,6 +385,3 @@ index 92f9b5a..d5a1256 100644 #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 /* Media Device Path. */ --- -2.6.6 - diff --git a/0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch b/0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch deleted file mode 100644 index 9408bc9..0000000 --- a/0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 926f1515608e14c0592fc61a8ef37392d7020ca3 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Sun, 14 Aug 2022 18:09:38 +0800 -Subject: [PATCH 07/12] font: Fix integer underflow in binary search of char - index - -If search target is less than all entries in font->index then "hi" -variable is set to -1, which translates to SIZE_MAX and leads to errors. - -This patch fixes the problem by replacing the entire binary search code -with the libstdc++'s std::lower_bound() implementation. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 40 ++++++++++++++++++++++------------------ - 1 file changed, 22 insertions(+), 18 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index b208a2871..193dfec04 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -688,12 +688,12 @@ read_be_int16 (grub_file_t file, grub_int16_t * value) - static inline struct char_index_entry * - find_glyph (const grub_font_t font, grub_uint32_t code) - { -- struct char_index_entry *table; -- grub_size_t lo; -- grub_size_t hi; -- grub_size_t mid; -+ struct char_index_entry *table, *first, *end; -+ grub_size_t len; - - table = font->char_index; -+ if (table == NULL) -+ return NULL; - - /* Use BMP index if possible. */ - if (code < 0x10000 && font->bmp_idx) -@@ -706,25 +706,29 @@ find_glyph (const grub_font_t font, grub_uint32_t code) - */ - } - -- /* Do a binary search in `char_index', which is ordered by code point. */ -- lo = 0; -- hi = font->num_chars - 1; -- -- if (!table) -- return 0; -+ /* -+ * Do a binary search in char_index which is ordered by code point. -+ * The code below is the same as libstdc++'s std::lower_bound(). -+ */ -+ first = table; -+ len = font->num_chars; -+ end = first + len; - -- while (lo <= hi) -+ while (len > 0) - { -- mid = lo + (hi - lo) / 2; -- if (code < table[mid].code) -- hi = mid - 1; -- else if (code > table[mid].code) -- lo = mid + 1; -+ grub_size_t half = len >> 1; -+ struct char_index_entry *middle = first + half; -+ -+ if (middle->code < code) -+ { -+ first = middle + 1; -+ len = len - half - 1; -+ } - else -- return &table[mid]; -+ len = half; - } - -- return 0; -+ return (first < end && first->code == code) ? first : NULL; - } - - /* Get a glyph for the Unicode character CODE in FONT. The glyph is loaded --- -2.35.3 - diff --git a/0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch b/0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch deleted file mode 100644 index bcc2a0d..0000000 --- a/0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +++ /dev/null @@ -1,201 +0,0 @@ -From 9db9558e1c75d47beca7ba378a99471c57729be5 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 14:02:55 +1000 -Subject: [PATCH 07/32] video/readers/png: Abort sooner if a read operation - fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++----- - 1 file changed, 47 insertions(+), 8 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 54dfedf435..d715c4629f 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -142,6 +142,7 @@ static grub_uint8_t - grub_png_get_byte (struct grub_png_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read = 0; - - if ((data->inside_idat) && (data->idat_remain == 0)) - { -@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data) - } - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: unexpected end of data"); -+ return 0; -+ } - - if (data->inside_idat) - data->idat_remain--; -@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data, - if (len == 0) - return GRUB_ERR_NONE; - -- for (i = 0; 3 * i < len && i < 256; i++) -+ grub_errno = GRUB_ERR_NONE; -+ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++) - for (j = 0; j < 3; j++) - data->palette[i][j] = grub_png_get_byte (data); -- for (i *= 3; i < len; i++) -+ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++) - grub_png_get_byte (data); - - grub_png_get_dword (data); - -- return GRUB_ERR_NONE; -+ return grub_errno; - } - - static grub_err_t -@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); - - color_bits = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - data->is_16bit = (color_bits == 16); - - color_type = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - /* According to PNG spec, no other types are valid. */ - if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR)) -@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data) - if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: compression method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: filter method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (grub_png_get_byte (data) != PNG_INTERLACE_NONE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: interlace method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - /* Skip crc checksum. */ - grub_png_get_dword (data); -@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht) - int code, i; - - code = 0; -- for (i = 0; i < ht->max_length; i++) -+ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++) - { - code = (code << 1) + grub_png_get_bits (data, 1); - if (code < ht->maxval[i]) -@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data) - grub_uint8_t lens[DEFLATE_HCLEN_MAX]; - - nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) || - (nb > DEFLATE_HCLEN_MAX)) -@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data) - data->dist_offset); - - prev = 0; -- for (i = 0; i < nl + nd; i++) -+ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++) - { - int n, code; - struct huff_table *ht; -@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - len = cplens[n]; - if (cplext[n]) - len += grub_png_get_bits (data, cplext[n]); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - n = grub_png_get_huff_code (data, &data->dist_table); - dist = cpdist[n]; - if (cpdext[n]) - dist += grub_png_get_bits (data, cpdext[n]); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - pos = data->wp - dist; - if (pos < 0) - pos += WSIZE; - -- while (len > 0) -+ while (len > 0 && grub_errno == GRUB_ERR_NONE) - { - data->slide[data->wp] = data->slide[pos]; - grub_png_output_byte (data, data->slide[data->wp]); -@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data) - int final; - - cmf = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - flg = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if ((cmf & 0xF) != Z_DEFLATED) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, -@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data) - int block_type; - - final = grub_png_get_bits (data, 1); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - block_type = grub_png_get_bits (data, 2); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - switch (block_type) - { -@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data) - grub_png_get_byte (data); - grub_png_get_byte (data); - -- for (i = 0; i < len; i++) -+ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++) - grub_png_output_byte (data, grub_png_get_byte (data)); - - break; -@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data) - - len = grub_png_get_dword (data); - type = grub_png_get_dword (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ break; - data->next_offset = data->file->offset + len + 4; - - switch (type) --- -2.34.1 - diff --git a/0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch b/0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch deleted file mode 100644 index b40f35f..0000000 --- a/0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 5323778d84a7289acba0e50d84fb1afd45fff596 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:57 -0600 -Subject: [PATCH 08/14] cryptodisk: Move global variables into - grub_cryptomount_args struct - -Note that cargs.search_uuid does not need to be initialized in various parts -of the cryptomount argument parsing, just once when cargs is declared with -a struct initializer. The previous code used a global variable which would -retain the value across cryptomount invocations. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 24 +++++++++--------------- - grub-core/disk/geli.c | 9 ++++----- - grub-core/disk/luks.c | 9 ++++----- - grub-core/disk/luks2.c | 8 ++++---- - include/grub/cryptodisk.h | 9 +++++++-- - 5 files changed, 28 insertions(+), 31 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index d12368a1f7..7ca880402d 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -984,9 +984,6 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk) - - #endif - --static int check_boot; --static char *search_uuid; -- - static void - cryptodisk_close (grub_cryptodisk_t dev) - { -@@ -1014,7 +1011,7 @@ grub_cryptodisk_scan_device_real (const char *name, - - FOR_CRYPTODISK_DEVS (cr) - { -- dev = cr->scan (source, search_uuid, check_boot); -+ dev = cr->scan (source, cargs); - if (grub_errno) - return NULL; - if (!dev) -@@ -1077,6 +1074,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat) - grub_cryptodisk_t dev; - grub_cryptodisk_dev_t cr; - grub_disk_t source; -+ struct grub_cryptomount_args cargs = {0}; - - /* Try to open disk. */ - source = grub_disk_open (sourcedev); -@@ -1093,7 +1091,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat) - - FOR_CRYPTODISK_DEVS (cr) - { -- dev = cr->scan (source, search_uuid, check_boot); -+ dev = cr->scan (source, &cargs); - if (grub_errno) - return grub_errno; - if (!dev) -@@ -1136,7 +1134,7 @@ grub_cryptodisk_scan_device (const char *name, - dev = grub_cryptodisk_scan_device_real (name, source, cargs); - if (dev) - { -- ret = (search_uuid != NULL && grub_strcasecmp (search_uuid, dev->uuid) == 0); -+ ret = (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, dev->uuid) == 0); - goto cleanup; - } - -@@ -1147,7 +1145,7 @@ grub_cryptodisk_scan_device (const char *name, - if (grub_errno == GRUB_ERR_BAD_MODULE) - grub_error_pop (); - -- if (search_uuid != NULL) -+ if (cargs->search_uuid != NULL) - /* Push error onto stack to save for cryptomount. */ - grub_error_push (); - else -@@ -1189,10 +1187,9 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - return GRUB_ERR_NONE; - } - -- check_boot = state[2].set; -- search_uuid = args[0]; -+ cargs.check_boot = state[2].set; -+ cargs.search_uuid = args[0]; - found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, &cargs); -- search_uuid = NULL; - - if (found_uuid) - return GRUB_ERR_NONE; -@@ -1210,10 +1207,8 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - } - else if (state[1].set || (argc == 0 && state[2].set)) /* -a|-b */ - { -- search_uuid = NULL; -- check_boot = state[2].set; -+ cargs.check_boot = state[2].set; - grub_device_iterate (&grub_cryptodisk_scan_device, &cargs); -- search_uuid = NULL; - return GRUB_ERR_NONE; - } - else -@@ -1224,8 +1219,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - char *disklast = NULL; - grub_size_t len; - -- search_uuid = NULL; -- check_boot = state[2].set; -+ cargs.check_boot = state[2].set; - diskname = args[0]; - len = grub_strlen (diskname); - if (len && diskname[0] == '(' && diskname[len - 1] == ')') -diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c -index 7299a47d19..23789c43f3 100644 ---- a/grub-core/disk/geli.c -+++ b/grub-core/disk/geli.c -@@ -240,8 +240,7 @@ grub_util_get_geli_uuid (const char *dev) - #endif - - static grub_cryptodisk_t --configure_ciphers (grub_disk_t disk, const char *check_uuid, -- int boot_only) -+configure_ciphers (grub_disk_t disk, grub_cryptomount_args_t cargs) - { - grub_cryptodisk_t newdev; - struct grub_geli_phdr header; -@@ -289,7 +288,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - return NULL; - } - -- if (boot_only && !(grub_le_to_cpu32 (header.flags) & GRUB_GELI_FLAGS_BOOT)) -+ if (cargs->check_boot && !(grub_le_to_cpu32 (header.flags) & GRUB_GELI_FLAGS_BOOT)) - { - grub_dprintf ("geli", "not a boot volume\n"); - return NULL; -@@ -302,9 +301,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - return NULL; - } - -- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0) -+ if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) - { -- grub_dprintf ("geli", "%s != %s\n", uuid, check_uuid); -+ grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid); - return NULL; - } - -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 39a7af6a43..f0feb38447 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -63,8 +63,7 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src, - grub_size_t blocknumbers); - - static grub_cryptodisk_t --configure_ciphers (grub_disk_t disk, const char *check_uuid, -- int check_boot) -+configure_ciphers (grub_disk_t disk, grub_cryptomount_args_t cargs) - { - grub_cryptodisk_t newdev; - const char *iptr; -@@ -76,7 +75,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - char hashspec[sizeof (header.hashSpec) + 1]; - grub_err_t err; - -- if (check_boot) -+ if (cargs->check_boot) - return NULL; - - /* Read the LUKS header. */ -@@ -103,9 +102,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - } - *optr = 0; - -- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0) -+ if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) - { -- grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid); -+ grub_dprintf ("luks", "%s != %s\n", uuid, cargs->search_uuid); - return NULL; - } - -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index 09740b53f9..ccfacb63a3 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -346,14 +346,14 @@ luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr) - } - - static grub_cryptodisk_t --luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot) -+luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) - { - grub_cryptodisk_t cryptodisk; - grub_luks2_header_t header; - char uuid[sizeof (header.uuid) + 1]; - grub_size_t i, j; - -- if (check_boot) -+ if (cargs->check_boot) - return NULL; - - if (luks2_read_header (disk, &header)) -@@ -367,9 +367,9 @@ luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot) - uuid[j++] = header.uuid[i]; - uuid[j] = '\0'; - -- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0) -+ if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) - { -- grub_dprintf ("luks2", "%s != %s\n", uuid, check_uuid); -+ grub_dprintf ("luks2", "%s != %s\n", uuid, cargs->search_uuid); - return NULL; - } - -diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h -index 5bd970692f..c6524c9ea9 100644 ---- a/include/grub/cryptodisk.h -+++ b/include/grub/cryptodisk.h -@@ -69,7 +69,13 @@ typedef gcry_err_code_t - - struct grub_cryptomount_args - { -+ /* scan: Flag to indicate that only bootable volumes should be decrypted */ -+ grub_uint32_t check_boot : 1; -+ /* scan: Only volumes matching this UUID should be decrpyted */ -+ char *search_uuid; -+ /* recover_key: Key data used to decrypt voume */ - grub_uint8_t *key_data; -+ /* recover_key: Length of key_data */ - grub_size_t key_len; - }; - typedef struct grub_cryptomount_args *grub_cryptomount_args_t; -@@ -125,8 +131,7 @@ struct grub_cryptodisk_dev - struct grub_cryptodisk_dev *next; - struct grub_cryptodisk_dev **prev; - -- grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid, -- int boot_only); -+ grub_cryptodisk_t (*scan) (grub_disk_t disk, grub_cryptomount_args_t cargs); - grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_cryptomount_args_t cargs); - }; - typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t; --- -2.34.1 - diff --git a/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch b/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch index 976dd84..b3f00c8 100644 --- a/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch +++ b/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch @@ -32,20 +32,18 @@ Signed-off-by: Ken Lin include/grub/efi/api.h | 76 +++++++++++++++++ 2 files changed, 239 insertions(+) -Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/net/drivers/efi/efinet.c -+++ grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c -@@ -30,6 +30,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -30,6 +30,8 @@ /* GUID. */ - static grub_efi_guid_t net_io_guid = GRUB_EFI_SIMPLE_NETWORK_GUID; - static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; -+static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; -+static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; + static grub_guid_t net_io_guid = GRUB_EFI_SIMPLE_NETWORK_GUID; + static grub_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; ++static grub_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; ++static grub_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; static grub_err_t send_card_buffer (struct grub_net_card *dev, -@@ -325,6 +327,125 @@ grub_efinet_findcards (void) +@@ -342,6 +344,125 @@ grub_free (handles); } @@ -56,7 +54,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c + grub_efi_handle_t handle; + grub_efi_status_t status; + -+ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, ++ status = grub_efi_system_table->boot_services->locate_device_path ( + protocol, &device_path, &handle); + + if (status != GRUB_EFI_SUCCESS) @@ -92,7 +90,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c + if (!addrs) + return 0; + -+ status = efi_call_4 (conf->get_data, conf, ++ status = conf->get_data (conf, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, + &data_size, addrs); + @@ -103,7 +101,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c + if (!addrs) + return 0; + -+ status = efi_call_4 (conf->get_data, conf, ++ status = conf->get_data (conf, + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, + &data_size, addrs); + } @@ -142,7 +140,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c + if (!addrs) + return 0; + -+ status = efi_call_4 (conf->get_data, conf, ++ status = conf->get_data (conf, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, + &data_size, addrs); + @@ -153,7 +151,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c + if (!addrs) + return 0; + -+ status = efi_call_4 (conf->get_data, conf, ++ status = conf->get_data (conf, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, + &data_size, addrs); + } @@ -171,7 +169,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c static struct grub_net_buff * grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) { -@@ -377,6 +498,8 @@ grub_efinet_create_dhcp_ack_from_device_ +@@ -394,6 +515,8 @@ grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; struct grub_net_bootp_packet *bp; grub_uint8_t *ptr; @@ -180,7 +178,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c bp = (struct grub_net_bootp_packet *) nb->tail; err = grub_netbuff_put (nb, sizeof (*bp) + 4); -@@ -438,6 +561,25 @@ grub_efinet_create_dhcp_ack_from_device_ +@@ -455,6 +578,25 @@ *ptr++ = sizeof ("HTTPClient") - 1; grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); @@ -206,7 +204,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c ptr = nb->tail; err = grub_netbuff_put (nb, 1); if (err) -@@ -470,6 +612,8 @@ grub_efinet_create_dhcp_ack_from_device_ +@@ -487,6 +629,8 @@ struct grub_net_dhcp6_option *opt; struct grub_net_dhcp6_option_iana *iana; struct grub_net_dhcp6_option_iaaddr *iaaddr; @@ -215,7 +213,7 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c d6p = (struct grub_net_dhcp6_packet *)nb->tail; err = grub_netbuff_put (nb, sizeof(*d6p)); -@@ -533,6 +677,25 @@ grub_efinet_create_dhcp_ack_from_device_ +@@ -550,6 +694,25 @@ opt->len = grub_cpu_to_be16 (uri_len); grub_memcpy (opt->data, uri_dp->uri, uri_len); @@ -241,12 +239,10 @@ Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c *use_ipv6 = 1; } -Index: grub-2.06~rc1/include/grub/efi/api.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/efi/api.h -+++ grub-2.06~rc1/include/grub/efi/api.h -@@ -354,6 +354,16 @@ - { 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -379,6 +379,16 @@ + {0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f } \ } +#define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \ @@ -262,9 +258,9 @@ Index: grub-2.06~rc1/include/grub/efi/api.h struct grub_efi_sal_system_table { grub_uint32_t signature; -@@ -1793,6 +1803,72 @@ struct grub_efi_rng_protocol - }; - typedef struct grub_efi_rng_protocol grub_efi_rng_protocol_t; +@@ -1879,4 +1889,70 @@ + } GRUB_PACKED; + typedef struct initrd_media_device_path initrd_media_device_path_t; +enum grub_efi_ip4_config2_data_type { + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, @@ -278,21 +274,21 @@ Index: grub-2.06~rc1/include/grub/efi/api.h + +struct grub_efi_ip4_config2_protocol +{ -+ grub_efi_status_t (*set_data) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_status_t (__grub_efi_api *set_data) (struct grub_efi_ip4_config2_protocol *this, + grub_efi_ip4_config2_data_type_t data_type, + grub_efi_uintn_t data_size, + void *data); + -+ grub_efi_status_t (*get_data) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_status_t (__grub_efi_api *get_data) (struct grub_efi_ip4_config2_protocol *this, + grub_efi_ip4_config2_data_type_t data_type, + grub_efi_uintn_t *data_size, + void *data); + -+ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_status_t (__grub_efi_api *register_data_notify) (struct grub_efi_ip4_config2_protocol *this, + grub_efi_ip4_config2_data_type_t data_type, + grub_efi_event_t event); + -+ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_status_t (__grub_efi_api *unregister_datanotify) (struct grub_efi_ip4_config2_protocol *this, + grub_efi_ip4_config2_data_type_t data_type, + grub_efi_event_t event); +}; @@ -312,26 +308,24 @@ Index: grub-2.06~rc1/include/grub/efi/api.h + +struct grub_efi_ip6_config_protocol +{ -+ grub_efi_status_t (*set_data) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_status_t (__grub_efi_api *set_data) (struct grub_efi_ip6_config_protocol *this, + grub_efi_ip6_config_data_type_t data_type, + grub_efi_uintn_t data_size, + void *data); + -+ grub_efi_status_t (*get_data) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_status_t (__grub_efi_api *get_data) (struct grub_efi_ip6_config_protocol *this, + grub_efi_ip6_config_data_type_t data_type, + grub_efi_uintn_t *data_size, + void *data); + -+ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_status_t (__grub_efi_api *register_data_notify) (struct grub_efi_ip6_config_protocol *this, + grub_efi_ip6_config_data_type_t data_type, + grub_efi_event_t event); + -+ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_status_t (__grub_efi_api *unregister_datanotify) (struct grub_efi_ip6_config_protocol *this, + grub_efi_ip6_config_data_type_t data_type, + grub_efi_event_t event); +}; +typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; + - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) + #endif /* ! GRUB_EFI_API_HEADER */ diff --git a/0008-fbutil-Fix-integer-overflow.patch b/0008-fbutil-Fix-integer-overflow.patch deleted file mode 100644 index 46afff0..0000000 --- a/0008-fbutil-Fix-integer-overflow.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 17e9006484e3da9a38a79f5f0f28f18a15fc4cf8 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Tue, 6 Sep 2022 03:03:21 +0800 -Subject: [PATCH 08/12] fbutil: Fix integer overflow - -Expressions like u64 = u32 * u32 are unsafe because their products are -truncated to u32 even if left hand side is u64. This patch fixes all -problems like that one in fbutil. - -To get right result not only left hand side have to be u64 but it's also -necessary to cast at least one of the operands of all leaf operators of -right hand side to u64, e.g. u64 = u32 * u32 + u32 * u32 should be -u64 = (u64)u32 * u32 + (u64)u32 * u32. - -For 1-bit bitmaps grub_uint64_t have to be used. It's safe because any -combination of values in (grub_uint64_t)u32 * u32 + u32 expression will -not overflow grub_uint64_t. - -Other expressions like ptr + u32 * u32 + u32 * u32 are also vulnerable. -They should be ptr + (grub_addr_t)u32 * u32 + (grub_addr_t)u32 * u32. - -This patch also adds a comment to grub_video_fb_get_video_ptr() which -says it's arguments must be valid and no sanity check is performed -(like its siblings in grub-core/video/fb/fbutil.c). - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/video/fb/fbutil.c | 4 ++-- - include/grub/fbutil.h | 13 +++++++++---- - 2 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/grub-core/video/fb/fbutil.c b/grub-core/video/fb/fbutil.c -index b98bb51fe..25ef39f47 100644 ---- a/grub-core/video/fb/fbutil.c -+++ b/grub-core/video/fb/fbutil.c -@@ -67,7 +67,7 @@ get_pixel (struct grub_video_fbblit_info *source, - case 1: - if (source->mode_info->blit_format == GRUB_VIDEO_BLIT_FORMAT_1BIT_PACKED) - { -- int bit_index = y * source->mode_info->width + x; -+ grub_uint64_t bit_index = (grub_uint64_t) y * source->mode_info->width + x; - grub_uint8_t *ptr = source->data + bit_index / 8; - int bit_pos = 7 - bit_index % 8; - color = (*ptr >> bit_pos) & 0x01; -@@ -138,7 +138,7 @@ set_pixel (struct grub_video_fbblit_info *source, - case 1: - if (source->mode_info->blit_format == GRUB_VIDEO_BLIT_FORMAT_1BIT_PACKED) - { -- int bit_index = y * source->mode_info->width + x; -+ grub_uint64_t bit_index = (grub_uint64_t) y * source->mode_info->width + x; - grub_uint8_t *ptr = source->data + bit_index / 8; - int bit_pos = 7 - bit_index % 8; - *ptr = (*ptr & ~(1 << bit_pos)) | ((color & 0x01) << bit_pos); -diff --git a/include/grub/fbutil.h b/include/grub/fbutil.h -index 4205eb917..78a1ab3b4 100644 ---- a/include/grub/fbutil.h -+++ b/include/grub/fbutil.h -@@ -31,14 +31,19 @@ struct grub_video_fbblit_info - grub_uint8_t *data; - }; - --/* Don't use for 1-bit bitmaps, addressing needs to be done at the bit level -- and it doesn't make sense, in general, to ask for a pointer -- to a particular pixel's data. */ -+/* -+ * Don't use for 1-bit bitmaps, addressing needs to be done at the bit level -+ * and it doesn't make sense, in general, to ask for a pointer -+ * to a particular pixel's data. -+ * -+ * This function assumes that bounds checking has been done in previous phase -+ * and they are opted out in here. -+ */ - static inline void * - grub_video_fb_get_video_ptr (struct grub_video_fbblit_info *source, - unsigned int x, unsigned int y) - { -- return source->data + y * source->mode_info->pitch + x * source->mode_info->bytes_per_pixel; -+ return source->data + (grub_addr_t) y * source->mode_info->pitch + (grub_addr_t) x * source->mode_info->bytes_per_pixel; - } - - /* Advance pointer by VAL bytes. If there is no unaligned access available, --- -2.35.3 - diff --git a/0008-linuxefi-Use-common-grub_initrd_load.patch b/0008-linuxefi-Use-common-grub_initrd_load.patch index 2f0209e..e65d363 100644 --- a/0008-linuxefi-Use-common-grub_initrd_load.patch +++ b/0008-linuxefi-Use-common-grub_initrd_load.patch @@ -18,8 +18,6 @@ Signed-off-by: Michael Chang grub-core/loader/i386/efi/linux.c | 87 ++++--------------------------- 1 file changed, 10 insertions(+), 77 deletions(-) -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6b06a8f2ff..f93395fc62 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -30,6 +30,7 @@ @@ -30,7 +28,7 @@ index 6b06a8f2ff..f93395fc62 100644 GRUB_MOD_LICENSE ("GPLv3+"); -@@ -146,44 +147,6 @@ grub_linuxefi_unload (void) +@@ -146,44 +147,6 @@ return GRUB_ERR_NONE; } @@ -75,7 +73,7 @@ index 6b06a8f2ff..f93395fc62 100644 #define LOW_U32(val) ((grub_uint32_t)(((grub_addr_t)(val)) & 0xffffffffull)) #define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) -@@ -191,10 +154,8 @@ static grub_err_t +@@ -191,10 +154,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) { @@ -87,7 +85,7 @@ index 6b06a8f2ff..f93395fc62 100644 if (argc == 0) { -@@ -208,24 +169,10 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -208,24 +169,10 @@ goto fail; } @@ -114,7 +112,7 @@ index 6b06a8f2ff..f93395fc62 100644 initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); if (initrd_mem == NULL) goto fail; -@@ -238,30 +185,16 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -238,30 +185,16 @@ params->ext_ramdisk_image = HIGH_U32(initrd_mem); #endif @@ -137,7 +135,7 @@ index 6b06a8f2ff..f93395fc62 100644 + /* FIXME: Use bounce buffers as many UEFI machines apparently can't DMA + * correctly above 4GB + */ -+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem)) ++ if (grub_initrd_load (&initrd_ctx, initrd_mem)) + goto fail; params->ramdisk_size = size; @@ -151,6 +149,3 @@ index 6b06a8f2ff..f93395fc62 100644 if (initrd_mem && grub_errno) grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(size)); --- -2.34.1 - diff --git a/0008-pgp-factor-out-rsa_pad.patch b/0008-pgp-factor-out-rsa_pad.patch index 3ba2031..0690b83 100644 --- a/0008-pgp-factor-out-rsa_pad.patch +++ b/0008-pgp-factor-out-rsa_pad.patch @@ -26,15 +26,12 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/lib/pkcs1_v15.c create mode 100644 include/grub/pkcs1_v15.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 46a488131..5525aa194 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2504,6 +2504,14 @@ module = { - cppflags = '$(CPPFLAGS_GCRY)'; +@@ -2542,6 +2542,14 @@ }; -+module = { + module = { + name = pkcs1_v15; + common = lib/pkcs1_v15.c; + @@ -42,11 +39,10 @@ index 46a488131..5525aa194 100644 + cppflags = '$(CPPFLAGS_GCRY)'; +}; + - module = { ++module = { name = all_video; common = lib/fake_module.c; -diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 5daa1e9d0..2408db499 100644 + }; --- a/grub-core/commands/pgp.c +++ b/grub-core/commands/pgp.c @@ -24,6 +24,7 @@ @@ -57,7 +53,7 @@ index 5daa1e9d0..2408db499 100644 #include #include #include -@@ -411,32 +412,7 @@ static int +@@ -411,32 +412,7 @@ rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, const gcry_md_spec_t *hash, struct grub_public_subkey *sk) { @@ -91,9 +87,6 @@ index 5daa1e9d0..2408db499 100644 } struct grub_pubkey_context -diff --git a/grub-core/lib/pkcs1_v15.c b/grub-core/lib/pkcs1_v15.c -new file mode 100644 -index 000000000..dbacd563d --- /dev/null +++ b/grub-core/lib/pkcs1_v15.c @@ -0,0 +1,59 @@ @@ -156,9 +149,6 @@ index 000000000..dbacd563d + grub_free (em); + return ret; +} -diff --git a/include/grub/pkcs1_v15.h b/include/grub/pkcs1_v15.h -new file mode 100644 -index 000000000..5c338c84a --- /dev/null +++ b/include/grub/pkcs1_v15.h @@ -0,0 +1,27 @@ @@ -189,6 +179,3 @@ index 000000000..5c338c84a +grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval, + const gcry_md_spec_t * hash, gcry_mpi_t mod); + --- -2.31.1 - diff --git a/0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch deleted file mode 100644 index 1d8e2cb..0000000 --- a/0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2ca24e4cc44effd08fe6dfa05ad8417a9b186f42 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 14:13:40 +1000 -Subject: [PATCH 08/32] video/readers/png: Refuse to handle multiple image - headers - -This causes the bitmap to be leaked. Do not permit multiple image headers. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/png.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index d715c4629f..35ae553c8e 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data) - int color_bits; - enum grub_video_blit_format blt; - -+ if (data->image_width || data->image_height) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found"); -+ - data->image_width = grub_png_get_dword (data); - data->image_height = grub_png_get_dword (data); - --- -2.34.1 - diff --git a/0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch b/0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch index 1f849b0..5d9b230 100644 --- a/0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch +++ b/0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch @@ -31,9 +31,9 @@ Signed-off-by: Michael Chang --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2633,3 +2633,8 @@ +@@ -2695,3 +2695,8 @@ + cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB)'; - enable = powerpc_ieee1275; }; + +module = { @@ -101,10 +101,10 @@ Signed-off-by: Michael Chang #endif GRUB_MOD_LICENSE ("GPLv3+"); -@@ -1146,6 +1148,10 @@ - dev = NULL; +@@ -1235,6 +1237,10 @@ + if (cargs->hdr_file != NULL) + source->read_hook = NULL; - cleanup: +#ifndef GRUB_UTIL + if (cargs->key_data && dev) + grub_initrd_publish_key (dev->uuid, (const char *)cargs->key_data, cargs->key_len, NULL); @@ -149,7 +149,7 @@ Signed-off-by: Michael Chang static char hex (grub_uint8_t val) { -@@ -149,6 +163,65 @@ +@@ -162,6 +176,65 @@ return GRUB_ERR_NONE; } @@ -215,7 +215,7 @@ Signed-off-by: Michael Chang grub_err_t grub_initrd_init (int argc, char *argv[], struct grub_linux_initrd_context *initrd_ctx) -@@ -156,11 +229,17 @@ +@@ -169,11 +242,17 @@ int i; int newc = 0; struct dir *root = 0; @@ -234,19 +234,18 @@ Signed-off-by: Michael Chang if (!initrd_ctx->components) return grub_errno; -@@ -239,7 +318,10 @@ - free_dir (root); +@@ -253,6 +332,10 @@ root = 0; } -- -+ + + FOR_LIST_ELEMENTS (pk, kpuber) + if (pk->key && pk->path) + grub_initrd_component (pk->key, pk->key_len, pk->path, initrd_ctx); ++ return GRUB_ERR_NONE; overflow: -@@ -263,7 +345,9 @@ +@@ -276,7 +359,9 @@ for (i = 0; i < initrd_ctx->nfiles; i++) { grub_free (initrd_ctx->components[i].newc_name); @@ -257,16 +256,7 @@ Signed-off-by: Michael Chang } grub_free (initrd_ctx->components); initrd_ctx->components = 0; -@@ -297,7 +381,7 @@ - } - ptr += dir_size; - ptr = make_header (ptr, initrd_ctx->components[i].newc_name, -- grub_strlen (initrd_ctx->components[i].newc_name), -+ grub_strlen (initrd_ctx->components[i].newc_name) + 1, - 0100777, - initrd_ctx->components[i].size); - newc = 1; -@@ -312,7 +396,12 @@ +@@ -325,7 +410,12 @@ } cursize = initrd_ctx->components[i].size; @@ -280,7 +270,7 @@ Signed-off-by: Michael Chang != cursize) { if (!grub_errno) -@@ -333,3 +422,41 @@ +@@ -346,3 +436,45 @@ root = 0; return GRUB_ERR_NONE; } @@ -288,7 +278,11 @@ Signed-off-by: Michael Chang +grub_err_t +grub_initrd_publish_key (const char *uuid, const char *key, grub_size_t key_len, const char *path) +{ -+ struct grub_key_publisher *cur = grub_named_list_find (GRUB_AS_NAMED_LIST (kpuber), uuid); ++ struct grub_key_publisher *cur = NULL; ++ ++ FOR_LIST_ELEMENTS (cur, kpuber) ++ if (grub_uuidcasecmp (cur->name, uuid, sizeof (cur->name)) == 0) ++ break; + + if (!cur) + cur = grub_zalloc (sizeof (*cur)); @@ -327,7 +321,7 @@ Signed-off-by: Michael Chang @@ -22,3 +22,6 @@ grub_err_t grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - char *argv[], void *target); + void *target); + +grub_err_t +grub_initrd_publish_key (const char *uuid, const char *key, grub_size_t key_len, const char *path); diff --git a/0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch b/0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch deleted file mode 100644 index 834f7e9..0000000 --- a/0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b1acd971fa648fa3c6f3a54db4fdf45fae02ce54 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Thu, 9 Dec 2021 11:14:58 -0600 -Subject: [PATCH 09/14] cryptodisk: Improve handling of partition name in - cryptomount password prompt - -Call grub_partition_get_name() unconditionally to initialize the part -variable. Then part will only be NULL when grub_partition_get_name() errors. -Note that when source->partition is NULL, then grub_partition_get_name() -returns an allocated empty string. So no comma or partition will be printed, -as desired. - -Signed-off-by: Glenn Washburn -Reviewed-by: Daniel Kiper ---- - grub-core/disk/cryptodisk.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 7ca880402d..497097394f 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1021,11 +1021,10 @@ grub_cryptodisk_scan_device_real (const char *name, - { - /* Get the passphrase from the user, if no key data. */ - askpass = 1; -- if (source->partition != NULL) -- part = grub_partition_get_name (source->partition); -+ part = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition != NULL ? "," : "", -- part != NULL ? part : "", -+ part != NULL ? part : N_("UNKNOWN"), - dev->uuid); - grub_free (part); - --- -2.34.1 - diff --git a/0009-font-Fix-an-integer-underflow-in-blit_comb.patch b/0009-font-Fix-an-integer-underflow-in-blit_comb.patch deleted file mode 100644 index 0306549..0000000 --- a/0009-font-Fix-an-integer-underflow-in-blit_comb.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 79924f56f5062c1bae972fd6cd8f38e56980f34d Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Mon, 24 Oct 2022 08:05:35 +0800 -Subject: [PATCH 09/12] font: Fix an integer underflow in blit_comb() - -The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may -evaluate to a very big invalid value even if both ctx.bounds.height and -combining_glyphs[i]->height are small integers. For example, if -ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this -expression evaluates to 2147483647 (expected -1). This is because -coordinates are allowed to be negative but ctx.bounds.height is an -unsigned int. So, the subtraction operates on unsigned ints and -underflows to a very big value. The division makes things even worse. -The quotient is still an invalid value even if converted back to int. - -This patch fixes the problem by casting ctx.bounds.height to int. As -a result the subtraction will operate on int and grub_uint16_t which -will be promoted to an int. So, the underflow will no longer happen. Other -uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, -to ensure coordinates are always calculated on signed integers. - -Fixes: CVE-2022-3775 - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 193dfec04..12a5f0d08 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1203,12 +1203,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - ctx.bounds.height = main_glyph->height; - - above_rightx = main_glyph->offset_x + main_glyph->width; -- above_righty = ctx.bounds.y + ctx.bounds.height; -+ above_righty = ctx.bounds.y + (int) ctx.bounds.height; - - above_leftx = main_glyph->offset_x; -- above_lefty = ctx.bounds.y + ctx.bounds.height; -+ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; - -- below_rightx = ctx.bounds.x + ctx.bounds.width; -+ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; - below_righty = ctx.bounds.y; - - comb = grub_unicode_get_comb (glyph_id); -@@ -1221,7 +1221,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - - if (!combining_glyphs[i]) - continue; -- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; -+ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; - /* CGJ is to avoid diacritics reordering. */ - if (comb[i].code - == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) -@@ -1231,8 +1231,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - case GRUB_UNICODE_COMB_OVERLAY: - do_blit (combining_glyphs[i], - targetx, -- (ctx.bounds.height - combining_glyphs[i]->height) / 2 -- - (ctx.bounds.height + ctx.bounds.y), &ctx); -+ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 -+ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; - break; -@@ -1305,7 +1305,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - /* Fallthrough. */ - case GRUB_UNICODE_STACK_ATTACHED_ABOVE: - do_blit (combining_glyphs[i], targetx, -- -(ctx.bounds.height + ctx.bounds.y + space -+ -((int) ctx.bounds.height + ctx.bounds.y + space - + combining_glyphs[i]->height), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; -@@ -1313,7 +1313,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - - case GRUB_UNICODE_COMB_HEBREW_DAGESH: - do_blit (combining_glyphs[i], targetx, -- -(ctx.bounds.height / 2 + ctx.bounds.y -+ -((int) ctx.bounds.height / 2 + ctx.bounds.y - + combining_glyphs[i]->height / 2), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; --- -2.35.3 - diff --git a/0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch deleted file mode 100644 index 8e10b11..0000000 --- a/0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 7be3f3b1b7be0602056721526878c91d3333f8fd Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 18:51:35 +1000 -Subject: [PATCH 09/32] video/readers/png: Drop greyscale support to fix heap - out-of-bounds write - -A 16-bit greyscale PNG without alpha is processed in the following loop: - - for (i = 0; i < (data->image_width * data->image_height); - i++, d1 += 4, d2 += 2) - { - d1[R3] = d2[1]; - d1[G3] = d2[1]; - d1[B3] = d2[1]; - } - -The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, -but there are only 3 bytes allocated for storage. This means that image -data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes -out of every 4 following the end of the image. - -This has existed since greyscale support was added in 2013 in commit -3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). - -Saving starfield.png as a 16-bit greyscale image without alpha in the gimp -and attempting to load it causes grub-emu to crash - I don't think this code -has ever worked. - -Delete all PNG greyscale support. - -Fixes: CVE-2021-3695 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/png.c | 87 +++-------------------------------- - 1 file changed, 7 insertions(+), 80 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 35ae553c8e..a3161e25b6 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -100,7 +100,7 @@ struct grub_png_data - - unsigned image_width, image_height; - int bpp, is_16bit; -- int raw_bytes, is_gray, is_alpha, is_palette; -+ int raw_bytes, is_alpha, is_palette; - int row_bytes, color_bits; - grub_uint8_t *image_data; - -@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - data->bpp = 3; - else - { -- data->is_gray = 1; -- data->bpp = 1; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: color type not supported"); - } - - if ((color_bits != 8) && (color_bits != 16) - && (color_bits != 4 -- || !(data->is_gray || data->is_palette))) -+ || !data->is_palette)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: bit depth must be 8 or 16"); - -@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) - } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN -- if (data->is_16bit || data->is_gray || data->is_palette) -+ if (data->is_16bit || data->is_palette) - #endif - { - data->image_data = grub_calloc (data->image_height, data->row_bytes); -@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) - int shift; - int mask = (1 << data->color_bits) - 1; - unsigned j; -- if (data->is_gray) -- { -- /* Generic formula is -- (0xff * i) / ((1U << data->color_bits) - 1) -- but for allowed bit depth of 1, 2 and for it's -- equivalent to -- (0xff / ((1U << data->color_bits) - 1)) * i -- Precompute the multipliers to avoid division. -- */ -- -- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; -- for (i = 0; i < (1U << data->color_bits); i++) -- { -- grub_uint8_t col = multipliers[data->color_bits] * i; -- palette[i][0] = col; -- palette[i][1] = col; -- palette[i][2] = col; -- } -- } -- else -- grub_memcpy (palette, data->palette, 3 << data->color_bits); -+ -+ grub_memcpy (palette, data->palette, 3 << data->color_bits); - d1c = d1; - d2c = d2; - for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, -@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data) - return; - } - -- if (data->is_gray) -- { -- switch (data->bpp) -- { -- case 4: -- /* 16-bit gray with alpha. */ -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 4) -- { -- d1[R4] = d2[3]; -- d1[G4] = d2[3]; -- d1[B4] = d2[3]; -- d1[A4] = d2[1]; -- } -- break; -- case 2: -- if (data->is_16bit) -- /* 16-bit gray without alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R3] = d2[1]; -- d1[G3] = d2[1]; -- d1[B3] = d2[1]; -- } -- } -- else -- /* 8-bit gray with alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R4] = d2[1]; -- d1[G4] = d2[1]; -- d1[B4] = d2[1]; -- d1[A4] = d2[0]; -- } -- } -- break; -- /* 8-bit gray without alpha. */ -- case 1: -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 3, d2++) -- { -- d1[R3] = d2[0]; -- d1[G3] = d2[0]; -- d1[B3] = d2[0]; -- } -- break; -- } -- return; -- } -- - { - /* Only copy the upper 8 bit. */ - #ifndef GRUB_CPU_WORDS_BIGENDIAN --- -2.34.1 - diff --git a/0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch b/0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch deleted file mode 100644 index b888a55..0000000 --- a/0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch +++ /dev/null @@ -1,75 +0,0 @@ -From f3b30e0d782f36634a9a7ab9d18851b0b7a1bce5 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Mon, 24 Oct 2022 07:15:41 +0800 -Subject: [PATCH 10/12] font: Harden grub_font_blit_glyph() and - grub_font_blit_glyph_mirror() - -As a mitigation and hardening measure add sanity checks to -grub_font_blit_glyph() and grub_font_blit_glyph_mirror(). This patch -makes these two functions do nothing if target blitting area isn't fully -contained in target bitmap. Therefore, if complex calculations in caller -overflows and malicious coordinates are given, we are still safe because -any coordinates which result in out-of-bound-write are rejected. However, -this patch only checks for invalid coordinates, and doesn't provide any -protection against invalid source glyph or destination glyph, e.g. -mismatch between glyph size and buffer size. - -This hardening measure is designed to mitigate possible overflows in -blit_comb(). If overflow occurs, it may return invalid bounding box -during dry run and call grub_font_blit_glyph() with malicious -coordinates during actual blitting. However, we are still safe because -the scratch glyph itself is valid, although its size makes no sense, and -any invalid coordinates are rejected. - -It would be better to call grub_fatal() if illegal parameter is detected. -However, doing this may end up in a dangerous recursion because grub_fatal() -would print messages to the screen and we are in the progress of drawing -characters on the screen. - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 12a5f0d08..29fbb9429 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1069,8 +1069,15 @@ static void - grub_font_blit_glyph (struct grub_font_glyph *target, - struct grub_font_glyph *src, unsigned dx, unsigned dy) - { -+ grub_uint16_t max_x, max_y; - unsigned src_bit, tgt_bit, src_byte, tgt_byte; - unsigned i, j; -+ -+ /* Harden against out-of-bound writes. */ -+ if ((grub_add (dx, src->width, &max_x) || max_x > target->width) || -+ (grub_add (dy, src->height, &max_y) || max_y > target->height)) -+ return; -+ - for (i = 0; i < src->height; i++) - { - src_bit = (src->width * i) % 8; -@@ -1102,9 +1109,16 @@ grub_font_blit_glyph_mirror (struct grub_font_glyph *target, - struct grub_font_glyph *src, - unsigned dx, unsigned dy) - { -+ grub_uint16_t max_x, max_y; - unsigned tgt_bit, src_byte, tgt_byte; - signed src_bit; - unsigned i, j; -+ -+ /* Harden against out-of-bound writes. */ -+ if ((grub_add (dx, src->width, &max_x) || max_x > target->width) || -+ (grub_add (dy, src->height, &max_y) || max_y > target->height)) -+ return; -+ - for (i = 0; i < src->height; i++) - { - src_bit = (src->width * i + src->width - 1) % 8; --- -2.35.3 - diff --git a/0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch b/0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch index 1368820..ca05c29 100644 --- a/0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch +++ b/0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch @@ -22,23 +22,19 @@ Signed-off-by: Daniel Axtens grub-core/lib/posix_wrap/sys/types.h | 1 + 3 files changed, 10 insertions(+) -diff --git a/grub-core/lib/posix_wrap/limits.h b/grub-core/lib/posix_wrap/limits.h -index 7217138ff..591dbf328 100644 --- a/grub-core/lib/posix_wrap/limits.h +++ b/grub-core/lib/posix_wrap/limits.h -@@ -37,5 +37,6 @@ +@@ -41,5 +41,6 @@ #define LONG_MAX GRUB_LONG_MAX #define CHAR_BIT 8 +#define WORD_BIT 32 #endif -diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h -index 7a8d385e9..4634db09f 100644 --- a/grub-core/lib/posix_wrap/stdlib.h +++ b/grub-core/lib/posix_wrap/stdlib.h -@@ -58,4 +58,12 @@ abs (int c) - return (c >= 0) ? c : -c; +@@ -64,4 +64,12 @@ + grub_abort (); } +#define strtol grub_strtol @@ -50,11 +46,9 @@ index 7a8d385e9..4634db09f 100644 +#define strtoull grub_strtoull + #endif -diff --git a/grub-core/lib/posix_wrap/sys/types.h b/grub-core/lib/posix_wrap/sys/types.h -index 854eb0122..f63412c8d 100644 --- a/grub-core/lib/posix_wrap/sys/types.h +++ b/grub-core/lib/posix_wrap/sys/types.h -@@ -51,6 +51,7 @@ typedef grub_uint8_t byte; +@@ -50,6 +50,7 @@ typedef grub_addr_t uintptr_t; #define SIZEOF_UNSIGNED_LONG GRUB_CPU_SIZEOF_LONG @@ -62,6 +56,3 @@ index 854eb0122..f63412c8d 100644 #define SIZEOF_UNSIGNED_INT 4 #define SIZEOF_UNSIGNED_LONG_LONG 8 #define SIZEOF_UNSIGNED_SHORT 2 --- -2.31.1 - diff --git a/0010-templates-import-etc-crypttab-to-grub.cfg.patch b/0010-templates-import-etc-crypttab-to-grub.cfg.patch index 84c25d3..308d9ed 100644 --- a/0010-templates-import-etc-crypttab-to-grub.cfg.patch +++ b/0010-templates-import-etc-crypttab-to-grub.cfg.patch @@ -18,7 +18,7 @@ Signed-off-by: Michael Chang --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -476,6 +476,13 @@ +@@ -483,6 +483,13 @@ }; script = { diff --git a/0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch b/0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch deleted file mode 100644 index 554f063..0000000 --- a/0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 8ebb6943eae81d3c31963bbae42d5d1f168c8dd5 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 23:25:07 +1000 -Subject: [PATCH 10/32] video/readers/png: Avoid heap OOB R/W inserting huff - table items - -In fuzzing we observed crashes where a code would attempt to be inserted -into a huffman table before the start, leading to a set of heap OOB reads -and writes as table entries with negative indices were shifted around and -the new code written in. - -Catch the case where we would underflow the array and bail. - -Fixes: CVE-2021-3696 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/png.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index a3161e25b6..d7ed5aa6cf 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) - for (i = len; i < ht->max_length; i++) - n += ht->maxval[i]; - -+ if (n > ht->num_values) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: out of range inserting huffman table item"); -+ return; -+ } -+ - for (i = 0; i < n; i++) - ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; - --- -2.34.1 - diff --git a/0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch b/0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch deleted file mode 100644 index 5ebd061..0000000 --- a/0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch +++ /dev/null @@ -1,36 +0,0 @@ -From bcda6538ffeb516987a1921fbe533aaf8b8c981b Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 28 Oct 2022 17:29:16 +0800 -Subject: [PATCH 11/12] font: Assign null_font to glyphs in ascii_font_glyph[] - -The calculations in blit_comb() need information from glyph's font, e.g. -grub_font_get_xheight(main_glyph->font). However, main_glyph->font is -NULL if main_glyph comes from ascii_font_glyph[]. Therefore -grub_font_get_*() crashes because of NULL pointer. - -There is already a solution, the null_font. So, assign it to those glyphs -in ascii_font_glyph[]. - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/font/font.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 29fbb9429..e6616e610 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -137,7 +137,7 @@ ascii_glyph_lookup (grub_uint32_t code) - ascii_font_glyph[current]->offset_x = 0; - ascii_font_glyph[current]->offset_y = -2; - ascii_font_glyph[current]->device_width = 8; -- ascii_font_glyph[current]->font = NULL; -+ ascii_font_glyph[current]->font = &null_font; - - grub_memcpy (ascii_font_glyph[current]->bitmap, - &ascii_bitmaps[current * ASCII_BITMAP_SIZE], --- -2.35.3 - diff --git a/0011-libtasn1-import-libtasn1-4.18.0.patch b/0011-libtasn1-import-libtasn1-4.18.0.patch index 117cf5e..c0db810 100644 --- a/0011-libtasn1-import-libtasn1-4.18.0.patch +++ b/0011-libtasn1-import-libtasn1-4.18.0.patch @@ -53,9 +53,6 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/lib/libtasn1/lib/structure.h create mode 100644 include/grub/libtasn1.h -diff --git a/grub-core/lib/libtasn1/COPYING b/grub-core/lib/libtasn1/COPYING -new file mode 100644 -index 000000000..e8b3628db --- /dev/null +++ b/grub-core/lib/libtasn1/COPYING @@ -0,0 +1,16 @@ @@ -75,9 +72,6 @@ index 000000000..e8b3628db + +For any copyright year range specified as YYYY-ZZZZ in this package +note that the range specifies every single year in that closed interval. -diff --git a/grub-core/lib/libtasn1/README.md b/grub-core/lib/libtasn1/README.md -new file mode 100644 -index 000000000..b0305b93e --- /dev/null +++ b/grub-core/lib/libtasn1/README.md @@ -0,0 +1,98 @@ @@ -179,9 +173,6 @@ index 000000000..b0305b93e +The project homepage at the gnu site is at: + +https://www.gnu.org/software/libtasn1/ -diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c -new file mode 100644 -index 000000000..671104f63 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/coding.c @@ -0,0 +1,1425 @@ @@ -1610,9 +1601,6 @@ index 000000000..671104f63 + asn1_delete_structure (&node); + return err; +} -diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c -new file mode 100644 -index 000000000..b1a35356f --- /dev/null +++ b/grub-core/lib/libtasn1/lib/decoding.c @@ -0,0 +1,2501 @@ @@ -4117,9 +4105,6 @@ index 000000000..b1a35356f + return _asn1_decode_simple_ber (etype, der, _der_len, str, str_len, ber_len, + DECODE_FLAG_HAVE_TAG); +} -diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c -new file mode 100644 -index 000000000..86e64f2cf --- /dev/null +++ b/grub-core/lib/libtasn1/lib/element.c @@ -0,0 +1,1109 @@ @@ -5232,9 +5217,6 @@ index 000000000..86e64f2cf + + return ASN1_SUCCESS; +} -diff --git a/grub-core/lib/libtasn1/lib/element.h b/grub-core/lib/libtasn1/lib/element.h -new file mode 100644 -index 000000000..4c9a901d1 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/element.h @@ -0,0 +1,42 @@ @@ -5280,9 +5262,6 @@ index 000000000..4c9a901d1 + int name_size); + +#endif -diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c -new file mode 100644 -index 000000000..4dadbd96d --- /dev/null +++ b/grub-core/lib/libtasn1/lib/errors.c @@ -0,0 +1,100 @@ @@ -5386,9 +5365,6 @@ index 000000000..4dadbd96d + + return NULL; +} -diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c -new file mode 100644 -index 000000000..1475ed51b --- /dev/null +++ b/grub-core/lib/libtasn1/lib/gstr.c @@ -0,0 +1,74 @@ @@ -5466,9 +5442,6 @@ index 000000000..1475ed51b + return 0; + } +} -diff --git a/grub-core/lib/libtasn1/lib/gstr.h b/grub-core/lib/libtasn1/lib/gstr.h -new file mode 100644 -index 000000000..cd47d145c --- /dev/null +++ b/grub-core/lib/libtasn1/lib/gstr.h @@ -0,0 +1,50 @@ @@ -5522,9 +5495,6 @@ index 000000000..cd47d145c +} + +#endif /* GSTR_H */ -diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h -new file mode 100644 -index 000000000..404cd1562 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/int.h @@ -0,0 +1,221 @@ @@ -5749,9 +5719,6 @@ index 000000000..404cd1562 +} + +#endif /* INT_H */ -diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c -new file mode 100644 -index 000000000..c99c5a4cb --- /dev/null +++ b/grub-core/lib/libtasn1/lib/parser_aux.c @@ -0,0 +1,1178 @@ @@ -6933,9 +6900,6 @@ index 000000000..c99c5a4cb + + return ASN1_SUCCESS; +} -diff --git a/grub-core/lib/libtasn1/lib/parser_aux.h b/grub-core/lib/libtasn1/lib/parser_aux.h -new file mode 100644 -index 000000000..b21235eb1 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/parser_aux.h @@ -0,0 +1,172 @@ @@ -7111,9 +7075,6 @@ index 000000000..b21235eb1 +} + +#endif -diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c -new file mode 100644 -index 000000000..c0802202e --- /dev/null +++ b/grub-core/lib/libtasn1/lib/structure.c @@ -0,0 +1,1225 @@ @@ -8342,9 +8303,6 @@ index 000000000..c0802202e +{ + return _asn1_copy_structure2 (src, src_name); +} -diff --git a/grub-core/lib/libtasn1/lib/structure.h b/grub-core/lib/libtasn1/lib/structure.h -new file mode 100644 -index 000000000..da70ae53f --- /dev/null +++ b/grub-core/lib/libtasn1/lib/structure.h @@ -0,0 +1,46 @@ @@ -8394,9 +8352,6 @@ index 000000000..da70ae53f + unsigned int flags); + +#endif -diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h -new file mode 100644 -index 000000000..fc695a28a --- /dev/null +++ b/include/grub/libtasn1.h @@ -0,0 +1,639 @@ @@ -9039,6 +8994,3 @@ index 000000000..fc695a28a +# endif + +#endif /* LIBTASN1_H */ --- -2.31.1 - diff --git a/0011-video-readers-png-Sanity-check-some-huffman-codes.patch b/0011-video-readers-png-Sanity-check-some-huffman-codes.patch deleted file mode 100644 index 1789cdf..0000000 --- a/0011-video-readers-png-Sanity-check-some-huffman-codes.patch +++ /dev/null @@ -1,42 +0,0 @@ -From bbbb410d5d7d29d935e7108c77a0368e4e007a43 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 19:19:11 +1000 -Subject: [PATCH 11/32] video/readers/png: Sanity check some huffman codes - -ASAN picked up two OOB global reads: we weren't checking if some code -values fit within the cplens or cpdext arrays. Check and throw an error -if not. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/png.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index d7ed5aa6cf..7f2ba7849b 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - int len, dist, pos; - - n -= 257; -+ if (((unsigned int) n) >= ARRAY_SIZE (cplens)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: invalid huff code"); - len = cplens[n]; - if (cplext[n]) - len += grub_png_get_bits (data, cplext[n]); -@@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - return grub_errno; - - n = grub_png_get_huff_code (data, &data->dist_table); -+ if (((unsigned int) n) >= ARRAY_SIZE (cpdist)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: invalid huff code"); - dist = cpdist[n]; - if (cpdext[n]) - dist += grub_png_get_bits (data, cpdext[n]); --- -2.34.1 - diff --git a/0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch b/0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch deleted file mode 100644 index 6bd1370..0000000 --- a/0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 5e53d73775f6dc9b9b08536cbac2f8a5e2559903 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 28 Oct 2022 21:31:39 +0800 -Subject: [PATCH 12/12] normal/charset: Fix an integer overflow in - grub_unicode_aglomerate_comb() - -The out->ncomb is a bit-field of 8 bits. So, the max possible value is 255. -However, code in grub_unicode_aglomerate_comb() doesn't check for an -overflow when incrementing out->ncomb. If out->ncomb is already 255, -after incrementing it will get 0 instead of 256, and cause illegal -memory access in subsequent processing. - -This patch introduces GRUB_UNICODE_NCOMB_MAX to represent the max -acceptable value of ncomb. The code now checks for this limit and -ignores additional combining characters when limit is reached. - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper ---- - grub-core/normal/charset.c | 3 +++ - include/grub/unicode.h | 2 ++ - 2 files changed, 5 insertions(+) - -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index 7a5a7c153..c243ca6da 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -472,6 +472,9 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - if (!haveout) - continue; - -+ if (out->ncomb == GRUB_UNICODE_NCOMB_MAX) -+ continue; -+ - if (comb_type == GRUB_UNICODE_COMB_MC - || comb_type == GRUB_UNICODE_COMB_ME - || comb_type == GRUB_UNICODE_COMB_MN) -diff --git a/include/grub/unicode.h b/include/grub/unicode.h -index 4de986a85..c4f6fca04 100644 ---- a/include/grub/unicode.h -+++ b/include/grub/unicode.h -@@ -147,7 +147,9 @@ struct grub_unicode_glyph - grub_uint8_t bidi_level:6; /* minimum: 6 */ - enum grub_bidi_type bidi_type:5; /* minimum: :5 */ - -+#define GRUB_UNICODE_NCOMB_MAX ((1 << 8) - 1) - unsigned ncomb:8; -+ - /* Hint by unicode subsystem how wide this character usually is. - Real width is determined by font. Set only in UTF-8 stream. */ - int estimated_width:8; --- -2.35.3 - diff --git a/0012-tpm-Build-tpm-as-module.patch b/0012-tpm-Build-tpm-as-module.patch index f1007f9..4b15a27 100644 --- a/0012-tpm-Build-tpm-as-module.patch +++ b/0012-tpm-Build-tpm-as-module.patch @@ -5,11 +5,9 @@ Subject: Build tpm as module Add --suse-enable-tpm option to grub2-install. -Index: grub-2.04~rc1/util/grub-install.c -=================================================================== ---- grub-2.04~rc1.orig/util/grub-install.c -+++ grub-2.04~rc1/util/grub-install.c -@@ -80,6 +80,7 @@ static char *label_color; +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -81,6 +81,7 @@ static char *label_bgcolor; static char *product_version; static int add_rs_codes = 1; @@ -17,7 +15,7 @@ Index: grub-2.04~rc1/util/grub-install.c enum { -@@ -106,6 +107,7 @@ enum +@@ -107,6 +108,7 @@ OPTION_DISK_MODULE, OPTION_NO_BOOTSECTOR, OPTION_NO_RS_CODES, @@ -25,7 +23,7 @@ Index: grub-2.04~rc1/util/grub-install.c OPTION_MACPPC_DIRECTORY, OPTION_ZIPL_DIRECTORY, OPTION_LABEL_FONT, -@@ -231,6 +233,10 @@ argp_parser (int key, char *arg, struct +@@ -232,6 +234,10 @@ add_rs_codes = 0; return 0; @@ -36,7 +34,7 @@ Index: grub-2.04~rc1/util/grub-install.c case OPTION_DEBUG: verbosity++; return 0; -@@ -292,6 +298,7 @@ static struct argp_option options[] = { +@@ -293,6 +299,7 @@ {"no-rs-codes", OPTION_NO_RS_CODES, 0, 0, N_("Do not apply any reed-solomon codes when embedding core.img. " "This option is only available on x86 BIOS targets."), 0}, @@ -44,7 +42,7 @@ Index: grub-2.04~rc1/util/grub-install.c {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, {"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2}, -@@ -1320,6 +1327,9 @@ main (int argc, char *argv[]) +@@ -1373,6 +1380,9 @@ else if (disk_module && disk_module[0]) grub_install_push_module (disk_module); diff --git a/0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch deleted file mode 100644 index f2348e7..0000000 --- a/0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +++ /dev/null @@ -1,258 +0,0 @@ -From 27134e18072a9dffb2bda6b74cd312be5360baa0 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:16:14 +1000 -Subject: [PATCH 12/32] video/readers/jpeg: Abort sooner if a read operation - fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++------- - 1 file changed, 70 insertions(+), 16 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index e31602f766..10225abd53 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -109,9 +109,17 @@ static grub_uint8_t - grub_jpeg_get_byte (struct grub_jpeg_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return r; - } -@@ -120,9 +128,17 @@ static grub_uint16_t - grub_jpeg_get_word (struct grub_jpeg_data *data) - { - grub_uint16_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ -+ if (bytes_read != sizeof (grub_uint16_t)) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return grub_be_to_cpu16 (r); - } -@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - if (data->bit_mask == 0) - { - data->bit_save = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: file read error"); -+ return 0; -+ } - if (data->bit_save == JPEG_ESC_CHAR) - { - if (grub_jpeg_get_byte (data) != 0) -@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - "jpeg: invalid 0xFF in data stream"); - return 0; - } -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); -+ return 0; -+ } - } - data->bit_mask = 0x80; - } -@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) - return 0; - - msb = value = grub_jpeg_get_bit (data); -- for (i = 1; i < num; i++) -+ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) - value = (value << 1) + (grub_jpeg_get_bit (data) != 0); - if (!msb) - value += 1 - (1 << num); -@@ -202,6 +228,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - while (data->file->offset + sizeof (count) + 1 <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ac = (id >> 4) & 1; - id &= 0xF; - if (id > 1) -@@ -252,6 +280,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (next_marker > data->file->size) - { -@@ -263,6 +293,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (id >= 0x10) /* Upper 4-bit is precision. */ - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -294,6 +326,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (grub_jpeg_get_byte (data) != 8) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -319,6 +354,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); - - ss = grub_jpeg_get_byte (data); /* Sampling factor. */ -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (!id) - { - grub_uint8_t vs, hs; -@@ -498,7 +535,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) - } - } - --static void -+static grub_err_t - grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - { - int h1, h2, qt; -@@ -513,6 +550,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - data->dc_value[id] += - grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; - pos = 1; - while (pos < ARRAY_SIZE (data->quan_table[qt])) -@@ -527,11 +567,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - num >>= 4; - pos += num; - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) - { -- grub_error (GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: invalid position in zigzag order!?"); -- return; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: invalid position in zigzag order!?"); - } - - du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; -@@ -539,6 +581,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - } - - grub_jpeg_idct_transform (du); -+ return GRUB_ERR_NONE; - } - - static void -@@ -597,7 +640,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - data_offset += grub_jpeg_get_word (data); - - cc = grub_jpeg_get_byte (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (cc != 3 && cc != 1) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: component count must be 1 or 3"); -@@ -610,7 +654,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - id = grub_jpeg_get_byte (data) - 1; - if ((id < 0) || (id >= 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ht = grub_jpeg_get_byte (data); - data->comp_index[id][1] = (ht >> 4); - data->comp_index[id][2] = (ht & 0xF) + 2; -@@ -618,11 +663,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || - (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - } - - grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ - grub_jpeg_get_word (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -@@ -640,6 +688,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - { - unsigned c1, vb, hb, nr1, nc1; - int rst = data->dri; -+ grub_err_t err = GRUB_ERR_NONE; - - vb = 8 << data->log_vs; - hb = 8 << data->log_hs; -@@ -660,17 +709,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - - for (r2 = 0; r2 < (1U << data->log_vs); r2++) - for (c2 = 0; c2 < (1U << data->log_hs); c2++) -- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ { -+ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ } - - if (data->color_components >= 3) - { -- grub_jpeg_decode_du (data, 1, data->cbdu); -- grub_jpeg_decode_du (data, 2, data->crdu); -+ err = grub_jpeg_decode_du (data, 1, data->cbdu); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ err = grub_jpeg_decode_du (data, 2, data->crdu); -+ if (err != GRUB_ERR_NONE) -+ return err; - } - -- if (grub_errno) -- return grub_errno; -- - nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; - nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; - --- -2.34.1 - diff --git a/0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch b/0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch deleted file mode 100644 index 84e35af..0000000 --- a/0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8f8282090a1d1469bffd0db6a07275882628caeb Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:16:58 +1000 -Subject: [PATCH 13/32] video/readers/jpeg: Do not reallocate a given huff - table - -Fix a memory leak where an invalid file could cause us to reallocate -memory for a huffman table we had already allocated memory for. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/jpeg.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 10225abd53..caa211f06d 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - n += count[i]; - - id += ac * 2; -+ if (data->huff_value[id] != NULL) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempt to reallocate huffman table"); - data->huff_value[id] = grub_malloc (n); - if (grub_errno) - return grub_errno; --- -2.34.1 - diff --git a/0014-libtasn1-compile-into-asn1-module.patch b/0014-libtasn1-compile-into-asn1-module.patch index 47f102e..942a0f1 100644 --- a/0014-libtasn1-compile-into-asn1-module.patch +++ b/0014-libtasn1-compile-into-asn1-module.patch @@ -13,11 +13,9 @@ Signed-off-by: Daniel Axtens 2 files changed, 41 insertions(+) create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 5525aa194..f0df8ed94 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2575,3 +2575,18 @@ module = { +@@ -2624,3 +2624,18 @@ name = cmdline; common = lib/cmdline.c; }; @@ -36,9 +34,6 @@ index 5525aa194..f0df8ed94 100644 + // -Wno-type-limits comes from libtasn1's configure.ac + cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits'; +}; -diff --git a/grub-core/lib/libtasn1_wrap/wrap.c b/grub-core/lib/libtasn1_wrap/wrap.c -new file mode 100644 -index 000000000..622ba942e --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/wrap.c @@ -0,0 +1,26 @@ @@ -68,6 +63,3 @@ index 000000000..622ba942e + * is therefore under GPL3+ also. + */ +GRUB_MOD_LICENSE ("GPLv3+"); --- -2.31.1 - diff --git a/0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch deleted file mode 100644 index ad7c473..0000000 --- a/0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9b6026ba4eb26eadc7ddb8df1c49f648efe257c5 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:25:17 +1000 -Subject: [PATCH 14/32] video/readers/jpeg: Refuse to handle multiple start of - streams - -An invalid file could contain multiple start of stream blocks, which -would cause us to reallocate and leak our bitmap. Refuse to handle -multiple start of streams. - -Additionally, fix a grub_error() call formatting. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/jpeg.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index caa211f06d..1df1171d78 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -+ if (*data->bitmap) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); -+ - if (grub_video_bitmap_create (data->bitmap, data->image_width, - data->image_height, - GRUB_VIDEO_BLIT_FORMAT_RGB_888)) -@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); - - if (data->bitmap_ptr == NULL) -- return grub_error(GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: attempted to decode data before start of stream"); -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempted to decode data before start of stream"); - - for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) --- -2.34.1 - diff --git a/0015-test_asn1-test-module-for-libtasn1.patch b/0015-test_asn1-test-module-for-libtasn1.patch index 6e5c006..0d5c6dc 100644 --- a/0015-test_asn1-test-module-for-libtasn1.patch +++ b/0015-test_asn1-test-module-for-libtasn1.patch @@ -49,28 +49,24 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/lib/libtasn1_wrap/wrap_tests.h create mode 100644 tests/test_asn1.in -diff --git a/Makefile.util.def b/Makefile.util.def -index ac2b6aab1..ef5c818e0 100644 --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -1272,6 +1272,12 @@ script = { - common = tests/syslinux_test.in; +@@ -1304,6 +1304,12 @@ + common = tests/luks2_test.in; }; +script = { -+ testcase; ++ testcase = native; + name = test_asn1; + common = tests/test_asn1.in; +}; + program = { - testcase; + testcase = native; name = example_unit_test; -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index f0df8ed94..6a3ff4265 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2590,3 +2590,16 @@ module = { +@@ -2639,3 +2639,16 @@ // -Wno-type-limits comes from libtasn1's configure.ac cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits'; }; @@ -87,9 +83,6 @@ index f0df8ed94..6a3ff4265 100644 + common = lib/libtasn1_wrap/tests/Test_strings.c; + common = lib/libtasn1_wrap/wrap_tests.c; +}; -diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h -new file mode 100644 -index 000000000..1e7d3d64f --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h @@ -0,0 +1,32 @@ @@ -125,9 +118,6 @@ index 000000000..1e7d3d64f + { NULL, 1, "1"}, + { NULL, 0, NULL } +}; -diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h -new file mode 100644 -index 000000000..e2561e5ec --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h @@ -0,0 +1,36 @@ @@ -167,9 +157,6 @@ index 000000000..e2561e5ec + { NULL, 1, "3"}, + { NULL, 0, NULL } +}; -diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c -new file mode 100644 -index 000000000..534e30452 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c @@ -0,0 +1,61 @@ @@ -234,9 +221,6 @@ index 000000000..534e30452 + + asn1_delete_structure (&definitions); +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c -new file mode 100644 -index 000000000..f48aea0ef --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c @@ -0,0 +1,138 @@ @@ -378,9 +362,6 @@ index 000000000..f48aea0ef + } + } +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_simple.c b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c -new file mode 100644 -index 000000000..9f01006dd --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c @@ -0,0 +1,207 @@ @@ -591,9 +572,6 @@ index 000000000..9f01006dd + return; + } +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_strings.c b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c -new file mode 100644 -index 000000000..dbe1474b2 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c @@ -0,0 +1,150 @@ @@ -747,9 +725,6 @@ index 000000000..dbe1474b2 + grub_free(b); + } +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c -new file mode 100644 -index 000000000..d367bbfb5 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c @@ -0,0 +1,116 @@ @@ -869,9 +844,6 @@ index 000000000..d367bbfb5 + + } +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c -new file mode 100644 -index 000000000..3a83b58c5 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c @@ -0,0 +1,120 @@ @@ -995,9 +967,6 @@ index 000000000..3a83b58c5 + } + } +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/octet-string.c b/grub-core/lib/libtasn1_wrap/tests/octet-string.c -new file mode 100644 -index 000000000..d8a049e8d --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/octet-string.c @@ -0,0 +1,211 @@ @@ -1212,9 +1181,6 @@ index 000000000..d8a049e8d + + } +} -diff --git a/grub-core/lib/libtasn1_wrap/tests/reproducers.c b/grub-core/lib/libtasn1_wrap/tests/reproducers.c -new file mode 100644 -index 000000000..dc7268d4c --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/reproducers.c @@ -0,0 +1,81 @@ @@ -1299,9 +1265,6 @@ index 000000000..dc7268d4c + + asn1_delete_structure (&definitions); +} -diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.c b/grub-core/lib/libtasn1_wrap/wrap_tests.c -new file mode 100644 -index 000000000..75fcd21f0 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/wrap_tests.c @@ -0,0 +1,75 @@ @@ -1380,9 +1343,6 @@ index 000000000..75fcd21f0 +{ + grub_unregister_command (cmd); +} -diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.h b/grub-core/lib/libtasn1_wrap/wrap_tests.h -new file mode 100644 -index 000000000..555e56dd2 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/wrap_tests.h @@ -0,0 +1,38 @@ @@ -1424,9 +1384,6 @@ index 000000000..555e56dd2 +void test_strings (void); + +#endif -diff --git a/tests/test_asn1.in b/tests/test_asn1.in -new file mode 100644 -index 000000000..8173c5c27 --- /dev/null +++ b/tests/test_asn1.in @@ -0,0 +1,12 @@ @@ -1442,6 +1399,3 @@ index 000000000..8173c5c27 + exit 1 +fi + --- -2.31.1 - diff --git a/0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch b/0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch deleted file mode 100644 index 65350b2..0000000 --- a/0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 9a6e9ad21eb2f414dce6eaedd41e146a28142101 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Wed, 7 Jul 2021 15:38:19 +1000 -Subject: [PATCH 15/32] video/readers/jpeg: Block int underflow -> wild pointer - write - -Certain 1 px wide images caused a wild pointer write in -grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), -we have the following loop: - -for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) - -We did not check if vb * width >= hb * nc1. - -On a 64-bit platform, if that turns out to be negative, it will underflow, -be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so -we see data->bitmap_ptr jump, e.g.: - -0x6180_0000_0480 to -0x6181_0000_0498 - ^ - ~--- carry has occurred and this pointer is now far away from - any object. - -On a 32-bit platform, it will decrement the pointer, creating a pointer -that won't crash but will overwrite random data. - -Catch the underflow and error out. - -Fixes: CVE-2021-3697 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/video/readers/jpeg.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 1df1171d78..97a533b24f 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -693,6 +694,7 @@ static grub_err_t - grub_jpeg_decode_data (struct grub_jpeg_data *data) - { - unsigned c1, vb, hb, nr1, nc1; -+ unsigned stride_a, stride_b, stride; - int rst = data->dri; - grub_err_t err = GRUB_ERR_NONE; - -@@ -705,8 +707,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: attempted to decode data before start of stream"); - -+ if (grub_mul(vb, data->image_width, &stride_a) || -+ grub_mul(hb, nc1, &stride_b) || -+ grub_sub(stride_a, stride_b, &stride)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: cannot decode image with these dimensions"); -+ - for (; data->r1 < nr1 && (!data->dri || rst); -- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) -+ data->r1++, data->bitmap_ptr += stride * 3) - for (c1 = 0; c1 < nc1 && (!data->dri || rst); - c1++, rst--, data->bitmap_ptr += hb * 3) - { --- -2.34.1 - diff --git a/0016-grub-install-support-embedding-x509-certificates.patch b/0016-grub-install-support-embedding-x509-certificates.patch index d969804..b15c6fa 100644 --- a/0016-grub-install-support-embedding-x509-certificates.patch +++ b/0016-grub-install-support-embedding-x509-certificates.patch @@ -19,11 +19,9 @@ Signed-off-by: Daniel Axtens util/mkimage.c | 41 ++++++++++++++++++++++++++++++++++--- 6 files changed, 80 insertions(+), 10 deletions(-) -diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 355a43844..b81ac0ae4 100644 --- a/grub-core/commands/pgp.c +++ b/grub-core/commands/pgp.c -@@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp) +@@ -944,7 +944,7 @@ grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); /* Not an ELF module, skip. */ @@ -32,11 +30,9 @@ index 355a43844..b81ac0ae4 100644 continue; pseudo_file.fs = &pseudo_fs; -diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index abbca5ea3..d3aafc884 100644 --- a/include/grub/kernel.h +++ b/include/grub/kernel.h -@@ -28,7 +28,8 @@ enum +@@ -28,7 +28,8 @@ OBJ_TYPE_MEMDISK, OBJ_TYPE_CONFIG, OBJ_TYPE_PREFIX, @@ -46,8 +42,6 @@ index abbca5ea3..d3aafc884 100644 OBJ_TYPE_DTB, OBJ_TYPE_DISABLE_SHIM_LOCK }; -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 0b2e8a06d..c241a2a40 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -67,6 +67,8 @@ @@ -59,7 +53,7 @@ index 0b2e8a06d..c241a2a40 100644 { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ 1}, \ -@@ -189,8 +191,9 @@ void +@@ -190,8 +192,9 @@ grub_install_generate_image (const char *dir, const char *prefix, FILE *out, const char *outname, char *mods[], @@ -71,11 +65,9 @@ index 0b2e8a06d..c241a2a40 100644 char *config_path, const struct grub_install_image_target_desc *image_target, int note, size_t appsig_size, -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 954df20eb..44296afa0 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c -@@ -460,6 +460,8 @@ static char **pubkeys; +@@ -465,6 +465,8 @@ static size_t npubkeys; static char *sbat; static int disable_shim_lock; @@ -84,7 +76,7 @@ index 954df20eb..44296afa0 100644 static grub_compression_t compression; static size_t appsig_size; -@@ -501,6 +503,12 @@ grub_install_parse (int key, char *arg) +@@ -506,6 +508,12 @@ case GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK: disable_shim_lock = 1; return 1; @@ -97,7 +89,7 @@ index 954df20eb..44296afa0 100644 case GRUB_INSTALL_OPTIONS_VERBOSITY: verbosity++; -@@ -627,6 +635,9 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, +@@ -632,6 +640,9 @@ for (pk = pubkeys; pk < pubkeys + npubkeys; pk++) slen += 20 + grub_strlen (*pk); @@ -107,7 +99,7 @@ index 954df20eb..44296afa0 100644 for (md = modules.entries; *md; md++) { slen += 10 + grub_strlen (*md); -@@ -655,6 +666,14 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, +@@ -660,6 +671,14 @@ *p++ = ' '; } @@ -122,7 +114,7 @@ index 954df20eb..44296afa0 100644 for (md = modules.entries; *md; md++) { *p++ = '\''; -@@ -683,7 +702,8 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, +@@ -688,7 +707,8 @@ grub_install_generate_image (dir, prefix, fp, outname, modules.entries, memdisk_path, @@ -132,11 +124,9 @@ index 954df20eb..44296afa0 100644 note, appsig_size, compression, dtb, sbat, disable_shim_lock); while (dc--) -diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index d01eaeb84..7d61ef3ea 100644 --- a/util/grub-mkimage.c +++ b/util/grub-mkimage.c -@@ -75,7 +75,8 @@ static struct argp_option options[] = { +@@ -75,7 +75,8 @@ /* TRANSLATORS: "embed" is a verb (command description). "*/ {"config", 'c', N_("FILE"), 0, N_("embed FILE as an early config"), 0}, /* TRANSLATORS: "embed" is a verb (command description). "*/ @@ -146,7 +136,7 @@ index d01eaeb84..7d61ef3ea 100644 /* TRANSLATORS: NOTE is a name of segment. */ {"note", 'n', 0, 0, N_("add NOTE segment for CHRP IEEE1275"), 0}, {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, -@@ -124,6 +125,8 @@ struct arguments +@@ -124,6 +125,8 @@ char *dtb; char **pubkeys; size_t npubkeys; @@ -155,7 +145,7 @@ index d01eaeb84..7d61ef3ea 100644 char *font; char *config; char *sbat; -@@ -206,6 +209,13 @@ argp_parser (int key, char *arg, struct argp_state *state) +@@ -206,6 +209,13 @@ arguments->pubkeys[arguments->npubkeys++] = xstrdup (arg); break; @@ -169,7 +159,7 @@ index d01eaeb84..7d61ef3ea 100644 case 'c': if (arguments->config) free (arguments->config); -@@ -332,7 +342,8 @@ main (int argc, char *argv[]) +@@ -332,7 +342,8 @@ grub_install_generate_image (arguments.dir, arguments.prefix, fp, arguments.output, arguments.modules, arguments.memdisk, arguments.pubkeys, @@ -179,11 +169,9 @@ index d01eaeb84..7d61ef3ea 100644 arguments.image_target, arguments.note, arguments.appsig_size, arguments.comp, arguments.dtb, -diff --git a/util/mkimage.c b/util/mkimage.c -index d2cb33883..5a8021a21 100644 --- a/util/mkimage.c +++ b/util/mkimage.c -@@ -866,8 +866,10 @@ init_pe_section(const struct grub_install_image_target_desc *image_target, +@@ -882,8 +882,10 @@ void grub_install_generate_image (const char *dir, const char *prefix, FILE *out, const char *outname, char *mods[], @@ -196,7 +184,7 @@ index d2cb33883..5a8021a21 100644 const struct grub_install_image_target_desc *image_target, int note, size_t appsig_size, grub_compression_t comp, const char *dtb_path, const char *sbat_path, -@@ -913,6 +915,19 @@ grub_install_generate_image (const char *dir, const char *prefix, +@@ -929,6 +931,19 @@ } } @@ -216,7 +204,7 @@ index d2cb33883..5a8021a21 100644 if (memdisk_path) { memdisk_size = ALIGN_UP(grub_util_get_image_size (memdisk_path), 512); -@@ -1034,7 +1049,7 @@ grub_install_generate_image (const char *dir, const char *prefix, +@@ -1050,7 +1065,7 @@ curs = grub_util_get_image_size (pubkey_paths[i]); header = (struct grub_module_header *) (kernel_img + offset); @@ -225,7 +213,7 @@ index d2cb33883..5a8021a21 100644 header->size = grub_host_to_target32 (curs + sizeof (*header)); offset += sizeof (*header); -@@ -1043,6 +1058,26 @@ grub_install_generate_image (const char *dir, const char *prefix, +@@ -1059,6 +1074,26 @@ } } @@ -252,6 +240,3 @@ index d2cb33883..5a8021a21 100644 if (memdisk_path) { struct grub_module_header *header; --- -2.31.1 - diff --git a/0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch b/0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch deleted file mode 100644 index 7ef7baa..0000000 --- a/0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +++ /dev/null @@ -1,36 +0,0 @@ -From cfe96e5c432b58726047f4d94f106f58855db1e2 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 13 Jul 2021 13:24:38 +1000 -Subject: [PATCH 16/32] normal/charset: Fix array out-of-bounds formatting - unicode for display - -In some cases attempting to display arbitrary binary strings leads -to ASAN splats reading the widthspec array out of bounds. - -Check the index. If it would be out of bounds, return a width of 1. -I don't know if that's strictly correct, but we're not really expecting -great display of arbitrary binary data, and it's certainly not worse than -an OOB read. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/normal/charset.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index 4dfcc31078..7a5a7c153c 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c) - { - if (grub_unicode_get_comb_type (c->base)) - return 0; -+ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec)) -+ return 1; - if (widthspec[c->base >> 3] & (1 << (c->base & 7))) - return 2; - else --- -2.34.1 - diff --git a/0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch b/0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch index 07bc3f5..38b25da 100644 --- a/0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch +++ b/0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch @@ -21,9 +21,6 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/commands/appendedsig/gnutls_asn1_tab.c create mode 100644 grub-core/commands/appendedsig/pkix_asn1_tab.c -diff --git a/grub-core/commands/appendedsig/gnutls_asn1_tab.c b/grub-core/commands/appendedsig/gnutls_asn1_tab.c -new file mode 100644 -index 000000000..ddd1314e6 --- /dev/null +++ b/grub-core/commands/appendedsig/gnutls_asn1_tab.c @@ -0,0 +1,121 @@ @@ -148,9 +145,6 @@ index 000000000..ddd1314e6 + { NULL, 4104, "0"}, + { NULL, 0, NULL } +}; -diff --git a/grub-core/commands/appendedsig/pkix_asn1_tab.c b/grub-core/commands/appendedsig/pkix_asn1_tab.c -new file mode 100644 -index 000000000..adef69d95 --- /dev/null +++ b/grub-core/commands/appendedsig/pkix_asn1_tab.c @@ -0,0 +1,484 @@ @@ -638,6 +632,3 @@ index 000000000..adef69d95 + { NULL, 3, NULL }, + { NULL, 0, NULL } +}; --- -2.31.1 - diff --git a/0017-net-ip-Do-IP-fragment-maths-safely.patch b/0017-net-ip-Do-IP-fragment-maths-safely.patch deleted file mode 100644 index 9bccf26..0000000 --- a/0017-net-ip-Do-IP-fragment-maths-safely.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 5c79af15504c599b58a2f3e591850876dfdb5fa2 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Dec 2021 19:41:21 +1100 -Subject: [PATCH 17/32] net/ip: Do IP fragment maths safely - -We can receive packets with invalid IP fragmentation information. This -can lead to rsm->total_len underflowing and becoming very large. - -Then, in grub_netbuff_alloc(), we add to this very large number, which can -cause it to overflow and wrap back around to a small positive number. -The allocation then succeeds, but the resulting buffer is too small and -subsequent operations can write past the end of the buffer. - -Catch the underflow here. - -Fixes: CVE-2022-28733 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/ip.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index 01410798b3..937be87678 100644 ---- a/grub-core/net/ip.c -+++ b/grub-core/net/ip.c -@@ -25,6 +25,7 @@ - #include - #include - #include -+#include - #include - - struct iphdr { -@@ -551,7 +552,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, - { - rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) - + (nb->tail - nb->data)); -- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); -+ -+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), -+ &rsm->total_len)) -+ { -+ grub_dprintf ("net", "IP reassembly size underflow\n"); -+ return GRUB_ERR_NONE; -+ } -+ - rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); - if (!rsm->asm_netbuff) - { --- -2.34.1 - diff --git a/0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch b/0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch index a8b4e3f..71d8dc8 100644 --- a/0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch +++ b/0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch @@ -53,9 +53,6 @@ Thanks to Nayna Jain and Stefan Berger for their reviews. create mode 100644 grub-core/commands/appendedsig/pkcs7.c create mode 100644 grub-core/commands/appendedsig/x509.c -diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h -new file mode 100644 -index 000000000..327d68ddb --- /dev/null +++ b/grub-core/commands/appendedsig/appendedsig.h @@ -0,0 +1,118 @@ @@ -177,9 +174,6 @@ index 000000000..327d68ddb +void *grub_asn1_allocate_and_read (asn1_node node, const char *name, + const char *friendly_name, + int *content_size); -diff --git a/grub-core/commands/appendedsig/asn1util.c b/grub-core/commands/appendedsig/asn1util.c -new file mode 100644 -index 000000000..e116f8c75 --- /dev/null +++ b/grub-core/commands/appendedsig/asn1util.c @@ -0,0 +1,103 @@ @@ -286,9 +280,6 @@ index 000000000..e116f8c75 + res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix_asn, NULL); + return res; +} -diff --git a/grub-core/commands/appendedsig/pkcs7.c b/grub-core/commands/appendedsig/pkcs7.c -new file mode 100644 -index 000000000..845f58a53 --- /dev/null +++ b/grub-core/commands/appendedsig/pkcs7.c @@ -0,0 +1,509 @@ @@ -801,9 +792,6 @@ index 000000000..845f58a53 + } + grub_free (msg->signerInfos); +} -diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c -new file mode 100644 -index 000000000..70480aa73 --- /dev/null +++ b/grub-core/commands/appendedsig/x509.c @@ -0,0 +1,1079 @@ @@ -1886,6 +1874,3 @@ index 000000000..70480aa73 + gcry_mpi_release (cert->mpis[0]); + gcry_mpi_release (cert->mpis[1]); +} --- -2.31.1 - diff --git a/0018-net-netbuff-Block-overly-large-netbuff-allocs.patch b/0018-net-netbuff-Block-overly-large-netbuff-allocs.patch deleted file mode 100644 index 62ed85d..0000000 --- a/0018-net-netbuff-Block-overly-large-netbuff-allocs.patch +++ /dev/null @@ -1,55 +0,0 @@ -From bf949ed28a526b7ab137b8804e2ef6239c3061f2 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 23:47:46 +1100 -Subject: [PATCH 18/32] net/netbuff: Block overly large netbuff allocs - -A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment -reassembly. If we are asked to create one that is unreasonably big, refuse. - -This is a hardening measure: if we hit this code, there's a bug somewhere -else that we should catch and fix. - -This commit: - - stops the bug propagating any further. - - provides a spot to instrument in e.g. fuzzing to try to catch these bugs. - -I have put instrumentation (e.g. __builtin_trap() to force a crash) here and -have not been able to find any more crashes. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/netbuff.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c -index dbeeefe478..d5e9e9a0d7 100644 ---- a/grub-core/net/netbuff.c -+++ b/grub-core/net/netbuff.c -@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) - - COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); - -+ /* -+ * The largest size of a TCP packet is 64 KiB, and everything else -+ * should be a lot smaller - most MTUs are 1500 or less. Cap data -+ * size at 64 KiB + a buffer. -+ */ -+ if (len > 0xffffUL + 0x1000UL) -+ { -+ grub_error (GRUB_ERR_BUG, -+ "attempted to allocate a packet that is too big"); -+ return NULL; -+ } -+ - if (len < NETBUFFMINLEN) - len = NETBUFFMINLEN; - - len = ALIGN_UP (len, NETBUFF_ALIGN); -+ - #ifdef GRUB_MACHINE_EMU - data = grub_malloc (len + sizeof (*nb)); - #else --- -2.34.1 - diff --git a/0019-appended-signatures-support-verifying-appended-signa.patch b/0019-appended-signatures-support-verifying-appended-signa.patch index 65432b9..c793053 100644 --- a/0019-appended-signatures-support-verifying-appended-signa.patch +++ b/0019-appended-signatures-support-verifying-appended-signa.patch @@ -46,15 +46,12 @@ This reverts commit 676a19fa8a7f9cca7a58ce2180110f609185b2bd. 3 files changed, 685 insertions(+) create mode 100644 grub-core/commands/appendedsig/appendedsig.c -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 6a3ff4265..b55294e25 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -952,6 +952,20 @@ module = { - enable = i386_pc; +@@ -979,6 +979,21 @@ }; -+module = { + module = { + name = appendedsig; + common = commands/appendedsig/appendedsig.c; + common = commands/appendedsig/x509.c; @@ -63,17 +60,16 @@ index 6a3ff4265..b55294e25 100644 + common = commands/appendedsig/gnutls_asn1_tab.c; + common = commands/appendedsig/pkix_asn1_tab.c; + ++ extra_dist = commands/appendedsig/appendedsig.h; + // posix wrapper required for gcry to get sys/types.h + cflags = '$(CFLAGS_POSIX)'; + cppflags = '-I$(srcdir)/lib/posix_wrap'; +}; + - module = { ++module = { name = hdparm; common = commands/hdparm.c; -diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c -new file mode 100644 -index 000000000..e63ad1ac6 + enable = pci; --- /dev/null +++ b/grub-core/commands/appendedsig/appendedsig.c @@ -0,0 +1,669 @@ @@ -746,11 +742,9 @@ index 000000000..e63ad1ac6 + grub_unregister_command (cmd_trust); + grub_unregister_command (cmd_distrust); +} -diff --git a/include/grub/file.h b/include/grub/file.h -index 811728a99..99b1f3855 100644 --- a/include/grub/file.h +++ b/include/grub/file.h -@@ -80,6 +80,8 @@ enum grub_file_type +@@ -80,6 +80,8 @@ GRUB_FILE_TYPE_PUBLIC_KEY, /* File holding public key to add to trused keys. */ GRUB_FILE_TYPE_PUBLIC_KEY_TRUST, @@ -759,6 +753,3 @@ index 811728a99..99b1f3855 100644 /* File of which we intend to print a blocklist to the user. */ GRUB_FILE_TYPE_PRINT_BLOCKLIST, /* File we intend to use for test loading or testing speed. */ --- -2.31.1 - diff --git a/0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch b/0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch deleted file mode 100644 index aef4df6..0000000 --- a/0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +++ /dev/null @@ -1,59 +0,0 @@ -From cc43d9a3d77069850f993fbc4ae47c941bf284b9 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 16 Sep 2021 01:29:54 +1000 -Subject: [PATCH 19/32] net/dns: Fix double-free addresses on corrupt DNS - response - -grub_net_dns_lookup() takes as inputs a pointer to an array of addresses -("addresses") for the given name, and pointer to a number of addresses -("naddresses"). grub_net_dns_lookup() is responsible for allocating -"addresses", and the caller is responsible for freeing it if -"naddresses" > 0. - -The DNS recv_hook will sometimes set and free the addresses array, -for example if the packet is too short: - - if (ptr + 10 >= nb->tail) - { - if (!*data->naddresses) - grub_free (*data->addresses); - grub_netbuff_free (nb); - return GRUB_ERR_NONE; - } - -Later on the nslookup command code unconditionally frees the "addresses" -array. Normally this is fine: the array is either populated with valid -data or is NULL. But in these sorts of error cases it is neither NULL -nor valid and we get a double-free. - -Only free "addresses" if "naddresses" > 0. - -It looks like the other use of grub_net_dns_lookup() is not affected. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/dns.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 906ec7d678..135faac035 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -667,9 +667,11 @@ grub_cmd_nslookup (struct grub_command *cmd __attribute__ ((unused)), - grub_net_addr_to_str (&addresses[i], buf); - grub_printf ("%s\n", buf); - } -- grub_free (addresses); - if (naddresses) -- return GRUB_ERR_NONE; -+ { -+ grub_free (addresses); -+ return GRUB_ERR_NONE; -+ } - return grub_error (GRUB_ERR_NET_NO_DOMAIN, N_("no DNS record found")); - } - --- -2.34.1 - diff --git a/0020-appended-signatures-verification-tests.patch b/0020-appended-signatures-verification-tests.patch index 397891a..b747987 100644 --- a/0020-appended-signatures-verification-tests.patch +++ b/0020-appended-signatures-verification-tests.patch @@ -27,26 +27,21 @@ v2 changes: create mode 100644 grub-core/tests/appended_signature_test.c create mode 100644 grub-core/tests/appended_signatures.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index b55294e25..88eedd16d 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2161,6 +2161,12 @@ module = { - common = tests/setjmp_test.c; +@@ -2191,6 +2191,12 @@ }; -+module = { + module = { + name = appended_signature_test; + common = tests/appended_signature_test.c; + common = tests/appended_signatures.h; +}; + - module = { ++module = { name = signature_test; common = tests/signature_test.c; -diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c -new file mode 100644 -index 000000000..5365185cb + common = tests/signatures.h; --- /dev/null +++ b/grub-core/tests/appended_signature_test.c @@ -0,0 +1,273 @@ @@ -323,9 +318,6 @@ index 000000000..5365185cb +} + +GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); -diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h -new file mode 100644 -index 000000000..c6aa12d86 --- /dev/null +++ b/grub-core/tests/appended_signatures.h @@ -0,0 +1,975 @@ @@ -1304,11 +1296,9 @@ index 000000000..c6aa12d86 + 0x89, 0xa0, 0x55, 0xf7 +}; +unsigned int certificate_eku_der_len = 916; -diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c -index 96781fb39..403fa5c78 100644 --- a/grub-core/tests/lib/functional_test.c +++ b/grub-core/tests/lib/functional_test.c -@@ -73,6 +73,7 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)), +@@ -73,6 +73,7 @@ grub_dl_load ("xnu_uuid_test"); grub_dl_load ("pbkdf2_test"); grub_dl_load ("signature_test"); @@ -1316,6 +1306,3 @@ index 96781fb39..403fa5c78 100644 grub_dl_load ("sleep_test"); grub_dl_load ("bswap_test"); grub_dl_load ("ctz_test"); --- -2.31.1 - diff --git a/0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch b/0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch deleted file mode 100644 index 422ab1f..0000000 --- a/0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +++ /dev/null @@ -1,73 +0,0 @@ -From e33af61c202972c81aaccdd395d61855e1584f66 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Dec 2021 21:55:43 +1100 -Subject: [PATCH 20/32] net/dns: Don't read past the end of the string we're - checking against - -I don't really understand what's going on here but fuzzing found -a bug where we read past the end of check_with. That's a C string, -so use grub_strlen() to make sure we don't overread it. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/dns.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 135faac035..17961a9f18 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -146,11 +146,18 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - int *length, char *set) - { - const char *readable_ptr = check_with; -+ int readable_len; - const grub_uint8_t *ptr; - char *optr = set; - int bytes_processed = 0; - if (length) - *length = 0; -+ -+ if (readable_ptr != NULL) -+ readable_len = grub_strlen (readable_ptr); -+ else -+ readable_len = 0; -+ - for (ptr = name_at; ptr < tail && bytes_processed < tail - head + 2; ) - { - /* End marker. */ -@@ -172,13 +179,16 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - ptr = head + (((ptr[0] & 0x3f) << 8) | ptr[1]); - continue; - } -- if (readable_ptr && grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0) -+ if (readable_ptr != NULL && (*ptr > readable_len || grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0)) - return 0; - if (grub_memchr (ptr + 1, 0, *ptr) - || grub_memchr (ptr + 1, '.', *ptr)) - return 0; - if (readable_ptr) -- readable_ptr += *ptr; -+ { -+ readable_ptr += *ptr; -+ readable_len -= *ptr; -+ } - if (readable_ptr && *readable_ptr != '.' && *readable_ptr != 0) - return 0; - bytes_processed += *ptr + 1; -@@ -192,7 +202,10 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - if (optr) - *optr++ = '.'; - if (readable_ptr && *readable_ptr) -- readable_ptr++; -+ { -+ readable_ptr++; -+ readable_len--; -+ } - ptr += *ptr + 1; - } - return 0; --- -2.34.1 - diff --git a/0021-appended-signatures-documentation.patch b/0021-appended-signatures-documentation.patch index 9f17046..ac571ee 100644 --- a/0021-appended-signatures-documentation.patch +++ b/0021-appended-signatures-documentation.patch @@ -16,11 +16,9 @@ v2: fix a grammar issue, thanks Stefan Berger. docs/grub.texi | 193 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 176 insertions(+), 17 deletions(-) -diff --git a/docs/grub.texi b/docs/grub.texi -index dc1c58304..988ef8ddc 100644 --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -3209,6 +3209,7 @@ These variables have special meaning to GRUB. +@@ -3278,6 +3278,7 @@ @menu * biosnum:: @@ -28,7 +26,7 @@ index dc1c58304..988ef8ddc 100644 * check_signatures:: * chosen:: * cmdpath:: -@@ -3268,11 +3269,18 @@ For an alternative approach which also changes BIOS drive mappings for the +@@ -3342,11 +3343,18 @@ chain-loaded system, @pxref{drivemap}. @@ -49,23 +47,23 @@ index dc1c58304..988ef8ddc 100644 @node chosen @subsection chosen -@@ -3989,6 +3997,7 @@ you forget a command, you can run the command @command{help} +@@ -4322,6 +4330,7 @@ * date:: Display or set current date and time * devicetree:: Load a device tree blob * distrust:: Remove a pubkey from trusted keys +* distrust_certificate:: Remove a certificate from the list of trusted certificates * drivemap:: Map a drive to another * echo:: Display a line of text - * eval:: Evaluate agruments as GRUB commands -@@ -4005,6 +4014,7 @@ you forget a command, you can run the command @command{help} + * efitextmode:: Set/Get text output mode resolution +@@ -4337,6 +4346,7 @@ + * help:: Show help messages + * insmod:: Insert a module * keystatus:: Check key modifier status - * linux:: Load a Linux kernel - * linux16:: Load a Linux kernel (16-bit mode) +* list_certificates:: List trusted certificates * list_env:: List variables in environment block * list_trusted:: List trusted public keys * load_env:: Load variables from environment block -@@ -4042,8 +4052,10 @@ you forget a command, you can run the command @command{help} +@@ -4375,8 +4385,10 @@ * test:: Check file types and compare values * true:: Do nothing, successfully * trust:: Add public key to list of trusted keys @@ -75,8 +73,8 @@ index dc1c58304..988ef8ddc 100644 +* verify_appended:: Verify appended digital signature * verify_detached:: Verify detached digital signature * videoinfo:: List available video modes - @comment * xen_*:: Xen boot commands for AArch64 -@@ -4371,9 +4383,28 @@ These keys are used to validate signatures when environment variable + * wrmsr:: Write values to model-specific registers +@@ -4710,9 +4722,28 @@ @code{check_signatures} is set to @code{enforce} (@pxref{check_signatures}), and by some invocations of @command{verify_detached} (@pxref{verify_detached}). @xref{Using @@ -106,7 +104,7 @@ index dc1c58304..988ef8ddc 100644 @node drivemap @subsection drivemap -@@ -4631,6 +4662,21 @@ This command is only available on x86 systems. +@@ -4975,6 +5006,21 @@ @end deffn @@ -128,7 +126,7 @@ index dc1c58304..988ef8ddc 100644 @node list_env @subsection list_env -@@ -4650,7 +4696,7 @@ The output is in GPG's v4 key fingerprint format (i.e., the output of +@@ -4994,7 +5040,7 @@ @code{gpg --fingerprint}). The least significant four bytes (last eight hexadecimal digits) can be used as an argument to @command{distrust} (@pxref{distrust}). @@ -137,7 +135,7 @@ index dc1c58304..988ef8ddc 100644 these keys. @end deffn -@@ -4685,8 +4731,12 @@ When used with care, @option{--skip-sig} and the whitelist enable an +@@ -5029,8 +5075,12 @@ administrator to configure a system to boot only signed configurations, but to allow the user to select from among multiple configurations, and to enable ``one-shot'' boot attempts and @@ -151,7 +149,7 @@ index dc1c58304..988ef8ddc 100644 @end deffn -@@ -4982,7 +5032,7 @@ read. It is possible to modify a digitally signed environment block +@@ -5401,7 +5451,7 @@ file from within GRUB using this command, such that its signature will no longer be valid on subsequent boots. Care should be taken in such advanced configurations to avoid rendering the system @@ -160,7 +158,7 @@ index dc1c58304..988ef8ddc 100644 @end deffn -@@ -5382,11 +5432,31 @@ signatures when environment variable @code{check_signatures} is set to +@@ -5817,11 +5867,31 @@ must itself be properly signed. The @option{--skip-sig} option can be used to disable signature-checking when reading @var{pubkey_file} itself. It is expected that @option{--skip-sig} is useful for testing @@ -193,7 +191,7 @@ index dc1c58304..988ef8ddc 100644 @node unset @subsection unset -@@ -5405,6 +5475,18 @@ only on PC BIOS platforms. +@@ -5840,6 +5910,18 @@ @end deffn @end ignore @@ -212,7 +210,7 @@ index dc1c58304..988ef8ddc 100644 @node verify_detached @subsection verify_detached -@@ -5423,7 +5505,7 @@ tried. +@@ -5858,7 +5940,7 @@ Exit code @code{$?} is set to 0 if the signature validates successfully. If validation fails, it is set to a non-zero value. @@ -221,7 +219,7 @@ index dc1c58304..988ef8ddc 100644 @end deffn @node videoinfo -@@ -5808,13 +5890,14 @@ environment variables and commands are listed in the same order. +@@ -6339,13 +6421,14 @@ @chapter Security @menu @@ -243,7 +241,7 @@ index dc1c58304..988ef8ddc 100644 @end menu @node Authentication and authorisation -@@ -5888,8 +5971,8 @@ generating configuration files with authentication. You can use +@@ -6419,8 +6502,8 @@ adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} commands. @@ -254,7 +252,7 @@ index dc1c58304..988ef8ddc 100644 GRUB's @file{core.img} can optionally provide enforcement that all files subsequently read from disk are covered by a valid digital signature. -@@ -5972,6 +6055,82 @@ or BIOS) configuration to cause the machine to boot from a different +@@ -6503,6 +6586,82 @@ (attacker-controlled) device. GRUB is at best only one link in a secure boot chain. @@ -337,6 +335,3 @@ index dc1c58304..988ef8ddc 100644 @node UEFI secure boot and shim @section UEFI secure boot and shim support --- -2.31.1 - diff --git a/0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch b/0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch deleted file mode 100644 index be4b8df..0000000 --- a/0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 4adbb12d15af04f8f279a6290cd0195e57cc9e69 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Sep 2021 01:12:24 +1000 -Subject: [PATCH 21/32] net/tftp: Prevent a UAF and double-free from a failed - seek - -A malicious tftp server can cause UAFs and a double free. - -An attempt to read from a network file is handled by grub_net_fs_read(). If -the read is at an offset other than the current offset, grub_net_seek_real() -is invoked. - -In grub_net_seek_real(), if a backwards seek cannot be satisfied from the -currently received packets, and the underlying transport does not provide -a seek method, then grub_net_seek_real() will close and reopen the network -protocol layer. - -For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t -file->data. The file->data pointer is not nulled out after the free. - -If the ->open() call fails, the file->data will not be reallocated and will -continue point to a freed memory block. This could happen from a server -refusing to send the requisite ack to the new tftp request, for example. - -The seek and the read will then fail, but the grub_file continues to exist: -the failed seek does not necessarily cause the entire file to be thrown -away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., -a read failure is interpreted as a decompressor passing on the file, not as -an invalidation of the entire grub_file_t structure). - -This means subsequent attempts to read or seek the file will use the old -file->data after free. Eventually, the file will be close()d again and -file->data will be freed again. - -Mark a net_fs file that doesn't reopen as broken. Do not permit read() or -close() on a broken file (seek is not exposed directly to the file API - -it is only called as part of read, so this blocks seeks as well). - -As an additional defence, null out the ->data pointer if tftp_open() fails. -That would have lead to a simple null pointer dereference rather than -a mess of UAFs. - -This may affect other protocols, I haven't checked. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/net.c | 11 +++++++++-- - grub-core/net/tftp.c | 1 + - include/grub/net.h | 1 + - 3 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index d11672fbee..b8238b7df1 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -1546,7 +1546,8 @@ grub_net_fs_close (grub_file_t file) - grub_netbuff_free (file->device->net->packs.first->nb); - grub_net_remove_packet (file->device->net->packs.first); - } -- file->device->net->protocol->close (file); -+ if (!file->device->net->broken) -+ file->device->net->protocol->close (file); - grub_free (file->device->net->name); - return GRUB_ERR_NONE; - } -@@ -1768,7 +1769,10 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) - file->device->net->stall = 0; - err = file->device->net->protocol->open (file, file->device->net->name); - if (err) -- return err; -+ { -+ file->device->net->broken = 1; -+ return err; -+ } - grub_net_fs_read_real (file, NULL, offset); - return grub_errno; - } -@@ -1777,6 +1781,9 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) - static grub_ssize_t - grub_net_fs_read (grub_file_t file, char *buf, grub_size_t len) - { -+ if (file->device->net->broken) -+ return -1; -+ - if (file->offset != file->device->net->offset) - { - grub_err_t err; -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index f3e7879388..d1afa25352 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -404,6 +404,7 @@ tftp_open (struct grub_file *file, const char *filename) - { - grub_net_udp_close (data->sock); - grub_free (data); -+ file->data = NULL; - return grub_errno; - } - -diff --git a/include/grub/net.h b/include/grub/net.h -index cbcae79b1f..8d71ca6cc5 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -277,6 +277,7 @@ typedef struct grub_net - grub_fs_t fs; - int eof; - int stall; -+ int broken; - } *grub_net_t; - - extern grub_net_t (*EXPORT_VAR (grub_net_open)) (const char *name); --- -2.34.1 - diff --git a/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch b/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch index 893470d..03fede7 100644 --- a/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch +++ b/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch @@ -14,11 +14,9 @@ Signed-off-by: Daniel Axtens include/grub/lockdown.h | 3 ++- 4 files changed, 32 insertions(+), 3 deletions(-) -diff --git a/docs/grub.texi b/docs/grub.texi -index 988ef8ddc..f4794fdda 100644 --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -6208,8 +6208,8 @@ Measured boot is currently only supported on EFI platforms. +@@ -6740,8 +6740,8 @@ @section Lockdown when booting on a secure setup The GRUB can be locked down when booted on a secure boot environment, for example @@ -29,11 +27,9 @@ index 988ef8ddc..f4794fdda 100644 The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down. Otherwise it does not exit. -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 88eedd16d..49bdb63b6 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -317,6 +317,7 @@ kernel = { +@@ -331,6 +331,7 @@ powerpc_ieee1275 = kern/powerpc/cache.S; powerpc_ieee1275 = kern/powerpc/dl.c; powerpc_ieee1275 = kern/powerpc/compiler-rt.S; @@ -41,8 +37,6 @@ index 88eedd16d..49bdb63b6 100644 sparc64_ieee1275 = kern/sparc64/cache.S; sparc64_ieee1275 = kern/sparc64/dl.c; -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 446201165..d77d89604 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -44,6 +44,7 @@ @@ -51,9 +45,9 @@ index 446201165..d77d89604 100644 #endif +#include - /* The maximum heap size we're going to claim. Not used by sparc. - We allocate 1/4 of the available memory under 4G, up to this limit. */ -@@ -440,6 +441,30 @@ grub_parse_cmdline (void) + /* The maximum heap size we're going to claim at boot. Not used by sparc. */ + #ifdef __i386__ +@@ -708,6 +709,30 @@ } } @@ -84,7 +78,7 @@ index 446201165..d77d89604 100644 grub_addr_t grub_modbase; void -@@ -465,6 +490,8 @@ grub_machine_init (void) +@@ -733,6 +758,8 @@ #else grub_install_get_time_ms (grub_rtc_get_time_ms); #endif @@ -93,8 +87,6 @@ index 446201165..d77d89604 100644 } void -diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h -index 40531fa82..ebfee4bf0 100644 --- a/include/grub/lockdown.h +++ b/include/grub/lockdown.h @@ -24,7 +24,8 @@ @@ -107,6 +99,3 @@ index 40531fa82..ebfee4bf0 100644 extern void EXPORT_FUNC (grub_lockdown) (void); extern int --- -2.31.1 - diff --git a/0022-net-tftp-Avoid-a-trivial-UAF.patch b/0022-net-tftp-Avoid-a-trivial-UAF.patch deleted file mode 100644 index f5c66e0..0000000 --- a/0022-net-tftp-Avoid-a-trivial-UAF.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 1824df76e0e712917edce83b5be57d485b81a5a7 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 18 Jan 2022 14:29:20 +1100 -Subject: [PATCH 22/32] net/tftp: Avoid a trivial UAF - -Under tftp errors, we print a tftp error message from the tftp header. -However, the tftph pointer is a pointer inside nb, the netbuff. Previously, -we were freeing the nb and then dereferencing it. Don't do that, use it -and then free it later. - -This isn't really _bad_ per se, especially as we're single-threaded, but -it trips up fuzzers. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/tftp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index d1afa25352..4222d93b6d 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -251,9 +251,9 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), - return GRUB_ERR_NONE; - case TFTP_ERROR: - data->have_oack = 1; -- grub_netbuff_free (nb); - grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); - grub_error_save (&data->save_err); -+ grub_netbuff_free (nb); - return GRUB_ERR_NONE; - default: - grub_netbuff_free (nb); --- -2.34.1 - diff --git a/0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch b/0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch deleted file mode 100644 index 283c15c..0000000 --- a/0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7ec48289eeae517e14e2c957a90fd95a49741894 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 1 Mar 2022 23:14:15 +1100 -Subject: [PATCH 23/32] net/http: Do not tear down socket if it's already been - torn down - -It's possible for data->sock to get torn down in tcp error handling. -If we unconditionally tear it down again we will end up doing writes -to an offset of the NULL pointer when we go to tear it down again. - -Detect if it has been torn down and don't do it again. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/http.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index bf838660d9..a77bc4e4b8 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -425,7 +425,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - return err; - } - -- for (i = 0; !data->headers_recv && i < 100; i++) -+ for (i = 0; data->sock && !data->headers_recv && i < 100; i++) - { - grub_net_tcp_retransmit (); - grub_net_poll_cards (300, &data->headers_recv); -@@ -433,7 +433,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - - if (!data->headers_recv) - { -- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); -+ if (data->sock) -+ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); - if (data->err) - { - char *str = data->errmsg; --- -2.34.1 - diff --git a/0024-net-http-Fix-OOB-write-for-split-http-headers.patch b/0024-net-http-Fix-OOB-write-for-split-http-headers.patch deleted file mode 100644 index 331e1a6..0000000 --- a/0024-net-http-Fix-OOB-write-for-split-http-headers.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d7374ab1a110a7ddcfa5a0eda9574ebef2220ee1 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 18:17:03 +1100 -Subject: [PATCH 24/32] net/http: Fix OOB write for split http headers - -GRUB has special code for handling an http header that is split -across two packets. - -The code tracks the end of line by looking for a "\n" byte. The -code for split headers has always advanced the pointer just past the -end of the line, whereas the code that handles unsplit headers does -not advance the pointer. This extra advance causes the length to be -one greater, which breaks an assumption in parse_line(), leading to -it writing a NUL byte one byte past the end of the buffer where we -reconstruct the line from the two packets. - -It's conceivable that an attacker controlled set of packets could -cause this to zero out the first byte of the "next" pointer of the -grub_mm_region structure following the current_line buffer. - -Do not advance the pointer in the split header case. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/http.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index a77bc4e4b8..d9d2ade98e 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -193,9 +193,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), - int have_line = 1; - char *t; - ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); -- if (ptr) -- ptr++; -- else -+ if (ptr == NULL) - { - have_line = 0; - ptr = (char *) nb->tail; --- -2.34.1 - diff --git a/0025-net-http-Error-out-on-headers-with-LF-without-CR.patch b/0025-net-http-Error-out-on-headers-with-LF-without-CR.patch deleted file mode 100644 index d2d00db..0000000 --- a/0025-net-http-Error-out-on-headers-with-LF-without-CR.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 5a6ca6483123f2290696e7268f875ff72dd841b6 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 19:04:40 +1100 -Subject: [PATCH 25/32] net/http: Error out on headers with LF without CR - -In a similar vein to the previous patch, parse_line() would write -a NUL byte past the end of the buffer if there was an HTTP header -with a LF rather than a CRLF. - -RFC-2616 says: - - Many HTTP/1.1 header field values consist of words separated by LWS - or special characters. These special characters MUST be in a quoted - string to be used within a parameter value (as defined in section 3.6). - -We don't support quoted sections or continuation lines, etc. - -If we see an LF that's not part of a CRLF, bail out. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/net/http.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index d9d2ade98e..0472645d12 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -69,7 +69,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - char *end = ptr + len; - while (end > ptr && *(end - 1) == '\r') - end--; -+ -+ /* LF without CR. */ -+ if (end == ptr + len) -+ { -+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); -+ return GRUB_ERR_NONE; -+ } - *end = 0; -+ - /* Trailing CRLF. */ - if (data->in_chunk_len == 1) - { --- -2.34.1 - diff --git a/0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch b/0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch deleted file mode 100644 index b11a6b1..0000000 --- a/0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +++ /dev/null @@ -1,75 +0,0 @@ -From c1013c295f1e32620db302470f126df0c6a0d5a5 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:03:37 +0530 -Subject: [PATCH 26/32] fs/f2fs: Do not read past the end of nat journal - entries - -A corrupt f2fs file system could specify a nat journal entry count -that is beyond the maximum NAT_JOURNAL_ENTRIES. - -Check if the specified nat journal entry count before accessing the -array, and throw an error if it is too large. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/fs/f2fs.c | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 8a9992ca9e..63702214b0 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -632,23 +632,27 @@ get_nat_journal (struct grub_f2fs_data *data) - return err; - } - --static grub_uint32_t --get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) -+static grub_err_t -+get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, -+ grub_uint32_t *blkaddr) - { - grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); -- grub_uint32_t blkaddr = 0; - grub_uint16_t i; - -+ if (n >= NAT_JOURNAL_ENTRIES) -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid number of nat journal entries"); -+ - for (i = 0; i < n; i++) - { - if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) - { -- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); -+ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); - break; - } - } - -- return blkaddr; -+ return GRUB_ERR_NONE; - } - - static grub_uint32_t -@@ -656,10 +660,13 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - { - struct grub_f2fs_nat_block *nat_block; - grub_uint32_t seg_off, block_off, entry_off, block_addr; -- grub_uint32_t blkaddr; -+ grub_uint32_t blkaddr = 0; - grub_err_t err; - -- blkaddr = get_blkaddr_from_nat_journal (data, nid); -+ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); -+ if (err != GRUB_ERR_NONE) -+ return 0; -+ - if (blkaddr) - return blkaddr; - --- -2.34.1 - diff --git a/0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch b/0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch deleted file mode 100644 index 3a8308b..0000000 --- a/0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 5ac885d02a9e91a5d6760090f90fa2bb4e7a5dd6 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:49:09 +0530 -Subject: [PATCH 27/32] fs/f2fs: Do not read past the end of nat bitmap - -A corrupt f2fs filesystem could have a block offset or a bitmap -offset that would cause us to read beyond the bounds of the nat -bitmap. - -Introduce the nat_bitmap_size member in grub_f2fs_data which holds -the size of nat bitmap. - -Set the size when loading the nat bitmap in nat_bitmap_ptr(), and -catch when an invalid offset would create a pointer past the end of -the allocated space. - -Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid -reading past the end of the nat bitmap. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ - 1 file changed, 27 insertions(+), 6 deletions(-) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 63702214b0..8898b235e0 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ - - #define MAX_VOLUME_NAME 512 -+#define MAX_NAT_BITMAP_SIZE 3900 - - enum FILE_TYPE - { -@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint - grub_uint32_t checksum_offset; - grub_uint64_t elapsed_time; - grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; -- grub_uint8_t sit_nat_version_bitmap[3900]; -+ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE]; - grub_uint32_t checksum; - } GRUB_PACKED; - -@@ -302,6 +303,7 @@ struct grub_f2fs_data - - struct grub_f2fs_nat_journal nat_j; - char *nat_bitmap; -+ grub_uint32_t nat_bitmap_size; - - grub_disk_t disk; - struct grub_f2fs_node *inode; -@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type) - } - - static void * --nat_bitmap_ptr (struct grub_f2fs_data *data) -+nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size) - { - struct grub_f2fs_checkpoint *ckpt = &data->ckpt; - grub_uint32_t offset; -+ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE; - - if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) - return ckpt->sit_nat_version_bitmap; - - offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); -+ if (offset >= MAX_NAT_BITMAP_SIZE) -+ return NULL; -+ -+ *nat_bitmap_size = *nat_bitmap_size - offset; - - return ckpt->sit_nat_version_bitmap + offset; - } -@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) - } - - static int --grub_f2fs_test_bit (grub_uint32_t nr, const char *p) -+grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len) - { - int mask; -+ grub_uint32_t shifted_nr = (nr >> 3); -+ -+ if (shifted_nr >= len) -+ return -1; - -- p += (nr >> 3); -+ p += shifted_nr; - mask = 1 << (7 - (nr & 0x07)); - - return mask & *p; -@@ -662,6 +673,7 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - grub_uint32_t seg_off, block_off, entry_off, block_addr; - grub_uint32_t blkaddr = 0; - grub_err_t err; -+ int result_bit; - - err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); - if (err != GRUB_ERR_NONE) -@@ -682,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - ((seg_off * data->blocks_per_seg) << 1) + - (block_off & (data->blocks_per_seg - 1)); - -- if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) -+ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap, -+ data->nat_bitmap_size); -+ if (result_bit > 0) - block_addr += data->blocks_per_seg; -+ else if (result_bit == -1) -+ { -+ grub_free (nat_block); -+ return 0; -+ } - - err = grub_f2fs_block_read (data, block_addr, nat_block); - if (err) -@@ -833,7 +852,9 @@ grub_f2fs_mount (grub_disk_t disk) - if (err) - goto fail; - -- data->nat_bitmap = nat_bitmap_ptr (data); -+ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size); -+ if (data->nat_bitmap == NULL) -+ goto fail; - - err = get_nat_journal (data); - if (err) --- -2.34.1 - diff --git a/0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch b/0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch deleted file mode 100644 index 065591e..0000000 --- a/0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 315e2773ed5cae92548d4508301ac0fe7515e5bb Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:17:43 +0530 -Subject: [PATCH 28/32] fs/f2fs: Do not copy file names that are too long - -A corrupt f2fs file system might specify a name length which is greater -than the maximum name length supported by the GRUB f2fs driver. - -We will allocate enough memory to store the overly long name, but there -are only F2FS_NAME_LEN bytes in the source, so we would read past the end -of the source. - -While checking directory entries, do not copy a file name with an invalid -length. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/fs/f2fs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 8898b235e0..df6beb544c 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) - - ftype = ctx->dentry[i].file_type; - name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); -+ -+ if (name_len >= F2FS_NAME_LEN) -+ return 0; -+ - filename = grub_malloc (name_len + 1); - if (!filename) - return 0; --- -2.34.1 - diff --git a/0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch b/0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch deleted file mode 100644 index eab9aa2..0000000 --- a/0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +++ /dev/null @@ -1,79 +0,0 @@ -From c64e0158654a1098caf652f6ffd192cbe26583f3 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Tue, 29 Mar 2022 10:49:56 +0000 -Subject: [PATCH 29/32] fs/btrfs: Fix several fuzz issues with invalid dir item - sizing - -According to the btrfs code in Linux, the structure of a directory item -leaf should be of the form: - - |struct btrfs_dir_item|name|data| - -in GRUB the name len and data len are in the grub_btrfs_dir_item -structure's n and m fields respectively. - -The combined size of the structure, name and data should be less than -the allocated memory, a difference to the Linux kernel's struct -btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for -where the name is stored, so we adjust for that too. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper ---- - grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ - 1 file changed, 26 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 42fdbaf616..626fd2daa0 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2210,6 +2210,7 @@ grub_btrfs_dir (grub_device_t device, const char *path, - grub_uint64_t tree; - grub_uint8_t type; - char *new_path = NULL; -+ grub_size_t est_size = 0; - - if (!data) - return grub_errno; -@@ -2276,6 +2277,18 @@ grub_btrfs_dir (grub_device_t device, const char *path, - break; - } - -+ if (direl == NULL || -+ grub_add (grub_le_to_cpu16 (direl->n), -+ grub_le_to_cpu16 (direl->m), &est_size) || -+ grub_add (est_size, sizeof (*direl), &est_size) || -+ grub_sub (est_size, sizeof (direl->name), &est_size) || -+ est_size > allocated) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ r = -grub_errno; -+ goto out; -+ } -+ - for (cdirel = direl; - (grub_uint8_t *) cdirel - (grub_uint8_t *) direl - < (grub_ssize_t) elemsize; -@@ -2286,6 +2299,19 @@ grub_btrfs_dir (grub_device_t device, const char *path, - char c; - struct grub_btrfs_inode inode; - struct grub_dirhook_info info; -+ -+ if (cdirel == NULL || -+ grub_add (grub_le_to_cpu16 (cdirel->n), -+ grub_le_to_cpu16 (cdirel->m), &est_size) || -+ grub_add (est_size, sizeof (*cdirel), &est_size) || -+ grub_sub (est_size, sizeof (cdirel->name), &est_size) || -+ est_size > allocated) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ r = -grub_errno; -+ goto out; -+ } -+ - err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id, - tree); - grub_memset (&info, 0, sizeof (info)); --- -2.34.1 - diff --git a/0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch b/0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch deleted file mode 100644 index 8a70a19..0000000 --- a/0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 2576115cc77c45d2a77d7629b8c2f26a3a58822b Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Tue, 29 Mar 2022 15:52:46 +0000 -Subject: [PATCH 30/32] fs/btrfs: Fix more ASAN and SEGV issues found with - fuzzing - -The fuzzer is generating btrfs file systems that have chunks with -invalid combinations of stripes and substripes for the given RAID -configurations. - -After examining the Linux kernel fs/btrfs/tree-checker.c code, it -appears that sub-stripes should only be applied to RAID10, and in that -case there should only ever be 2 of them. - -Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4 -should have 2. 3 or 4 stripes respectively, which is what redundancy -corresponds. - -Some of the chunks ended up with a size of 0, which grub_malloc() still -returned memory for and in turn generated ASAN errors later when -accessed. - -While it would be possible to specifically limit the number of stripes, -a more correct test was on the combination of the chunk item, and the -number of stripes by the size of the chunk stripe structure in -comparison to the size of the chunk itself. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper ---- - grub-core/fs/btrfs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 55 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 626fd2daa0..62fe5e6a69 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -938,6 +938,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return grub_error (GRUB_ERR_BAD_FS, - "couldn't find the chunk descriptor"); - -+ if (!chsize) -+ { -+ grub_dprintf ("btrfs", "zero-size chunk\n"); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "got an invalid zero-size chunk"); -+ } - chunk = grub_malloc (chsize); - if (!chunk) - return grub_errno; -@@ -996,6 +1002,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripe_length = grub_divmod64 (grub_le_to_cpu64 (chunk->size), - nstripes, - NULL); -+ -+ /* For single, there should be exactly 1 stripe. */ -+ if (grub_le_to_cpu16 (chunk->nstripes) != 1) -+ { -+ grub_dprintf ("btrfs", "invalid RAID_SINGLE: nstripes != 1 (%u)\n", -+ grub_le_to_cpu16 (chunk->nstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID_SINGLE: nstripes != 1 (%u)", -+ grub_le_to_cpu16 (chunk->nstripes)); -+ } - if (stripe_length == 0) - stripe_length = 512; - stripen = grub_divmod64 (off, stripe_length, &stripe_offset); -@@ -1015,6 +1031,19 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripen = 0; - stripe_offset = off; - csize = grub_le_to_cpu64 (chunk->size) - off; -+ -+ /* -+ * Redundancy, and substripes only apply to RAID10, and there -+ * should be exactly 2 sub-stripes. -+ */ -+ if (grub_le_to_cpu16 (chunk->nstripes) != redundancy) -+ { -+ grub_dprintf ("btrfs", "invalid RAID1: nstripes != %u (%u)\n", -+ redundancy, grub_le_to_cpu16 (chunk->nstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID1: nstripes != %u (%u)", -+ redundancy, grub_le_to_cpu16 (chunk->nstripes)); -+ } - break; - } - case GRUB_BTRFS_CHUNK_TYPE_RAID0: -@@ -1051,6 +1080,20 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripe_offset = low + chunk_stripe_length - * high; - csize = chunk_stripe_length - low; -+ -+ /* -+ * Substripes only apply to RAID10, and there -+ * should be exactly 2 sub-stripes. -+ */ -+ if (grub_le_to_cpu16 (chunk->nsubstripes) != 2) -+ { -+ grub_dprintf ("btrfs", "invalid RAID10: nsubstripes != 2 (%u)", -+ grub_le_to_cpu16 (chunk->nsubstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID10: nsubstripes != 2 (%u)", -+ grub_le_to_cpu16 (chunk->nsubstripes)); -+ } -+ - break; - } - case GRUB_BTRFS_CHUNK_TYPE_RAID5: -@@ -1150,6 +1193,8 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - - for (j = 0; j < 2; j++) - { -+ grub_size_t est_chunk_alloc = 0; -+ - grub_dprintf ("btrfs", "chunk 0x%" PRIxGRUB_UINT64_T - "+0x%" PRIxGRUB_UINT64_T - " (%d stripes (%d substripes) of %" -@@ -1162,6 +1207,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - grub_dprintf ("btrfs", "reading laddr 0x%" PRIxGRUB_UINT64_T "\n", - addr); - -+ if (grub_mul (sizeof (struct grub_btrfs_chunk_stripe), -+ grub_le_to_cpu16 (chunk->nstripes), &est_chunk_alloc) || -+ grub_add (est_chunk_alloc, -+ sizeof (struct grub_btrfs_chunk_item), &est_chunk_alloc) || -+ est_chunk_alloc > chunk->size) -+ { -+ err = GRUB_ERR_BAD_FS; -+ break; -+ } -+ - if (is_raid56) - { - err = btrfs_read_from_chunk (data, chunk, stripen, --- -2.34.1 - diff --git a/0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch b/0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch deleted file mode 100644 index a6ea7cd..0000000 --- a/0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 480019e546386b8e25a26d03408897a7752b98b6 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Thu, 7 Apr 2022 15:18:12 +0000 -Subject: [PATCH 31/32] fs/btrfs: Fix more fuzz issues related to chunks - -The corpus was generating issues in grub_btrfs_read_logical() when -attempting to iterate over stripe entries in the superblock's -bootmapping. - -In most cases the reason for the failure was that the number of stripes -in chunk->nstripes exceeded the possible space statically allocated in -superblock bootmapping space. Each stripe entry in the bootmapping block -consists of a grub_btrfs_key followed by a grub_btrfs_chunk_stripe. - -Another issue that came up was that while calculating the chunk size, -in an earlier piece of code in that function, depending on the data -provided in the btrfs file system, it would end up calculating a size -that was too small to contain even 1 grub_btrfs_chunk_item, which is -obviously invalid too. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper ---- - grub-core/fs/btrfs.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 62fe5e6a69..7007463c6e 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -944,6 +944,17 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return grub_error (GRUB_ERR_BAD_FS, - "got an invalid zero-size chunk"); - } -+ -+ /* -+ * The space being allocated for a chunk should at least be able to -+ * contain one chunk item. -+ */ -+ if (chsize < sizeof (struct grub_btrfs_chunk_item)) -+ { -+ grub_dprintf ("btrfs", "chunk-size too small\n"); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "got an invalid chunk size"); -+ } - chunk = grub_malloc (chsize); - if (!chunk) - return grub_errno; -@@ -1191,6 +1202,13 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - if (csize > (grub_uint64_t) size) - csize = size; - -+ /* -+ * The space for a chunk stripe is limited to the space provide in the super-block's -+ * bootstrap mapping with an initial btrfs key at the start of each chunk. -+ */ -+ grub_size_t avail_stripes = sizeof (data->sblock.bootstrap_mapping) / -+ (sizeof (struct grub_btrfs_key) + sizeof (struct grub_btrfs_chunk_stripe)); -+ - for (j = 0; j < 2; j++) - { - grub_size_t est_chunk_alloc = 0; -@@ -1217,6 +1235,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - break; - } - -+ if (grub_le_to_cpu16 (chunk->nstripes) > avail_stripes) -+ { -+ err = GRUB_ERR_BAD_FS; -+ break; -+ } -+ - if (is_raid56) - { - err = btrfs_read_from_chunk (data, chunk, stripen, --- -2.34.1 - diff --git a/0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch b/0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch deleted file mode 100644 index f00a64b..0000000 --- a/0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch +++ /dev/null @@ -1,261 +0,0 @@ -From 836337d9b895da32bcbc451c84bc3a7865a15963 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Mon, 18 Apr 2022 22:16:49 +0800 -Subject: [PATCH 32/32] Use grub_loader_set_ex() for secureboot chainloader - -This is required as many distributions, including SUSE, has been -shipping a variation to load and start image using native functions than -calling out efi protocols when secure boot is enabled and shim lock is -used to verify image. - -Signed-off-by: Michael Chang ---- - grub-core/loader/efi/chainloader.c | 100 +++++++++++++++++++---------- - 1 file changed, 66 insertions(+), 34 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index b3e1e89302..48d69c7795 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -53,10 +53,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_ssize_t fsize; --static grub_ssize_t cmdline_len; --static grub_efi_handle_t dev_handle; -- - #ifdef SUPPORT_SECURE_BOOT - static grub_efi_boolean_t debug_secureboot = 0; - static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); -@@ -76,8 +72,6 @@ grub_chainloader_unload (void *context) - b = grub_efi_system_table->boot_services; - efi_call_1 (b->unload_image, image_handle); - -- dev_handle = 0; -- - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; - } -@@ -254,6 +248,17 @@ struct pe_coff_loader_image_context - struct grub_pe32_header_no_msdos_stub *pe_hdr; - }; - -+struct grub_secureboot_chainloader_context -+{ -+ grub_efi_physical_address_t address; -+ grub_efi_uintn_t pages; -+ grub_ssize_t fsize; -+ grub_efi_device_path_t *file_path; -+ grub_efi_char16_t *cmdline; -+ grub_ssize_t cmdline_len; -+ grub_efi_handle_t dev_handle; -+}; -+ - typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; - - struct grub_efi_shim_lock -@@ -477,11 +482,13 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) - } - - static grub_efi_boolean_t --handle_image (void *data, grub_efi_uint32_t datasize) -+handle_image (struct grub_secureboot_chainloader_context *load_context) - { - grub_efi_boot_services_t *b; - grub_efi_loaded_image_t *li, li_bak; - grub_efi_status_t efi_status; -+ void *data = (void *)(unsigned long)load_context->address; -+ grub_efi_uint32_t datasize = load_context->fsize; - char *buffer = NULL; - char *buffer_aligned = NULL; - grub_efi_uint32_t i, size; -@@ -571,10 +578,10 @@ handle_image (void *data, grub_efi_uint32_t datasize) - grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); - li->image_base = buffer_aligned; - li->image_size = context.image_size; -- li->load_options = cmdline; -- li->load_options_size = cmdline_len; -- li->file_path = grub_efi_get_media_file_path (file_path); -- li->device_handle = dev_handle; -+ li->load_options = load_context->cmdline; -+ li->load_options_size = load_context->cmdline_len; -+ li->file_path = grub_efi_get_media_file_path (load_context->file_path); -+ li->device_handle = load_context->dev_handle; - if (li->file_path) - { - grub_printf ("file path: "); -@@ -605,26 +612,27 @@ error_exit: - } - - static grub_err_t --grub_secureboot_chainloader_unload (void) -+grub_secureboot_chainloader_unload (void* context) - { - grub_efi_boot_services_t *b; -+ struct grub_secureboot_chainloader_context *sb_context = (struct grub_secureboot_chainloader_context *)context; - - b = grub_efi_system_table->boot_services; -- efi_call_2 (b->free_pages, address, pages); -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; -- dev_handle = 0; -+ efi_call_2 (b->free_pages, sb_context->address, sb_context->pages); -+ grub_free (sb_context->file_path); -+ grub_free (sb_context->cmdline); -+ grub_free (sb_context); - - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; - } - - static grub_err_t --grub_secureboot_chainloader_boot (void) -+grub_secureboot_chainloader_boot (void *context) - { -- handle_image ((void *)address, fsize); -+ struct grub_secureboot_chainloader_context *sb_context = (struct grub_secureboot_chainloader_context *)context; -+ -+ handle_image (sb_context); - grub_loader_unset (); - return grub_errno; - } -@@ -635,6 +643,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) - { - grub_file_t file = 0; -+ grub_ssize_t size; - grub_efi_status_t status; - grub_efi_boot_services_t *b; - grub_device_t dev = 0; -@@ -646,6 +655,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_uintn_t pages = 0; - grub_efi_char16_t *cmdline = NULL; - grub_efi_handle_t image_handle = NULL; -+ grub_ssize_t cmdline_len = 0; -+ grub_efi_handle_t dev_handle = 0; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -653,8 +664,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - grub_dl_ref (my_mod); - -- dev_handle = 0; -- - b = grub_efi_system_table->boot_services; - - if (argc > 1) -@@ -732,14 +741,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_printf ("file path: "); - grub_efi_print_device_path (file_path); - -- fsize = grub_file_size (file); -- if (!fsize) -+ size = grub_file_size (file); -+ if (!size) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - filename); - goto fail; - } -- pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); -+ pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); - - status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, - GRUB_EFI_LOADER_CODE, -@@ -753,7 +762,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - - boot_image = (void *) ((grub_addr_t) address); -- if (grub_file_read (file, boot_image, fsize) != fsize) -+ if (grub_file_read (file, boot_image, size) != size) - { - if (grub_errno == GRUB_ERR_NONE) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -@@ -763,7 +772,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - - #if defined (__i386__) || defined (__x86_64__) -- if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) -+ if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) - { - struct grub_macho_fat_header *head = boot_image; - if (head->magic -@@ -786,30 +795,42 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - > ~grub_cpu_to_le32 (archs[i].size) - || grub_cpu_to_le32 (archs[i].offset) - + grub_cpu_to_le32 (archs[i].size) -- > (grub_size_t) fsize) -+ > (grub_size_t) size) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - filename); - goto fail; - } - boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); -- fsize = grub_cpu_to_le32 (archs[i].size); -+ size = grub_cpu_to_le32 (archs[i].size); - } - } - #endif - - #ifdef SUPPORT_SECURE_BOOT - /* FIXME is secure boot possible also with universal binaries? */ -- if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, fsize))) -+ if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, size))) - { -+ struct grub_secureboot_chainloader_context *sb_context; -+ -+ sb_context = grub_malloc (sizeof (*sb_context)); -+ if (!sb_context) -+ goto fail; -+ sb_context->cmdline = cmdline; -+ sb_context->cmdline_len = cmdline_len; -+ sb_context->fsize = size; -+ sb_context->dev_handle = dev_handle; -+ sb_context->address = address; -+ sb_context->pages = pages; -+ sb_context->file_path = file_path; - grub_file_close (file); -- grub_loader_set (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, 0); -+ grub_loader_set_ex (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, sb_context, 0); - return 0; - } - #endif - - status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, -- boot_image, fsize, -+ boot_image, size, - &image_handle); - #ifdef SUPPORT_SECURE_BOOT - if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) -@@ -817,10 +838,21 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - /* If it failed with security violation while not in secure boot mode, - the firmware might be broken. We try to workaround on that by forcing - the SB method! (bsc#887793) */ -+ struct grub_secureboot_chainloader_context *sb_context; -+ - grub_dprintf ("chain", "Possible firmware flaw! Security violation while not in secure boot mode.\n"); -+ sb_context = grub_malloc (sizeof (*sb_context)); -+ if (!sb_context) -+ goto fail; -+ sb_context->cmdline = cmdline; -+ sb_context->cmdline_len = cmdline_len; -+ sb_context->fsize = size; -+ sb_context->dev_handle = dev_handle; -+ sb_context->address = address; -+ sb_context->pages = pages; - grub_file_close (file); -- grub_loader_set (grub_secureboot_chainloader_boot, -- grub_secureboot_chainloader_unload, 0); -+ grub_loader_set_ex (grub_secureboot_chainloader_boot, -+ grub_secureboot_chainloader_unload, sb_context, 0); - return 0; - } - #endif --- -2.34.1 - diff --git a/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch b/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch deleted file mode 100644 index ec6c4d3..0000000 --- a/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 59ac440754a43c6e964e924a086af066e04e753e Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 26 Feb 2021 19:43:14 +0800 -Subject: [PATCH 46/46] squash! verifiers: Move verifiers API to kernel image - -In case there's broken i386-pc setup running inconsistent installs for -module in filesystem and core image on the disk, keeping the verifiers -as module for i386-pc to avoid potential issue of looking up symbols. ---- - configure.ac | 1 + - grub-core/Makefile.am | 2 ++ - grub-core/Makefile.core.def | 8 +++++++- - grub-core/kern/main.c | 4 ++++ - grub-core/kern/verifiers.c | 11 +++++++++++ - include/grub/verify.h | 9 +++++++++ - 6 files changed, 34 insertions(+), 1 deletion(-) - -Index: grub-2.06~rc1/configure.ac -=================================================================== ---- grub-2.06~rc1.orig/configure.ac -+++ grub-2.06~rc1/configure.ac -@@ -1985,6 +1985,7 @@ AM_CONDITIONAL([COND_real_platform], [te - AM_CONDITIONAL([COND_emu], [test x$platform = xemu]) - AM_CONDITIONAL([COND_NOT_emu], [test x$platform != xemu]) - AM_CONDITIONAL([COND_i386_pc], [test x$target_cpu = xi386 -a x$platform = xpc]) -+AM_CONDITIONAL([COND_NOT_i386_pc], [test x$target_cpu != xi386 -o x$platform != xpc]) - AM_CONDITIONAL([COND_i386_efi], [test x$target_cpu = xi386 -a x$platform = xefi]) - AM_CONDITIONAL([COND_ia64_efi], [test x$target_cpu = xia64 -a x$platform = xefi]) - AM_CONDITIONAL([COND_i386_qemu], [test x$target_cpu = xi386 -a x$platform = xqemu]) -Index: grub-2.06~rc1/grub-core/Makefile.am -=================================================================== ---- grub-2.06~rc1.orig/grub-core/Makefile.am -+++ grub-2.06~rc1/grub-core/Makefile.am -@@ -93,7 +93,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h -+if COND_NOT_i386_pc - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h -+endif - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h -Index: grub-2.06~rc1/grub-core/Makefile.core.def -=================================================================== ---- grub-2.06~rc1.orig/grub-core/Makefile.core.def -+++ grub-2.06~rc1/grub-core/Makefile.core.def -@@ -141,7 +141,7 @@ kernel = { - common = kern/rescue_parser.c; - common = kern/rescue_reader.c; - common = kern/term.c; -- common = kern/verifiers.c; -+ nopc = kern/verifiers.c; - - noemu = kern/compiler-rt.c; - noemu = kern/mm.c; -@@ -947,6 +947,12 @@ module = { - }; - - module = { -+ name = verifiers; -+ common = kern/verifiers.c; -+ enable = i386_pc; -+}; -+ -+module = { - name = hdparm; - common = commands/hdparm.c; - enable = pci; -Index: grub-2.06~rc1/grub-core/kern/main.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/kern/main.c -+++ grub-2.06~rc1/grub-core/kern/main.c -@@ -29,7 +29,9 @@ - #include - #include - #include -+#ifndef GRUB_MACHINE_PCBIOS - #include -+#endif - - #ifdef GRUB_MACHINE_PCBIOS - #include -@@ -275,8 +277,10 @@ grub_main (void) - grub_printf ("Welcome to GRUB!\n\n"); - grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); - -+#ifndef GRUB_MACHINE_PCBIOS - /* Init verifiers API. */ - grub_verifiers_init (); -+#endif - - grub_load_config (); - -Index: grub-2.06~rc1/grub-core/kern/verifiers.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/kern/verifiers.c -+++ grub-2.06~rc1/grub-core/kern/verifiers.c -@@ -221,8 +221,19 @@ grub_verify_string (char *str, enum grub - return GRUB_ERR_NONE; - } - -+#ifdef GRUB_MACHINE_PCBIOS -+GRUB_MOD_INIT(verifiers) -+#else - void - grub_verifiers_init (void) -+#endif - { - grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); - } -+ -+#ifdef GRUB_MACHINE_PCBIOS -+GRUB_MOD_FINI(verifiers) -+{ -+ grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); -+} -+#endif -Index: grub-2.06~rc1/include/grub/verify.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/verify.h -+++ grub-2.06~rc1/include/grub/verify.h -@@ -64,10 +64,14 @@ struct grub_file_verifier - grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); - }; - -+#ifdef GRUB_MACHINE_PCBIOS -+extern struct grub_file_verifier *grub_file_verifiers; -+#else - extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers); - - extern void - grub_verifiers_init (void); -+#endif - - static inline void - grub_verifier_register (struct grub_file_verifier *ver) -@@ -81,7 +85,12 @@ grub_verifier_unregister (struct grub_fi - grub_list_remove (GRUB_AS_LIST (ver)); - } - -+#ifdef GRUB_MACHINE_PCBIOS -+grub_err_t -+grub_verify_string (char *str, enum grub_verify_string_type type); -+#else - extern grub_err_t - EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type); -+#endif - - #endif /* ! GRUB_VERIFY_HEADER */ diff --git a/efi-set-variable-with-attrs.patch b/efi-set-variable-with-attrs.patch deleted file mode 100644 index d2959d0..0000000 --- a/efi-set-variable-with-attrs.patch +++ /dev/null @@ -1,51 +0,0 @@ -Index: grub-2.06/include/grub/efi/efi.h -=================================================================== ---- grub-2.06.orig/include/grub/efi/efi.h -+++ grub-2.06/include/grub/efi/efi.h -@@ -86,6 +86,11 @@ grub_efi_status_t EXPORT_FUNC (grub_efi_ - const grub_efi_guid_t *guid, - grub_size_t *datasize_out, - void **data_out); -+grub_err_t EXPORT_FUNC (grub_efi_set_variable_with_attributes) (const char *var, -+ const grub_efi_guid_t *guid, -+ grub_efi_uint32_t attributes, -+ void *data, -+ grub_size_t datasize); - grub_err_t - EXPORT_FUNC (grub_efi_set_variable) (const char *var, - const grub_efi_guid_t *guid, -Index: grub-2.06/grub-core/kern/efi/efi.c -=================================================================== ---- grub-2.06.orig/grub-core/kern/efi/efi.c -+++ grub-2.06/grub-core/kern/efi/efi.c -@@ -196,6 +196,17 @@ grub_err_t - grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, - void *data, grub_size_t datasize) - { -+ return grub_efi_set_variable_with_attributes(var, guid, -+ (GRUB_EFI_VARIABLE_NON_VOLATILE -+ | GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | GRUB_EFI_VARIABLE_RUNTIME_ACCESS), -+ data, datasize); -+} -+ -+grub_err_t -+grub_efi_set_variable_with_attributes(const char *var, const grub_efi_guid_t *guid, grub_efi_uint32_t attributes, -+ void *data, grub_size_t datasize) -+{ - grub_efi_status_t status; - grub_efi_runtime_services_t *r; - grub_efi_char16_t *var16; -@@ -211,10 +222,8 @@ grub_efi_set_variable(const char *var, c - - r = grub_efi_system_table->runtime_services; - -- status = efi_call_5 (r->set_variable, var16, guid, -- (GRUB_EFI_VARIABLE_NON_VOLATILE -- | GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS -- | GRUB_EFI_VARIABLE_RUNTIME_ACCESS), -+ status = efi_call_5 (r->set_variable, var16, guid, -+ attributes, - datasize, data); - grub_free (var16); - if (status == GRUB_EFI_SUCCESS) diff --git a/grub-2.06.tar.xz b/grub-2.06.tar.xz deleted file mode 100644 index 5a8cc3e..0000000 --- a/grub-2.06.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 -size 6581924 diff --git a/grub-2.12~rc1.tar.xz b/grub-2.12~rc1.tar.xz new file mode 100644 index 0000000..367ca07 --- /dev/null +++ b/grub-2.12~rc1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7a60c08b0ff1bac630cae6293b73871a541610a7fb1a7337aeb5e96f359cd650 +size 6589460 diff --git a/grub-install-force-journal-draining-to-ensure-data-i.patch b/grub-install-force-journal-draining-to-ensure-data-i.patch index 79403ec..d5604e8 100644 --- a/grub-install-force-journal-draining-to-ensure-data-i.patch +++ b/grub-install-force-journal-draining-to-ensure-data-i.patch @@ -46,22 +46,20 @@ Signed-off-by: Michael Chang create mode 100644 grub-core/osdep/journaled_fs.c create mode 100644 grub-core/osdep/linux/journaled_fs.c -Index: grub-2.06/Makefile.util.def -=================================================================== ---- grub-2.06.orig/Makefile.util.def -+++ grub-2.06/Makefile.util.def -@@ -663,6 +663,7 @@ program = { +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -672,6 +672,9 @@ emu_condition = COND_s390x; common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; + common = grub-core/osdep/journaled_fs.c; ++ extra_dist = grub-core/osdep/basic/journaled_fs.c; ++ extra_dist = grub-core/osdep/linux/journaled_fs.c; ldadd = '$(LIBLZMA)'; ldadd = libgrubmods.a; -Index: grub-2.06/grub-core/osdep/basic/journaled_fs.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/osdep/basic/journaled_fs.c ++++ b/grub-core/osdep/basic/journaled_fs.c @@ -0,0 +1,26 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -89,20 +87,16 @@ Index: grub-2.06/grub-core/osdep/basic/journaled_fs.c + return 1; +} + -Index: grub-2.06/grub-core/osdep/journaled_fs.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/osdep/journaled_fs.c ++++ b/grub-core/osdep/journaled_fs.c @@ -0,0 +1,5 @@ +#ifdef __linux__ +#include "linux/journaled_fs.c" +#else +#include "basic/journaled_fs.c" +#endif -Index: grub-2.06/grub-core/osdep/linux/journaled_fs.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/osdep/linux/journaled_fs.c ++++ b/grub-core/osdep/linux/journaled_fs.c @@ -0,0 +1,48 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -152,21 +146,17 @@ Index: grub-2.06/grub-core/osdep/linux/journaled_fs.c + return ret; +} + -Index: grub-2.06/include/grub/util/install.h -=================================================================== ---- grub-2.06.orig/include/grub/util/install.h -+++ grub-2.06/include/grub/util/install.h -@@ -300,4 +300,6 @@ grub_set_install_backup_ponr (void) +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -301,4 +301,6 @@ } #endif +int +grub_install_sync_fs_journal (const char *path); #endif -Index: grub-2.06/util/grub-install.c -=================================================================== ---- grub-2.06.orig/util/grub-install.c -+++ grub-2.06/util/grub-install.c +--- a/util/grub-install.c ++++ b/util/grub-install.c @@ -42,6 +42,7 @@ #include #include @@ -175,7 +165,7 @@ Index: grub-2.06/util/grub-install.c #include -@@ -2025,6 +2026,24 @@ main (int argc, char *argv[]) +@@ -2074,6 +2075,24 @@ break; } @@ -200,11 +190,9 @@ Index: grub-2.06/util/grub-install.c /* * Either there are no platform specific code, or it didn't raise * ponr. Raise it here, because usually this is already past point -Index: grub-2.06/util/grub-mkconfig.in -=================================================================== ---- grub-2.06.orig/util/grub-mkconfig.in -+++ grub-2.06/util/grub-mkconfig.in -@@ -328,6 +328,15 @@ for i in "${grub_mkconfig_dir}"/* ; do +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -335,6 +335,15 @@ esac done @@ -220,9 +208,9 @@ Index: grub-2.06/util/grub-mkconfig.in if test "x${grub_cfg}" != "x" ; then if ! ${grub_script_check} ${grub_cfg}.new; then # TRANSLATORS: %s is replaced by filename -@@ -341,6 +350,7 @@ and /etc/grub.d/* files or please file a - # none of the children aborted with error, install the new grub.cfg +@@ -351,6 +360,7 @@ cat ${grub_cfg}.new > ${grub_cfg} + umask $oldumask rm -f ${grub_cfg}.new + sync_fs_journal || true fi diff --git a/grub-install-record-pcrs.patch b/grub-install-record-pcrs.patch index 97ea0a1..8f11a4e 100644 --- a/grub-install-record-pcrs.patch +++ b/grub-install-record-pcrs.patch @@ -1,8 +1,6 @@ -Index: grub-2.06/util/grub-install.c -=================================================================== ---- grub-2.06.orig/util/grub-install.c -+++ grub-2.06/util/grub-install.c -@@ -1457,6 +1457,13 @@ main (int argc, char *argv[]) +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -1501,6 +1501,13 @@ grub_util_unlink (load_cfg); diff --git a/grub-read-pcr.patch b/grub-read-pcr.patch index 68732d4..faf72e5 100644 --- a/grub-read-pcr.patch +++ b/grub-read-pcr.patch @@ -1,8 +1,6 @@ -Index: grub-2.06/include/grub/tpm.h -=================================================================== ---- grub-2.06.orig/include/grub/tpm.h -+++ grub-2.06/include/grub/tpm.h -@@ -34,6 +34,15 @@ +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -36,6 +36,12 @@ #define EV_IPL 0x0d @@ -14,23 +12,26 @@ Index: grub-2.06/include/grub/tpm.h + grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, const char *description); + int grub_tpm_present (void); +@@ -45,5 +51,7 @@ + { + return grub_env_get_bool ("tpm_fail_fatal", false); + } +struct grub_tpm_digest *grub_tpm_read_pcr (grub_uint8_t index, const char *algo); +void grub_tpm_digest_free (struct grub_tpm_digest *d); -+ + #endif -Index: grub-2.06/grub-core/commands/efi/tpm.c -=================================================================== ---- grub-2.06.orig/grub-core/commands/efi/tpm.c -+++ grub-2.06/grub-core/commands/efi/tpm.c -@@ -23,6 +23,7 @@ - #include +--- a/grub-core/commands/efi/tpm.c ++++ b/grub-core/commands/efi/tpm.c +@@ -24,6 +24,7 @@ #include + #include #include +#include #include #include #include -@@ -186,6 +187,91 @@ grub_tpm1_log_event (grub_efi_handle_t t +@@ -186,6 +187,91 @@ return grub_efi_log_event_status (status); } @@ -42,7 +43,7 @@ Index: grub-2.06/grub-core/commands/efi/tpm.c + pcr = &o->pcrSelections[o->count++]; + pcr->hash = algo; + pcr->sizeOfSelect = 3; -+ TPMS_PCR_SELECTION_SelectPCR (pcr, pcrIndex); ++ pcr->pcrSelect[TPM2_PCR_TO_SELECT(pcrIndex)] |= TPM2_PCR_TO_BIT(pcrIndex); +} + +struct grub_tpm_hash_info { @@ -122,9 +123,9 @@ Index: grub-2.06/grub-core/commands/efi/tpm.c static grub_err_t grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, grub_size_t size, grub_uint8_t pcr, -@@ -240,3 +326,26 @@ grub_tpm_measure (unsigned char *buf, gr - else - return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description); +@@ -323,3 +409,26 @@ + return grub_tpm2_present (tpm); + } } + +struct grub_tpm_digest * @@ -149,3 +150,16 @@ Index: grub-2.06/grub-core/commands/efi/tpm.c + + return result; +} +--- a/include/grub/tpm2/tpm2.h ++++ b/include/grub/tpm2/tpm2.h +@@ -23,6 +23,10 @@ + #include + #include + ++/* Defined in: TCG TPM Specification, v1.59, Part 2, Section 10.6.1. */ ++#define TPM2_PCR_TO_SELECT(x) ((x) / 8) ++#define TPM2_PCR_TO_BIT(x) (1 << ((x) % 8)) ++ + /* Well-Known Windows SRK handle */ + #define TPM2_SRK_HANDLE 0x81000001 + diff --git a/grub2-Add-hidden-menu-entries.patch b/grub2-Add-hidden-menu-entries.patch index 8ee7929..c4d7ac4 100644 --- a/grub2-Add-hidden-menu-entries.patch +++ b/grub2-Add-hidden-menu-entries.patch @@ -27,11 +27,9 @@ v2 -> v3: - replace "--hidden" parameter with new command "hiddenentry" -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index dd9d9f1..b282c4f 100644 --- a/grub-core/commands/legacycfg.c +++ b/grub-core/commands/legacycfg.c -@@ -133,7 +133,7 @@ legacy_file (const char *filename) +@@ -143,7 +143,7 @@ args[0] = oldname; grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy", NULL, NULL, @@ -40,7 +38,7 @@ index dd9d9f1..b282c4f 100644 grub_free (args); entrysrc[0] = 0; grub_free (oldname); -@@ -186,7 +186,7 @@ legacy_file (const char *filename) +@@ -205,7 +205,7 @@ } args[0] = entryname; grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, @@ -49,11 +47,9 @@ index dd9d9f1..b282c4f 100644 grub_free (args); } -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 58d4dad..b4d6c31 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c -@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args, +@@ -78,7 +78,7 @@ char **classes, const char *id, const char *users, const char *hotkey, const char *prefix, const char *sourcecode, @@ -62,7 +58,7 @@ index 58d4dad..b4d6c31 100644 { int menu_hotkey = 0; char **menu_args = NULL; -@@ -188,8 +188,11 @@ grub_normal_add_menu_entry (int argc, const char **args, +@@ -188,8 +188,11 @@ (*last)->args = menu_args; (*last)->sourcecode = menu_sourcecode; (*last)->submenu = submenu; @@ -75,7 +71,7 @@ index 58d4dad..b4d6c31 100644 return GRUB_ERR_NONE; fail: -@@ -286,7 +289,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -286,7 +289,8 @@ users, ctxt->state[2].arg, 0, ctxt->state[3].arg, @@ -85,7 +81,7 @@ index 58d4dad..b4d6c31 100644 src = args[argc - 1]; args[argc - 1] = NULL; -@@ -303,7 +307,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -303,7 +307,8 @@ ctxt->state[0].args, ctxt->state[4].arg, users, ctxt->state[2].arg, prefix, src + 1, @@ -95,7 +91,7 @@ index 58d4dad..b4d6c31 100644 src[len - 1] = ch; args[argc - 1] = src; -@@ -311,7 +316,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) +@@ -311,7 +316,7 @@ return r; } @@ -104,7 +100,7 @@ index 58d4dad..b4d6c31 100644 void grub_menu_init (void) -@@ -327,6 +332,13 @@ grub_menu_init (void) +@@ -327,6 +332,13 @@ | GRUB_COMMAND_FLAG_EXTRACTOR, N_("BLOCK"), N_("Define a submenu."), options); @@ -118,8 +114,6 @@ index 58d4dad..b4d6c31 100644 } void -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 719e2fb..2a151fe 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -40,6 +40,8 @@ @@ -131,7 +125,7 @@ index 719e2fb..2a151fe 100644 enum timeout_style { TIMEOUT_STYLE_MENU, TIMEOUT_STYLE_COUNTDOWN, -@@ -80,8 +82,20 @@ grub_menu_get_entry (grub_menu_t menu, int no) +@@ -80,8 +82,20 @@ { grub_menu_entry_t e; @@ -154,7 +148,7 @@ index 719e2fb..2a151fe 100644 return e; } -@@ -93,10 +107,10 @@ get_entry_index_by_hotkey (grub_menu_t menu, int hotkey) +@@ -93,10 +107,10 @@ grub_menu_entry_t entry; int i; @@ -167,7 +161,7 @@ index 719e2fb..2a151fe 100644 return -1; } -@@ -510,6 +524,10 @@ get_entry_number (grub_menu_t menu, const char *name) +@@ -519,6 +533,10 @@ grub_menu_entry_t e = menu->entry_list; int i; @@ -178,7 +172,7 @@ index 719e2fb..2a151fe 100644 grub_errno = GRUB_ERR_NONE; for (i = 0; e; i++) -@@ -521,6 +539,10 @@ get_entry_number (grub_menu_t menu, const char *name) +@@ -530,6 +548,10 @@ break; } e = e->next; @@ -189,11 +183,9 @@ index 719e2fb..2a151fe 100644 } if (! e) -diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index e22bb91..4ac2d6b 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c -@@ -290,6 +290,10 @@ print_entries (grub_menu_t menu, const struct menu_viewer_data *data) +@@ -318,6 +318,10 @@ e, data); if (e) e = e->next; @@ -204,11 +196,9 @@ index e22bb91..4ac2d6b 100644 } grub_term_gotoxy (data->term, -diff --git a/include/grub/menu.h b/include/grub/menu.h -index ee2b5e9..eb8a86b 100644 --- a/include/grub/menu.h +++ b/include/grub/menu.h -@@ -58,6 +58,8 @@ struct grub_menu_entry +@@ -58,6 +58,8 @@ int submenu; @@ -217,11 +207,9 @@ index ee2b5e9..eb8a86b 100644 /* The next element. */ struct grub_menu_entry *next; }; -diff --git a/include/grub/normal.h b/include/grub/normal.h -index 218cbab..bcb4124 100644 --- a/include/grub/normal.h +++ b/include/grub/normal.h -@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes, +@@ -145,7 +145,7 @@ const char *id, const char *users, const char *hotkey, const char *prefix, const char *sourcecode, diff --git a/grub2-Fix-incorrect-netmask-on-ppc64.patch b/grub2-Fix-incorrect-netmask-on-ppc64.patch deleted file mode 100644 index 009e1fb..0000000 --- a/grub2-Fix-incorrect-netmask-on-ppc64.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Masahiro Matsuya - -The netmask configured in firmware is not respected on ppc64 (big endian). -When 255.255.252.0 is set as netmask in firmware, the following is the value of bootpath string in grub_ieee1275_parse_bootpath(). - - /vdevice/l-lan@30000002:speed=auto,duplex=auto,192.168.88.10,,192.168.89.113,192.168.88.1,5,5,255.255.252.0,512 - -The netmask in this bootpath is no problem, since it's a value specified in firmware. But, -The value of 'subnet_mask.ipv4' was set with 0xfffffc00, and __builtin_ctz (~grub_le_to_cpu32 (subnet_mask.ipv4)) returned 16 (not 22). -As a result, 16 was used for netmask wrongly. - -1111 1111 1111 1111 1111 1100 0000 0000 # subnet_mask.ipv4 (=0xfffffc00) -0000 0000 1111 1100 1111 1111 1111 1111 # grub_le_to_cpu32 (subnet_mask.ipv4) -1111 1111 0000 0011 0000 0000 0000 0000 # ~grub_le_to_cpu32 (subnet_mask.ipv4) - -And, the count of zero with __builtin_ctz can be 16. -This patch changes it as below. - -1111 1111 1111 1111 1111 1100 0000 0000 # subnet_mask.ipv4 (=0xfffffc00) -0000 0000 1111 1100 1111 1111 1111 1111 # grub_le_to_cpu32 (subnet_mask.ipv4) -1111 1111 1111 1111 1111 1100 0000 0000 # grub_swap_bytes32(grub_le_to_cpu32 (subnet_mask.ipv4)) -0000 0000 0000 0000 0000 0011 1111 1111 # ~grub_swap_bytes32(grub_le_to_cpu32 (subnet_mask.ipv4)) - -The count of zero with __builtin_clz can be 22. (clz counts the number of one bits preceding the most significant zero bit) ---- - grub-core/net/drivers/ieee1275/ofnet.c | 2 +- - 1 file changed, 1 insertion(+), 2 deletions(-) - -Index: grub-2.04~rc1/grub-core/net/drivers/ieee1275/ofnet.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/net/drivers/ieee1275/ofnet.c -+++ grub-2.04~rc1/grub-core/net/drivers/ieee1275/ofnet.c -@@ -220,7 +220,7 @@ grub_ieee1275_parse_bootpath (const char - flags); - inter->vlantag = vlantag; - grub_net_add_ipv4_local (inter, -- __builtin_ctz (~grub_le_to_cpu32 (subnet_mask.ipv4))); -+ __builtin_clz (~ (subnet_mask.ipv4))); - - } - diff --git a/grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch b/grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch deleted file mode 100644 index 309138d..0000000 --- a/grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 6225854682a736e4312ce15b34c90fff03b002db Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 6 Jul 2012 15:55:18 +0800 -Subject: [PATCH] add GRUB_CMDLINE_LINUX_RECOVERY for recovery mode - -References: [openSUSE-factory] Has FailSafe or Safe Mode been removed - permanently from 12.2? -Patch-Mainline: no - -We adapt the script a bit in order to support openSUSE's failsafe -booting mode. We don't use single user mode but with specific kernel -command line options decided in YaST. These command line could be -applied to grub2's recovery mode via the new setting -GRUB_CMDLINE_LINUX_RECOVERY. ---- - util/grub-mkconfig.in | 3 ++- - util/grub.d/10_linux.in | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -Index: grub-2.02~beta2/util/grub-mkconfig.in -=================================================================== ---- grub-2.02~beta2.orig/util/grub-mkconfig.in -+++ grub-2.02~beta2/util/grub-mkconfig.in -@@ -227,7 +227,8 @@ export GRUB_DEFAULT \ - GRUB_ENABLE_CRYPTODISK \ - GRUB_BADRAM \ - GRUB_OS_PROBER_SKIP_LIST \ -- GRUB_DISABLE_SUBMENU -+ GRUB_DISABLE_SUBMENU \ -+ GRUB_CMDLINE_LINUX_RECOVERY - - if test "x${grub_cfg}" != "x"; then - rm -f "${grub_cfg}.new" -Index: grub-2.02~beta2/util/grub.d/10_linux.in -=================================================================== ---- grub-2.02~beta2.orig/util/grub.d/10_linux.in -+++ grub-2.02~beta2/util/grub.d/10_linux.in -@@ -240,7 +240,7 @@ while [ "x$list" != "x" ] ; do - "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" - if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then - linux_entry "${OS}" "${version}" recovery \ -- "single ${GRUB_CMDLINE_LINUX}" -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_RECOVERY}" - fi - - list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` diff --git a/grub2-SUSE-Add-the-t-hotkey.patch b/grub2-SUSE-Add-the-t-hotkey.patch index b2de145..35daa11 100644 --- a/grub2-SUSE-Add-the-t-hotkey.patch +++ b/grub2-SUSE-Add-the-t-hotkey.patch @@ -21,11 +21,9 @@ v2 -> v3 (by fvogt@suse.de) - make it a runtime decision (bsc#1164385) -Index: grub-2.04/Makefile.util.def -=================================================================== ---- grub-2.04.orig/Makefile.util.def -+++ grub-2.04/Makefile.util.def -@@ -525,6 +525,12 @@ script = { +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -552,6 +552,12 @@ installdir = grubconf; }; @@ -38,11 +36,9 @@ Index: grub-2.04/Makefile.util.def program = { mansection = 1; name = grub-mkrescue; -Index: grub-2.04/util/grub.d/00_header.in -=================================================================== ---- grub-2.04.orig/util/grub.d/00_header.in -+++ grub-2.04/util/grub.d/00_header.in -@@ -240,6 +240,10 @@ EOF +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -247,6 +247,10 @@ fi cat << EOF @@ -53,10 +49,8 @@ Index: grub-2.04/util/grub.d/00_header.in set gfxmode=${GRUB_GFXMODE} load_video insmod gfxterm -Index: grub-2.04/util/grub.d/95_textmode.in -=================================================================== --- /dev/null -+++ grub-2.04/util/grub.d/95_textmode.in ++++ b/util/grub.d/95_textmode.in @@ -0,0 +1,12 @@ +#!/bin/sh + diff --git a/grub2-add-module-for-boot-loader-interface.patch b/grub2-add-module-for-boot-loader-interface.patch deleted file mode 100644 index 67d057c..0000000 --- a/grub2-add-module-for-boot-loader-interface.patch +++ /dev/null @@ -1,277 +0,0 @@ -[PATCH v1 2/2] Add a module for the Boot Loader Interface - -Add a new module named boot_loader_interface, which provides a command -with the same name. It implements a small but quite useful part of the -Boot Loader Interface [0]. This interface uses EFI variables for -communication between the boot loader and the operating system. - -This module sets two EFI variables under the vendor GUID -4a67b082-0a4c-41cf-b6c7-440b29bb8c4f: - -- LoaderInfo: contains GRUB + . - This allows the running operating system to identify the boot loader - used during boot. - -- LoaderDevicePartUUID: contains the partition UUID of the - EFI System Partition (ESP). This is used by - systemd-gpt-auto-generator [1] to find the root partitions (and others - too), via partition type IDs [2]. - -This module is only available on EFI platforms. - -[0] https://systemd.io/BOOT_LOADER_INTERFACE/ -[1] -https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html -[2] -https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ - -Signed-off-by: Oliver Steffen - -Edit to fit with build on SUSE repositories -by Valentin Lefebvre ---- - grub-core/Makefile.core.def | 6 + - grub-core/commands/boot_loader_interface.c | 217 +++++++++++++++++++++ - 2 files changed, 223 insertions(+) - create mode 100644 grub-core/commands/boot_loader_interface.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index ba967aac8..23455fb71 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -2643,3 +2643,9 @@ module = { - name = crypttab; - common = commands/crypttab.c; - }; -+ -+module = { -+ name = boot_loader_interface; -+ efi = commands/boot_loader_interface.c; -+ enable = efi; -+}; -diff --git a/grub-core/commands/boot_loader_interface.c -b/grub-core/commands/boot_loader_interface.c -new file mode 100644 -index 000000000..ccd7fa3d9 ---- /dev/null -+++ b/grub-core/commands/boot_loader_interface.c -@@ -0,0 +1,217 @@ -+/*-*- Mode: C; c-basic-offset: 2; indent-tabs-mode: t -*-*/ -+ -+/* boot_loader_interface.c - implementation of the boot loader interface -+ */ -+ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+#define MODNAME "boot_loader_interface" -+ -+static const grub_efi_guid_t boot_loader_interface_vendor_guid = -+ { 0x4a67b082, 0x0a4c, 0x41cf, -+ {0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f} }; -+ -+static char * -+machine_get_bootdevice (void) -+{ -+ grub_efi_loaded_image_t *image; -+ -+ image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (!image) -+ return NULL; -+ -+ return grub_efidisk_get_device_name (image->device_handle); -+} -+ -+static grub_err_t -+get_part_uuid (grub_device_t dev, char **part_uuid) -+{ -+ grub_err_t status = GRUB_ERR_NONE; -+ grub_disk_t disk; -+ struct grub_gpt_partentry entry; -+ grub_gpt_part_guid_t *guid; -+ -+ if (!dev || !dev->disk || !dev->disk->partition) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid device")); -+ -+ disk = grub_disk_open (dev->disk->name); -+ if (!disk) -+ { -+ status = grub_errno; -+ grub_dprintf (MODNAME, "Error opening disk\n"); -+ return grub_errno; -+ } -+ -+ if (grub_strcmp (dev->disk->partition->partmap->name, "gpt") != 0) -+ { -+ status = grub_error (GRUB_ERR_BAD_PART_TABLE, -+ N_("This is not a GPT partition table")); -+ goto finish; -+ } -+ -+ if (grub_disk_read (disk, dev->disk->partition->offset, -+ dev->disk->partition->index, sizeof (entry), &entry)) -+ { -+ status = grub_errno; -+ grub_dprintf (MODNAME, "%s: Read error\n", dev->disk->name); -+ goto finish; -+ } -+ -+ guid = &entry.guid; -+ *part_uuid = grub_xasprintf ( -+ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", -+ grub_le_to_cpu32 (guid->data1), grub_le_to_cpu16 (guid->data2), -+ grub_le_to_cpu16 (guid->data3), guid->data4[0], guid->data4[1], -+ guid->data4[2], guid->data4[3], guid->data4[4], guid->data4[5], -+ guid->data4[6], guid->data4[7]); -+ if (!*part_uuid) -+ { -+ status = grub_errno; -+ } -+ -+finish: -+ grub_disk_close (disk); -+ -+ return status; -+} -+ -+static grub_err_t -+set_efi_str_variable (const char *name, const grub_efi_guid_t *guid, -+ const char *value) -+{ -+ grub_size_t len; -+ grub_size_t len16; -+ grub_efi_char16_t *value_16; -+ grub_err_t status; -+ -+ len = grub_strlen (value); -+ len16 = len * GRUB_MAX_UTF16_PER_UTF8; -+ -+ value_16 = grub_calloc (len16 + 1, sizeof (value_16[0])); -+ if (!value_16) -+ return grub_errno; -+ -+ len16 -+ = grub_utf8_to_utf16 (value_16, len16, (grub_uint8_t *)value, len, NULL); -+ value_16[len16] = 0; -+ -+ status = grub_efi_set_variable_with_attributes ( -+ name, guid, GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | GRUB_EFI_VARIABLE_RUNTIME_ACCESS, -+ (void *)value_16, (len16 + 1) * sizeof (value_16[0])); -+ if (status != GRUB_ERR_NONE) -+ { -+ grub_dprintf (MODNAME, "Error setting EFI variable %s: %d\n", name, -+ status); -+ } -+ -+ grub_free (value_16); -+ -+ return status; -+} -+ -+static grub_err_t -+set_loader_info (void) -+{ -+ grub_err_t status; -+ status = set_efi_str_variable ( -+ "LoaderInfo", &boot_loader_interface_vendor_guid, PACKAGE_STRING); -+ return status; -+} -+ -+static grub_err_t -+set_loader_device_part_uuid (void) -+{ -+ grub_err_t status = GRUB_ERR_NONE; -+ char *device_name = NULL; -+ grub_device_t device; -+ char *part_uuid = NULL; -+ -+ device_name = machine_get_bootdevice (); -+ if (!device_name) -+ { -+ return grub_error (GRUB_ERR_BAD_DEVICE, -+ N_("Unable to find boot device")); -+ } -+ -+ device = grub_device_open (device_name); -+ if (!device) -+ { -+ status = grub_errno; -+ grub_dprintf (MODNAME, "Error opening device: %s", device_name); -+ goto err; -+ } -+ -+ status = get_part_uuid (device, &part_uuid); -+ -+ grub_device_close (device); -+ -+ if (status == GRUB_ERR_NONE) -+ { -+ status = set_efi_str_variable ("LoaderDevicePartUUID", -+ &boot_loader_interface_vendor_guid, -+ part_uuid); -+ } -+ -+err: -+ grub_free (part_uuid); -+ grub_free (device_name); -+ return status; -+} -+ -+static grub_err_t -+grub_cmd_boot_loader_interface (grub_extcmd_context_t ctxt __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **args __attribute__ ((unused))) -+{ -+ grub_err_t status; -+ -+ status = set_loader_info (); -+ if (status != GRUB_ERR_NONE) -+ return status; -+ -+ status = set_loader_device_part_uuid (); -+ if (status != GRUB_ERR_NONE) -+ return status; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_extcmd_t cmd; -+ -+GRUB_MOD_INIT (boot_loader_interface) -+{ -+ grub_dprintf (MODNAME, "%s got here\n", __func__); -+ cmd = grub_register_extcmd ( -+ "boot_loader_interface", grub_cmd_boot_loader_interface, 0, NULL, -+ N_("Set EFI variables according to Boot Loader Interface spec."), NULL); -+} -+ -+GRUB_MOD_FINI (boot_loader_interface) { grub_unregister_extcmd (cmd); } --- -2.39.0 diff --git a/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch b/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch index 2b2254d..fee270b 100644 --- a/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch +++ b/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch @@ -95,7 +95,7 @@ V2: static grub_disk_addr_t superblock_sectors[] = { 64 * 2, 64 * 1024 * 2, 256 * 1048576 * 2, 1048576ULL * 1048576ULL * 2 }; -@@ -1173,6 +1195,62 @@ +@@ -1252,6 +1274,62 @@ return GRUB_ERR_NONE; } @@ -158,7 +158,7 @@ V2: static struct grub_btrfs_data * grub_btrfs_mount (grub_device_t dev) { -@@ -1208,6 +1286,13 @@ +@@ -1287,6 +1365,13 @@ data->devices_attached[0].dev = dev; data->devices_attached[0].id = data->sblock.this_device.device_id; @@ -172,7 +172,7 @@ V2: return data; } -@@ -1674,6 +1759,98 @@ +@@ -1783,6 +1868,98 @@ } static grub_err_t @@ -271,7 +271,7 @@ V2: find_path (struct grub_btrfs_data *data, const char *path, struct grub_btrfs_key *key, grub_uint64_t *tree, grub_uint8_t *type) -@@ -1691,14 +1868,26 @@ +@@ -1800,14 +1977,26 @@ char *origpath = NULL; unsigned symlinks_max = 32; @@ -302,15 +302,18 @@ V2: while (1) { while (path[0] == '/') -@@ -1871,9 +2060,21 @@ +@@ -1980,13 +2169,25 @@ path = path_alloc = tmp; if (path[0] == '/') { - err = get_root (data, key, tree, type); - if (err) -- return err; + if (data->fs_tree) -+ { + { +- grub_free (direl); +- grub_free (path_alloc); +- grub_free (origpath); +- return err; + *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; + *tree = data->fs_tree; + /* This is a tree root, so everything starts at objectid 256 */ @@ -322,12 +325,16 @@ V2: + { + err = get_root (data, key, tree, type); + if (err) -+ return err; -+ } ++ { ++ grub_free (direl); ++ grub_free (path_alloc); ++ grub_free (origpath); ++ return err; ++ } + } } continue; - } -@@ -2114,6 +2315,20 @@ +@@ -2254,6 +2455,20 @@ data->tree, file->offset, buf, len); } @@ -348,7 +355,7 @@ V2: static grub_err_t grub_btrfs_uuid (grub_device_t device, char **uuid) { -@@ -2125,15 +2340,7 @@ +@@ -2265,15 +2480,7 @@ if (!data) return grub_errno; @@ -365,7 +372,7 @@ V2: grub_btrfs_unmount (data); -@@ -2190,6 +2397,248 @@ +@@ -2394,6 +2601,248 @@ } #endif @@ -614,7 +621,7 @@ V2: static struct grub_fs grub_btrfs_fs = { .name = "btrfs", .fs_dir = grub_btrfs_dir, -@@ -2205,12 +2654,88 @@ +@@ -2409,12 +2858,88 @@ #endif }; diff --git a/grub2-btrfs-02-export-subvolume-envvars.patch b/grub2-btrfs-02-export-subvolume-envvars.patch index 65e1a6e..292870a 100644 --- a/grub2-btrfs-02-export-subvolume-envvars.patch +++ b/grub2-btrfs-02-export-subvolume-envvars.patch @@ -6,11 +6,9 @@ to subsidiary configuration files loaded using configfile. Signed-off-by: Michael Chang -Index: grub-2.00/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.00.orig/grub-core/fs/btrfs.c -+++ grub-2.00/grub-core/fs/btrfs.c -@@ -2252,6 +2252,8 @@ GRUB_MOD_INIT (btrfs) +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -2931,6 +2931,8 @@ subvol_set_env); grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, subvolid_set_env); diff --git a/grub2-btrfs-03-follow_default.patch b/grub2-btrfs-03-follow_default.patch index 9c797b8..f207dbe 100644 --- a/grub2-btrfs-03-follow_default.patch +++ b/grub2-btrfs-03-follow_default.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta2/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.02~beta2.orig/grub-core/fs/btrfs.c -+++ grub-2.02~beta2/grub-core/fs/btrfs.c -@@ -913,6 +913,7 @@ grub_btrfs_mount (grub_device_t dev) +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -1335,6 +1335,7 @@ { struct grub_btrfs_data *data; grub_err_t err; @@ -10,7 +8,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c if (!dev->disk) { -@@ -943,11 +944,14 @@ grub_btrfs_mount (grub_device_t dev) +@@ -1365,11 +1366,14 @@ data->devices_attached[0].dev = dev; data->devices_attached[0].id = data->sblock.this_device.device_id; @@ -29,7 +27,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c } return data; -@@ -1407,24 +1411,39 @@ find_path (struct grub_btrfs_data *data, +@@ -1971,24 +1975,39 @@ grub_size_t allocated = 0; struct grub_btrfs_dir_item *direl = NULL; struct grub_btrfs_key key_out; @@ -76,7 +74,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c } else { -@@ -1435,15 +1454,23 @@ find_path (struct grub_btrfs_data *data, +@@ -1999,15 +2018,23 @@ while (1) { @@ -109,7 +107,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c if (*type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY) { -@@ -1454,7 +1481,9 @@ find_path (struct grub_btrfs_data *data, +@@ -2018,7 +2045,9 @@ if (ctokenlen == 1 && ctoken[0] == '.') { @@ -120,7 +118,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c continue; } if (ctokenlen == 2 && ctoken[0] == '.' && ctoken[1] == '.') -@@ -1485,8 +1514,9 @@ find_path (struct grub_btrfs_data *data, +@@ -2049,8 +2078,9 @@ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; key->object_id = key_out.offset; @@ -132,7 +130,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c continue; } -@@ -1555,7 +1585,9 @@ find_path (struct grub_btrfs_data *data, +@@ -2119,7 +2149,9 @@ return err; } @@ -143,7 +141,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c if (cdirel->type == GRUB_BTRFS_DIR_ITEM_TYPE_SYMLINK) { struct grub_btrfs_inode inode; -@@ -1605,14 +1637,26 @@ find_path (struct grub_btrfs_data *data, +@@ -2169,14 +2201,26 @@ path = path_alloc = tmp; if (path[0] == '/') { @@ -177,7 +175,7 @@ Index: grub-2.02~beta2/grub-core/fs/btrfs.c } else { -@@ -2268,6 +2312,7 @@ GRUB_MOD_INIT (btrfs) +@@ -2933,6 +2977,7 @@ subvolid_set_env); grub_env_export ("btrfs_subvol"); grub_env_export ("btrfs_subvolid"); diff --git a/grub2-btrfs-04-grub2-install.patch b/grub2-btrfs-04-grub2-install.patch index ef33936..5bdce56 100644 --- a/grub2-btrfs-04-grub2-install.patch +++ b/grub2-btrfs-04-grub2-install.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~rc1/grub-core/osdep/unix/config.c -=================================================================== ---- grub-2.02~rc1.orig/grub-core/osdep/unix/config.c -+++ grub-2.02~rc1/grub-core/osdep/unix/config.c -@@ -219,6 +219,19 @@ grub_util_load_config (struct grub_util_ +--- a/grub-core/osdep/unix/config.c ++++ b/grub-core/osdep/unix/config.c +@@ -207,6 +207,19 @@ if (v) cfg->grub_distributor = xstrdup (v); @@ -22,7 +20,7 @@ Index: grub-2.02~rc1/grub-core/osdep/unix/config.c cfgfile = grub_util_get_config_filename (); if (!grub_util_is_regular (cfgfile)) return; -@@ -242,8 +255,8 @@ grub_util_load_config (struct grub_util_ +@@ -230,8 +243,8 @@ *ptr++ = *iptr; } @@ -33,11 +31,9 @@ Index: grub-2.02~rc1/grub-core/osdep/unix/config.c argv[2] = script; argv[3] = '\0'; -Index: grub-2.02~rc1/include/grub/emu/config.h -=================================================================== ---- grub-2.02~rc1.orig/include/grub/emu/config.h -+++ grub-2.02~rc1/include/grub/emu/config.h -@@ -37,6 +37,7 @@ struct grub_util_config +--- a/include/grub/emu/config.h ++++ b/include/grub/emu/config.h +@@ -37,6 +37,7 @@ { int is_cryptodisk_enabled; char *grub_distributor; @@ -45,11 +41,9 @@ Index: grub-2.02~rc1/include/grub/emu/config.h }; void -Index: grub-2.02~rc1/util/config.c -=================================================================== ---- grub-2.02~rc1.orig/util/config.c -+++ grub-2.02~rc1/util/config.c -@@ -42,6 +42,16 @@ grub_util_parse_config (FILE *f, struct +--- a/util/config.c ++++ b/util/config.c +@@ -42,6 +42,16 @@ cfg->is_cryptodisk_enabled = 1; continue; } @@ -66,20 +60,18 @@ Index: grub-2.02~rc1/util/config.c if (grub_strncmp (ptr, "GRUB_DISTRIBUTOR=", sizeof ("GRUB_DISTRIBUTOR=") - 1) == 0) { -Index: grub-2.02~rc1/util/grub-install.c -=================================================================== ---- grub-2.02~rc1.orig/util/grub-install.c -+++ grub-2.02~rc1/util/grub-install.c -@@ -828,6 +828,8 @@ fill_core_services (const char *core_ser - free (sysv_plist); +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -857,6 +857,8 @@ } + #endif +extern int use_relative_path_on_btrfs; + int main (int argc, char *argv[]) { -@@ -861,6 +863,9 @@ main (int argc, char *argv[]) +@@ -890,6 +892,9 @@ grub_util_load_config (&config); @@ -89,7 +81,7 @@ Index: grub-2.02~rc1/util/grub-install.c if (!bootloader_id && config.grub_distributor) { char *ptr; -@@ -1347,6 +1352,16 @@ main (int argc, char *argv[]) +@@ -1426,6 +1431,16 @@ fprintf (load_cfg_f, "set debug='%s'\n", debug_image); } @@ -106,11 +98,9 @@ Index: grub-2.02~rc1/util/grub-install.c char *prefix_drive = NULL; char *install_drive = NULL; -Index: grub-2.02~rc1/grub-core/osdep/linux/getroot.c -=================================================================== ---- grub-2.02~rc1.orig/grub-core/osdep/linux/getroot.c -+++ grub-2.02~rc1/grub-core/osdep/linux/getroot.c -@@ -376,6 +376,7 @@ get_btrfs_fs_prefix (const char *mount_p +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -373,6 +373,7 @@ return NULL; } @@ -118,7 +108,7 @@ Index: grub-2.02~rc1/grub-core/osdep/linux/getroot.c char ** grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) -@@ -519,6 +520,12 @@ again: +@@ -516,6 +517,12 @@ { ret = grub_find_root_devices_from_btrfs (dir); fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); @@ -131,11 +121,9 @@ Index: grub-2.02~rc1/grub-core/osdep/linux/getroot.c } else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) { -Index: grub-2.02~rc1/util/grub-mkrelpath.c -=================================================================== ---- grub-2.02~rc1.orig/util/grub-mkrelpath.c -+++ grub-2.02~rc1/util/grub-mkrelpath.c -@@ -40,9 +40,12 @@ struct arguments +--- a/util/grub-mkrelpath.c ++++ b/util/grub-mkrelpath.c +@@ -40,9 +40,12 @@ }; static struct argp_option options[] = { @@ -148,7 +136,7 @@ Index: grub-2.02~rc1/util/grub-mkrelpath.c static error_t argp_parser (int key, char *arg, struct argp_state *state) { -@@ -52,6 +55,9 @@ argp_parser (int key, char *arg, struct +@@ -52,6 +55,9 @@ switch (key) { diff --git a/grub2-btrfs-05-grub2-mkconfig.patch b/grub2-btrfs-05-grub2-mkconfig.patch index 94a4c62..4a1e498 100644 --- a/grub2-btrfs-05-grub2-mkconfig.patch +++ b/grub2-btrfs-05-grub2-mkconfig.patch @@ -77,19 +77,19 @@ elsewhere. (bsc#1209165) +fi --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in -@@ -294,7 +294,8 @@ +@@ -297,7 +297,8 @@ + GRUB_ENABLE_CRYPTODISK \ GRUB_BADRAM \ GRUB_OS_PROBER_SKIP_LIST \ - GRUB_DISABLE_SUBMENU \ -- GRUB_CMDLINE_LINUX_RECOVERY -+ GRUB_CMDLINE_LINUX_RECOVERY \ +- GRUB_DISABLE_SUBMENU ++ GRUB_DISABLE_SUBMENU \ + SUSE_BTRFS_SNAPSHOT_BOOTING if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -69,10 +69,14 @@ +@@ -71,10 +71,14 @@ case x"$GRUB_FS" in xbtrfs) @@ -104,7 +104,7 @@ elsewhere. (bsc#1209165) fi;; xzfs) rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` -@@ -239,7 +243,12 @@ +@@ -295,7 +299,12 @@ if [ $PLATFORM != "emu" ]; then hotkey=0 else @@ -120,7 +120,7 @@ elsewhere. (bsc#1209165) alt_version=`echo $version | sed -e "s,\.old$,,g"` --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in -@@ -79,10 +79,14 @@ +@@ -81,10 +81,14 @@ case x"$GRUB_FS" in xbtrfs) diff --git a/grub2-btrfs-06-subvol-mount.patch b/grub2-btrfs-06-subvol-mount.patch index 72c6a39..eabffd3 100644 --- a/grub2-btrfs-06-subvol-mount.patch +++ b/grub2-btrfs-06-subvol-mount.patch @@ -7,11 +7,9 @@ v3: * Fix executable stack on which function trampoline is constructed to support closure (nested function). The closure sematic is replaced. -Index: grub-2.04/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/btrfs.c -+++ grub-2.04/grub-core/fs/btrfs.c -@@ -43,6 +43,7 @@ +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -44,6 +44,7 @@ #include #include #include @@ -19,7 +17,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -263,6 +264,12 @@ static grub_err_t +@@ -266,6 +267,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, void *buf, grub_size_t size, int recursion_depth); @@ -32,7 +30,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static grub_err_t read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb) -@@ -1203,9 +1210,26 @@ lookup_root_by_name(struct grub_btrfs_da +@@ -1302,9 +1309,26 @@ grub_err_t err; grub_uint64_t tree = 0; grub_uint8_t type; @@ -59,10 +57,10 @@ Index: grub-2.04/grub-core/fs/btrfs.c if (err) return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); -@@ -2179,11 +2203,20 @@ grub_btrfs_dir (grub_device_t device, co - int r = 0; +@@ -2321,11 +2345,20 @@ grub_uint64_t tree; grub_uint8_t type; + grub_size_t est_size = 0; + char *new_path = NULL; if (!data) @@ -81,7 +79,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c if (err) { grub_btrfs_unmount (data); -@@ -2285,11 +2318,21 @@ grub_btrfs_open (struct grub_file *file, +@@ -2452,11 +2485,21 @@ struct grub_btrfs_inode inode; grub_uint8_t type; struct grub_btrfs_key key_in; @@ -104,7 +102,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c if (err) { grub_btrfs_unmount (data); -@@ -2460,6 +2503,150 @@ grub_cmd_btrfs_info (grub_command_t cmd +@@ -2691,6 +2734,150 @@ return 0; } @@ -255,7 +253,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static grub_err_t get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, grub_uint64_t objectid, grub_uint64_t offset, -@@ -2666,6 +2853,7 @@ static struct grub_fs grub_btrfs_fs = { +@@ -2903,6 +3090,7 @@ }; static grub_command_t cmd_info; @@ -263,7 +261,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static grub_extcmd_t cmd_list_subvols; static char * -@@ -2729,6 +2917,9 @@ GRUB_MOD_INIT (btrfs) +@@ -2966,6 +3154,9 @@ cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info, "DEVICE", "Print BtrFS info about DEVICE."); @@ -273,11 +271,9 @@ Index: grub-2.04/grub-core/fs/btrfs.c cmd_list_subvols = grub_register_extcmd("btrfs-list-subvols", grub_cmd_btrfs_list_subvols, 0, "[-p|-n] [-o var] DEVICE", -Index: grub-2.04/grub-core/osdep/linux/getroot.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/linux/getroot.c -+++ grub-2.04/grub-core/osdep/linux/getroot.c -@@ -107,6 +107,14 @@ struct btrfs_ioctl_search_key +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -103,6 +103,14 @@ grub_uint32_t unused[9]; }; @@ -292,7 +288,7 @@ Index: grub-2.04/grub-core/osdep/linux/getroot.c struct btrfs_ioctl_search_args { struct btrfs_ioctl_search_key key; grub_uint64_t buf[(4096 - sizeof(struct btrfs_ioctl_search_key)) -@@ -378,6 +386,109 @@ get_btrfs_fs_prefix (const char *mount_p +@@ -375,6 +383,109 @@ int use_relative_path_on_btrfs = 0; @@ -402,7 +398,7 @@ Index: grub-2.04/grub-core/osdep/linux/getroot.c char ** grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) { -@@ -519,12 +630,17 @@ again: +@@ -516,12 +627,17 @@ else if (grub_strcmp (entries[i].fstype, "btrfs") == 0) { ret = grub_find_root_devices_from_btrfs (dir); @@ -423,7 +419,7 @@ Index: grub-2.04/grub-core/osdep/linux/getroot.c } } else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) -@@ -1192,6 +1308,24 @@ grub_util_get_grub_dev_os (const char *o +@@ -1202,6 +1318,24 @@ return grub_dev; } @@ -448,11 +444,9 @@ Index: grub-2.04/grub-core/osdep/linux/getroot.c char * grub_make_system_path_relative_to_its_root_os (const char *path) { -Index: grub-2.04/util/grub-install.c -=================================================================== ---- grub-2.04.orig/util/grub-install.c -+++ grub-2.04/util/grub-install.c -@@ -1591,6 +1591,58 @@ main (int argc, char *argv[]) +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -1645,6 +1645,58 @@ prefix_drive = xasprintf ("(%s)", grub_drives[0]); } @@ -511,11 +505,9 @@ Index: grub-2.04/util/grub-install.c char mkimage_target[200]; const char *core_name = NULL; -Index: grub-2.04/include/grub/emu/getroot.h -=================================================================== ---- grub-2.04.orig/include/grub/emu/getroot.h -+++ grub-2.04/include/grub/emu/getroot.h -@@ -53,6 +53,11 @@ char ** +--- a/include/grub/emu/getroot.h ++++ b/include/grub/emu/getroot.h +@@ -53,6 +53,11 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot); #endif diff --git a/grub2-btrfs-07-subvol-fallback.patch b/grub2-btrfs-07-subvol-fallback.patch index 357aa44..b7b9325 100644 --- a/grub2-btrfs-07-subvol-fallback.patch +++ b/grub2-btrfs-07-subvol-fallback.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta3/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.02~beta3.orig/grub-core/fs/btrfs.c -+++ grub-2.02~beta3/grub-core/fs/btrfs.c -@@ -925,10 +925,40 @@ lookup_root_by_name(struct grub_btrfs_da +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -1340,10 +1340,40 @@ } static grub_err_t diff --git a/grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch b/grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch index 44c021b..668c93b 100644 --- a/grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch +++ b/grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch @@ -1,11 +1,9 @@ v2: Add menuentry "Help on bootable snapshot" to be excluded as default entry. -Index: grub-2.06/grub-core/normal/menu.c -=================================================================== ---- grub-2.06.orig/grub-core/normal/menu.c -+++ grub-2.06/grub-core/normal/menu.c -@@ -574,6 +574,43 @@ print_countdown (struct grub_term_coordi +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -574,6 +574,43 @@ grub_refresh (); } @@ -49,7 +47,7 @@ Index: grub-2.06/grub-core/normal/menu.c #define GRUB_MENU_PAGE_SIZE 10 /* Show the menu and handle menu entry selection. Returns the menu entry -@@ -592,6 +629,8 @@ run_menu (grub_menu_t menu, int nested, +@@ -594,6 +631,8 @@ default_entry = get_entry_number (menu, "default"); diff --git a/grub2-btrfs-09-get-default-subvolume.patch b/grub2-btrfs-09-get-default-subvolume.patch index cb2f4f6..d9368d8 100644 --- a/grub2-btrfs-09-get-default-subvolume.patch +++ b/grub2-btrfs-09-get-default-subvolume.patch @@ -3,11 +3,9 @@ V1: * Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data -Index: grub-2.04/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/btrfs.c -+++ grub-2.04/grub-core/fs/btrfs.c -@@ -2880,6 +2880,254 @@ out: +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -3104,6 +3104,254 @@ return 0; } @@ -262,7 +260,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static struct grub_fs grub_btrfs_fs = { .name = "btrfs", .fs_dir = grub_btrfs_dir, -@@ -2898,6 +3146,7 @@ static struct grub_fs grub_btrfs_fs = { +@@ -3122,6 +3370,7 @@ static grub_command_t cmd_info; static grub_command_t cmd_mount_subvol; static grub_extcmd_t cmd_list_subvols; @@ -270,7 +268,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static char * subvolid_set_env (struct grub_env_var *var __attribute__ ((unused)), -@@ -2968,6 +3217,11 @@ GRUB_MOD_INIT (btrfs) +@@ -3192,6 +3441,11 @@ "[-p|-n] [-o var] DEVICE", "Print list of BtrFS subvolumes on " "DEVICE.", options); diff --git a/grub2-btrfs-10-config-directory.patch b/grub2-btrfs-10-config-directory.patch index 6aae90e..ee591ec 100644 --- a/grub2-btrfs-10-config-directory.patch +++ b/grub2-btrfs-10-config-directory.patch @@ -6,11 +6,9 @@ References: bsc#1106381 Fix outputting invalid btrfs subvol path on non btrfs filesystem due to bogus return code handling. -Index: grub-2.02/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.02.orig/grub-core/fs/btrfs.c -+++ grub-2.02/grub-core/fs/btrfs.c -@@ -2590,8 +2590,7 @@ grub_btrfs_get_default_subvolume_id (str +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -3260,8 +3260,7 @@ } static grub_err_t @@ -20,7 +18,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c { char *devname; grub_device_t dev; -@@ -2600,21 +2599,8 @@ grub_cmd_btrfs_get_default_subvol (struc +@@ -3270,21 +3269,8 @@ grub_uint64_t id; char *subvol = NULL; grub_uint64_t subvolid = 0; @@ -43,7 +41,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c dev = grub_device_open (devname); grub_free (devname); if (!dev) -@@ -2625,8 +2611,7 @@ grub_cmd_btrfs_get_default_subvol (struc +@@ -3295,8 +3281,7 @@ { grub_device_close (dev); grub_dprintf ("btrfs", "failed to open fs\n"); @@ -53,7 +51,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c } err = grub_btrfs_get_default_subvolume_id (data, &subvolid); -@@ -2655,12 +2640,47 @@ grub_cmd_btrfs_get_default_subvol (struc +@@ -3325,12 +3310,47 @@ return err; } @@ -103,7 +101,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c if (num_only && path_only) output = grub_xasprintf ("%"PRIuGRUB_UINT64_T" /%s", subvolid, subvol); else if (num_only) -@@ -2676,9 +2696,6 @@ grub_cmd_btrfs_get_default_subvol (struc +@@ -3346,9 +3366,6 @@ grub_free (output); grub_free (subvol); @@ -113,7 +111,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c return GRUB_ERR_NONE; } -@@ -2757,6 +2774,122 @@ subvol_get_env (struct grub_env_var *var +@@ -3427,6 +3444,122 @@ return ""; } @@ -236,7 +234,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c GRUB_MOD_INIT (btrfs) { grub_fs_register (&grub_btrfs_fs); -@@ -2780,6 +2913,8 @@ GRUB_MOD_INIT (btrfs) +@@ -3450,6 +3583,8 @@ subvol_set_env); grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, subvolid_set_env); @@ -245,7 +243,7 @@ Index: grub-2.02/grub-core/fs/btrfs.c grub_env_export ("btrfs_subvol"); grub_env_export ("btrfs_subvolid"); grub_env_export ("btrfs_relative_path"); -@@ -2789,6 +2924,7 @@ GRUB_MOD_FINI (btrfs) +@@ -3459,6 +3594,7 @@ { grub_register_variable_hook ("btrfs_subvol", NULL, NULL); grub_register_variable_hook ("btrfs_subvolid", NULL, NULL); diff --git a/grub2-btrfs-help-on-snapper-rollback.patch b/grub2-btrfs-help-on-snapper-rollback.patch index f6e0f9e..dfe1055 100644 --- a/grub2-btrfs-help-on-snapper-rollback.patch +++ b/grub2-btrfs-help-on-snapper-rollback.patch @@ -1,8 +1,6 @@ -Index: grub-2.02/util/grub.d/00_header.in -=================================================================== ---- grub-2.02.orig/util/grub.d/00_header.in -+++ grub-2.02/util/grub.d/00_header.in -@@ -417,8 +417,14 @@ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -428,8 +428,14 @@ # Note: No $snapshot_num on *read-only* rollback! (bsc#901487) cat < #include @@ -24,7 +22,7 @@ Index: grub-2.04~rc1/grub-core/commands/read.c #include #include #include -@@ -77,16 +78,49 @@ grub_cmd_read (grub_command_t cmd __attr +@@ -88,16 +89,49 @@ return 0; } @@ -56,14 +54,14 @@ Index: grub-2.04~rc1/grub-core/commands/read.c + return 0; +} + - static grub_command_t cmd; + static grub_extcmd_t cmd; +static grub_command_t cme; GRUB_MOD_INIT(read) { - cmd = grub_register_command ("read", grub_cmd_read, - N_("[ENVVAR]"), - N_("Set variable with user input.")); + cmd = grub_register_extcmd ("read", grub_cmd_read, 0, + N_("[-s] [ENVVAR]"), + N_("Set variable with user input."), options); + cme = grub_register_command ("read_file", grub_cmd_read_from_file, + N_("FILE ENVVAR [...]"), + N_("Set variable(s) with line(s) from FILE.")); @@ -71,14 +69,12 @@ Index: grub-2.04~rc1/grub-core/commands/read.c GRUB_MOD_FINI(read) { - grub_unregister_command (cmd); + grub_unregister_extcmd (cmd); + grub_unregister_command (cme); } -Index: grub-2.04~rc1/include/grub/file.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/file.h -+++ grub-2.04~rc1/include/grub/file.h -@@ -122,6 +122,7 @@ enum grub_file_type +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -126,6 +126,7 @@ GRUB_FILE_TYPE_FS_SEARCH, GRUB_FILE_TYPE_AUDIO, GRUB_FILE_TYPE_VBE_DUMP, diff --git a/grub2-diskfilter-support-pv-without-metadatacopies.patch b/grub2-diskfilter-support-pv-without-metadatacopies.patch index b74a3e6..c549be3 100644 --- a/grub2-diskfilter-support-pv-without-metadatacopies.patch +++ b/grub2-diskfilter-support-pv-without-metadatacopies.patch @@ -30,10 +30,8 @@ Signed-off-by: Lidong Zhong grub-core/disk/lvm.c | 15 ++++-- 2 files changed, 121 insertions(+), 6 deletions(-) -Index: grub-2.06~rc1/grub-core/disk/diskfilter.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/disk/diskfilter.c -+++ grub-2.06~rc1/grub-core/disk/diskfilter.c +--- a/grub-core/disk/diskfilter.c ++++ b/grub-core/disk/diskfilter.c @@ -28,6 +28,7 @@ #include #include @@ -42,7 +40,7 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -43,7 +44,17 @@ static struct grub_diskfilter_lv * +@@ -43,7 +44,17 @@ find_lv (const char *name); static int is_lv_readable (struct grub_diskfilter_lv *lv, int easily); @@ -61,7 +59,7 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c static grub_err_t is_node_readable (const struct grub_diskfilter_node *node, int easily) -@@ -132,6 +143,7 @@ scan_disk_partition_iter (grub_disk_t di +@@ -132,6 +143,7 @@ grub_disk_addr_t start_sector; struct grub_diskfilter_pv_id id; grub_diskfilter_t diskfilter; @@ -69,7 +67,7 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c grub_dprintf ("diskfilter", "Scanning for DISKFILTER devices on disk %s\n", name); -@@ -168,6 +180,28 @@ scan_disk_partition_iter (grub_disk_t di +@@ -168,6 +180,28 @@ grub_free (id.uuid); return 0; } @@ -98,7 +96,7 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c if (arr && id.uuidlen) grub_free (id.uuid); -@@ -180,6 +214,65 @@ scan_disk_partition_iter (grub_disk_t di +@@ -180,6 +214,65 @@ } return 0; @@ -164,7 +162,7 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c } static int -@@ -206,6 +299,9 @@ scan_disk (const char *name, int accept_ +@@ -206,6 +299,9 @@ grub_partition_iterate (disk, scan_disk_partition_iter, (void *) name); grub_disk_close (disk); scan_depth--; @@ -174,7 +172,7 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c return 0; } -@@ -1250,6 +1346,20 @@ insert_array (grub_disk_t disk, const st +@@ -1287,6 +1383,20 @@ static void free_array (void) { @@ -195,11 +193,9 @@ Index: grub-2.06~rc1/grub-core/disk/diskfilter.c while (array_list) { struct grub_diskfilter_vg *vg; -Index: grub-2.06~rc1/grub-core/disk/lvm.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/disk/lvm.c -+++ grub-2.06~rc1/grub-core/disk/lvm.c -@@ -235,11 +235,16 @@ grub_lvm_detect (grub_disk_t disk, +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -235,11 +235,16 @@ sizeof (mdah->magic))) || (grub_le_to_cpu32 (mdah->version) != GRUB_LVM_FMTT_VERSION)) { diff --git a/grub2-efi-HP-workaround.patch b/grub2-efi-HP-workaround.patch index 0d993cf..e1b1c28 100644 --- a/grub2-efi-HP-workaround.patch +++ b/grub2-efi-HP-workaround.patch @@ -2,11 +2,9 @@ v2: Add GRUB_FILE_TYPE_CONFIG to grub_file_open, see also upstream commit ca0a4f689 verifiers: File type for fine-grained signature-verification controlling -Index: grub-2.06~rc1/grub-core/kern/efi/init.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/kern/efi/init.c -+++ grub-2.06~rc1/grub-core/kern/efi/init.c -@@ -27,6 +27,7 @@ +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -28,6 +28,7 @@ #include #include #include @@ -14,8 +12,8 @@ Index: grub-2.06~rc1/grub-core/kern/efi/init.c #include #ifdef GRUB_STACK_PROTECTOR -@@ -114,6 +115,67 @@ grub_efi_init (void) - void (*grub_efi_net_config) (grub_efi_handle_t hnd, +@@ -135,6 +136,67 @@ + void (*grub_efi_net_config) (grub_efi_handle_t hnd, char **device, char **path); +static char * @@ -82,7 +80,7 @@ Index: grub-2.06~rc1/grub-core/kern/efi/init.c void grub_machine_get_bootlocation (char **device, char **path) -@@ -138,6 +200,12 @@ grub_machine_get_bootlocation (char **de +@@ -159,6 +221,12 @@ p = grub_strrchr (*path, '/'); if (p) *p = '\0'; diff --git a/grub2-efi-chainload-harder.patch b/grub2-efi-chainload-harder.patch index cf26002..3c2f994 100644 --- a/grub2-efi-chainload-harder.patch +++ b/grub2-efi-chainload-harder.patch @@ -6,11 +6,9 @@ Use grub_efi_get_secureboot to get secure boot status grub-core/loader/efi/chainloader.c | 62 +++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 26 deletions(-) -Index: grub-2.04/grub-core/loader/efi/chainloader.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/efi/chainloader.c -+++ grub-2.04/grub-core/loader/efi/chainloader.c -@@ -286,40 +286,41 @@ grub_secure_validate (void *data, grub_e +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -305,40 +305,41 @@ static grub_efi_boolean_t read_header (void *data, grub_efi_uint32_t size, pe_coff_loader_image_context_t *context) { @@ -75,9 +73,9 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c } static void* -@@ -583,6 +584,9 @@ error_exit: +@@ -604,6 +605,9 @@ if (buffer) - efi_call_1 (b->free_pool, buffer); + b->free_pool (buffer); + if (grub_errno) + grub_print_error (); @@ -85,20 +83,31 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c return 0; } -@@ -790,6 +794,19 @@ grub_cmd_chainloader (grub_command_t cmd - status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, - boot_image, fsize, - &image_handle); +@@ -821,6 +825,30 @@ + status = b->load_image (0, grub_efi_image_handle, file_path, + boot_image, size, + &image_handle); +#ifdef SUPPORT_SECURE_BOOT + if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) + { + /* If it failed with security violation while not in secure boot mode, + the firmware might be broken. We try to workaround on that by forcing + the SB method! (bsc#887793) */ ++ struct grub_secureboot_chainloader_context *sb_context; ++ + grub_dprintf ("chain", "Possible firmware flaw! Security violation while not in secure boot mode.\n"); ++ sb_context = grub_malloc (sizeof (*sb_context)); ++ if (!sb_context) ++ goto fail; ++ sb_context->cmdline = cmdline; ++ sb_context->cmdline_len = cmdline_len; ++ sb_context->fsize = size; ++ sb_context->dev_handle = dev_handle; ++ sb_context->address = address; ++ sb_context->pages = pages; + grub_file_close (file); -+ grub_loader_set (grub_secureboot_chainloader_boot, -+ grub_secureboot_chainloader_unload, 0); ++ grub_loader_set_ex (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, sb_context, 0); + return 0; + } +#endif diff --git a/grub2-efi-chainloader-root.patch b/grub2-efi-chainloader-root.patch deleted file mode 100644 index be29084..0000000 --- a/grub2-efi-chainloader-root.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Raymund Will -Subject: Use device part of chainloader target, if present. -References: bnc#871857, bnc#880177 -Patch-Mainline: no - -Otherwise chainloading is restricted to '$root', which might not even -be readable by EFI! - -v1. use grub_file_get_device_name() to get device name - -Signed-off-by: Michael Chang - ---- - grub-core/loader/efi/chainloader.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/loader/efi/chainloader.c -+++ grub-2.04~rc1/grub-core/loader/efi/chainloader.c -@@ -714,12 +714,16 @@ grub_cmd_chainloader (grub_command_t cmd - *(--p16) = 0; - } - -+ grub_dprintf ("chain", "cmd='%s'\n", filename); - file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); - if (! file) - goto fail; - -- /* Get the root device's device path. */ -- dev = grub_device_open (0); -+ /* Get the device path from filename. */ -+ char *devname = grub_file_get_device_name (filename); -+ dev = grub_device_open (devname); -+ if (devname) -+ grub_free (devname); - if (! dev) - goto fail; - diff --git a/grub2-efi-disable-video-cirrus-and-bochus.patch b/grub2-efi-disable-video-cirrus-and-bochus.patch index 1d37519..1259df3 100644 --- a/grub2-efi-disable-video-cirrus-and-bochus.patch +++ b/grub2-efi-disable-video-cirrus-and-bochus.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta2/grub-core/Makefile.core.def -=================================================================== ---- grub-2.02~beta2.orig/grub-core/Makefile.core.def -+++ grub-2.02~beta2/grub-core/Makefile.core.def -@@ -1921,13 +1921,13 @@ module = { +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2142,13 +2142,13 @@ module = { name = video_cirrus; x86 = video/cirrus.c; @@ -18,11 +16,9 @@ Index: grub-2.02~beta2/grub-core/Makefile.core.def }; module = { -Index: grub-2.02~beta2/gentpl.py -=================================================================== ---- grub-2.02~beta2.orig/gentpl.py -+++ grub-2.02~beta2/gentpl.py -@@ -80,6 +80,10 @@ GROUPS["fdt"] = [ "arm64_efi", "arm_uboo +--- a/gentpl.py ++++ b/gentpl.py +@@ -92,6 +92,10 @@ GROUPS["i386_coreboot_multiboot_qemu"] = ["i386_coreboot", "i386_multiboot", "i386_qemu"] GROUPS["nopc"] = GRUB_PLATFORMS[:]; GROUPS["nopc"].remove("i386_pc") diff --git a/grub2-efi-xen-cfg-unquote.patch b/grub2-efi-xen-cfg-unquote.patch index 47e9f0f..3b437df 100644 --- a/grub2-efi-xen-cfg-unquote.patch +++ b/grub2-efi-xen-cfg-unquote.patch @@ -17,11 +17,9 @@ Signed-off-by: Petr Tesarik util/grub.d/20_linux_xen.in | 54 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) -Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.06~rc1/util/grub.d/20_linux_xen.in -@@ -137,6 +137,52 @@ else +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -139,6 +139,52 @@ is_efi=false fi @@ -74,7 +72,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in linux_entry () { linux_entry_xsm "$@" false -@@ -205,11 +251,13 @@ linux_entry_xsm () +@@ -209,11 +255,13 @@ else section="failsafe.$section_count" fi diff --git a/grub2-efi-xen-chainload.patch b/grub2-efi-xen-chainload.patch index 776a5cf..b5ceaed 100644 --- a/grub2-efi-xen-chainload.patch +++ b/grub2-efi-xen-chainload.patch @@ -26,11 +26,9 @@ V3: util/grub.d/20_linux_xen.in | 109 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 97 insertions(+), 12 deletions(-) -Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.06~rc1/util/grub.d/20_linux_xen.in -@@ -21,6 +21,8 @@ prefix="@prefix@" +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -21,6 +21,8 @@ exec_prefix="@exec_prefix@" datarootdir="@datarootdir@" @@ -39,7 +37,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in . "$pkgdatadir/grub-mkconfig_lib" export TEXTDOMAIN=@PACKAGE@ -@@ -36,11 +38,23 @@ CLASS="--class gnu-linux --class gnu --c +@@ -36,11 +38,23 @@ if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then OS=GNU/Linux @@ -64,7 +62,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in # loop-AES arranges things so that /dev/loop/X can be our root device, but # the initrds that Linux uses don't like that. case ${GRUB_DEVICE} in -@@ -97,6 +111,32 @@ esac +@@ -99,6 +113,32 @@ title_correction_code= @@ -97,7 +95,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in linux_entry () { linux_entry_xsm "$@" false -@@ -150,6 +190,40 @@ linux_entry_xsm () +@@ -154,6 +194,40 @@ save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/" fi @@ -138,7 +136,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in if [ -z "${prepare_boot_cache}" ]; then prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" fi -@@ -241,16 +315,6 @@ boot_device_id= +@@ -245,16 +319,6 @@ title_correction_code= @@ -155,7 +153,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in # Extra indentation to add to menu entries in a submenu. We're not in a submenu # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). submenu_indentation="" -@@ -264,6 +328,24 @@ while [ "x${xen_list}" != "x" ] ; do +@@ -325,6 +389,24 @@ xen_dirname=`dirname ${current_xen}` rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname` xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"` @@ -180,15 +178,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in if [ -z "$boot_device_id" ]; then boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" fi -@@ -373,7 +455,6 @@ while [ "x${xen_list}" != "x" ] ; do - if [ x"$is_top_level" != xtrue ]; then - echo ' }' - fi -- xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '` - done - - # If at least one kernel was found, then we need to -@@ -383,3 +464,7 @@ if [ x"$is_top_level" != xtrue ]; then +@@ -445,3 +527,7 @@ fi echo "$title_correction_code" diff --git a/grub2-efi-xen-cmdline.patch b/grub2-efi-xen-cmdline.patch index cf85e9f..b104163 100644 --- a/grub2-efi-xen-cmdline.patch +++ b/grub2-efi-xen-cmdline.patch @@ -1,9 +1,9 @@ --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in -@@ -295,7 +295,8 @@ +@@ -298,7 +298,8 @@ + GRUB_BADRAM \ GRUB_OS_PROBER_SKIP_LIST \ GRUB_DISABLE_SUBMENU \ - GRUB_CMDLINE_LINUX_RECOVERY \ - SUSE_BTRFS_SNAPSHOT_BOOTING + SUSE_BTRFS_SNAPSHOT_BOOTING \ + SUSE_CMDLINE_XENEFI @@ -12,7 +12,7 @@ rm -f "${grub_cfg}.new" --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in -@@ -216,7 +216,7 @@ +@@ -219,7 +219,7 @@ message="$(gettext_printf "Loading Xen %s with Linux %s ..." ${xen_version} ${version})" sed "s/^/$submenu_indentation/" <<-EOF echo '$(echo "$message" | grub_quote)' diff --git a/grub2-efi-xen-removable.patch b/grub2-efi-xen-removable.patch index 791c7b4..0efb58f 100644 --- a/grub2-efi-xen-removable.patch +++ b/grub2-efi-xen-removable.patch @@ -22,7 +22,7 @@ $cmdpath to work. --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in -@@ -101,32 +101,6 @@ esac +@@ -113,32 +113,6 @@ title_correction_code= @@ -55,7 +55,7 @@ $cmdpath to work. grub2_unquote () { awk ' -@@ -234,10 +208,15 @@ linux_entry () +@@ -264,10 +238,15 @@ kernel=${basename} root=${linux_root_device_thisversion} ${args_unq} ramdisk=${initrd_real} EOF @@ -72,7 +72,7 @@ $cmdpath to work. } EOF for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${dirname}/${basename} ${dirname}/${initrd_real}; do -@@ -318,6 +297,7 @@ else +@@ -363,6 +342,7 @@ done fi prepare_boot_cache= @@ -80,7 +80,7 @@ $cmdpath to work. boot_device_id= title_correction_code= -@@ -328,6 +308,34 @@ submenu_indentation="" +@@ -432,6 +412,34 @@ is_top_level=true @@ -112,6 +112,6 @@ $cmdpath to work. + is_efi=false +fi + - while [ "x${xen_list}" != "x" ] ; do - list="${linux_list}" - current_xen=`version_find_latest $xen_list` + for current_xen in ${reverse_sorted_xen_list}; do + xen_basename=`basename ${current_xen}` + xen_dirname=`dirname ${current_xen}` diff --git a/grub2-emu-4-all.patch b/grub2-emu-4-all.patch index fcc1c09..39b20fa 100644 --- a/grub2-emu-4-all.patch +++ b/grub2-emu-4-all.patch @@ -5,11 +5,9 @@ grub-core/osdep/unix/emuconsole.c | 5 +++-- 4 files changed, 14 insertions(+), 16 deletions(-) -Index: grub-2.04~rc1/Makefile.util.def -=================================================================== ---- grub-2.04~rc1.orig/Makefile.util.def -+++ grub-2.04~rc1/Makefile.util.def -@@ -362,7 +362,7 @@ program = { +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -377,7 +377,7 @@ ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; cppflags = '-DGRUB_SETUP_FUNC=grub_util_bios_setup'; @@ -18,7 +16,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -@@ -383,7 +383,7 @@ program = { +@@ -398,7 +398,7 @@ ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; cppflags = '-DGRUB_SETUP_FUNC=grub_util_sparc_setup'; @@ -27,7 +25,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -@@ -399,7 +399,7 @@ program = { +@@ -414,7 +414,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -36,7 +34,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -@@ -430,7 +430,7 @@ program = { +@@ -445,7 +445,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -45,7 +43,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; data = { -@@ -1361,7 +1361,7 @@ program = { +@@ -1420,7 +1420,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -54,11 +52,9 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -Index: grub-2.04~rc1/grub-core/Makefile.core.def -=================================================================== ---- grub-2.04~rc1.orig/grub-core/Makefile.core.def -+++ grub-2.04~rc1/grub-core/Makefile.core.def -@@ -1139,7 +1139,7 @@ module = { +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1183,7 +1183,7 @@ module = { name = videotest; common = commands/videotest.c; @@ -67,7 +63,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -1572,7 +1572,7 @@ module = { +@@ -1638,7 +1638,7 @@ common = gfxmenu/gui_progress_bar.c; common = gfxmenu/gui_util.c; common = gfxmenu/gui_string_util.c; @@ -76,7 +72,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2008,13 +2008,13 @@ module = { +@@ -2077,13 +2077,13 @@ name = gfxterm; common = term/gfxterm.c; enable = videomodules; @@ -92,7 +88,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2133,9 +2133,7 @@ module = { +@@ -2204,9 +2204,7 @@ enable = i386_xen_pvh; enable = i386_efi; enable = x86_64_efi; @@ -102,7 +98,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2182,7 +2180,7 @@ module = { +@@ -2253,7 +2251,7 @@ module = { name = gfxterm_menu; common = tests/gfxterm_menu.c; @@ -111,7 +107,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2334,9 +2332,7 @@ module = { +@@ -2413,9 +2411,7 @@ enable = i386_xen_pvh; enable = i386_efi; enable = x86_64_efi; @@ -121,23 +117,19 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -Index: grub-2.04~rc1/configure.ac -=================================================================== ---- grub-2.04~rc1.orig/configure.ac -+++ grub-2.04~rc1/configure.ac -@@ -1911,6 +1911,7 @@ AC_SUBST(BUILD_LIBM) +--- a/configure.ac ++++ b/configure.ac +@@ -2061,6 +2061,7 @@ AM_CONDITIONAL([COND_real_platform], [test x$platform != xnone]) AM_CONDITIONAL([COND_emu], [test x$platform = xemu]) +AM_CONDITIONAL([COND_NOT_emu], [test x$platform != xemu]) - AM_CONDITIONAL([COND_i386_pc], [test x$target_cpu = xi386 -a x$platform = xpc]) - AM_CONDITIONAL([COND_i386_efi], [test x$target_cpu = xi386 -a x$platform = xefi]) - AM_CONDITIONAL([COND_ia64_efi], [test x$target_cpu = xia64 -a x$platform = xefi]) -Index: grub-2.04~rc1/grub-core/osdep/unix/emuconsole.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/osdep/unix/emuconsole.c -+++ grub-2.04~rc1/grub-core/osdep/unix/emuconsole.c -@@ -50,13 +50,12 @@ static struct termios new_tty; + AM_CONDITIONAL([COND_arm], [test x$target_cpu = xarm ]) + AM_CONDITIONAL([COND_arm_uboot], [test x$target_cpu = xarm -a x$platform = xuboot]) + AM_CONDITIONAL([COND_arm_coreboot], [test x$target_cpu = xarm -a x$platform = xcoreboot]) +--- a/grub-core/osdep/unix/emuconsole.c ++++ b/grub-core/osdep/unix/emuconsole.c +@@ -50,13 +50,12 @@ static int console_mode = 0; #define MAX_LEN 1023 @@ -152,7 +144,7 @@ Index: grub-2.04~rc1/grub-core/osdep/unix/emuconsole.c #if 0 static char msg[MAX_LEN+1]; static void -@@ -128,6 +127,7 @@ readkey (struct grub_term_input *term) +@@ -128,6 +127,7 @@ return -1; } @@ -160,7 +152,7 @@ Index: grub-2.04~rc1/grub-core/osdep/unix/emuconsole.c #define NO_KEY ((grub_uint8_t)-1) static int readkey_dumb (struct grub_term_input *term) -@@ -158,6 +158,7 @@ readkey_dumb (struct grub_term_input *te +@@ -158,6 +158,7 @@ p = c; return c; } diff --git a/grub2-fix-menu-in-xen-host-server.patch b/grub2-fix-menu-in-xen-host-server.patch index bd4106c..00065e1 100644 --- a/grub2-fix-menu-in-xen-host-server.patch +++ b/grub2-fix-menu-in-xen-host-server.patch @@ -27,27 +27,9 @@ if you need any other custom entries. util/grub.d/20_linux_xen.in | 6 ++++-- 3 files changed, 19 insertions(+), 4 deletions(-) -Index: grub-2.06~rc1/util/grub-mkconfig_lib.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub-mkconfig_lib.in -+++ grub-2.06~rc1/util/grub-mkconfig_lib.in -@@ -253,6 +253,11 @@ version_test_gt () - *.old:*.old) ;; - *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; - *:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;; -+# bnc#757895 - Grub2 menu items incorrect when "Xen Virtual Machines Host Server" selected -+# The dbg version should be placed after release version -+ dbg-*:dbg-*) ;; -+ dbg-*:*) version_test_gt_a="" ;; -+ *:dbg-*) version_test_gt_b="" ;; - esac - version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b" - return "$?" -Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.06~rc1/util/grub.d/20_linux_xen.in -@@ -26,6 +26,12 @@ datarootdir="@datarootdir@" +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -26,6 +26,12 @@ export TEXTDOMAIN=@PACKAGE@ export TEXTDOMAINDIR="@localedir@" @@ -60,7 +42,7 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in CLASS="--class gnu-linux --class gnu --class os --class xen" if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then -@@ -210,10 +216,18 @@ file_is_not_xen_garbage () { +@@ -213,10 +219,18 @@ esac } @@ -83,11 +65,9 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in prepare_boot_cache= boot_device_id= -Index: grub-2.06~rc1/util/grub.d/10_linux.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub.d/10_linux.in -+++ grub-2.06~rc1/util/grub.d/10_linux.in -@@ -244,6 +244,40 @@ while [ "x$list" != "x" ] ; do +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -258,6 +258,40 @@ fi done diff --git a/grub2-getroot-support-nvdimm.patch b/grub2-getroot-support-nvdimm.patch index cf539d7..3a5051a 100644 --- a/grub2-getroot-support-nvdimm.patch +++ b/grub2-getroot-support-nvdimm.patch @@ -11,11 +11,9 @@ For blk, the name would be /dev/ndblkX.YpZ or /dev/ndblkX.YsZ grub-core/osdep/linux/getroot.c | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 8776009..d2ab60f 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c -@@ -1082,6 +1082,50 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st, +@@ -971,6 +971,50 @@ *pp = '\0'; return path; } @@ -66,6 +64,3 @@ index 8776009..d2ab60f 100644 } return path; --- -2.19.0 - diff --git a/grub2-getroot-treat-mdadm-ddf-as-simple-device.patch b/grub2-getroot-treat-mdadm-ddf-as-simple-device.patch index a4a8126..cf75d71 100644 --- a/grub2-getroot-treat-mdadm-ddf-as-simple-device.patch +++ b/grub2-getroot-treat-mdadm-ddf-as-simple-device.patch @@ -3,11 +3,9 @@ Subject: treat mdadm ddf fakeraid as simple device References: bnc#872360 Patch-Mainline: no -Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c -=================================================================== ---- grub-2.02~beta2.orig/grub-core/osdep/linux/getroot.c -+++ grub-2.02~beta2/grub-core/osdep/linux/getroot.c -@@ -117,7 +117,7 @@ struct btrfs_ioctl_search_args { +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -119,7 +119,7 @@ struct btrfs_ioctl_fs_info_args) static int @@ -16,7 +14,7 @@ Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c #define ESCAPED_PATH_MAX (4 * PATH_MAX) -@@ -603,10 +603,10 @@ out: +@@ -635,10 +635,10 @@ } static int @@ -29,13 +27,13 @@ Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c int container_seen = 0; const char *dev = os_dev; -@@ -667,10 +667,17 @@ grub_util_is_imsm (const char *os_dev) +@@ -699,10 +699,17 @@ if (strncmp (buf, "MD_METADATA=imsm", sizeof ("MD_METADATA=imsm") - 1) == 0) { - is_imsm = 1; + is_imsm_or_ddf = 1; - grub_util_info ("%s is imsm", dev); + grub_util_info ("%s is imsm", dev); break; } + if (strncmp (buf, "MD_METADATA=ddf", @@ -48,7 +46,7 @@ Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c } free (buf); -@@ -681,7 +688,7 @@ grub_util_is_imsm (const char *os_dev) +@@ -713,7 +720,7 @@ if (dev != os_dev) free ((void *) dev); @@ -57,7 +55,7 @@ Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c } char * -@@ -1018,7 +1025,7 @@ grub_util_get_dev_abstraction_os (const +@@ -1078,7 +1085,7 @@ /* Check for RAID. */ if (!strncmp (os_dev, "/dev/md", 7) && ! grub_util_device_is_mapped (os_dev) diff --git a/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch b/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch index 70f84bf..fd9f600 100644 --- a/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch +++ b/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch @@ -28,11 +28,9 @@ V1: include/grub/menu_viewer.h | 1 + 7 files changed, 112 insertions(+) -Index: grub-2.06~rc1/grub-core/gfxmenu/gfxmenu.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/gfxmenu/gfxmenu.c -+++ grub-2.06~rc1/grub-core/gfxmenu/gfxmenu.c -@@ -108,6 +108,15 @@ grub_gfxmenu_try (int entry, grub_menu_t +--- a/grub-core/gfxmenu/gfxmenu.c ++++ b/grub-core/gfxmenu/gfxmenu.c +@@ -108,6 +108,15 @@ view->menu = menu; view->nested = nested; view->first_timeout = -1; @@ -48,7 +46,7 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/gfxmenu.c grub_video_set_viewport (0, 0, mode_info.width, mode_info.height); if (view->double_repaint) -@@ -123,6 +132,7 @@ grub_gfxmenu_try (int entry, grub_menu_t +@@ -123,6 +132,7 @@ instance->fini = grub_gfxmenu_viewer_fini; instance->print_timeout = grub_gfxmenu_print_timeout; instance->clear_timeout = grub_gfxmenu_clear_timeout; @@ -56,11 +54,9 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/gfxmenu.c grub_menu_register_viewer (instance); -Index: grub-2.06~rc1/grub-core/gfxmenu/gui_label.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/gfxmenu/gui_label.c -+++ grub-2.06~rc1/grub-core/gfxmenu/gui_label.c -@@ -192,6 +192,8 @@ label_set_property (void *vself, const c +--- a/grub-core/gfxmenu/gui_label.c ++++ b/grub-core/gfxmenu/gui_label.c +@@ -192,6 +192,8 @@ "or `c' for a command-line."); else if (grub_strcmp (value, "@KEYMAP_SHORT@") == 0) value = _("enter: boot, `e': options, `c': cmd-line"); @@ -69,10 +65,8 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/gui_label.c /* FIXME: Add more templates here if needed. */ if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) -Index: grub-2.06~rc1/grub-core/gfxmenu/gui_list.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/gfxmenu/gui_list.c -+++ grub-2.06~rc1/grub-core/gfxmenu/gui_list.c +--- a/grub-core/gfxmenu/gui_list.c ++++ b/grub-core/gfxmenu/gui_list.c @@ -24,6 +24,7 @@ #include #include @@ -81,7 +75,7 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/gui_list.c enum scrollbar_slice_mode { SCROLLBAR_SLICE_WEST, -@@ -314,6 +315,33 @@ draw_scrollbar (list_impl_t self, +@@ -314,6 +315,33 @@ thumb->draw (thumb, thumbx, thumby); } @@ -115,7 +109,7 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/gui_list.c /* Draw the list of items. */ static void draw_menu (list_impl_t self, int num_shown_items) -@@ -433,6 +461,16 @@ draw_menu (list_impl_t self, int num_sho +@@ -433,6 +461,16 @@ const char *item_title = grub_menu_get_entry (self->view->menu, menu_index)->title; @@ -132,10 +126,8 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/gui_list.c sviewport.y = item_top + top_pad; sviewport.width = viewport_width; grub_gui_set_viewport (&sviewport, &svpsave); -Index: grub-2.06~rc1/grub-core/gfxmenu/view.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/gfxmenu/view.c -+++ grub-2.06~rc1/grub-core/gfxmenu/view.c +--- a/grub-core/gfxmenu/view.c ++++ b/grub-core/gfxmenu/view.c @@ -37,6 +37,7 @@ #include #include @@ -144,7 +136,7 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/view.c static void init_terminal (grub_gfxmenu_view_t view); -@@ -103,6 +104,7 @@ grub_gfxmenu_view_new (const char *theme +@@ -103,6 +104,7 @@ view->title_text = grub_strdup (_("GRUB Boot Menu")); view->progress_message_text = 0; view->theme_path = 0; @@ -152,7 +144,7 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/view.c /* Set the timeout bar's frame. */ view->progress_message_frame.width = view->screen.width * 4 / 5; -@@ -142,6 +144,7 @@ grub_gfxmenu_view_destroy (grub_gfxmenu_ +@@ -142,6 +144,7 @@ grub_free (view->title_text); grub_free (view->progress_message_text); grub_free (view->theme_path); @@ -160,7 +152,7 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/view.c if (view->canvas) view->canvas->component.ops->destroy (view->canvas); grub_free (view); -@@ -410,6 +413,52 @@ grub_gfxmenu_set_chosen_entry (int entry +@@ -410,6 +413,52 @@ grub_gfxmenu_redraw_menu (view); } @@ -213,11 +205,9 @@ Index: grub-2.06~rc1/grub-core/gfxmenu/view.c static void grub_gfxmenu_draw_terminal_box (void) { -Index: grub-2.06~rc1/grub-core/normal/menu.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/normal/menu.c -+++ grub-2.06~rc1/grub-core/normal/menu.c -@@ -400,6 +400,15 @@ menu_set_chosen_entry (int entry) +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -400,6 +400,15 @@ } static void @@ -233,11 +223,11 @@ Index: grub-2.06~rc1/grub-core/normal/menu.c menu_print_timeout (int timeout) { struct grub_menu_viewer *cur; -@@ -827,6 +836,13 @@ run_menu (grub_menu_t menu, int nested, +@@ -829,6 +838,13 @@ menu_set_chosen_entry (current_entry); break; -+ case GRUB_TERM_CTRL | 'l': ++ case GRUB_TERM_CTRL | 'w': + menu_scroll_chosen_entry (1); + break; + case GRUB_TERM_CTRL | 'r': @@ -247,11 +237,9 @@ Index: grub-2.06~rc1/grub-core/normal/menu.c case '\n': case '\r': case GRUB_TERM_KEY_RIGHT: -Index: grub-2.06~rc1/include/grub/gfxmenu_view.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/gfxmenu_view.h -+++ grub-2.06~rc1/include/grub/gfxmenu_view.h -@@ -61,6 +61,8 @@ void +--- a/include/grub/gfxmenu_view.h ++++ b/include/grub/gfxmenu_view.h +@@ -61,6 +61,8 @@ grub_gfxmenu_print_timeout (int timeout, void *data); void grub_gfxmenu_set_chosen_entry (int entry, void *data); @@ -260,7 +248,7 @@ Index: grub-2.06~rc1/include/grub/gfxmenu_view.h grub_err_t grub_font_draw_string (const char *str, grub_font_t font, -@@ -119,6 +121,8 @@ struct grub_gfxmenu_view +@@ -119,6 +121,8 @@ int nested; int first_timeout; @@ -269,11 +257,9 @@ Index: grub-2.06~rc1/include/grub/gfxmenu_view.h }; #endif /* ! GRUB_GFXMENU_VIEW_HEADER */ -Index: grub-2.06~rc1/include/grub/menu_viewer.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/menu_viewer.h -+++ grub-2.06~rc1/include/grub/menu_viewer.h -@@ -33,6 +33,7 @@ struct grub_menu_viewer +--- a/include/grub/menu_viewer.h ++++ b/include/grub/menu_viewer.h +@@ -33,6 +33,7 @@ void (*set_chosen_entry) (int entry, void *data); void (*print_timeout) (int timeout, void *data); void (*clear_timeout) (void *data); diff --git a/grub2-grubenv-in-btrfs-header.patch b/grub2-grubenv-in-btrfs-header.patch index 4b9b082..560dead 100644 --- a/grub2-grubenv-in-btrfs-header.patch +++ b/grub2-grubenv-in-btrfs-header.patch @@ -10,10 +10,8 @@ v3: occur. --- -Index: grub-2.04/grub-core/kern/fs.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/fs.c -+++ grub-2.04/grub-core/kern/fs.c +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c @@ -27,6 +27,7 @@ #include #include @@ -22,7 +20,7 @@ Index: grub-2.04/grub-core/kern/fs.c grub_fs_t grub_fs_list = 0; -@@ -228,6 +229,13 @@ grub_fs_blocklist_read (grub_file_t file +@@ -236,6 +237,13 @@ size, buf) != GRUB_ERR_NONE) return -1; @@ -31,15 +29,13 @@ Index: grub-2.04/grub-core/kern/fs.c + grub_disk_addr_t part_start; + + part_start = grub_partition_get_start (file->device->disk->partition); -+ file->read_hook (p->offset + sector + part_start, (unsigned)offset, (unsigned)size, file->read_hook_data); ++ file->read_hook (p->offset + sector + part_start, (unsigned)offset, (unsigned)size, NULL, file->read_hook_data); + } ret += size; len -= size; sector -= ((size + offset) >> GRUB_DISK_SECTOR_BITS); -Index: grub-2.04/util/grub-editenv.c -=================================================================== ---- grub-2.04.orig/util/grub-editenv.c -+++ grub-2.04/util/grub-editenv.c +--- a/util/grub-editenv.c ++++ b/util/grub-editenv.c @@ -23,8 +23,11 @@ #include #include @@ -53,7 +49,7 @@ Index: grub-2.04/util/grub-editenv.c #include #include -@@ -120,6 +123,140 @@ block, use `rm %s'."), +@@ -120,6 +123,140 @@ NULL, help_filter, NULL }; @@ -194,7 +190,7 @@ Index: grub-2.04/util/grub-editenv.c static grub_envblk_t open_envblk_file (const char *name) { -@@ -176,10 +313,17 @@ static void +@@ -182,10 +319,17 @@ list_variables (const char *name) { grub_envblk_t envblk; @@ -212,7 +208,7 @@ Index: grub-2.04/util/grub-editenv.c } static void -@@ -203,6 +347,38 @@ write_envblk (const char *name, grub_env +@@ -209,6 +353,38 @@ } static void @@ -251,7 +247,7 @@ Index: grub-2.04/util/grub-editenv.c set_variables (const char *name, int argc, char *argv[]) { grub_envblk_t envblk; -@@ -218,8 +394,27 @@ set_variables (const char *name, int arg +@@ -224,8 +400,27 @@ *(p++) = 0; @@ -281,7 +277,7 @@ Index: grub-2.04/util/grub-editenv.c argc--; argv++; -@@ -227,26 +422,158 @@ set_variables (const char *name, int arg +@@ -233,26 +428,158 @@ write_envblk (name, envblk); grub_envblk_close (envblk); @@ -440,7 +436,7 @@ Index: grub-2.04/util/grub-editenv.c int main (int argc, char *argv[]) { -@@ -278,6 +605,9 @@ main (int argc, char *argv[]) +@@ -284,6 +611,9 @@ command = argv[curindex++]; } @@ -450,11 +446,9 @@ Index: grub-2.04/util/grub-editenv.c if (strcmp (command, "create") == 0) grub_util_create_envblk_file (filename); else if (strcmp (command, "list") == 0) -Index: grub-2.04/util/grub.d/00_header.in -=================================================================== ---- grub-2.04.orig/util/grub.d/00_header.in -+++ grub-2.04/util/grub.d/00_header.in -@@ -46,6 +46,13 @@ cat << EOF +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -46,6 +46,13 @@ if [ -s \$prefix/grubenv ]; then load_env fi @@ -468,7 +462,7 @@ Index: grub-2.04/util/grub.d/00_header.in EOF if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then cat < $@ || (rm -f $@; exit 1) CLEANFILES += libgrub.pp +# the grep/sed ensures that ext2 gets initialized before minix* +# see https://savannah.gnu.org/bugs/?57652 libgrub_a_init.lst: libgrub.pp - cat $< | grep '@MARKER@' | sed 's/@MARKER@\(.*\)@/\1/g' | sort -u > $@ || (rm -f $@; exit 1) + cat $< | grep '^@MARKER@' | sed 's/@MARKER@\(.*\)@/\1/g' | sort -u > $@ || (rm -f $@; exit 1) + if grep ^ext2 $@ >/dev/null; then sed '/ext2/d;/newc/iext2' < $@ > $@.tmp && mv $@.tmp $@; fi CLEANFILES += libgrub_a_init.lst diff --git a/grub2-install-remove-useless-check-PReP-partition-is-empty.patch b/grub2-install-remove-useless-check-PReP-partition-is-empty.patch index 9fbcf9e..02190ca 100644 --- a/grub2-install-remove-useless-check-PReP-partition-is-empty.patch +++ b/grub2-install-remove-useless-check-PReP-partition-is-empty.patch @@ -16,11 +16,9 @@ Fixes: cd46aa6cefab ("Rewrite grub-install, grub-mkrescue, util/grub-install.c | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) -Index: grub-2.06~rc1/util/grub-install.c -=================================================================== ---- grub-2.06~rc1.orig/util/grub-install.c -+++ grub-2.06~rc1/util/grub-install.c -@@ -756,34 +756,6 @@ is_prep_partition (grub_device_t dev) +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -759,34 +759,6 @@ return 0; } @@ -55,7 +53,7 @@ Index: grub-2.06~rc1/util/grub-install.c static void bless (grub_device_t dev, const char *path, int x86) { -@@ -1923,16 +1895,9 @@ main (int argc, char *argv[]) +@@ -1980,18 +1952,9 @@ { grub_util_error ("%s", _("the chosen partition is not a PReP partition")); } @@ -63,14 +61,17 @@ Index: grub-2.06~rc1/util/grub-install.c - { - if (write_to_disk (ins_dev, imgfile)) - grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); +- grub_set_install_backup_ponr (); - } - else -+ if (write_to_disk (ins_dev, imgfile)) - { +- { - char *s = xasprintf ("dd if=/dev/zero of=%s", install_device); - grub_util_error (_("the PReP partition is not empty. If you are sure you want to use it, run dd to clear it: `%s'"), - s); -+ grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); - } +- } ++ if (write_to_disk (ins_dev, imgfile)) ++ grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); ++ grub_set_install_backup_ponr (); grub_device_close (ins_dev); if (update_nvram) + grub_install_register_ieee1275 (1, grub_util_get_os_disk (install_device), diff --git a/grub2-linux.patch b/grub2-linux.patch index 446b82b..c5b9f2e 100644 --- a/grub2-linux.patch +++ b/grub2-linux.patch @@ -1,8 +1,6 @@ -Index: grub-2.04rc1/util/grub.d/10_linux.in -=================================================================== ---- grub-2.04rc1.orig/util/grub.d/10_linux.in -+++ grub-2.04rc1/util/grub.d/10_linux.in -@@ -31,7 +31,7 @@ CLASS="--class gnu-linux --class gnu --c +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -31,7 +31,7 @@ if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then OS=GNU/Linux else @@ -11,7 +9,7 @@ Index: grub-2.04rc1/util/grub.d/10_linux.in CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" fi -@@ -141,7 +141,7 @@ linux_entry () +@@ -143,7 +143,7 @@ message="$(gettext_printf "Loading Linux %s ..." ${version})" sed "s/^/$submenu_indentation/" << EOF echo '$(echo "$message" | grub_quote)' @@ -20,11 +18,9 @@ Index: grub-2.04rc1/util/grub.d/10_linux.in EOF if test -n "${initrd}" ; then # TRANSLATORS: ramdisk isn't identifier. Should be translated. -Index: grub-2.04rc1/util/grub.d/20_linux_xen.in -=================================================================== ---- grub-2.04rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.04rc1/util/grub.d/20_linux_xen.in -@@ -31,7 +31,7 @@ CLASS="--class gnu-linux --class gnu --c +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -31,7 +31,7 @@ if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then OS=GNU/Linux else @@ -33,7 +29,7 @@ Index: grub-2.04rc1/util/grub.d/20_linux_xen.in CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" fi -@@ -134,7 +134,7 @@ linux_entry () +@@ -154,7 +154,7 @@ fi ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} echo '$(echo "$lmessage" | grub_quote)' diff --git a/grub2-linuxefi-fix-boot-params.patch b/grub2-linuxefi-fix-boot-params.patch index 32a3372..8c9e616 100644 --- a/grub2-linuxefi-fix-boot-params.patch +++ b/grub2-linuxefi-fix-boot-params.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~rc1/grub-core/loader/i386/efi/linux.c -=================================================================== ---- grub-2.02~rc1.orig/grub-core/loader/i386/efi/linux.c -+++ grub-2.02~rc1/grub-core/loader/i386/efi/linux.c -@@ -324,7 +324,14 @@ grub_cmd_linux (grub_command_t cmd __att +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -298,7 +298,14 @@ lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; } diff --git a/grub2-menu-unrestricted.patch b/grub2-menu-unrestricted.patch index c4a1e5f..b0810e7 100644 --- a/grub2-menu-unrestricted.patch +++ b/grub2-menu-unrestricted.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta2/grub-core/normal/menu.c -=================================================================== ---- grub-2.02~beta2.orig/grub-core/normal/menu.c -+++ grub-2.02~beta2/grub-core/normal/menu.c -@@ -213,7 +213,17 @@ grub_menu_execute_entry(grub_menu_entry_ +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -212,7 +212,17 @@ grub_size_t sz = 0; if (entry->restricted) diff --git a/grub2-mkconfig-aarch64.patch b/grub2-mkconfig-aarch64.patch index c105797..949b21f 100644 --- a/grub2-mkconfig-aarch64.patch +++ b/grub2-mkconfig-aarch64.patch @@ -1,10 +1,8 @@ grub-mkonfig: Look for Image-* on aarch64 -Index: grub-2.02~beta2/util/grub.d/10_linux.in -=================================================================== ---- grub-2.02~beta2.orig/util/grub.d/10_linux.in -+++ grub-2.02~beta2/util/grub.d/10_linux.in -@@ -190,6 +190,7 @@ EOF +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -194,6 +194,7 @@ machine=`uname -m` case "x$machine" in xi?86 | xx86_64) klist="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" ;; diff --git a/grub2-mkconfig-arm.patch b/grub2-mkconfig-arm.patch index 00423b1..3193b72 100644 --- a/grub2-mkconfig-arm.patch +++ b/grub2-mkconfig-arm.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta3/util/grub.d/10_linux.in -=================================================================== ---- grub-2.02~beta3.orig/util/grub.d/10_linux.in -+++ grub-2.02~beta3/util/grub.d/10_linux.in -@@ -193,6 +193,7 @@ machine=`uname -m` +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -195,6 +195,7 @@ case "x$machine" in xi?86 | xx86_64) klist="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" ;; xaarch64) klist="/boot/Image-* /Image-* /boot/kernel-*" ;; diff --git a/grub2-mkconfig-default-entry-correction.patch b/grub2-mkconfig-default-entry-correction.patch index 59ef5fa..da322c9 100644 --- a/grub2-mkconfig-default-entry-correction.patch +++ b/grub2-mkconfig-default-entry-correction.patch @@ -1,10 +1,8 @@ -Index: grub-2.06/util/grub-mkconfig.in -=================================================================== ---- grub-2.06.orig/util/grub-mkconfig.in -+++ grub-2.06/util/grub-mkconfig.in -@@ -356,6 +356,11 @@ and /etc/grub.d/* files or please file a - # none of the children aborted with error, install the new grub.cfg +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -363,6 +363,11 @@ cat ${grub_cfg}.new > ${grub_cfg} + umask $oldumask rm -f ${grub_cfg}.new + # check if default entry need to be corrected for updated distributor version + # and/or use fallback entry if default kernel entry removed diff --git a/grub2-pass-corret-root-for-nfsroot.patch b/grub2-pass-corret-root-for-nfsroot.patch index 778a3cc..d6cbc07 100644 --- a/grub2-pass-corret-root-for-nfsroot.patch +++ b/grub2-pass-corret-root-for-nfsroot.patch @@ -18,11 +18,9 @@ v2: Filter out autofs and securityfs from /proc/self/mountinfo (bsc#1069094) util/grub-mkconfig.in | 37 ++++++++++++++++++++++++++++++------- 1 files changed, 30 insertions(+), 7 deletions(-) -Index: grub-2.06~rc1/util/grub-mkconfig.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub-mkconfig.in -+++ grub-2.06~rc1/util/grub-mkconfig.in -@@ -131,14 +131,27 @@ else +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -131,26 +131,54 @@ exit 1 fi @@ -57,27 +55,28 @@ Index: grub-2.06~rc1/util/grub-mkconfig.in # Disable os-prober by default due to security reasons. GRUB_DISABLE_OS_PROBER="true" -@@ -146,11 +159,26 @@ GRUB_DISABLE_OS_PROBER="true" - # Filesystem for the device containing our userland. Used for stuff like - # choosing Hurd filesystem module. - GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" -- --if [ x"$GRUB_FS" = xunknown ]; then -- GRUB_FS="$(stat -f -c %T / || echo unknown)" + +-# Filesystem for the device containing our userland. Used for stuff like +-# choosing Hurd filesystem module. +-GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" +if [ "x${NFSROOT_DEVICE}" != "x" ]; then + GRUB_DEVICE="" + GRUB_DEVICE_UUID="" + GRUB_DEVICE_PARTUUID="" + GRUB_FS="unknown" +else ++ # Filesystem for the device containing our userland. Used for stuff like ++ # choosing Hurd filesystem module. ++ GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" + # Device containing our userland. Typically used for root= parameter. + GRUB_DEVICE="`${grub_probe} --target=device /`" + GRUB_DEVICE_UUID="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true + GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2> /dev/null`" || true -+ -+ if [ x"$GRUB_FS" = x ] || [ x"$GRUB_FS" = xunknown ]; then -+ GRUB_FS="$(stat -f -c %T / || echo unknown)" -+ fi ++fi + +-if [ x"$GRUB_FS" = xunknown ]; then ++if [ x"$GRUB_FS" = x ] || [ x"$GRUB_FS" = xunknown ]; then + GRUB_FS="$(stat -f -c %T / || echo unknown)" fi +# Device containing our /boot partition. Usually the same as GRUB_DEVICE. @@ -87,11 +86,9 @@ Index: grub-2.06~rc1/util/grub-mkconfig.in # Provide a default set of stock linux early initrd images. # Define here so the list can be modified in the sourced config file. if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then -Index: grub-2.06~rc1/util/grub.d/10_linux.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub.d/10_linux.in -+++ grub-2.06~rc1/util/grub.d/10_linux.in -@@ -86,6 +86,12 @@ linux_entry () +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -88,6 +88,12 @@ type="$3" args="$4" @@ -104,7 +101,7 @@ Index: grub-2.06~rc1/util/grub.d/10_linux.in if [ -z "$boot_device_id" ]; then boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" fi -@@ -141,7 +147,7 @@ linux_entry () +@@ -143,7 +149,7 @@ message="$(gettext_printf "Loading Linux %s ..." ${version})" sed "s/^/$submenu_indentation/" << EOF echo '$(echo "$message" | grub_quote)' @@ -113,11 +110,9 @@ Index: grub-2.06~rc1/util/grub.d/10_linux.in EOF if test -n "${initrd}" ; then # TRANSLATORS: ramdisk isn't identifier. Should be translated. -Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in -=================================================================== ---- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.06~rc1/util/grub.d/20_linux_xen.in -@@ -107,6 +107,11 @@ linux_entry_xsm () +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -109,6 +109,11 @@ args="$5" xen_args="$6" xsm="$7" @@ -128,8 +123,8 @@ Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in + fi # If user wants to enable XSM support, make sure there's # corresponding policy file. - if ${xsm} ; then -@@ -157,7 +162,7 @@ linux_entry_xsm () + xenpolicy= +@@ -160,7 +165,7 @@ fi ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} echo '$(echo "$lmessage" | grub_quote)' diff --git a/grub2-ppc-terminfo.patch b/grub2-ppc-terminfo.patch index 066f495..5725a3b 100644 --- a/grub2-ppc-terminfo.patch +++ b/grub2-ppc-terminfo.patch @@ -12,11 +12,9 @@ maximum screen size so that text is not overwritten. 2 files changed, 121 insertions(+), 0 deletions(-) create mode 100644 util/grub.d/20_ppc_terminfo.in -Index: grub-2.02~beta2/Makefile.util.def -=================================================================== ---- grub-2.02~beta2.orig/Makefile.util.def -+++ grub-2.02~beta2/Makefile.util.def -@@ -485,6 +485,13 @@ script = { +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -512,6 +512,13 @@ }; script = { @@ -27,13 +25,11 @@ Index: grub-2.02~beta2/Makefile.util.def +}; + +script = { - name = '30_os-prober'; - common = util/grub.d/30_os-prober.in; + name = '25_bli'; + common = util/grub.d/25_bli.in; installdir = grubconf; -Index: grub-2.02~beta2/util/grub.d/20_ppc_terminfo.in -=================================================================== --- /dev/null -+++ grub-2.02~beta2/util/grub.d/20_ppc_terminfo.in ++++ b/util/grub.d/20_ppc_terminfo.in @@ -0,0 +1,114 @@ +#! /bin/sh +set -e diff --git a/grub2-ppc64-cas-fix-double-free.patch b/grub2-ppc64-cas-fix-double-free.patch index 5f8146b..8be8120 100644 --- a/grub2-ppc64-cas-fix-double-free.patch +++ b/grub2-ppc64-cas-fix-double-free.patch @@ -1,8 +1,6 @@ -Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/ieee1275/openfw.c -+++ grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c -@@ -595,7 +595,7 @@ grub_ieee1275_canonicalise_devname (cons +--- a/grub-core/kern/ieee1275/openfw.c ++++ b/grub-core/kern/ieee1275/openfw.c +@@ -595,7 +595,7 @@ /* Check if it's a CAS reboot. If so, set the script to be executed. */ int @@ -11,7 +9,7 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c { grub_uint32_t ibm_ca_support_reboot; grub_uint32_t ibm_fw_nbr_reboots; -@@ -628,16 +628,37 @@ grub_ieee1275_cas_reboot (char *script) +@@ -628,16 +628,37 @@ if (ibm_ca_support_reboot || ibm_fw_nbr_reboots) { @@ -57,7 +55,7 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c grub_ieee1275_set_boot_last_label (""); return -1; -@@ -651,8 +672,9 @@ int grub_ieee1275_set_boot_last_label (c +@@ -651,8 +672,9 @@ grub_dprintf("ieee1275", "set boot_last_label (size: %" PRIxGRUB_SIZE ")\n", grub_strlen(text)); if (! grub_ieee1275_finddevice ("/options", &options) && options != (grub_ieee1275_ihandle_t) -1) @@ -68,11 +66,9 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c return 0; } -Index: grub-2.04~rc1/grub-core/normal/main.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/normal/main.c -+++ grub-2.04~rc1/grub-core/normal/main.c -@@ -281,10 +281,9 @@ grub_normal_execute (const char *config, +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -282,10 +282,9 @@ #ifdef GRUB_MACHINE_IEEE1275 int boot; boot = 0; @@ -85,11 +81,9 @@ Index: grub-2.04~rc1/grub-core/normal/main.c { if (! grub_script_execute_new_scope (script, 0, dummy)) boot = 1; -Index: grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/ieee1275/ieee1275.h -+++ grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -@@ -263,7 +263,7 @@ int EXPORT_FUNC(grub_ieee1275_devalias_n +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -256,7 +256,7 @@ void EXPORT_FUNC(grub_ieee1275_children_peer) (struct grub_ieee1275_devalias *alias); void EXPORT_FUNC(grub_ieee1275_children_first) (const char *devpath, struct grub_ieee1275_devalias *alias); diff --git a/grub2-ppc64-cas-new-scope.patch b/grub2-ppc64-cas-new-scope.patch index c8bb566..b37b656 100644 --- a/grub2-ppc64-cas-new-scope.patch +++ b/grub2-ppc64-cas-new-scope.patch @@ -1,8 +1,6 @@ -Index: grub-2.02/grub-core/normal/main.c -=================================================================== ---- grub-2.02.orig/grub-core/normal/main.c -+++ grub-2.02/grub-core/normal/main.c -@@ -282,10 +282,11 @@ grub_normal_execute (const char *config, +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -283,10 +283,11 @@ int boot; boot = 0; char *script; diff --git a/grub2-ppc64-cas-reboot-support.patch b/grub2-ppc64-cas-reboot-support.patch index 40063f0..7b09aaa 100644 --- a/grub2-ppc64-cas-reboot-support.patch +++ b/grub2-ppc64-cas-reboot-support.patch @@ -24,11 +24,9 @@ parameters include/grub/ieee1275/ieee1275.h | 2 ++ 4 files changed, 90 insertions(+) -Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/ieee1275/openfw.c -+++ grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c -@@ -593,6 +593,69 @@ grub_ieee1275_canonicalise_devname (cons +--- a/grub-core/kern/ieee1275/openfw.c ++++ b/grub-core/kern/ieee1275/openfw.c +@@ -593,6 +593,69 @@ return NULL; } @@ -98,11 +96,9 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c char * grub_ieee1275_get_boot_dev (void) { -Index: grub-2.04~rc1/grub-core/normal/main.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/normal/main.c -+++ grub-2.04~rc1/grub-core/normal/main.c -@@ -33,6 +33,9 @@ +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -34,6 +34,9 @@ #include #include #include @@ -112,7 +108,7 @@ Index: grub-2.04~rc1/grub-core/normal/main.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -275,6 +278,21 @@ grub_normal_execute (const char *config, +@@ -276,6 +279,21 @@ { menu = read_config_file (config); @@ -134,10 +130,8 @@ Index: grub-2.04~rc1/grub-core/normal/main.c /* Ignore any error. */ grub_errno = GRUB_ERR_NONE; } -Index: grub-2.04~rc1/grub-core/script/execute.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/script/execute.c -+++ grub-2.04~rc1/grub-core/script/execute.c +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c @@ -28,6 +28,9 @@ #include #include @@ -148,7 +142,7 @@ Index: grub-2.04~rc1/grub-core/script/execute.c /* Max digits for a char is 3 (0xFF is 255), similarly for an int it is sizeof (int) * 3, and one extra for a possible -ve sign. */ -@@ -878,6 +881,10 @@ grub_script_execute_sourcecode (const ch +@@ -883,6 +886,10 @@ grub_err_t ret = 0; struct grub_script *parsed_script; @@ -159,11 +153,9 @@ Index: grub-2.04~rc1/grub-core/script/execute.c while (source) { char *line; -Index: grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/ieee1275/ieee1275.h -+++ grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -@@ -263,6 +263,8 @@ int EXPORT_FUNC(grub_ieee1275_devalias_n +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -256,6 +256,8 @@ void EXPORT_FUNC(grub_ieee1275_children_peer) (struct grub_ieee1275_devalias *alias); void EXPORT_FUNC(grub_ieee1275_children_first) (const char *devpath, struct grub_ieee1275_devalias *alias); diff --git a/grub2-ppc64le-disable-video.patch b/grub2-ppc64le-disable-video.patch index 2380032..1934de3 100644 --- a/grub2-ppc64le-disable-video.patch +++ b/grub2-ppc64le-disable-video.patch @@ -1,8 +1,6 @@ -Index: grub-2.04~rc1/grub-core/kern/ieee1275/cmain.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/ieee1275/cmain.c -+++ grub-2.04~rc1/grub-core/kern/ieee1275/cmain.c -@@ -90,7 +90,10 @@ grub_ieee1275_find_options (void) +--- a/grub-core/kern/ieee1275/cmain.c ++++ b/grub-core/kern/ieee1275/cmain.c +@@ -89,7 +89,10 @@ } if (rc >= 0 && grub_strncmp (tmp, "IBM", 3) == 0) @@ -14,11 +12,9 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/cmain.c /* Old Macs have no key repeat, newer ones have fully working one. The ones inbetween when repeated key generates an escaoe sequence -Index: grub-2.04~rc1/grub-core/video/ieee1275.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/video/ieee1275.c -+++ grub-2.04~rc1/grub-core/video/ieee1275.c -@@ -352,9 +352,12 @@ static struct grub_video_adapter grub_vi +--- a/grub-core/video/ieee1275.c ++++ b/grub-core/video/ieee1275.c +@@ -351,9 +351,12 @@ GRUB_MOD_INIT(ieee1275_fb) { @@ -34,14 +30,12 @@ Index: grub-2.04~rc1/grub-core/video/ieee1275.c } GRUB_MOD_FINI(ieee1275_fb) -Index: grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/ieee1275/ieee1275.h -+++ grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -@@ -148,6 +148,8 @@ enum grub_ieee1275_flag - GRUB_IEEE1275_FLAG_CURSORONOFF_ANSI_BROKEN, - - GRUB_IEEE1275_FLAG_RAW_DEVNAMES, +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -141,6 +141,8 @@ + */ + GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY, + #endif + + GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT }; diff --git a/grub2-ppc64le-memory-map.patch b/grub2-ppc64le-memory-map.patch index 44ac4a7..abe6004 100644 --- a/grub2-ppc64le-memory-map.patch +++ b/grub2-ppc64le-memory-map.patch @@ -1,8 +1,6 @@ -Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/ieee1275/openfw.c -+++ grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c -@@ -302,6 +302,34 @@ grub_ieee1275_map (grub_addr_t phys, gru +--- a/grub-core/kern/ieee1275/openfw.c ++++ b/grub-core/kern/ieee1275/openfw.c +@@ -302,6 +302,34 @@ return args.catch_result; } @@ -37,7 +35,7 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c grub_err_t grub_claimmap (grub_addr_t addr, grub_size_t size) { -@@ -317,6 +345,7 @@ grub_claimmap (grub_addr_t addr, grub_si +@@ -317,6 +345,7 @@ return grub_errno; } @@ -45,11 +43,9 @@ Index: grub-2.04~rc1/grub-core/kern/ieee1275/openfw.c return GRUB_ERR_NONE; } -Index: grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/ieee1275/ieee1275.h -+++ grub-2.04~rc1/include/grub/ieee1275/ieee1275.h -@@ -30,6 +30,12 @@ struct grub_ieee1275_mem_region +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -33,6 +33,12 @@ unsigned int size; }; @@ -62,7 +58,7 @@ Index: grub-2.04~rc1/include/grub/ieee1275/ieee1275.h #define IEEE1275_MAX_PROP_LEN 8192 #define IEEE1275_MAX_PATH_LEN 256 -@@ -235,6 +241,7 @@ char *EXPORT_FUNC(grub_ieee1275_encode_u +@@ -228,6 +234,7 @@ int EXPORT_FUNC(grub_ieee1275_get_block_size) (grub_ieee1275_ihandle_t ihandle); grub_err_t EXPORT_FUNC(grub_claimmap) (grub_addr_t addr, grub_size_t size); @@ -70,11 +66,9 @@ Index: grub-2.04~rc1/include/grub/ieee1275/ieee1275.h int EXPORT_FUNC(grub_ieee1275_map) (grub_addr_t phys, grub_addr_t virt, -Index: grub-2.04~rc1/grub-core/kern/ieee1275/init.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/ieee1275/init.c -+++ grub-2.04~rc1/grub-core/kern/ieee1275/init.c -@@ -73,6 +73,7 @@ grub_addr_t grub_ieee1275_original_stack +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -111,6 +111,7 @@ void grub_exit (void) { diff --git a/grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch b/grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch index e110910..287b28a 100644 --- a/grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch +++ b/grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch @@ -21,11 +21,9 @@ Subject: [PATCH 1/3] - Changes made and files added in order to allow s390x create mode 100644 include/grub/s390x/time.h create mode 100644 include/grub/s390x/types.h -Index: grub-2.04~rc1/grub-core/kern/emu/cache_s.S -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/emu/cache_s.S -+++ grub-2.04~rc1/grub-core/kern/emu/cache_s.S -@@ -10,6 +10,7 @@ +--- a/grub-core/kern/emu/cache_s.S ++++ b/grub-core/kern/emu/cache_s.S +@@ -15,6 +15,7 @@ #include "../powerpc/cache.S" #elif defined(__ia64__) || defined(__arm__) || defined(__aarch64__) || \ defined(__mips__) || defined(__riscv) @@ -33,10 +31,8 @@ Index: grub-2.04~rc1/grub-core/kern/emu/cache_s.S #else #error "No target cpu type is defined" #endif -Index: grub-2.04~rc1/grub-core/kern/emu/lite.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/emu/lite.c -+++ grub-2.04~rc1/grub-core/kern/emu/lite.c +--- a/grub-core/kern/emu/lite.c ++++ b/grub-core/kern/emu/lite.c @@ -26,6 +26,8 @@ #include "../arm64/dl.c" #elif defined(__riscv) @@ -46,41 +42,37 @@ Index: grub-2.04~rc1/grub-core/kern/emu/lite.c #else #error "No target cpu type is defined" #endif -Index: grub-2.04~rc1/grub-core/kern/dl.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/dl.c -+++ grub-2.04~rc1/grub-core/kern/dl.c -@@ -229,7 +229,7 @@ grub_dl_load_segments (grub_dl_t mod, co - unsigned i; +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -230,7 +230,7 @@ const Elf_Shdr *s; grub_size_t tsize = 0, talign = 1; --#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && !defined (__s390x__) + #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \ +- !defined (__loongarch__) ++ !defined (__loongarch__) && !defined (__s390x__) grub_size_t tramp; grub_size_t got; grub_err_t err; -@@ -245,7 +245,7 @@ grub_dl_load_segments (grub_dl_t mod, co - talign = s->sh_addralign; +@@ -247,7 +247,7 @@ } --#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && !defined (__s390x__) + #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \ +- !defined (__loongarch__) ++ !defined (__loongarch__) && !defined (__s390x__) err = grub_arch_dl_get_tramp_got_size (e, &tramp, &got); if (err) return err; -@@ -308,7 +308,7 @@ grub_dl_load_segments (grub_dl_t mod, co - mod->segment = seg; +@@ -311,7 +311,7 @@ } } --#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && !defined (__s390x__) + #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \ +- !defined (__loongarch__) ++ !defined (__loongarch__) && !defined (__s390x__) ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_TRAMP_ALIGN); mod->tramp = ptr; mod->trampptr = ptr; -Index: grub-2.04~rc1/grub-core/kern/s390x/dl.c -=================================================================== --- /dev/null -+++ grub-2.04~rc1/grub-core/kern/s390x/dl.c ++++ b/grub-core/kern/s390x/dl.c @@ -0,0 +1,40 @@ +/* dl.c - arch-dependent part of loadable module support */ +/* @@ -122,10 +114,8 @@ Index: grub-2.04~rc1/grub-core/kern/s390x/dl.c + (void)(seg); + return GRUB_ERR_BUG; +} -Index: grub-2.04~rc1/grub-core/lib/s390x/setjmp.S -=================================================================== --- /dev/null -+++ grub-2.04~rc1/grub-core/lib/s390x/setjmp.S ++++ b/grub-core/lib/s390x/setjmp.S @@ -0,0 +1,46 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -173,12 +163,10 @@ Index: grub-2.04~rc1/grub-core/lib/s390x/setjmp.S + lmg %r11,%r15,0(%r2) + lgr %r2,%r3 + br %r14 -Index: grub-2.04~rc1/grub-core/lib/setjmp.S -=================================================================== ---- grub-2.04~rc1.orig/grub-core/lib/setjmp.S -+++ grub-2.04~rc1/grub-core/lib/setjmp.S -@@ -17,6 +17,8 @@ - #include "./arm64/setjmp.S" +--- a/grub-core/lib/setjmp.S ++++ b/grub-core/lib/setjmp.S +@@ -23,6 +23,8 @@ + #include "./loongarch64/setjmp.S" #elif defined(__riscv) #include "./riscv/setjmp.S" +#elif defined(__s390x__) @@ -186,10 +174,8 @@ Index: grub-2.04~rc1/grub-core/lib/setjmp.S #else #error "Unknown target cpu type" #endif -Index: grub-2.04~rc1/include/grub/cache.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/cache.h -+++ grub-2.04~rc1/include/grub/cache.h +--- a/include/grub/cache.h ++++ b/include/grub/cache.h @@ -23,7 +23,7 @@ #include #include @@ -199,10 +185,8 @@ Index: grub-2.04~rc1/include/grub/cache.h static inline void grub_arch_sync_caches (void *address __attribute__ ((unused)), grub_size_t len __attribute__ ((unused))) -Index: grub-2.04~rc1/include/grub/s390x/setjmp.h -=================================================================== --- /dev/null -+++ grub-2.04~rc1/include/grub/s390x/setjmp.h ++++ b/include/grub/s390x/setjmp.h @@ -0,0 +1,29 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -233,10 +217,8 @@ Index: grub-2.04~rc1/include/grub/s390x/setjmp.h +void grub_longjmp (grub_jmp_buf env, int val) __attribute__ ((noreturn)); + +#endif /* ! GRUB_SETJMP_CPU_HEADER */ -Index: grub-2.04~rc1/include/grub/s390x/time.h -=================================================================== --- /dev/null -+++ grub-2.04~rc1/include/grub/s390x/time.h ++++ b/include/grub/s390x/time.h @@ -0,0 +1,27 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -265,10 +247,8 @@ Index: grub-2.04~rc1/include/grub/s390x/time.h +} + +#endif /* ! KERNEL_CPU_TIME_HEADER */ -Index: grub-2.04~rc1/include/grub/s390x/types.h -=================================================================== --- /dev/null -+++ grub-2.04~rc1/include/grub/s390x/types.h ++++ b/include/grub/s390x/types.h @@ -0,0 +1,32 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -302,3 +282,15 @@ Index: grub-2.04~rc1/include/grub/s390x/types.h + + +#endif /* ! GRUB_TYPES_CPU_HEADER */ +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -407,6 +407,9 @@ + extra_dist = kern/i386/realmode.S; + extra_dist = boot/i386/pc/lzma_decode.S; + extra_dist = kern/mips/cache_flush.S; ++ ++ extra_dist = kern/s390x/dl.c; ++ extra_dist = lib/s390x/setjmp.S; + }; + + program = { diff --git a/grub2-s390x-02-kexec-module-added-to-emu.patch b/grub2-s390x-02-kexec-module-added-to-emu.patch deleted file mode 100644 index a23b780..0000000 --- a/grub2-s390x-02-kexec-module-added-to-emu.patch +++ /dev/null @@ -1,342 +0,0 @@ ---- - grub-core/Makefile.am | 1 - grub-core/Makefile.core.def | 2 - grub-core/kern/emu/main.c | 4 - grub-core/kern/emu/misc.c | 18 ++++ - grub-core/loader/emu/linux.c | 173 +++++++++++++++++++++++++++++++++++++++++++ - include/grub/emu/exec.h | 4 - include/grub/emu/hostfile.h | 3 - include/grub/emu/misc.h | 3 - 8 files changed, 204 insertions(+), 4 deletions(-) - -Index: grub-2.04~rc1/grub-core/Makefile.core.def -=================================================================== ---- grub-2.04~rc1.orig/grub-core/Makefile.core.def -+++ grub-2.04~rc1/grub-core/Makefile.core.def -@@ -1786,9 +1786,9 @@ module = { - arm64 = loader/arm64/linux.c; - riscv32 = loader/riscv/linux.c; - riscv64 = loader/riscv/linux.c; -+ emu = loader/emu/linux.c; - common = loader/linux.c; - common = lib/cmdline.c; -- enable = noemu; - }; - - module = { -Index: grub-2.04~rc1/grub-core/loader/emu/linux.c -=================================================================== ---- /dev/null -+++ grub-2.04~rc1/grub-core/loader/emu/linux.c -@@ -0,0 +1,173 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static grub_dl_t my_mod; -+ -+static char *kernel_path; -+static char *initrd_path; -+static char *boot_cmdline; -+ -+static grub_err_t -+grub_linux_boot (void) -+{ -+ grub_err_t rc = GRUB_ERR_NONE; -+ char *initrd_param; -+ const char *kexec[] = { "kexec", "-l", kernel_path, boot_cmdline, NULL, NULL }; -+ const char *systemctl[] = { "systemctl", "kexec", NULL }; -+ int kexecute = grub_util_get_kexecute(); -+ -+ if (initrd_path) { -+ initrd_param = grub_xasprintf("--initrd=%s", initrd_path); -+ kexec[3] = initrd_param; -+ kexec[4] = boot_cmdline; -+ } else { -+ initrd_param = grub_xasprintf("%s", ""); -+ //return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("initrd required!")); -+ } -+ -+ grub_printf("%serforming 'kexec -l %s %s %s'\n", -+ (kexecute) ? "P" : "Not p", -+ kernel_path, initrd_param, boot_cmdline); -+ -+ if (kexecute) -+ rc = grub_util_exec(kexec); -+ -+ grub_free(initrd_param); -+ -+ if (rc != GRUB_ERR_NONE) { -+ grub_error (rc, N_("Error trying to perform kexec load operation.")); -+ grub_sleep (3); -+ return rc; -+ } -+ if (kexecute < 1) -+ grub_fatal (N_("Use '"PACKAGE"-emu --kexec' to force a system restart.")); -+ -+ grub_printf("Performing 'systemctl kexec' (%s) ", -+ (kexecute==1) ? "do-or-die" : "just-in-case"); -+ rc = grub_util_exec (systemctl); -+ -+ if (kexecute == 1) -+ grub_fatal (N_("Error trying to perform 'systemctl kexec'")); -+ -+ /* need to check read-only root before resetting hard!? */ -+ grub_printf("Performing 'kexec -e'"); -+ kexec[1] = "-e"; -+ kexec[2] = NULL; -+ rc = grub_util_exec(kexec); -+ if ( rc != GRUB_ERR_NONE ) -+ grub_fatal (N_("Error trying to directly perform 'kexec -e'.")); -+ -+ return rc; -+} -+ -+static grub_err_t -+grub_linux_unload (void) -+{ -+ grub_dl_unref (my_mod); -+ if ( boot_cmdline != NULL ) -+ grub_free (boot_cmdline); -+ boot_cmdline = NULL; -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) -+{ -+ int i; -+ char *tempstr; -+ -+ grub_dl_ref (my_mod); -+ -+ if (argc == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ -+ if ( !grub_util_is_regular(argv[0]) ) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find kernel file %s"), argv[0]); -+ -+ if ( kernel_path != NULL ) -+ grub_free(kernel_path); -+ -+ kernel_path = grub_xasprintf("%s", argv[0]); -+ -+ if ( boot_cmdline != NULL ) { -+ grub_free(boot_cmdline); -+ boot_cmdline = NULL; -+ } -+ -+ if ( argc > 1 ) -+ { -+ boot_cmdline = grub_xasprintf("--command-line=%s", argv[1]); -+ for ( i = 2; i < argc; i++ ) { -+ tempstr = grub_xasprintf("%s %s", boot_cmdline, argv[i]); -+ grub_free(boot_cmdline); -+ boot_cmdline = tempstr; -+ } -+ } -+ -+ grub_loader_set (grub_linux_boot, grub_linux_unload, 0); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) -+{ -+ if (argc == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ -+ if ( !grub_util_is_regular(argv[0]) ) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find initrd file %s"), argv[0]); -+ -+ if ( initrd_path != NULL ) -+ grub_free(initrd_path); -+ -+ initrd_path = grub_xasprintf("%s", argv[0]); -+ -+ grub_dl_unref (my_mod); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_command_t cmd_linux, cmd_initrd; -+ -+GRUB_MOD_INIT(linux) -+{ -+ cmd_linux = grub_register_command ("linux", grub_cmd_linux, 0, N_("Load Linux.")); -+ cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0, N_("Load initrd.")); -+ my_mod = mod; -+ kernel_path = NULL; -+ initrd_path = NULL; -+ boot_cmdline = NULL; -+} -+ -+GRUB_MOD_FINI(linux) -+{ -+ grub_unregister_command (cmd_linux); -+ grub_unregister_command (cmd_initrd); -+} -Index: grub-2.04~rc1/include/grub/emu/hostfile.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/emu/hostfile.h -+++ grub-2.04~rc1/include/grub/emu/hostfile.h -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - - int -@@ -29,7 +30,7 @@ grub_util_is_directory (const char *path - int - grub_util_is_special_file (const char *path); - int --grub_util_is_regular (const char *path); -+EXPORT_FUNC(grub_util_is_regular) (const char *path); - - char * - grub_util_path_concat (size_t n, ...); -Index: grub-2.04~rc1/include/grub/emu/exec.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/emu/exec.h -+++ grub-2.04~rc1/include/grub/emu/exec.h -@@ -23,6 +23,8 @@ - #include - - #include -+#include -+ - pid_t - grub_util_exec_pipe (const char *const *argv, int *fd); - pid_t -@@ -32,7 +34,7 @@ int - grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, - const char *stdout_file, const char *stderr_file); - int --grub_util_exec (const char *const *argv); -+EXPORT_FUNC(grub_util_exec) (const char *const *argv); - int - grub_util_exec_redirect (const char *const *argv, const char *stdin_file, - const char *stdout_file); -Index: grub-2.04~rc1/grub-core/Makefile.am -=================================================================== ---- grub-2.04~rc1.orig/grub-core/Makefile.am -+++ grub-2.04~rc1/grub-core/Makefile.am -@@ -303,6 +303,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostdisk.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostfile.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/exec.h - if COND_GRUB_EMU_SDL - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sdl.h - endif -Index: grub-2.04~rc1/grub-core/kern/emu/main.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/emu/main.c -+++ grub-2.04~rc1/grub-core/kern/emu/main.c -@@ -107,6 +107,7 @@ static struct argp_option options[] = { - N_("use GRUB files in the directory DIR [default=%s]"), 0}, - {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, - {"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0}, -+ {"kexec", 'X', 0, 0, N_("try the untryable."), 0}, - { 0, 0, 0, 0, 0, 0 } - }; - -@@ -164,6 +165,9 @@ argp_parser (int key, char *arg, struct - case 'v': - verbosity++; - break; -+ case 'X': -+ grub_util_set_kexecute(); -+ break; - - case ARGP_KEY_ARG: - { -Index: grub-2.04~rc1/grub-core/kern/emu/misc.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/emu/misc.c -+++ grub-2.04~rc1/grub-core/kern/emu/misc.c -@@ -39,6 +39,7 @@ - #include - - int verbosity; -+int kexecute; - - void - grub_util_warn (const char *fmt, ...) -@@ -82,7 +83,7 @@ grub_util_error (const char *fmt, ...) - vfprintf (stderr, fmt, ap); - va_end (ap); - fprintf (stderr, ".\n"); -- exit (1); -+ grub_exit (); - } - - void * -@@ -141,6 +142,9 @@ xasprintf (const char *fmt, ...) - void - grub_exit (void) - { -+#if defined (GRUB_KERNEL) -+ grub_reboot(); -+#endif - exit (1); - } - #endif -@@ -202,3 +206,15 @@ grub_util_load_image (const char *path, - - fclose (fp); - } -+ -+void -+grub_util_set_kexecute(void) -+{ -+ kexecute++; -+} -+ -+int -+grub_util_get_kexecute(void) -+{ -+ return kexecute; -+} -Index: grub-2.04~rc1/include/grub/emu/misc.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/emu/misc.h -+++ grub-2.04~rc1/include/grub/emu/misc.h -@@ -56,6 +56,9 @@ void EXPORT_FUNC(grub_util_warn) (const - void EXPORT_FUNC(grub_util_info) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2))); - void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2), noreturn)); - -+void EXPORT_FUNC(grub_util_set_kexecute) (void); -+int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT; -+ - grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void); - - #ifdef HAVE_DEVICE_MAPPER diff --git a/grub2-s390x-03-output-7-bit-ascii.patch b/grub2-s390x-03-output-7-bit-ascii.patch index 57177f3..4bb4ff0 100644 --- a/grub2-s390x-03-output-7-bit-ascii.patch +++ b/grub2-s390x-03-output-7-bit-ascii.patch @@ -13,10 +13,8 @@ Vn+2: include/grub/term.h | 4 5 files changed, 294 insertions(+), 12 deletions(-) -Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/osdep/unix/emuconsole.c -+++ grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c +--- a/grub-core/osdep/unix/emuconsole.c ++++ b/grub-core/osdep/unix/emuconsole.c @@ -39,17 +39,61 @@ #include @@ -80,7 +78,7 @@ Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c actual = write (STDOUT_FILENO, &chr, 1); if (actual < 1) -@@ -60,17 +104,152 @@ put (struct grub_term_output *term __att +@@ -60,17 +104,152 @@ } static int @@ -234,7 +232,7 @@ Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c static grub_err_t grub_console_init_input (struct grub_term_input *term) { -@@ -105,7 +284,8 @@ static grub_err_t +@@ -105,7 +284,8 @@ grub_console_init_output (struct grub_term_output *term) { struct winsize size; @@ -244,7 +242,7 @@ Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c { grub_console_terminfo_output.size.x = size.ws_col; grub_console_terminfo_output.size.y = size.ws_row; -@@ -115,6 +295,8 @@ grub_console_init_output (struct grub_te +@@ -115,6 +295,8 @@ grub_console_terminfo_output.size.x = 80; grub_console_terminfo_output.size.y = 24; } @@ -253,7 +251,7 @@ Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c grub_terminfo_output_init (term); -@@ -161,24 +343,72 @@ static struct grub_term_output grub_cons +@@ -161,24 +343,72 @@ void grub_console_init (void) { @@ -327,11 +325,9 @@ Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c + } saved_orig = 0; } -Index: grub-2.06~rc1/grub-core/normal/menu_text.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/normal/menu_text.c -+++ grub-2.06~rc1/grub-core/normal/menu_text.c -@@ -113,6 +113,7 @@ draw_border (struct grub_term_output *te +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -113,6 +113,7 @@ { int i; @@ -339,7 +335,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL); grub_term_gotoxy (term, (struct grub_term_coordinate) { geo->first_entry_x - 1, -@@ -142,7 +143,7 @@ draw_border (struct grub_term_output *te +@@ -142,7 +143,7 @@ grub_putcode (GRUB_UNICODE_CORNER_LR, term); grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL); @@ -348,7 +344,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c grub_term_gotoxy (term, (struct grub_term_coordinate) { geo->first_entry_x - 1, (geo->first_entry_y - 1 + geo->num_entries -@@ -155,6 +156,15 @@ print_message (int nested, int edit, str +@@ -155,6 +156,15 @@ int ret = 0; grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL); @@ -364,7 +360,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c if (edit) { ret += grub_print_message_indented_real (_("Minimum Emacs-like screen editing is \ -@@ -165,10 +175,15 @@ command-line or ESC to discard edits and +@@ -165,10 +175,15 @@ } else { @@ -381,7 +377,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c GRUB_UNICODE_UPARROW, GRUB_UNICODE_DOWNARROW); if (!msg_translated) -@@ -177,6 +192,7 @@ command-line or ESC to discard edits and +@@ -177,6 +192,7 @@ STANDARD_MARGIN, term, dry_run); grub_free (msg_translated); @@ -389,7 +385,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c if (nested) { -@@ -211,6 +227,10 @@ print_entry (int y, int highlight, grub_ +@@ -211,6 +227,10 @@ title = entry ? entry->title : ""; title_len = grub_strlen (title); @@ -400,7 +396,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); if (! unicode_title) /* XXX How to show this error? */ -@@ -244,6 +264,14 @@ print_entry (int y, int highlight, grub_ +@@ -244,6 +264,14 @@ if (data->geo.num_entries > 1) grub_putcode (highlight ? '*' : ' ', data->term); @@ -415,7 +411,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c grub_print_ucs4_menu (unicode_title, unicode_title + len, 0, -@@ -416,6 +444,8 @@ grub_menu_init_page (int nested, int edi +@@ -416,6 +444,8 @@ grub_term_highlight_color = old_color_highlight; geo->timeout_y = geo->first_entry_y + geo->num_entries + geo->border + empty_lines; @@ -424,7 +420,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c if (bottom_message) { grub_term_gotoxy (term, -@@ -425,6 +455,8 @@ grub_menu_init_page (int nested, int edi +@@ -425,6 +455,8 @@ print_message (nested, edit, term, 0); geo->timeout_y += msg_num_lines; } @@ -433,7 +429,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c geo->right_margin = grub_term_width (term) - geo->first_entry_x - geo->entry_width - 1; -@@ -436,12 +468,19 @@ menu_text_print_timeout (int timeout, vo +@@ -436,12 +468,19 @@ struct menu_viewer_data *data = dataptr; char *msg_translated = 0; @@ -455,16 +451,16 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c else msg_translated = grub_xasprintf (_("The highlighted entry will be executed automatically in %ds."), timeout); if (!msg_translated) -@@ -471,6 +510,8 @@ menu_text_print_timeout (int timeout, vo +@@ -471,6 +510,8 @@ data->term); grub_free (msg_translated); + if (data->term->flags & GRUB_TERM_DUMB) + return; grub_term_gotoxy (data->term, - (struct grub_term_coordinate) { + (struct grub_term_coordinate) { grub_term_cursor_x (&data->geo), -@@ -498,7 +539,7 @@ menu_text_set_chosen_entry (int entry, v +@@ -498,7 +539,7 @@ data->first = entry; complete_redraw = 1; } @@ -473,7 +469,7 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c print_entries (data->menu, data); else { -@@ -528,6 +569,9 @@ menu_text_clear_timeout (void *dataptr) +@@ -528,6 +569,9 @@ struct menu_viewer_data *data = dataptr; int i; @@ -483,11 +479,9 @@ Index: grub-2.06~rc1/grub-core/normal/menu_text.c for (i = 0; i < data->geo.timeout_lines;i++) { grub_term_gotoxy (data->term, (struct grub_term_coordinate) { -Index: grub-2.06~rc1/grub-core/normal/term.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/normal/term.c -+++ grub-2.06~rc1/grub-core/normal/term.c -@@ -981,7 +981,7 @@ grub_print_ucs4_menu (const grub_uint32_ +--- a/grub-core/normal/term.c ++++ b/grub-core/normal/term.c +@@ -981,7 +981,7 @@ { print_ucs4_real (str, last_position, margin_left, margin_right, term, 0, 0, 1, skip_lines, max_lines, @@ -496,11 +490,9 @@ Index: grub-2.06~rc1/grub-core/normal/term.c } void -Index: grub-2.06~rc1/grub-core/kern/emu/main.c -=================================================================== ---- grub-2.06~rc1.orig/grub-core/kern/emu/main.c -+++ grub-2.06~rc1/grub-core/kern/emu/main.c -@@ -190,6 +190,12 @@ static struct argp argp = { +--- a/grub-core/kern/emu/main.c ++++ b/grub-core/kern/emu/main.c +@@ -190,6 +190,12 @@ NULL, help_filter, NULL }; @@ -513,7 +505,7 @@ Index: grub-2.06~rc1/grub-core/kern/emu/main.c #pragma GCC diagnostic ignored "-Wmissing-prototypes" -@@ -259,7 +265,7 @@ main (int argc, char *argv[]) +@@ -259,7 +265,7 @@ sleep (1); } @@ -522,11 +514,9 @@ Index: grub-2.06~rc1/grub-core/kern/emu/main.c grub_console_init (); grub_host_init (); -Index: grub-2.06~rc1/include/grub/term.h -=================================================================== ---- grub-2.06~rc1.orig/include/grub/term.h -+++ grub-2.06~rc1/include/grub/term.h -@@ -102,8 +102,10 @@ grub_term_color_state; +--- a/include/grub/term.h ++++ b/include/grub/term.h +@@ -102,8 +102,10 @@ #define GRUB_TERM_NO_EDIT (1 << 1) /* Set when the terminal cannot do fancy things. */ #define GRUB_TERM_DUMB (1 << 2) diff --git a/grub2-s390x-04-grub2-install.patch b/grub2-s390x-04-grub2-install.patch index 9460e17..dab949e 100644 --- a/grub2-s390x-04-grub2-install.patch +++ b/grub2-s390x-04-grub2-install.patch @@ -76,7 +76,7 @@ V20: --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -374,6 +374,7 @@ program = { +@@ -377,6 +377,7 @@ ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; cppflags = '-DGRUB_SETUP_FUNC=grub_util_bios_setup'; @@ -84,7 +84,7 @@ V20: }; program = { -@@ -394,6 +395,7 @@ program = { +@@ -397,6 +398,7 @@ ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; cppflags = '-DGRUB_SETUP_FUNC=grub_util_sparc_setup'; @@ -92,7 +92,7 @@ V20: }; program = { -@@ -409,6 +411,7 @@ program = { +@@ -412,6 +414,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -100,7 +100,7 @@ V20: }; program = { -@@ -439,6 +442,7 @@ program = { +@@ -442,6 +445,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -108,7 +108,7 @@ V20: }; data = { -@@ -656,6 +660,7 @@ program = { +@@ -665,6 +669,7 @@ common = grub-core/disk/host.c; common = util/resolve.c; @@ -116,7 +116,7 @@ V20: common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; -@@ -725,6 +730,46 @@ script = { +@@ -734,6 +739,46 @@ }; script = { @@ -163,7 +163,7 @@ V20: name = grub-mkconfig_lib; common = util/grub-mkconfig_lib.in; installdir = noinst; -@@ -1342,6 +1387,7 @@ program = { +@@ -1375,6 +1420,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -173,7 +173,7 @@ V20: program = { --- a/configure.ac +++ b/configure.ac -@@ -206,9 +206,9 @@ if test x$platform != xemu ; then +@@ -211,9 +211,9 @@ esac fi @@ -186,10 +186,10 @@ V20: case "$target_os" in windows* | mingw32*) target_os=cygwin ;; -@@ -1999,6 +1999,9 @@ AM_CONDITIONAL([COND_riscv32], [test x$t - AM_CONDITIONAL([COND_riscv64], [test x$target_cpu = xriscv64 ]) - AM_CONDITIONAL([COND_riscv32_efi], [test x$target_cpu = xriscv32 -a x$platform = xefi]) - AM_CONDITIONAL([COND_riscv64_efi], [test x$target_cpu = xriscv64 -a x$platform = xefi]) +@@ -2093,6 +2093,9 @@ + AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu]) + AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi]) + AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen]) +AM_CONDITIONAL([COND_s390x], [test x$target_cpu = xs390x ]) +AM_CONDITIONAL([COND_NOT_s390x], [test x$target_cpu != xs390x ]) +AM_CONDITIONAL([COND_s390x_emu], [test x$target_cpu = xs390x -a x$platform = xemu]) @@ -198,7 +198,7 @@ V20: AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux]) --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -1147,6 +1147,7 @@ module = { +@@ -1183,6 +1183,7 @@ module = { name = videotest; common = commands/videotest.c; @@ -206,7 +206,7 @@ V20: }; module = { -@@ -1596,6 +1597,7 @@ module = { +@@ -1637,6 +1638,7 @@ common = gfxmenu/gui_progress_bar.c; common = gfxmenu/gui_util.c; common = gfxmenu/gui_string_util.c; @@ -214,7 +214,7 @@ V20: }; module = { -@@ -2029,11 +2031,13 @@ module = { +@@ -2075,11 +2077,13 @@ name = gfxterm; common = term/gfxterm.c; enable = videomodules; @@ -228,7 +228,7 @@ V20: }; module = { -@@ -2154,6 +2158,7 @@ module = { +@@ -2202,6 +2206,7 @@ enable = x86_64_efi; enable = emu; enable = xen; @@ -236,7 +236,7 @@ V20: }; module = { -@@ -2200,6 +2205,7 @@ module = { +@@ -2248,6 +2253,7 @@ module = { name = gfxterm_menu; common = tests/gfxterm_menu.c; @@ -244,7 +244,7 @@ V20: }; module = { -@@ -2353,6 +2359,7 @@ module = { +@@ -2409,6 +2415,7 @@ enable = x86_64_efi; enable = emu; enable = xen; @@ -254,7 +254,7 @@ V20: module = { --- a/grub-core/osdep/basic/no_platform.c +++ b/grub-core/osdep/basic/no_platform.c -@@ -44,3 +44,10 @@ grub_install_sgi_setup (const char *inst +@@ -44,3 +44,10 @@ { grub_util_error ("%s", _("no SGI routines are available for your platform")); } @@ -267,7 +267,7 @@ V20: + --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c -@@ -239,3 +239,14 @@ grub_install_sgi_setup (const char *inst +@@ -239,3 +239,14 @@ imgfile, destname, NULL }); grub_util_warn ("%s", _("You will have to set `SystemPartition' and `OSLoader' manually.")); } @@ -284,7 +284,7 @@ V20: +} --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c -@@ -424,3 +424,9 @@ grub_install_sgi_setup (const char *inst +@@ -434,3 +434,9 @@ { grub_util_error ("%s", _("no SGI routines are available for your platform")); } @@ -296,37 +296,37 @@ V20: +} --- a/include/grub/util/install.h +++ b/include/grub/util/install.h -@@ -109,6 +109,7 @@ enum grub_install_plat - GRUB_INSTALL_PLATFORM_ARM_COREBOOT, +@@ -110,6 +110,7 @@ + GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI, GRUB_INSTALL_PLATFORM_RISCV32_EFI, GRUB_INSTALL_PLATFORM_RISCV64_EFI, + GRUB_INSTALL_PLATFORM_S390X_EMU, GRUB_INSTALL_PLATFORM_MAX }; -@@ -236,6 +237,9 @@ void +@@ -237,6 +238,9 @@ grub_install_sgi_setup (const char *install_device, const char *imgfile, const char *destname); +void +grub_install_zipl (const char *d, int i, int f); + - int + int grub_install_compress_gzip (const char *src, const char *dest); - int + int --- a/util/grub-install-common.c +++ b/util/grub-install-common.c -@@ -902,6 +902,7 @@ static struct - [GRUB_INSTALL_PLATFORM_ARM_COREBOOT] = { "arm", "coreboot" }, - [GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" }, - [GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" }, +@@ -911,6 +911,7 @@ + [GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" }, + [GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" }, + [GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" }, + [GRUB_INSTALL_PLATFORM_S390X_EMU] = { "s390x", "emu" }, - }; + }; char * --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -66,6 +66,7 @@ static int force_file_id = 0; +@@ -66,6 +66,7 @@ static char *disk_module = NULL; static char *efidir = NULL; static char *macppcdir = NULL; @@ -334,7 +334,7 @@ V20: static int force = 0; static int have_abstractions = 0; static int have_cryptodisk = 0; -@@ -106,6 +107,7 @@ enum +@@ -106,6 +107,7 @@ OPTION_NO_BOOTSECTOR, OPTION_NO_RS_CODES, OPTION_MACPPC_DIRECTORY, @@ -342,7 +342,7 @@ V20: OPTION_LABEL_FONT, OPTION_LABEL_COLOR, OPTION_LABEL_BGCOLOR, -@@ -181,6 +183,11 @@ argp_parser (int key, char *arg, struct +@@ -181,6 +183,11 @@ efidir = xstrdup (arg); return 0; @@ -354,7 +354,7 @@ V20: case OPTION_DISK_MODULE: free (disk_module); disk_module = xstrdup (arg); -@@ -298,6 +305,8 @@ static struct argp_option options[] = { +@@ -298,6 +305,8 @@ N_("use DIR as the EFI System Partition root."), 2}, {"macppc-directory", OPTION_MACPPC_DIRECTORY, N_("DIR"), 0, N_("use DIR for PPC MAC install."), 2}, @@ -363,7 +363,7 @@ V20: {"label-font", OPTION_LABEL_FONT, N_("FILE"), 0, N_("use FILE as font for label"), 2}, {"label-color", OPTION_LABEL_COLOR, N_("COLOR"), 0, N_("use COLOR for label"), 2}, {"label-bgcolor", OPTION_LABEL_BGCOLOR, N_("COLOR"), 0, N_("use COLOR for label background"), 2}, -@@ -332,6 +341,8 @@ get_default_platform (void) +@@ -334,6 +343,8 @@ #else return NULL; #endif @@ -372,7 +372,7 @@ V20: #else return NULL; #endif -@@ -507,6 +518,8 @@ have_bootdev (enum grub_install_plat pl) +@@ -510,6 +521,8 @@ case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -381,7 +381,7 @@ V20: return 0; /* pacify warning. */ -@@ -922,6 +935,7 @@ main (int argc, char *argv[]) +@@ -939,6 +952,7 @@ case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -389,7 +389,7 @@ V20: break; case GRUB_INSTALL_PLATFORM_I386_QEMU: -@@ -972,6 +986,7 @@ main (int argc, char *argv[]) +@@ -990,6 +1004,7 @@ case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -397,7 +397,7 @@ V20: free (install_device); install_device = NULL; break; -@@ -1247,6 +1262,20 @@ main (int argc, char *argv[]) +@@ -1291,6 +1306,20 @@ } } @@ -418,7 +418,7 @@ V20: grub_install_copy_files (grub_install_source_directory, grubdir, platform); -@@ -1496,6 +1525,7 @@ main (int argc, char *argv[]) +@@ -1541,6 +1570,7 @@ case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -426,7 +426,7 @@ V20: grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance")); break; /* pacify warning. */ -@@ -1613,6 +1643,10 @@ main (int argc, char *argv[]) +@@ -1659,6 +1689,10 @@ strcpy (mkimage_target, "sparc64-ieee1275-raw"); core_name = "core.img"; break; @@ -437,7 +437,7 @@ V20: /* pacify warning. */ case GRUB_INSTALL_PLATFORM_MAX: break; -@@ -1628,6 +1662,7 @@ main (int argc, char *argv[]) +@@ -1674,6 +1708,7 @@ core_name); char *prefix = xasprintf ("%s%s", prefix_drive ? : "", relative_grubdir); @@ -445,7 +445,7 @@ V20: grub_install_make_image_wrap (/* source dir */ grub_install_source_directory, /*prefix */ prefix, /* output */ imgfile, -@@ -1666,6 +1701,10 @@ main (int argc, char *argv[]) +@@ -1712,6 +1747,10 @@ /* image target */ mkimage_target, 0); } break; @@ -455,8 +455,8 @@ V20: + case GRUB_INSTALL_PLATFORM_ARM_EFI: case GRUB_INSTALL_PLATFORM_ARM64_EFI: - case GRUB_INSTALL_PLATFORM_RISCV32_EFI: -@@ -1962,6 +2001,10 @@ main (int argc, char *argv[]) + case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI: +@@ -2011,6 +2050,10 @@ } break; diff --git a/grub2-s390x-05-grub2-mkconfig.patch b/grub2-s390x-05-grub2-mkconfig.patch index aa5d412..328d57d 100644 --- a/grub2-s390x-05-grub2-mkconfig.patch +++ b/grub2-s390x-05-grub2-mkconfig.patch @@ -16,7 +16,7 @@ V4: --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -63,6 +63,10 @@ +@@ -65,6 +65,10 @@ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} fi @@ -27,7 +27,7 @@ V4: case x"$GRUB_FS" in xbtrfs) rootsubvol="`make_system_path_relative_to_its_root /`" -@@ -79,6 +83,21 @@ +@@ -81,6 +85,21 @@ title_correction_code= @@ -49,7 +49,7 @@ V4: linux_entry () { os="$1" -@@ -108,9 +127,11 @@ +@@ -110,9 +129,11 @@ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" fi @@ -63,7 +63,7 @@ V4: fi if [ x$type != xrecovery ] ; then save_default_entry | grub_add_tab -@@ -133,6 +154,7 @@ +@@ -135,6 +156,7 @@ echo " insmod gzio" | sed "s/^/$submenu_indentation/" @@ -71,7 +71,7 @@ V4: if [ x$dirname = x/ ]; then if [ -z "${prepare_root_cache}" ]; then prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" -@@ -144,6 +166,7 @@ +@@ -146,6 +168,7 @@ fi printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" fi @@ -79,7 +79,7 @@ V4: message="$(gettext_printf "Loading Linux %s ..." ${version})" sed "s/^/$submenu_indentation/" << EOF echo '$(echo "$message" | grub_quote)' -@@ -168,17 +191,15 @@ +@@ -170,17 +193,15 @@ machine=`uname -m` case "x$machine" in @@ -105,7 +105,7 @@ V4: case "$machine" in i?86) GENKERNEL_ARCH="x86" ;; -@@ -188,6 +209,15 @@ +@@ -190,6 +211,15 @@ *) GENKERNEL_ARCH="$machine" ;; esac @@ -121,7 +121,7 @@ V4: prepare_boot_cache= prepare_root_cache= boot_device_id= -@@ -204,6 +234,11 @@ +@@ -216,6 +246,11 @@ basename=`basename $linux` dirname=`dirname $linux` rel_dirname=`make_system_path_relative_to_its_root $dirname` @@ -133,7 +133,7 @@ V4: version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` alt_version=`echo $version | sed -e "s,\.old$,,g"` linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" -@@ -319,7 +354,8 @@ +@@ -333,7 +368,8 @@ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" fi # TRANSLATORS: %s is replaced with an OS name diff --git a/grub2-s390x-06-loadparm.patch b/grub2-s390x-06-loadparm.patch index e7c93ad..ae4f973 100644 --- a/grub2-s390x-06-loadparm.patch +++ b/grub2-s390x-06-loadparm.patch @@ -7,11 +7,9 @@ Patch-Mainline: no util/grub.d/00_header.in | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) -Index: grub-2.02~beta3/util/grub.d/00_header.in -=================================================================== ---- grub-2.02~beta3.orig/util/grub.d/00_header.in -+++ grub-2.02~beta3/util/grub.d/00_header.in -@@ -52,6 +52,33 @@ if [ "\${env_block}" ] ; then +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -54,6 +54,33 @@ fi EOF diff --git a/grub2-s390x-07-add-image-param-for-zipl-setup.patch b/grub2-s390x-07-add-image-param-for-zipl-setup.patch index 07ca9e8..cb5c251 100644 --- a/grub2-s390x-07-add-image-param-for-zipl-setup.patch +++ b/grub2-s390x-07-add-image-param-for-zipl-setup.patch @@ -1,6 +1,6 @@ ---- grub-2.02~beta2.orig/util/s390x/zipl2grub.pl.in 2015-09-15 07:29:51.473202000 -0600 -+++ grub-2.02~beta2/util/s390x/zipl2grub.pl.in 2015-09-15 07:34:12.559142000 -0600 -@@ -7,6 +7,9 @@ my $in = '@sysconfdir@/default/zipl2grub +--- a/util/s390x/zipl2grub.pl.in ++++ b/util/s390x/zipl2grub.pl.in +@@ -7,6 +7,9 @@ my $default = '@sysconfdir@/default/grub'; my $fallback = '@sysconfdir@/zipl.conf'; my $sysconfbl = '@sysconfdir@/sysconfig/bootloader'; @@ -10,7 +10,7 @@ my $zipldir = ""; my $running = ""; my $refresh = 1; # needs to default to "on" until most bugs are shaken out! -@@ -166,7 +169,7 @@ sub Usage($) { +@@ -166,7 +169,7 @@ my $msg = ""; $msg .= sprintf( "%s: %s\n", $C, $cat[$_[0]]) if ($_[0] > 0); @@ -19,7 +19,7 @@ Panic( $_[0], $msg . "\n"); } -@@ -184,6 +187,7 @@ while ( $#ARGV >= 0 ) { +@@ -183,6 +186,7 @@ (/^--?help/ || /^-h/) && (Usage(0)); (/^--zipldir$/ || /^-z$/) && ($zipldir = shift || Usage(2), next); (/^--template$/ || /^-T$/) && ($in = shift || Usage(3), next); @@ -27,7 +27,7 @@ (/^-/) && (Usage(1)); Usage(1); } -@@ -379,11 +383,8 @@ if ( ! $debug ) { +@@ -378,11 +382,8 @@ } # copy out kernel and initrd diff --git a/grub2-s390x-08-workaround-part-to-disk.patch b/grub2-s390x-08-workaround-part-to-disk.patch index d93cf8a..29d1ac1 100644 --- a/grub2-s390x-08-workaround-part-to-disk.patch +++ b/grub2-s390x-08-workaround-part-to-disk.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c -=================================================================== ---- grub-2.02~beta2.orig/grub-core/osdep/linux/getroot.c -+++ grub-2.02~beta2/grub-core/osdep/linux/getroot.c -@@ -713,6 +713,10 @@ grub_util_part_to_disk (const char *os_d +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -740,6 +740,10 @@ if (! realpath (os_dev, path)) return NULL; diff --git a/grub2-s390x-10-keep-network-at-kexec.patch b/grub2-s390x-10-keep-network-at-kexec.patch deleted file mode 100644 index e2594fb..0000000 --- a/grub2-s390x-10-keep-network-at-kexec.patch +++ /dev/null @@ -1,17 +0,0 @@ -Index: grub-2.02/grub-core/loader/emu/linux.c -=================================================================== ---- grub-2.02.orig/grub-core/loader/emu/linux.c -+++ grub-2.02/grub-core/loader/emu/linux.c -@@ -76,9 +76,10 @@ grub_linux_boot (void) - grub_fatal (N_("Error trying to perform 'systemctl kexec'")); - - /* need to check read-only root before resetting hard!? */ -- grub_printf("Performing 'kexec -e'"); -+ grub_printf("Performing 'kexec -e -x'"); - kexec[1] = "-e"; -- kexec[2] = NULL; -+ kexec[2] = "-x"; -+ kexec[3] = NULL; - rc = grub_util_exec(kexec); - if ( rc != GRUB_ERR_NONE ) - grub_fatal (N_("Error trying to directly perform 'kexec -e'.")); diff --git a/grub2-s390x-11-secureboot.patch b/grub2-s390x-11-secureboot.patch index 4ca3418..0d8f25a 100644 --- a/grub2-s390x-11-secureboot.patch +++ b/grub2-s390x-11-secureboot.patch @@ -5,29 +5,9 @@ util/s390x/zipl2grub.pl.in | 31 ++++++++++++++++++++++--------- 4 files changed, 37 insertions(+), 13 deletions(-) ---- a/grub-core/loader/emu/linux.c -+++ b/grub-core/loader/emu/linux.c -@@ -38,7 +38,7 @@ grub_linux_boot (void) - { - grub_err_t rc = GRUB_ERR_NONE; - char *initrd_param; -- const char *kexec[] = { "kexec", "-l", kernel_path, boot_cmdline, NULL, NULL }; -+ const char *kexec[] = { "kexec", "-la", kernel_path, boot_cmdline, NULL, NULL }; - const char *systemctl[] = { "systemctl", "kexec", NULL }; - int kexecute = grub_util_get_kexecute(); - -@@ -51,7 +51,7 @@ grub_linux_boot (void) - //return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("initrd required!")); - } - -- grub_printf("%serforming 'kexec -l %s %s %s'\n", -+ grub_printf("%serforming 'kexec -la %s %s %s'\n", - (kexecute) ? "P" : "Not p", - kernel_path, initrd_param, boot_cmdline); - --- a/util/s390x/dracut-grub2.sh.in +++ b/util/s390x/dracut-grub2.sh.in -@@ -18,6 +18,9 @@ if getargbool 0 initgrub && [ ! -e /grub +@@ -18,6 +18,9 @@ done < /proc/mounts echo $rofs } @@ -37,7 +17,7 @@ checkd() { [ -d $1 ] && echo true || echo false } -@@ -76,6 +79,7 @@ if getargbool 0 initgrub && [ ! -e /grub +@@ -76,6 +79,7 @@ export grub2bootw=$(checksubvol /boot/writable) export grub2devfs=$(checkd /sysroot/dev/disk) export grub2snap=$(checksnap) @@ -45,7 +25,7 @@ debug "" export -p _ctty="$(RD_DEBUG= getarg rd.ctty=)" && _ctty="/dev/${_ctty##*/}" -@@ -107,7 +111,7 @@ if getargbool 0 initgrub && [ ! -e /grub +@@ -107,7 +111,7 @@ debug "Trying grub2-emu (ro=$grub2rofs, TERM=$TERM, ctty=$_ctty)..." setsid $CTTY -- chroot /sysroot $bindir/grub2-emu -X -X 0<>$_ctty 1>&0 2>&0 @@ -54,7 +34,7 @@ setsid $CTTY -- /sysroot@libdir@/grub2/zipl-refresh 0<>$_ctty 1>&0 2>&0 if [ $? != 0 ]; then warn "Not continuing" -@@ -117,12 +121,18 @@ if getargbool 0 initgrub && [ ! -e /grub +@@ -117,12 +121,18 @@ sleep 3 reboot fi @@ -76,7 +56,7 @@ $grub2snap || umount /sysroot/.snapshots --- a/util/s390x/zipl2grub.conf.in +++ b/util/s390x/zipl2grub.conf.in -@@ -45,6 +45,7 @@ defaultmenu = menu +@@ -45,6 +45,7 @@ timeout = 60 default = 1 prompt = 0 @@ -86,7 +66,7 @@ 3 = grub2-mem1G --- a/util/s390x/zipl2grub.pl.in +++ b/util/s390x/zipl2grub.pl.in -@@ -21,6 +21,7 @@ my $miss = 0; +@@ -21,6 +21,7 @@ my $cfg = ""; my %fsdev = (); my %fstype = (); @@ -94,7 +74,7 @@ my %C = ( GRUB_CMDLINE_LINUX_DEFAULT => "quiet splash=silent", -@@ -251,6 +252,15 @@ if ( -r $default ) { +@@ -251,6 +252,15 @@ } close( IN); } @@ -110,7 +90,7 @@ if ( -r "/etc/fstab" ) { my $regex = qr{^(\S+)\s+(\S+)\s+(\S+)\s+\S+\s+\S+\s+\S+\s*(?:#.*)?$}; open( IN, "< /etc/fstab") || die; -@@ -313,21 +323,21 @@ if ( ! exists( $C{GRUB_DEVICE}) ) { +@@ -313,21 +323,21 @@ } } if ( $C{GRUB_CMDLINE_LINUX_DEFAULT} eq "quiet splash=silent" && @@ -141,7 +121,7 @@ if ( ! exists( $C{GRUB_EMU_CONMODE}) && exists( $C{GRUB_CONMODE}) ) { # GRUB_CONMODE is used for 'grub2-emu' as well $C{GRUB_EMU_CONMODE} = $C{GRUB_CONMODE}; -@@ -360,6 +370,9 @@ if ( $debug && $verbose > 2 ) { +@@ -360,6 +370,9 @@ foreach ( sort( keys( %C)) ) { printf( "%s=\"%s\"\n", $_, $C{$_}); } diff --git a/grub2-s390x-skip-zfcpdump-image.patch b/grub2-s390x-skip-zfcpdump-image.patch index a1b0f83..1295e8f 100644 --- a/grub2-s390x-skip-zfcpdump-image.patch +++ b/grub2-s390x-skip-zfcpdump-image.patch @@ -1,8 +1,6 @@ -Index: grub-2.04/util/grub-mkconfig_lib.in -=================================================================== ---- grub-2.04.orig/util/grub-mkconfig_lib.in -+++ grub-2.04/util/grub-mkconfig_lib.in -@@ -189,6 +189,12 @@ grub_file_is_not_garbage () +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -193,6 +193,12 @@ *.rpmsave|*.rpmnew) return 1 ;; README*|*/README*) return 1 ;; # documentation *.sig) return 1 ;; # signatures diff --git a/grub2-secureboot-add-linuxefi.patch b/grub2-secureboot-add-linuxefi.patch index 9ae290d..fe389d3 100644 --- a/grub2-secureboot-add-linuxefi.patch +++ b/grub2-secureboot-add-linuxefi.patch @@ -31,11 +31,9 @@ consequence. 5 files changed, 415 insertions(+), 0 deletions(-) create mode 100644 grub-core/loader/i386/efi/linux.c -Index: grub-2.06/grub-core/Makefile.core.def -=================================================================== ---- grub-2.06.orig/grub-core/Makefile.core.def -+++ grub-2.06/grub-core/Makefile.core.def -@@ -1875,6 +1875,13 @@ module = { +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1920,6 +1920,13 @@ }; module = { @@ -49,11 +47,9 @@ Index: grub-2.06/grub-core/Makefile.core.def name = chain; efi = loader/efi/chainloader.c; i386_pc = loader/i386/pc/chainloader.c; -Index: grub-2.06/grub-core/kern/efi/mm.c -=================================================================== ---- grub-2.06.orig/grub-core/kern/efi/mm.c -+++ grub-2.06/grub-core/kern/efi/mm.c -@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_a +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -112,6 +112,38 @@ } } @@ -70,7 +66,7 @@ Index: grub-2.06/grub-core/kern/efi/mm.c + return 0; + + b = grub_efi_system_table->boot_services; -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); ++ status = b->allocate_pages (GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); + + if (status != GRUB_EFI_SUCCESS) + return 0; @@ -80,7 +76,7 @@ Index: grub-2.06/grub-core/kern/efi/mm.c + /* Uggh, the address 0 was allocated... This is too annoying, + so reallocate another one. */ + address = max; -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); ++ status = b->allocate_pages (GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); + grub_efi_free_pages (0, pages); + if (status != GRUB_EFI_SUCCESS) + return 0; @@ -92,10 +88,8 @@ Index: grub-2.06/grub-core/kern/efi/mm.c /* Allocate pages. Return the pointer to the first of allocated pages. */ void * grub_efi_allocate_pages_real (grub_efi_physical_address_t address, -Index: grub-2.06/grub-core/loader/i386/efi/linux.c -=================================================================== --- /dev/null -+++ grub-2.06/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c @@ -0,0 +1,345 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -442,11 +436,9 @@ Index: grub-2.06/grub-core/loader/i386/efi/linux.c + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); +} -Index: grub-2.06/include/grub/efi/efi.h -=================================================================== ---- grub-2.06.orig/include/grub/efi/efi.h -+++ grub-2.06/include/grub/efi/efi.h -@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (gr +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -61,6 +61,9 @@ grub_efi_uintn_t pages); void * EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); diff --git a/grub2-secureboot-chainloader.patch b/grub2-secureboot-chainloader.patch index 2fe0008..8f24a65 100644 --- a/grub2-secureboot-chainloader.patch +++ b/grub2-secureboot-chainloader.patch @@ -24,11 +24,9 @@ Signed-off-by: Michael Chang grub-core/loader/efi/chainloader.c | 538 +++++++++++++++++++++++++++++++++-- 1 files changed, 507 insertions(+), 31 deletions(-) -Index: grub-2.04/grub-core/loader/efi/chainloader.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/efi/chainloader.c -+++ grub-2.04/grub-core/loader/efi/chainloader.c -@@ -40,15 +40,32 @@ +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -41,10 +41,24 @@ #include #endif @@ -45,31 +43,15 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c static grub_dl_t my_mod; - static grub_efi_physical_address_t address; - static grub_efi_uintn_t pages; -+static grub_ssize_t fsize; - static grub_efi_device_path_t *file_path; - static grub_efi_handle_t image_handle; - static grub_efi_char16_t *cmdline; -+static grub_ssize_t cmdline_len; -+static grub_efi_handle_t dev_handle; -+ +#ifdef SUPPORT_SECURE_BOOT +static grub_efi_boolean_t debug_secureboot = 0; -+static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); ++static grub_efi_status_t (__grub_efi_api *entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); +#endif - ++ static grub_err_t - grub_chainloader_unload (void) -@@ -63,6 +80,7 @@ grub_chainloader_unload (void) - grub_free (cmdline); - cmdline = 0; - file_path = 0; -+ dev_handle = 0; - - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; -@@ -197,12 +215,409 @@ make_file_path (grub_efi_device_path_t * + grub_chainloader_unload (void *context) + { +@@ -209,6 +223,421 @@ return file_path; } @@ -99,6 +81,17 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c + struct grub_pe32_header_no_msdos_stub *pe_hdr; +}; + ++struct grub_secureboot_chainloader_context ++{ ++ grub_efi_physical_address_t address; ++ grub_efi_uintn_t pages; ++ grub_ssize_t fsize; ++ grub_efi_device_path_t *file_path; ++ grub_efi_char16_t *cmdline; ++ grub_ssize_t cmdline_len; ++ grub_efi_handle_t dev_handle; ++}; ++ +typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; + +struct grub_efi_shim_lock @@ -120,7 +113,7 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c +static grub_efi_boolean_t +grub_secure_validate (void *data, grub_efi_uint32_t size) +{ -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_guid_t guid = SHIM_LOCK_GUID; + grub_efi_shim_lock_t *shim_lock; + + shim_lock = grub_efi_locate_protocol (&guid, NULL); @@ -305,27 +298,32 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c +{ + while (1) + { -+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); -+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ grub_efi_uint8_t type; ++ grub_efi_uint8_t subtype; + -+ if (type == GRUB_EFI_END_DEVICE_PATH_TYPE) ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) + break; -+ else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE -+ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) -+ return dp; ++ ++ type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ ++ if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) ++ return dp; + + dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); + } + -+ return NULL; ++ return NULL; +} + +static grub_efi_boolean_t -+handle_image (void *data, grub_efi_uint32_t datasize) ++handle_image (struct grub_secureboot_chainloader_context *load_context) +{ + grub_efi_boot_services_t *b; + grub_efi_loaded_image_t *li, li_bak; + grub_efi_status_t efi_status; ++ void *data = (void *)(unsigned long)load_context->address; ++ grub_efi_uint32_t datasize = load_context->fsize; + char *buffer = NULL; + char *buffer_aligned = NULL; + grub_efi_uint32_t i, size; @@ -350,8 +348,8 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c + section_alignment = context.pe_hdr->optional_header.section_alignment; + buffer_size = context.image_size + section_alignment; + -+ efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, -+ buffer_size, &buffer); ++ efi_status = b->allocate_pool (GRUB_EFI_LOADER_DATA, ++ buffer_size, (void**)&buffer); + + if (efi_status != GRUB_EFI_SUCCESS) + { @@ -415,10 +413,10 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c + grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); + li->image_base = buffer_aligned; + li->image_size = context.image_size; -+ li->load_options = cmdline; -+ li->load_options_size = cmdline_len; -+ li->file_path = grub_efi_get_media_file_path (file_path); -+ li->device_handle = dev_handle; ++ li->load_options = load_context->cmdline; ++ li->load_options_size = load_context->cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (load_context->file_path); ++ li->device_handle = load_context->dev_handle; + if (li->file_path) + { + grub_printf ("file path: "); @@ -430,42 +428,43 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c + goto error_exit; + } + -+ efi_status = efi_call_2 (entry_point, grub_efi_image_handle, grub_efi_system_table); ++ efi_status = entry_point (grub_efi_image_handle, grub_efi_system_table); + + grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); -+ efi_status = efi_call_1 (b->free_pool, buffer); ++ efi_status = b->free_pool (buffer); + + return 1; + +error_exit: + if (buffer) -+ efi_call_1 (b->free_pool, buffer); ++ b->free_pool (buffer); + + return 0; + +} + +static grub_err_t -+grub_secureboot_chainloader_unload (void) ++grub_secureboot_chainloader_unload (void* context) +{ + grub_efi_boot_services_t *b; ++ struct grub_secureboot_chainloader_context *sb_context = (struct grub_secureboot_chainloader_context *)context; + + b = grub_efi_system_table->boot_services; -+ efi_call_2 (b->free_pages, address, pages); -+ grub_free (file_path); -+ grub_free (cmdline); -+ cmdline = 0; -+ file_path = 0; -+ dev_handle = 0; ++ b->free_pages (sb_context->address, sb_context->pages); ++ grub_free (sb_context->file_path); ++ grub_free (sb_context->cmdline); ++ grub_free (sb_context); + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +} + +static grub_err_t -+grub_secureboot_chainloader_boot (void) ++grub_secureboot_chainloader_boot (void *context) +{ -+ handle_image ((void *)address, fsize); ++ struct grub_secureboot_chainloader_context *sb_context = (struct grub_secureboot_chainloader_context *)context; ++ ++ handle_image (sb_context); + grub_loader_unset (); + return grub_errno; +} @@ -474,25 +473,21 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c static grub_err_t grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) - { - grub_file_t file = 0; -- grub_ssize_t size; - grub_efi_status_t status; - grub_efi_boot_services_t *b; - grub_device_t dev = 0; -@@ -210,7 +625,6 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -222,11 +651,12 @@ grub_efi_loaded_image_t *loaded_image; char *filename; void *boot_image = 0; - grub_efi_handle_t dev_handle = 0; + grub_efi_physical_address_t address = 0; + grub_efi_uintn_t pages = 0; + grub_efi_char16_t *cmdline = NULL; + grub_efi_handle_t image_handle = NULL; ++ grub_ssize_t cmdline_len = 0; ++ grub_efi_handle_t dev_handle = 0; if (argc == 0) return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -222,9 +636,36 @@ grub_cmd_chainloader (grub_command_t cmd - address = 0; - image_handle = 0; - file_path = 0; -+ dev_handle = 0; +@@ -236,12 +666,39 @@ b = grub_efi_system_table->boot_services; @@ -525,80 +520,48 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); if (! file) goto fail; -@@ -270,14 +711,14 @@ grub_cmd_chainloader (grub_command_t cmd - grub_printf ("file path: "); - grub_efi_print_device_path (file_path); -- size = grub_file_size (file); -- if (!size) -+ fsize = grub_file_size (file); -+ if (!fsize) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - filename); - goto fail; - } -- pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); -+ pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); - - status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, - GRUB_EFI_LOADER_CODE, -@@ -291,7 +732,7 @@ grub_cmd_chainloader (grub_command_t cmd - } - - boot_image = (void *) ((grub_addr_t) address); -- if (grub_file_read (file, boot_image, size) != size) -+ if (grub_file_read (file, boot_image, fsize) != fsize) - { - if (grub_errno == GRUB_ERR_NONE) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -@@ -301,7 +742,7 @@ grub_cmd_chainloader (grub_command_t cmd - } - - #if defined (__i386__) || defined (__x86_64__) -- if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) -+ if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) - { - struct grub_macho_fat_header *head = boot_image; - if (head->magic -@@ -324,20 +765,30 @@ grub_cmd_chainloader (grub_command_t cmd - > ~grub_cpu_to_le32 (archs[i].size) - || grub_cpu_to_le32 (archs[i].offset) - + grub_cpu_to_le32 (archs[i].size) -- > (grub_size_t) size) -+ > (grub_size_t) fsize) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - filename); - goto fail; - } - boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); -- size = grub_cpu_to_le32 (archs[i].size); -+ fsize = grub_cpu_to_le32 (archs[i].size); - } +- /* Get the root device's device path. */ +- dev = grub_device_open (0); ++ /* Get the device path from filename. */ ++ char *devname = grub_file_get_device_name (filename); ++ dev = grub_device_open (devname); + if (dev == NULL) + ; + else if (dev->disk) +@@ -343,6 +800,28 @@ } #endif +#ifdef SUPPORT_SECURE_BOOT + /* FIXME is secure boot possible also with universal binaries? */ -+ if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, fsize))) ++ if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, size))) + { ++ struct grub_secureboot_chainloader_context *sb_context; ++ ++ sb_context = grub_malloc (sizeof (*sb_context)); ++ if (!sb_context) ++ goto fail; ++ sb_context->cmdline = cmdline; ++ sb_context->cmdline_len = cmdline_len; ++ sb_context->fsize = size; ++ sb_context->dev_handle = dev_handle; ++ sb_context->address = address; ++ sb_context->pages = pages; ++ sb_context->file_path = file_path; + grub_file_close (file); -+ grub_loader_set (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, 0); ++ grub_loader_set_ex (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, sb_context, 0); + return 0; + } +#endif + - status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, -- boot_image, size, -+ boot_image, fsize, - &image_handle); - if (status != GRUB_EFI_SUCCESS) - { -@@ -360,33 +811,10 @@ grub_cmd_chainloader (grub_command_t cmd - } + status = b->load_image (0, grub_efi_image_handle, file_path, + boot_image, size, + &image_handle); +@@ -368,33 +847,10 @@ loaded_image->device_handle = dev_handle; + /* Build load options with arguments from chainloader command line. */ - if (argc > 1) + if (cmdline) { @@ -631,13 +594,3 @@ Index: grub-2.04/grub-core/loader/efi/chainloader.c } grub_file_close (file); -@@ -408,6 +836,9 @@ grub_cmd_chainloader (grub_command_t cmd - if (address) - efi_call_2 (b->free_pages, address, pages); - -+ if (cmdline) -+ grub_free (cmdline); -+ - grub_dl_unref (my_mod); - - return grub_errno; diff --git a/grub2-secureboot-install-signed-grub.patch b/grub2-secureboot-install-signed-grub.patch index 9fc758b..97eaa86 100644 --- a/grub2-secureboot-install-signed-grub.patch +++ b/grub2-secureboot-install-signed-grub.patch @@ -17,11 +17,9 @@ Signed-off-by: Michael Chang util/grub-install.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 85 insertions(+), 1 deletion(-) -Index: grub-2.06/util/grub-install.c -=================================================================== ---- grub-2.06.orig/util/grub-install.c -+++ grub-2.06/util/grub-install.c -@@ -85,6 +85,15 @@ static int suse_enable_tpm = 0; +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -85,6 +85,15 @@ enum { @@ -37,7 +35,7 @@ Index: grub-2.06/util/grub-install.c OPTION_BOOT_DIRECTORY = 0x301, OPTION_ROOT_DIRECTORY, OPTION_TARGET, -@@ -109,6 +118,8 @@ enum +@@ -109,6 +118,8 @@ OPTION_NO_BOOTSECTOR, OPTION_NO_RS_CODES, OPTION_SUSE_ENABLE_TPM, @@ -46,7 +44,7 @@ Index: grub-2.06/util/grub-install.c OPTION_MACPPC_DIRECTORY, OPTION_ZIPL_DIRECTORY, OPTION_LABEL_FONT, -@@ -238,6 +249,14 @@ argp_parser (int key, char *arg, struct +@@ -238,6 +249,14 @@ suse_enable_tpm = 1; return 0; @@ -61,7 +59,7 @@ Index: grub-2.06/util/grub-install.c case OPTION_DEBUG: verbosity++; return 0; -@@ -300,7 +319,12 @@ static struct argp_option options[] = { +@@ -300,7 +319,12 @@ N_("Do not apply any reed-solomon codes when embedding core.img. " "This option is only available on x86 BIOS targets."), 0}, {"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0}, @@ -75,7 +73,7 @@ Index: grub-2.06/util/grub-install.c {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, {"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2}, {"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2}, -@@ -373,6 +397,22 @@ help_filter (int key, const char *text, +@@ -375,6 +399,22 @@ free (plats); return ret; } @@ -98,7 +96,7 @@ Index: grub-2.06/util/grub-install.c case ARGP_KEY_HELP_POST_DOC: return xasprintf (text, program_name, GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME); default: -@@ -1636,13 +1676,34 @@ main (int argc, char *argv[]) +@@ -1681,13 +1721,34 @@ char mkimage_target[200]; const char *core_name = NULL; @@ -131,10 +129,10 @@ Index: grub-2.06/util/grub-install.c case GRUB_INSTALL_PLATFORM_X86_64_EFI: case GRUB_INSTALL_PLATFORM_ARM_EFI: - case GRUB_INSTALL_PLATFORM_ARM64_EFI: + case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI: case GRUB_INSTALL_PLATFORM_RISCV32_EFI: case GRUB_INSTALL_PLATFORM_RISCV64_EFI: - case GRUB_INSTALL_PLATFORM_IA64_EFI: -@@ -1712,13 +1773,75 @@ main (int argc, char *argv[]) +@@ -1758,13 +1819,75 @@ core_name); char *prefix = xasprintf ("%s%s", prefix_drive ? : "", relative_grubdir); @@ -211,7 +209,7 @@ Index: grub-2.06/util/grub-install.c /* Backward-compatibility kludges. */ switch (platform) { -@@ -2014,6 +2137,13 @@ main (int argc, char *argv[]) +@@ -2061,6 +2184,13 @@ grub_set_install_backup_ponr (); free (dst); diff --git a/grub2-secureboot-no-insmod-on-sb.patch b/grub2-secureboot-no-insmod-on-sb.patch index 860f84b..5779650 100644 --- a/grub2-secureboot-no-insmod-on-sb.patch +++ b/grub2-secureboot-no-insmod-on-sb.patch @@ -16,10 +16,8 @@ Signed-off-by: Michael Chang include/grub/efi/efi.h | 1 + 3 files changed, 46 insertions(+) -Index: grub-2.04/grub-core/kern/dl.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/dl.c -+++ grub-2.04/grub-core/kern/dl.c +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c @@ -38,6 +38,10 @@ #define GRUB_MODULES_MACHINE_READONLY #endif @@ -31,7 +29,7 @@ Index: grub-2.04/grub-core/kern/dl.c #pragma GCC diagnostic ignored "-Wcast-align" -@@ -688,6 +692,19 @@ grub_dl_load_file (const char *filename) +@@ -708,6 +712,19 @@ grub_boot_time ("Loading module %s", filename); diff --git a/grub2-simplefb.patch b/grub2-simplefb.patch index 67d90f2..f624abd 100644 --- a/grub2-simplefb.patch +++ b/grub2-simplefb.patch @@ -1,8 +1,8 @@ ---- grub-2.06/util/grub.d/10_linux.in 2021-12-08 14:57:02.381591797 +0100 -+++ grub-2.06/util/grub.d/10_linux.in 2021-12-08 15:09:08.563593340 +0100 -@@ -149,7 +149,7 @@ +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -116,7 +116,7 @@ # FIXME: We need an interface to select vesafb in case efifb can't be used. if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then echo " load_video" | sed "s/^/$submenu_indentation/" diff --git a/grub2-suse-remove-linux-root-param.patch b/grub2-suse-remove-linux-root-param.patch index 2d82d27..28a218a 100644 --- a/grub2-suse-remove-linux-root-param.patch +++ b/grub2-suse-remove-linux-root-param.patch @@ -1,8 +1,8 @@ --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in -@@ -296,7 +296,8 @@ +@@ -299,7 +299,8 @@ + GRUB_OS_PROBER_SKIP_LIST \ GRUB_DISABLE_SUBMENU \ - GRUB_CMDLINE_LINUX_RECOVERY \ SUSE_BTRFS_SNAPSHOT_BOOTING \ - SUSE_CMDLINE_XENEFI + SUSE_CMDLINE_XENEFI \ @@ -12,7 +12,7 @@ rm -f "${grub_cfg}.new" --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -74,7 +74,7 @@ +@@ -76,7 +76,7 @@ else rootsubvol="`make_system_path_relative_to_its_root /`" rootsubvol="${rootsubvol#/}" @@ -21,7 +21,7 @@ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" fi fi;; -@@ -85,6 +85,10 @@ +@@ -87,6 +87,10 @@ ;; esac @@ -34,7 +34,7 @@ hotkey=1 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in -@@ -98,7 +98,7 @@ +@@ -100,7 +100,7 @@ else rootsubvol="`make_system_path_relative_to_its_root /`" rootsubvol="${rootsubvol#/}" @@ -43,7 +43,7 @@ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" fi fi;; -@@ -109,6 +109,10 @@ +@@ -111,6 +111,10 @@ ;; esac diff --git a/grub2-use-rpmsort-for-version-sorting.patch b/grub2-use-rpmsort-for-version-sorting.patch index d227cf6..02fea75 100644 --- a/grub2-use-rpmsort-for-version-sorting.patch +++ b/grub2-use-rpmsort-for-version-sorting.patch @@ -1,28 +1,143 @@ v2: Fix wrong sorting order if version contains "-" delimiter -Index: grub-2.06/util/grub-mkconfig_lib.in -=================================================================== ---- grub-2.06.orig/util/grub-mkconfig_lib.in -+++ grub-2.06/util/grub-mkconfig_lib.in -@@ -220,9 +220,9 @@ version_sort () - - version_test_numeric () +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -203,12 +203,17 @@ + version_sort () { -- version_test_numeric_a="$1" -+ version_test_numeric_a="`echo "$1" | sed -e 's/-\([^0-9]*\)$/\.\1/' -e 's/-/~/g' -e 's/~\([^~]*\)$/-\1/'`" - version_test_numeric_cmp="$2" -- version_test_numeric_b="$3" -+ version_test_numeric_b="`echo "$3" | sed -e 's/-\([^0-9]*\)$/\.\1/' -e 's/-/~/g' -e 's/~\([^~]*\)$/-\1/'`" - if [ "$version_test_numeric_a" = "$version_test_numeric_b" ] ; then - case "$version_test_numeric_cmp" in - ge|eq|le) return 0 ;; -@@ -234,7 +234,7 @@ version_test_numeric () - version_test_numeric_a="$version_test_numeric_b" - version_test_numeric_b="$version_test_numeric_c" - fi -- if (echo "$version_test_numeric_a" ; echo "$version_test_numeric_b") | version_sort | head -n 1 | grep -qx "$version_test_numeric_b" ; then -+ if [ "`printf '%s\n' "$version_test_numeric_a" "$version_test_numeric_b" | /usr/lib/rpm/rpmsort -r | head -n1`" = "$version_test_numeric_a" ] ; then - return 0 - else - return 1 + case $version_sort_sort_has_v in ++ rpmsort) ++ LC_ALL=C /usr/lib/rpm/rpmsort "$@";; + yes) + LC_ALL=C sort -V "$@";; + no) + LC_ALL=C sort -n "$@";; + *) +- if sort -V /dev/null 2>&1; then ++ if test -x /usr/lib/rpm/rpmsort; then ++ version_sort_sort_has_v=rpmsort ++ LC_ALL=C /usr/lib/rpm/rpmsort "$@" ++ elif sort -V /dev/null 2>&1; then + version_sort_sort_has_v=yes + LC_ALL=C sort -V "$@" + else +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -229,12 +229,56 @@ + # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). + submenu_indentation="" + ++listvrf="" ++pre_sort () { ++ local l="" ++ ++ for f in $list; do ++ vr="`echo $f | sed -e 's/[^-]*-//' -e 's/-\([^0-9]*\)$/\.\1/' -e 's/-/~/g' -e 's/~\([^~]*\)$/-\1/'`" ++ l="$l $vr" ++ listvrf="$listvrf $vr:$f" ++ done ++ ++ list=$l ++} ++ ++post_sort () { ++ local l="" ++ local vr="" ++ local f="" ++ local found="" ++ ++ for i in $reverse_sorted_list; do ++ found="" ++ for vrf in $listvrf; do ++ vr=${vrf%%:*} ++ f=${vrf#*:} ++ if test x"$vr" = x"$i"; then ++ l="$l $f" ++ found=$vrf ++ break ++ fi ++ done ++ if test -n "$found"; then ++ listvrf="`echo $listvrf | (sed -e 's!'$found'!!' 2>/dev/null || echo $listvrf)`" ++ fi ++ done ++ ++ for vrf in $listvrf; do ++ f=${vrf#*:} ++ l="$l $f" ++ done ++ ++ reverse_sorted_list=$l ++} ++pre_sort + # Perform a reverse version sort on the entire list. + # Temporarily replace the '.old' suffix by ' 1' and append ' 2' for all + # other files to order the '.old' files after their non-old counterpart + # in reverse-sorted order. + + reverse_sorted_list=$(echo $list | tr ' ' '\n' | sed -e 's/\.old$/ 1/; / 1$/! s/$/ 2/' | version_sort -r | sed -e 's/ 1$/.old/; s/ 2$//') ++post_sort + + if [ "x$GRUB_TOP_LEVEL" != x ]; then + reverse_sorted_list=$(grub_move_to_front "$GRUB_TOP_LEVEL" ${reverse_sorted_list}) +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -255,13 +255,57 @@ + # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). + submenu_indentation="" + ++listvrf="" ++pre_sort () { ++ local l="" ++ ++ for f in $linux_list; do ++ vr="`echo $f | sed -e 's/[^-]*-//' -e 's/-\([^0-9]*\)$/\.\1/' -e 's/-/~/g' -e 's/~\([^~]*\)$/-\1/'`" ++ l="$l $vr" ++ listvrf="$listvrf $vr:$f" ++ done ++ ++ linux_list=$l ++} ++ ++post_sort () { ++ local l="" ++ local vr="" ++ local f="" ++ local found="" ++ ++ for i in $reverse_sorted_linux_list; do ++ found="" ++ for vrf in $listvrf; do ++ vr=${vrf%%:*} ++ f=${vrf#*:} ++ if test x"$vr" = x"$i"; then ++ l="$l $f" ++ found=$vrf ++ break ++ fi ++ done ++ if test -n "$found"; then ++ listvrf="`echo $listvrf | (sed -e 's!'$found'!!' 2>/dev/null || echo $listvrf)`" ++ fi ++ done ++ ++ for vrf in $listvrf; do ++ f=${vrf#*:} ++ l="$l $f" ++ done ++ ++ reverse_sorted_linux_list=$l ++} + # Perform a reverse version sort on the entire xen_list and linux_list. + # Temporarily replace the '.old' suffix by ' 1' and append ' 2' for all + # other files to order the '.old' files after their non-old counterpart + # in reverse-sorted order. + + reverse_sorted_xen_list=$(echo ${xen_list} | tr ' ' '\n' | sed -e 's/\.old$/ 1/; / 1$/! s/$/ 2/' | version_sort -r | sed -e 's/ 1$/.old/; s/ 2$//') ++pre_sort + reverse_sorted_linux_list=$(echo ${linux_list} | tr ' ' '\n' | sed -e 's/\.old$/ 1/; / 1$/! s/$/ 2/' | version_sort -r | sed -e 's/ 1$/.old/; s/ 2$//') ++post_sort + + if [ "x$GRUB_TOP_LEVEL_XEN" != x ]; then + reverse_sorted_xen_list=$(grub_move_to_front "$GRUB_TOP_LEVEL_XEN" ${reverse_sorted_xen_list}) diff --git a/grub2-util-30_os-prober-multiple-initrd.patch b/grub2-util-30_os-prober-multiple-initrd.patch index 9fbb142..7f1a49e 100644 --- a/grub2-util-30_os-prober-multiple-initrd.patch +++ b/grub2-util-30_os-prober-multiple-initrd.patch @@ -1,17 +1,6 @@ -Index: grub-2.02/util/grub.d/30_os-prober.in -=================================================================== ---- grub-2.02.orig/util/grub.d/30_os-prober.in -+++ grub-2.02/util/grub.d/30_os-prober.in -@@ -216,7 +216,7 @@ EOF - LBOOT="`echo ${LINUX} | cut -d ':' -f 2`" - LLABEL="`echo ${LINUX} | cut -d ':' -f 3 | tr '^' ' '`" - LKERNEL="`echo ${LINUX} | cut -d ':' -f 4`" -- LINITRD="`echo ${LINUX} | cut -d ':' -f 5`" -+ LINITRD="`echo ${LINUX} | cut -d ':' -f 5 | tr '^' ' '`" - LPARAMS="`echo ${LINUX} | cut -d ':' -f 6- | tr '^' ' '`" - - if [ -z "${LLABEL}" ] ; then -@@ -225,7 +225,7 @@ EOF +--- a/util/grub.d/30_os-prober.in ++++ b/util/grub.d/30_os-prober.in +@@ -223,7 +223,7 @@ if [ "${LROOT}" != "${LBOOT}" ]; then LKERNEL="${LKERNEL#/boot}" diff --git a/grub2-vbe-blacklist-preferred-1440x900x32.patch b/grub2-vbe-blacklist-preferred-1440x900x32.patch index 56294de..1595992 100644 --- a/grub2-vbe-blacklist-preferred-1440x900x32.patch +++ b/grub2-vbe-blacklist-preferred-1440x900x32.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta2/grub-core/video/i386/pc/vbe.c -=================================================================== ---- grub-2.02~beta2.orig/grub-core/video/i386/pc/vbe.c -+++ grub-2.02~beta2/grub-core/video/i386/pc/vbe.c -@@ -1053,6 +1053,15 @@ grub_video_vbe_setup (unsigned int width +--- a/grub-core/video/i386/pc/vbe.c ++++ b/grub-core/video/i386/pc/vbe.c +@@ -1054,6 +1054,15 @@ || vbe_mode_info.y_resolution > height) /* Resolution exceeds that of preferred mode. */ continue; diff --git a/grub2-video-limit-the-resolution-for-fixed-bimap-font.patch b/grub2-video-limit-the-resolution-for-fixed-bimap-font.patch index 8ac64ac..350cc28 100644 --- a/grub2-video-limit-the-resolution-for-fixed-bimap-font.patch +++ b/grub2-video-limit-the-resolution-for-fixed-bimap-font.patch @@ -20,11 +20,9 @@ v2: efi_gop: Avoid high resolution when trying to keep current mode. grub-core/video/i386/pc/vbe.c | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletion(-) -Index: grub-2.02/grub-core/video/efi_gop.c -=================================================================== ---- grub-2.02.orig/grub-core/video/efi_gop.c -+++ grub-2.02/grub-core/video/efi_gop.c -@@ -360,7 +360,7 @@ grub_video_gop_setup (unsigned int width +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -358,7 +358,7 @@ grub_err_t err; unsigned bpp; int found = 0; @@ -33,7 +31,7 @@ Index: grub-2.02/grub-core/video/efi_gop.c unsigned long long best_volume = 0; unsigned int preferred_width = 0, preferred_height = 0; grub_uint8_t *buffer; -@@ -377,13 +377,21 @@ grub_video_gop_setup (unsigned int width +@@ -375,13 +375,21 @@ preferred_height = 600; grub_errno = GRUB_ERR_NONE; } @@ -57,7 +55,7 @@ Index: grub-2.02/grub-core/video/efi_gop.c { bpp = grub_video_gop_get_bpp (gop->mode->info); if (bpp && ((width == gop->mode->info->width -@@ -456,9 +464,9 @@ again: +@@ -454,9 +462,9 @@ if (!found) { @@ -69,11 +67,9 @@ Index: grub-2.02/grub-core/video/efi_gop.c goto again; } grub_dprintf ("video", "GOP: no mode found\n"); -Index: grub-2.02/grub-core/video/i386/pc/vbe.c -=================================================================== ---- grub-2.02.orig/grub-core/video/i386/pc/vbe.c -+++ grub-2.02/grub-core/video/i386/pc/vbe.c -@@ -994,7 +994,13 @@ grub_video_vbe_setup (unsigned int width +--- a/grub-core/video/i386/pc/vbe.c ++++ b/grub-core/video/i386/pc/vbe.c +@@ -994,7 +994,13 @@ { grub_vbe_get_preferred_mode (&width, &height); if (grub_errno == GRUB_ERR_NONE) diff --git a/grub2-xen-linux16.patch b/grub2-xen-linux16.patch index 4a0a462..bb8caa7 100644 --- a/grub2-xen-linux16.patch +++ b/grub2-xen-linux16.patch @@ -1,8 +1,6 @@ -Index: grub-2.02~beta2/grub-core/loader/i386/xen.c -=================================================================== ---- grub-2.02~beta2.orig/grub-core/loader/i386/xen.c -+++ grub-2.02~beta2/grub-core/loader/i386/xen.c -@@ -688,7 +688,7 @@ fail: +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -961,7 +961,7 @@ return grub_errno; } @@ -11,7 +9,7 @@ Index: grub-2.02~beta2/grub-core/loader/i386/xen.c GRUB_MOD_INIT (xen) { -@@ -700,6 +700,10 @@ GRUB_MOD_INIT (xen) +@@ -973,6 +973,10 @@ 0, N_("Load initrd.")); cmd_module = grub_register_command ("module", grub_cmd_module, 0, N_("Load module.")); @@ -22,7 +20,7 @@ Index: grub-2.02~beta2/grub-core/loader/i386/xen.c my_mod = mod; } -@@ -709,4 +713,6 @@ GRUB_MOD_FINI (xen) +@@ -982,4 +986,6 @@ grub_unregister_command (cmd_initrd); grub_unregister_command (cmd_multiboot); grub_unregister_command (cmd_module); diff --git a/grub2.changes b/grub2.changes index 8ddefbd..59f5870 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,9 +1,287 @@ +------------------------------------------------------------------- +Wed Aug 16 06:59:35 UTC 2023 - Gary Ching-Pang Lin + +- Implement NV index mode for TPM 2.0 key protector + 0001-protectors-Implement-NV-index.patch +- Fall back to passphrase mode when the key protector fails to + unlock the disk + 0002-cryptodisk-Fallback-to-passphrase.patch +- Wipe out the cached key cleanly + 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch +- Make diskfiler to look up cryptodisk devices first + 0004-diskfilter-look-up-cryptodisk-devices-first.patch + ------------------------------------------------------------------- Thu Aug 3 03:24:41 UTC 2023 - Gary Ching-Pang Lin - Change the bash-completion directory (bsc#1213855) * grub2-change-bash-completion-dir.patch +------------------------------------------------------------------- +Thu Jul 27 06:16:36 UTC 2023 - Michael Chang + +- Version bump to 2.12~rc1 + * Added: + - grub-2.12~rc1.tar.xz + * Removed: + - grub-2.06.tar.xz + * Patch dropped merged by new version: + - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch + - grub2-s390x-02-kexec-module-added-to-emu.patch + - grub2-efi-chainloader-root.patch + - grub2-Fix-incorrect-netmask-on-ppc64.patch + - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch + - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch + - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch + - grub2-s390x-10-keep-network-at-kexec.patch + - 0001-Fix-build-error-in-binutils-2.36.patch + - 0001-emu-fix-executable-stack-marking.patch + - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch + - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch + - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch + - 0001-Filter-out-POSIX-locale-for-translation.patch + - 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch + - 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch + - 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch + - 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch + - 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch + - 0002-ieee1275-claim-more-memory.patch + - 0003-ieee1275-request-memory-with-ibm-client-architecture.patch + - 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch + - 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch + - 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch + - 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch + - 0001-powerpc-do-CAS-in-a-more-compatible-way.patch + - 0001-libc-config-merge-from-glibc.patch + - 0001-video-Remove-trailing-whitespaces.patch + - 0002-loader-efi-chainloader-Simplify-the-loader-state.patch + - 0003-commands-boot-Add-API-to-pass-context-to-loader.patch + - 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch + - 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch + - 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch + - 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch + - 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch + - 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch + - 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch + - 0011-video-readers-png-Sanity-check-some-huffman-codes.patch + - 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch + - 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch + - 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch + - 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch + - 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch + - 0017-net-ip-Do-IP-fragment-maths-safely.patch + - 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch + - 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch + - 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch + - 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch + - 0022-net-tftp-Avoid-a-trivial-UAF.patch + - 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch + - 0024-net-http-Fix-OOB-write-for-split-http-headers.patch + - 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch + - 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch + - 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch + - 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch + - 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch + - 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch + - 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch + - 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch + - 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch + - 0002-cryptodisk-Refactor-to-discard-have_it-global.patch + - 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch + - 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch + - 0005-cryptodisk-Improve-cryptomount-u-error-message.patch + - 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch + - 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch + - 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch + - 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch + - 0001-crytodisk-fix-cryptodisk-module-looking-up.patch + - 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch + - 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch + - 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch + - 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch + - 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch + - 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch + - 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch + - efi-set-variable-with-attrs.patch + - 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch + - 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch + - 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch + - 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch + - 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch + - 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch + - 0002-mm-Defer-the-disk-cache-invalidation.patch + - 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch + - 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch + - 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch + - 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch + - 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch + - 0002-ieee1275-implement-vec5-for-cas-negotiation.patch + - 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch + - 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch + - 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch + - 0004-font-Remove-grub_font_dup_glyph.patch + - 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch + - 0006-font-Fix-integer-overflow-in-BMP-index.patch + - 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch + - 0008-fbutil-Fix-integer-overflow.patch + - 0009-font-Fix-an-integer-underflow-in-blit_comb.patch + - 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch + - 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch + - 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch + - 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch + - 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch + - 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch + - grub2-add-module-for-boot-loader-interface.patch + - 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch + - 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch + - 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch + - 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch + - 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch + - 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch + - 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch + - 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch + * Patch modified to new base version: + - use-grub2-as-a-package-name.patch + - grub2-fix-menu-in-xen-host-server.patch + - grub2-secureboot-add-linuxefi.patch + - grub2-secureboot-chainloader.patch + - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch + - grub2-s390x-03-output-7-bit-ascii.patch + - grub2-s390x-04-grub2-install.patch + - grub2-use-rpmsort-for-version-sorting.patch + - grub2-getroot-treat-mdadm-ddf-as-simple-device.patch + - grub2-grubenv-in-btrfs-header.patch + - grub2-commands-introduce-read_file-subcommand.patch + - grub2-efi-chainload-harder.patch + - grub2-emu-4-all.patch + - grub2-util-30_os-prober-multiple-initrd.patch + - grub2-install-fix-not-a-directory-error.patch + - grub-install-force-journal-draining-to-ensure-data-i.patch + - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch + - grub2-btrfs-04-grub2-install.patch + - grub2-btrfs-05-grub2-mkconfig.patch + - grub2-btrfs-06-subvol-mount.patch + - grub2-efi-xen-chainload.patch + - grub2-efi-xen-cmdline.patch + - grub2-efi-xen-removable.patch + - grub2-suse-remove-linux-root-param.patch + - grub2-ppc64le-disable-video.patch + - grub2-install-remove-useless-check-PReP-partition-is-empty.patch + - 0004-efinet-UEFI-IPv6-PXE-support.patch + - 0007-efinet-Setting-network-from-UEFI-device-path.patch + - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch + - 0001-add-support-for-UEFI-network-protocols.patch + - grub2-mkconfig-default-entry-correction.patch + - grub2-s390x-11-secureboot.patch + - grub2-secureboot-install-signed-grub.patch + - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch + - 0002-cmdline-Provide-cmdline-functions-as-module.patch + - 0001-efi-linux-provide-linux-command.patch + - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch + - 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch + - 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch + - 0001-Factor-out-grub_efi_linux_boot.patch + - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch + - 0015-test_asn1-test-module-for-libtasn1.patch + - 0021-appended-signatures-documentation.patch + - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch + - 0003-grub-install-support-prep-environment-block.patch + - 0004-Introduce-prep_load_env-command.patch + - 0001-grub-install-bailout-root-device-probing.patch + - 0001-install-fix-software-raid1-on-esp.patch + - 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch + - 0001-protectors-Add-key-protectors-framework.patch + - 0002-tpm2-Add-TPM-Software-Stack-TSS.patch + - 0004-cryptodisk-Support-key-protectors.patch + - 0008-linuxefi-Use-common-grub_initrd_load.patch + - 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch + - grub-read-pcr.patch + - tpm-record-pcrs.patch + - 0001-clean-up-crypttab-and-linux-modules-dependency.patch + * Patch refreshed: + - rename-grub-info-file-to-grub2.patch + - grub2-linux.patch + - grub2-simplefb.patch + - grub2-ppc-terminfo.patch + - grub2-pass-corret-root-for-nfsroot.patch + - grub2-efi-HP-workaround.patch + - grub2-secureboot-no-insmod-on-sb.patch + - grub2-linuxefi-fix-boot-params.patch + - grub2-s390x-05-grub2-mkconfig.patch + - grub2-xen-linux16.patch + - grub2-efi-disable-video-cirrus-and-bochus.patch + - grub2-vbe-blacklist-preferred-1440x900x32.patch + - grub2-mkconfig-aarch64.patch + - grub2-menu-unrestricted.patch + - grub2-mkconfig-arm.patch + - grub2-s390x-06-loadparm.patch + - grub2-s390x-07-add-image-param-for-zipl-setup.patch + - grub2-s390x-08-workaround-part-to-disk.patch + - grub2-diskfilter-support-pv-without-metadatacopies.patch + - grub2-getroot-support-nvdimm.patch + - grub2-s390x-skip-zfcpdump-image.patch + - grub2-btrfs-02-export-subvolume-envvars.patch + - grub2-btrfs-03-follow_default.patch + - grub2-btrfs-07-subvol-fallback.patch + - grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch + - grub2-btrfs-09-get-default-subvolume.patch + - grub2-btrfs-10-config-directory.patch + - grub2-efi-xen-cfg-unquote.patch + - grub2-Add-hidden-menu-entries.patch + - grub2-SUSE-Add-the-t-hotkey.patch + - grub2-ppc64le-memory-map.patch + - grub2-ppc64-cas-reboot-support.patch + - grub2-ppc64-cas-new-scope.patch + - grub2-ppc64-cas-fix-double-free.patch + - 0003-bootp-New-net_bootp6-command.patch + - 0005-grub.texi-Add-net_bootp6-doument.patch + - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch + - 0012-tpm-Build-tpm-as-module.patch + - 0002-AUDIT-0-http-boot-tracker-bug.patch + - grub2-btrfs-help-on-snapper-rollback.patch + - grub2-video-limit-the-resolution-for-fixed-bimap-font.patch + - 0001-kern-mm.c-Make-grub_calloc-inline.patch + - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch + - 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch + - 0003-Make-grub_error-more-verbose.patch + - 0001-ieee1275-Avoiding-many-unecessary-open-close.patch + - 0001-Workaround-volatile-efi-boot-variable.patch + - 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch + - 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch + - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch + - 0005-docs-grub-Document-signing-grub-under-UEFI.patch + - 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch + - 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch + - 0008-pgp-factor-out-rsa_pad.patch + - 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch + - 0011-libtasn1-import-libtasn1-4.18.0.patch + - 0014-libtasn1-compile-into-asn1-module.patch + - 0016-grub-install-support-embedding-x509-certificates.patch + - 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch + - 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch + - 0019-appended-signatures-support-verifying-appended-signa.patch + - 0020-appended-signatures-verification-tests.patch + - 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch + - 0002-Add-grub_disk_write_tail-helper-function.patch + - 0005-export-environment-at-start-up.patch + - 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch + - 0003-protectors-Add-TPM2-Key-Protector.patch + - 0005-util-grub-protect-Add-new-tool.patch + - 0010-templates-import-etc-crypttab-to-grub.cfg.patch + - grub-install-record-pcrs.patch + - safe_tpm_pcr_snapshot.patch + - 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch + - 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch + - 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch + - 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch + - 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch + * New: + - 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch + - 0001-font-Try-memdisk-fonts-with-the-same-name.patch + - 0001-Make-grub.cfg-compatible-to-old-binaries.patch + - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch + * Embedding fonts in the grub.efi to get signed for secure boot + ------------------------------------------------------------------- Wed Jul 26 03:04:25 UTC 2023 - Michael Chang diff --git a/grub2.spec b/grub2.spec index 7527b73..2ce1347 100644 --- a/grub2.spec +++ b/grub2.spec @@ -156,13 +156,18 @@ BuildRequires: update-bootloader-rpm-macros %define only_x86_64 %{nil} %endif -Version: 2.06 +%ifarch %{efi} +BuildRequires: grub2-branding +BuildRequires: squashfs +%endif + +Version: 2.12~rc1 Release: 0 Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later Group: System/Boot URL: http://www.gnu.org/software/grub/ -Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz +Source0: https://alpha.gnu.org/gnu/grub/grub-%{version}.tar.xz Source1: 90_persistent Source2: grub.default Source4: grub2.rpmlintrc @@ -186,329 +191,188 @@ Patch3: use-grub2-as-a-package-name.patch Patch4: info-dir-entry.patch Patch5: grub2-simplefb.patch Patch6: grub2-iterate-and-hook-for-extended-partition.patch -Patch8: grub2-ppc-terminfo.patch -Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch -Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch -Patch12: grub2-fix-menu-in-xen-host-server.patch -Patch15: not-display-menu-when-boot-once.patch -Patch17: grub2-pass-corret-root-for-nfsroot.patch -Patch19: grub2-efi-HP-workaround.patch -Patch21: grub2-secureboot-add-linuxefi.patch -Patch23: grub2-secureboot-no-insmod-on-sb.patch -Patch25: grub2-secureboot-chainloader.patch -Patch27: grub2-linuxefi-fix-boot-params.patch -Patch35: grub2-linguas.sh-no-rsync.patch -Patch37: grub2-use-Unifont-for-starfield-theme-terminal.patch -Patch38: grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch -Patch39: grub2-s390x-02-kexec-module-added-to-emu.patch -Patch40: grub2-s390x-03-output-7-bit-ascii.patch -Patch41: grub2-s390x-04-grub2-install.patch -Patch42: grub2-s390x-05-grub2-mkconfig.patch -Patch43: grub2-use-rpmsort-for-version-sorting.patch -Patch53: grub2-getroot-treat-mdadm-ddf-as-simple-device.patch -Patch56: grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch -Patch58: grub2-xen-linux16.patch -Patch59: grub2-efi-disable-video-cirrus-and-bochus.patch -Patch61: grub2-vbe-blacklist-preferred-1440x900x32.patch -Patch64: grub2-grubenv-in-btrfs-header.patch -Patch65: grub2-mkconfig-aarch64.patch -Patch70: grub2-default-distributor.patch -Patch71: grub2-menu-unrestricted.patch -Patch72: grub2-mkconfig-arm.patch -Patch75: grub2-s390x-06-loadparm.patch -Patch76: grub2-s390x-07-add-image-param-for-zipl-setup.patch -Patch77: grub2-s390x-08-workaround-part-to-disk.patch -Patch78: grub2-commands-introduce-read_file-subcommand.patch -Patch79: grub2-efi-chainload-harder.patch -Patch80: grub2-emu-4-all.patch -Patch81: grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch -Patch82: grub2-diskfilter-support-pv-without-metadatacopies.patch -Patch84: grub2-s390x-09-improve-zipl-setup.patch -Patch85: grub2-getroot-scan-disk-pv.patch -Patch92: grub2-util-30_os-prober-multiple-initrd.patch -Patch93: grub2-getroot-support-nvdimm.patch -Patch94: grub2-install-fix-not-a-directory-error.patch -Patch96: grub-install-force-journal-draining-to-ensure-data-i.patch -Patch97: grub2-s390x-skip-zfcpdump-image.patch -# Btrfs snapshot booting related patches -Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch -Patch102: grub2-btrfs-02-export-subvolume-envvars.patch -Patch103: grub2-btrfs-03-follow_default.patch -Patch104: grub2-btrfs-04-grub2-install.patch -Patch105: grub2-btrfs-05-grub2-mkconfig.patch -Patch106: grub2-btrfs-06-subvol-mount.patch -Patch107: grub2-btrfs-07-subvol-fallback.patch -Patch108: grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch -Patch109: grub2-btrfs-09-get-default-subvolume.patch -Patch110: grub2-btrfs-10-config-directory.patch -# Support EFI xen loader -Patch120: grub2-efi-xen-chainload.patch -Patch121: grub2-efi-chainloader-root.patch -Patch122: grub2-efi-xen-cmdline.patch -Patch123: grub2-efi-xen-cfg-unquote.patch -Patch124: grub2-efi-xen-removable.patch -# Hidden menu entry and hotkey "t" for text console -Patch140: grub2-Add-hidden-menu-entries.patch -Patch141: grub2-SUSE-Add-the-t-hotkey.patch -# Linux root device related patches -Patch163: grub2-zipl-setup-fix-btrfs-multipledev.patch -Patch164: grub2-suse-remove-linux-root-param.patch -# PPC64 LE support -Patch205: grub2-ppc64le-disable-video.patch -Patch207: grub2-ppc64le-memory-map.patch -# PPC -Patch211: grub2-ppc64-cas-reboot-support.patch -Patch212: grub2-install-remove-useless-check-PReP-partition-is-empty.patch -Patch213: grub2-Fix-incorrect-netmask-on-ppc64.patch -Patch215: grub2-ppc64-cas-new-scope.patch -Patch218: grub2-ppc64-cas-fix-double-free.patch -Patch233: 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch -Patch234: 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch -Patch236: grub2-efi_gop-avoid-low-resolution.patch -# Support HTTP Boot IPv4 and IPv6 (fate#320129) -Patch281: 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch -Patch282: 0003-bootp-New-net_bootp6-command.patch -Patch283: 0004-efinet-UEFI-IPv6-PXE-support.patch -Patch284: 0005-grub.texi-Add-net_bootp6-doument.patch -Patch285: 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch -Patch286: 0007-efinet-Setting-network-from-UEFI-device-path.patch -Patch287: 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch -# TPM Support (FATE#315831) -Patch411: 0012-tpm-Build-tpm-as-module.patch -# UEFI HTTP and related network protocol support (FATE#320130) -Patch420: 0001-add-support-for-UEFI-network-protocols.patch -Patch421: 0002-AUDIT-0-http-boot-tracker-bug.patch -# check if default entry need to be corrected for updated distributor version -# and/or use fallback entry if default kernel entry removed (bsc#1065349) -Patch430: grub2-mkconfig-default-entry-correction.patch -Patch431: grub2-s390x-10-keep-network-at-kexec.patch -Patch432: grub2-s390x-11-secureboot.patch -Patch433: grub2-s390x-12-zipl-setup-usrmerge.patch -# Support for UEFI Secure Boot on AArch64 (FATE#326541) -Patch450: grub2-secureboot-install-signed-grub.patch -Patch501: grub2-btrfs-help-on-snapper-rollback.patch -# Improved hiDPI device support (FATE#326680) -Patch510: grub2-video-limit-the-resolution-for-fixed-bimap-font.patch -# Support long menuentries (FATE#325760) -Patch511: grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch -Patch714: 0001-kern-mm.c-Make-grub_calloc-inline.patch -Patch716: 0002-cmdline-Provide-cmdline-functions-as-module.patch -# bsc#1172745 L3: SLES 12 SP4 - Slow boot of system after updated kernel - -# takes 45 minutes after grub to start loading kernel -Patch717: 0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch -Patch718: 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch -Patch719: 0001-Unify-the-check-to-enable-btrfs-relative-path.patch -Patch721: 0001-efi-linux-provide-linux-command.patch -# Secure Boot support in GRUB on aarch64 (jsc#SLE-15864) -Patch730: 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch -Patch731: 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch -Patch732: 0003-Make-grub_error-more-verbose.patch -Patch733: 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch -Patch735: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch -Patch739: 0001-Fix-build-error-in-binutils-2.36.patch -Patch740: 0001-emu-fix-executable-stack-marking.patch -Patch784: 0044-squash-kern-Add-lockdown-support.patch -Patch786: 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch -Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch -Patch789: 0001-Workaround-volatile-efi-boot-variable.patch -Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch -Patch792: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch -Patch793: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch -Patch794: 0001-Filter-out-POSIX-locale-for-translation.patch -Patch795: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch -Patch796: 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch -Patch797: 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch -Patch798: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch -Patch799: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch -Patch800: 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch -Patch801: 0001-Factor-out-grub_efi_linux_boot.patch -Patch802: 0002-Fix-race-in-EFI-validation.patch -Patch803: 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch -Patch804: 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch -Patch805: 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch -Patch806: 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch -Patch807: 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch -Patch808: 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch -Patch809: 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch -Patch810: 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch -Patch811: 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch -Patch812: 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch -Patch813: 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch -Patch814: 0002-ieee1275-claim-more-memory.patch -Patch815: 0003-ieee1275-request-memory-with-ibm-client-architecture.patch -Patch816: 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch -Patch817: 0005-docs-grub-Document-signing-grub-under-UEFI.patch -Patch818: 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch -Patch819: 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch -Patch820: 0008-pgp-factor-out-rsa_pad.patch -Patch821: 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch -Patch822: 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch -Patch823: 0011-libtasn1-import-libtasn1-4.18.0.patch -Patch824: 0012-libtasn1-disable-code-not-needed-in-grub.patch -Patch825: 0013-libtasn1-changes-for-grub-compatibility.patch -Patch826: 0014-libtasn1-compile-into-asn1-module.patch -Patch827: 0015-test_asn1-test-module-for-libtasn1.patch -Patch828: 0016-grub-install-support-embedding-x509-certificates.patch -Patch829: 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch -Patch830: 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch -Patch831: 0019-appended-signatures-support-verifying-appended-signa.patch -Patch832: 0020-appended-signatures-verification-tests.patch -Patch833: 0021-appended-signatures-documentation.patch -Patch834: 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch -Patch835: 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch -Patch836: 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch -Patch837: 0001-Add-grub_envblk_buf-helper-function.patch -Patch838: 0002-Add-grub_disk_write_tail-helper-function.patch -Patch839: 0003-grub-install-support-prep-environment-block.patch -Patch840: 0004-Introduce-prep_load_env-command.patch -Patch841: 0005-export-environment-at-start-up.patch -Patch842: 0001-grub-install-bailout-root-device-probing.patch -Patch843: 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch -Patch844: 0001-install-fix-software-raid1-on-esp.patch -Patch845: 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch -Patch846: 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch -Patch847: 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch -Patch848: 0001-grub-probe-Deduplicate-probed-partmap-output.patch -Patch849: 0001-powerpc-do-CAS-in-a-more-compatible-way.patch -Patch850: 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch -Patch851: 0001-libc-config-merge-from-glibc.patch -Patch852: 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch -Patch853: 0001-video-Remove-trailing-whitespaces.patch -Patch854: 0002-loader-efi-chainloader-Simplify-the-loader-state.patch -Patch855: 0003-commands-boot-Add-API-to-pass-context-to-loader.patch -Patch856: 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch -Patch857: 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch -Patch858: 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch -Patch859: 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch -Patch860: 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch -Patch861: 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch -Patch862: 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch -Patch863: 0011-video-readers-png-Sanity-check-some-huffman-codes.patch -Patch864: 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch -Patch865: 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch -Patch866: 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch -Patch867: 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch -Patch868: 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch -Patch869: 0017-net-ip-Do-IP-fragment-maths-safely.patch -Patch870: 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch -Patch871: 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch -Patch872: 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch -Patch873: 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch -Patch874: 0022-net-tftp-Avoid-a-trivial-UAF.patch -Patch875: 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch -Patch876: 0024-net-http-Fix-OOB-write-for-split-http-headers.patch -Patch877: 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch -Patch878: 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch -Patch879: 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch -Patch880: 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch -Patch881: 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch -Patch882: 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch -Patch883: 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch -Patch884: 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch -Patch885: 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch -Patch886: 0002-cryptodisk-Refactor-to-discard-have_it-global.patch -Patch887: 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch -Patch888: 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch -Patch889: 0005-cryptodisk-Improve-cryptomount-u-error-message.patch -Patch890: 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch -Patch891: 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch -Patch892: 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch -Patch893: 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch - -# TPM 2.0 protector -Patch894: 0001-protectors-Add-key-protectors-framework.patch -Patch895: 0002-tpm2-Add-TPM-Software-Stack-TSS.patch -Patch896: 0003-protectors-Add-TPM2-Key-Protector.patch -Patch897: 0004-cryptodisk-Support-key-protectors.patch -Patch898: 0005-util-grub-protect-Add-new-tool.patch -Patch899: 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - -# fde -Patch901: 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch -Patch902: 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch -Patch903: 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch -Patch904: 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch -Patch905: 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch -Patch906: 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch -Patch907: 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch -Patch908: 0008-linuxefi-Use-common-grub_initrd_load.patch -Patch909: 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch -Patch910: 0010-templates-import-etc-crypttab-to-grub.cfg.patch -Patch911: grub-read-pcr.patch -Patch912: efi-set-variable-with-attrs.patch -Patch913: tpm-record-pcrs.patch - -Patch916: grub-install-record-pcrs.patch -# efi mm -Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch -Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch -Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch -Patch922: 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch -Patch923: 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch -Patch924: 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch -Patch925: 0002-mm-Defer-the-disk-cache-invalidation.patch -# powerpc-ieee1275 -Patch926: 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch -Patch927: safe_tpm_pcr_snapshot.patch -# (PED-996) NVMeoFC support on Grub (grub2) -Patch929: 0001-ieee1275-add-support-for-NVMeoFC.patch -Patch930: 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch -Patch931: 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch -Patch932: 0004-ofpath-controller-name-update.patch -# (PED-1265) TDX: Enhance grub2 measurement to TD RTMR -Patch933: 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch -Patch934: 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch -Patch935: 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch -# (PED-1990) GRUB2: Measure the kernel on POWER10 and extend TPM PCRs -Patch936: 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch -Patch937: 0002-ieee1275-implement-vec5-for-cas-negotiation.patch -Patch938: 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch -Patch939: 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch -Patch940: 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch -Patch941: 0004-font-Remove-grub_font_dup_glyph.patch -Patch942: 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch -Patch943: 0006-font-Fix-integer-overflow-in-BMP-index.patch -Patch944: 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch -Patch945: 0008-fbutil-Fix-integer-overflow.patch -Patch946: 0009-font-Fix-an-integer-underflow-in-blit_comb.patch -Patch947: 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch -Patch948: 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch -Patch949: 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch -Patch950: 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch -Patch951: 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch -Patch952: 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch -Patch953: grub2-increase-crypttab-path-buffer.patch -Patch954: 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch -Patch955: 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch -Patch956: 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch - -# Support TPM 2.0 Authorized Policy -Patch957: 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch -Patch958: 0002-tpm2-Add-more-marshal-unmarshal-functions.patch -Patch959: 0003-tpm2-Implement-more-TPM2-commands.patch -Patch960: 0004-tpm2-Support-authorized-policy.patch - -# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI) -Patch970: grub2-add-module-for-boot-loader-interface.patch -# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) -Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch -Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch -Patch973: 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch -Patch974: 0001-clean-up-crypttab-and-linux-modules-dependency.patch -Patch975: 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch -# Make grub more robust against storage race condition causing system boot failures (bsc#1189036) -Patch976: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch -Patch977: 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch -Patch978: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch -Patch979: 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch -Patch980: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch -Patch981: 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch -Patch982: 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch -# support newer extX filesystem defaults -Patch990: 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch -Patch991: 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch - -Patch992: grub2-change-bash-completion-dir.patch +Patch7: grub2-ppc-terminfo.patch +Patch8: grub2-fix-error-terminal-gfxterm-isn-t-found.patch +Patch9: grub2-fix-menu-in-xen-host-server.patch +Patch10: not-display-menu-when-boot-once.patch +Patch11: grub2-pass-corret-root-for-nfsroot.patch +Patch12: grub2-efi-HP-workaround.patch +Patch13: grub2-secureboot-add-linuxefi.patch +Patch14: grub2-secureboot-no-insmod-on-sb.patch +Patch15: grub2-secureboot-chainloader.patch +Patch16: grub2-linuxefi-fix-boot-params.patch +Patch17: grub2-linguas.sh-no-rsync.patch +Patch18: grub2-use-Unifont-for-starfield-theme-terminal.patch +Patch19: grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch +Patch20: grub2-s390x-03-output-7-bit-ascii.patch +Patch21: grub2-s390x-04-grub2-install.patch +Patch22: grub2-s390x-05-grub2-mkconfig.patch +Patch23: grub2-use-rpmsort-for-version-sorting.patch +Patch24: grub2-getroot-treat-mdadm-ddf-as-simple-device.patch +Patch25: grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch +Patch26: grub2-xen-linux16.patch +Patch27: grub2-efi-disable-video-cirrus-and-bochus.patch +Patch28: grub2-vbe-blacklist-preferred-1440x900x32.patch +Patch29: grub2-grubenv-in-btrfs-header.patch +Patch30: grub2-mkconfig-aarch64.patch +Patch31: grub2-default-distributor.patch +Patch32: grub2-menu-unrestricted.patch +Patch33: grub2-mkconfig-arm.patch +Patch34: grub2-s390x-06-loadparm.patch +Patch35: grub2-s390x-07-add-image-param-for-zipl-setup.patch +Patch36: grub2-s390x-08-workaround-part-to-disk.patch +Patch37: grub2-commands-introduce-read_file-subcommand.patch +Patch38: grub2-efi-chainload-harder.patch +Patch39: grub2-emu-4-all.patch +Patch40: grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch +Patch41: grub2-diskfilter-support-pv-without-metadatacopies.patch +Patch42: grub2-s390x-09-improve-zipl-setup.patch +Patch43: grub2-getroot-scan-disk-pv.patch +Patch44: grub2-util-30_os-prober-multiple-initrd.patch +Patch45: grub2-getroot-support-nvdimm.patch +Patch46: grub2-install-fix-not-a-directory-error.patch +Patch47: grub-install-force-journal-draining-to-ensure-data-i.patch +Patch48: grub2-s390x-skip-zfcpdump-image.patch +Patch49: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch +Patch50: grub2-btrfs-02-export-subvolume-envvars.patch +Patch51: grub2-btrfs-03-follow_default.patch +Patch52: grub2-btrfs-04-grub2-install.patch +Patch53: grub2-btrfs-05-grub2-mkconfig.patch +Patch54: grub2-btrfs-06-subvol-mount.patch +Patch55: grub2-btrfs-07-subvol-fallback.patch +Patch56: grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch +Patch57: grub2-btrfs-09-get-default-subvolume.patch +Patch58: grub2-btrfs-10-config-directory.patch +Patch59: grub2-efi-xen-chainload.patch +Patch60: grub2-efi-xen-cmdline.patch +Patch61: grub2-efi-xen-cfg-unquote.patch +Patch62: grub2-efi-xen-removable.patch +Patch63: grub2-Add-hidden-menu-entries.patch +Patch64: grub2-SUSE-Add-the-t-hotkey.patch +Patch65: grub2-zipl-setup-fix-btrfs-multipledev.patch +Patch66: grub2-suse-remove-linux-root-param.patch +Patch67: grub2-ppc64le-disable-video.patch +Patch68: grub2-ppc64le-memory-map.patch +Patch69: grub2-ppc64-cas-reboot-support.patch +Patch70: grub2-install-remove-useless-check-PReP-partition-is-empty.patch +Patch71: grub2-ppc64-cas-new-scope.patch +Patch72: grub2-ppc64-cas-fix-double-free.patch +Patch73: grub2-efi_gop-avoid-low-resolution.patch +Patch74: 0003-bootp-New-net_bootp6-command.patch +Patch75: 0004-efinet-UEFI-IPv6-PXE-support.patch +Patch76: 0005-grub.texi-Add-net_bootp6-doument.patch +Patch77: 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch +Patch78: 0007-efinet-Setting-network-from-UEFI-device-path.patch +Patch79: 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch +Patch80: 0012-tpm-Build-tpm-as-module.patch +Patch81: 0001-add-support-for-UEFI-network-protocols.patch +Patch82: 0002-AUDIT-0-http-boot-tracker-bug.patch +Patch83: grub2-mkconfig-default-entry-correction.patch +Patch84: grub2-s390x-11-secureboot.patch +Patch85: grub2-s390x-12-zipl-setup-usrmerge.patch +Patch86: grub2-secureboot-install-signed-grub.patch +Patch87: grub2-btrfs-help-on-snapper-rollback.patch +Patch88: grub2-video-limit-the-resolution-for-fixed-bimap-font.patch +Patch89: grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch +Patch90: 0001-kern-mm.c-Make-grub_calloc-inline.patch +Patch91: 0002-cmdline-Provide-cmdline-functions-as-module.patch +Patch92: 0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch +Patch93: 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch +Patch94: 0001-Unify-the-check-to-enable-btrfs-relative-path.patch +Patch95: 0001-efi-linux-provide-linux-command.patch +Patch96: 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch +Patch97: 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch +Patch98: 0003-Make-grub_error-more-verbose.patch +Patch99: 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch +Patch100: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch +Patch101: 0044-squash-kern-Add-lockdown-support.patch +Patch102: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch +Patch103: 0001-Workaround-volatile-efi-boot-variable.patch +Patch104: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch +Patch105: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch +Patch106: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch +Patch107: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch +Patch108: 0001-Factor-out-grub_efi_linux_boot.patch +Patch109: 0002-Fix-race-in-EFI-validation.patch +Patch110: 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch +Patch111: 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch +Patch112: 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch +Patch113: 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch +Patch114: 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch +Patch115: 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch +Patch116: 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch +Patch117: 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +Patch118: 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch +Patch119: 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch +Patch120: 0005-docs-grub-Document-signing-grub-under-UEFI.patch +Patch121: 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch +Patch122: 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch +Patch123: 0008-pgp-factor-out-rsa_pad.patch +Patch124: 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch +Patch125: 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch +Patch126: 0011-libtasn1-import-libtasn1-4.18.0.patch +Patch127: 0012-libtasn1-disable-code-not-needed-in-grub.patch +Patch128: 0013-libtasn1-changes-for-grub-compatibility.patch +Patch129: 0014-libtasn1-compile-into-asn1-module.patch +Patch130: 0015-test_asn1-test-module-for-libtasn1.patch +Patch131: 0016-grub-install-support-embedding-x509-certificates.patch +Patch132: 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch +Patch133: 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch +Patch134: 0019-appended-signatures-support-verifying-appended-signa.patch +Patch135: 0020-appended-signatures-verification-tests.patch +Patch136: 0021-appended-signatures-documentation.patch +Patch137: 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch +Patch138: 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch +Patch139: 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch +Patch140: 0001-Add-grub_envblk_buf-helper-function.patch +Patch141: 0002-Add-grub_disk_write_tail-helper-function.patch +Patch142: 0003-grub-install-support-prep-environment-block.patch +Patch143: 0004-Introduce-prep_load_env-command.patch +Patch144: 0005-export-environment-at-start-up.patch +Patch145: 0001-grub-install-bailout-root-device-probing.patch +Patch146: 0001-install-fix-software-raid1-on-esp.patch +Patch147: 0001-grub-probe-Deduplicate-probed-partmap-output.patch +Patch148: 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch +Patch149: 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch +Patch150: 0001-protectors-Add-key-protectors-framework.patch +Patch151: 0002-tpm2-Add-TPM-Software-Stack-TSS.patch +Patch152: 0003-protectors-Add-TPM2-Key-Protector.patch +Patch153: 0004-cryptodisk-Support-key-protectors.patch +Patch154: 0005-util-grub-protect-Add-new-tool.patch +Patch155: 0008-linuxefi-Use-common-grub_initrd_load.patch +Patch156: 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch +Patch157: 0010-templates-import-etc-crypttab-to-grub.cfg.patch +Patch158: grub-read-pcr.patch +Patch159: tpm-record-pcrs.patch +Patch160: grub-install-record-pcrs.patch +Patch161: safe_tpm_pcr_snapshot.patch +Patch162: 0001-ieee1275-add-support-for-NVMeoFC.patch +Patch163: 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch +Patch164: 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch +Patch165: 0004-ofpath-controller-name-update.patch +Patch166: 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch +Patch167: grub2-increase-crypttab-path-buffer.patch +Patch168: 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch +Patch169: 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch +Patch170: 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch +Patch171: 0002-tpm2-Add-more-marshal-unmarshal-functions.patch +Patch172: 0003-tpm2-Implement-more-TPM2-commands.patch +Patch173: 0004-tpm2-Support-authorized-policy.patch +Patch174: 0001-clean-up-crypttab-and-linux-modules-dependency.patch +Patch175: 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch +Patch176: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch +Patch177: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch +Patch178: 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch +Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch +Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch +Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch +Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch +Patch183: 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch +Patch184: grub2-change-bash-completion-dir.patch +Patch185: 0001-protectors-Implement-NV-index.patch +Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch +Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch +Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch Requires: gettext-runtime %if 0%{?suse_version} >= 1140 @@ -820,7 +684,7 @@ CD_MODULES="all_video boot cat configfile echo true \ PXE_MODULES="tftp http" CRYPTO_MODULES="luks luks2 gcry_rijndael gcry_sha1 gcry_sha256 gcry_sha512 crypttab" %ifarch %{efi} -CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2" +CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar squash4 xzio" PXE_MODULES="${PXE_MODULES} efinet" %else CD_MODULES="${CD_MODULES} net" @@ -856,7 +720,16 @@ echo "grub,%{sbat_generation_grub},Free Software Foundation,grub,%{version},http echo "grub.%{sbat_distro},%{sbat_generation},%{sbat_distro_summary},%{name},%{version},%{sbat_distro_url}" >> sbat.csv %endif -./grub-mkimage -O %{grubefiarch} -o grub.efi --prefix= %{?sbat_generation:--sbat sbat.csv} \ +mkdir -p ./fonts +cp %{_datadir}/%{name}/themes/*/*.pf2 ./fonts +cp ./unicode.pf2 ./fonts +%if 0%{?suse_version} > 1500 +tar -cf - ./fonts | mksquashfs - memdisk.sqsh -tar -comp xz -quiet -no-progress +%else +tar -cf mem.tar ./fonts && mksquashfs mem.tar memdisk.sqsh -comp xz -quiet -no-progress +%endif + +./grub-mkimage -O %{grubefiarch} -o grub.efi --memdisk=./memdisk.sqsh --prefix= %{?sbat_generation:--sbat sbat.csv} \ -d grub-core ${GRUB_MODULES} %ifarch x86_64 aarch64 @@ -1375,6 +1248,7 @@ fi %config(noreplace) %{_sysconfdir}/grub.d/05_crypttab %config(noreplace) %{_sysconfdir}/grub.d/10_linux %config(noreplace) %{_sysconfdir}/grub.d/20_linux_xen +%config(noreplace) %{_sysconfdir}/grub.d/25_bli %config(noreplace) %{_sysconfdir}/grub.d/30_uefi-firmware %config(noreplace) %{_sysconfdir}/grub.d/40_custom %config(noreplace) %{_sysconfdir}/grub.d/41_custom @@ -1509,7 +1383,7 @@ fi %files %{grubarch}-debug %defattr(-,root,root,-) %{_datadir}/%{name}/%{grubarch}/gdb_grub -%{_datadir}/%{name}/%{grubarch}/gmodule.pl +%{_datadir}/%{name}/%{grubarch}/gdb_helper.py %{_datadir}/%{name}/%{grubarch}/*.module %endif @@ -1550,7 +1424,7 @@ fi %files %{grubefiarch}-debug %defattr(-,root,root,-) %{_datadir}/%{name}/%{grubefiarch}/gdb_grub -%{_datadir}/%{name}/%{grubefiarch}/gmodule.pl +%{_datadir}/%{name}/%{grubefiarch}/gdb_helper.py %{_datadir}/%{name}/%{grubefiarch}/*.module %endif diff --git a/rename-grub-info-file-to-grub2.patch b/rename-grub-info-file-to-grub2.patch index 634e8e4..7962594 100644 --- a/rename-grub-info-file-to-grub2.patch +++ b/rename-grub-info-file-to-grub2.patch @@ -12,10 +12,8 @@ files - Makefile.core.am and Makefile.util.am - it may be necessary to manually rename it. --- -Index: grub-2.02~beta3/docs/Makefile.am -=================================================================== ---- grub-2.02~beta3.orig/docs/Makefile.am 2016-02-28 19:19:14.788874638 +0300 -+++ grub-2.02~beta3/docs/Makefile.am 2016-02-28 19:19:14.780874638 +0300 +--- a/docs/Makefile.am ++++ b/docs/Makefile.am @@ -1,7 +1,7 @@ AUTOMAKE_OPTIONS = subdir-objects @@ -25,10 +23,8 @@ Index: grub-2.02~beta3/docs/Makefile.am grub_TEXINFOS = fdl.texi EXTRA_DIST = font_char_metrics.png font_char_metrics.txt -Index: grub-2.02~beta3/docs/grub.texi -=================================================================== ---- grub-2.02~beta3.orig/docs/grub.texi 2016-02-28 19:19:14.788874638 +0300 -+++ grub-2.02~beta3/docs/grub.texi 2016-02-28 19:19:14.784874638 +0300 +--- a/docs/grub.texi ++++ b/docs/grub.texi @@ -1,7 +1,7 @@ \input texinfo @c -*-texinfo-*- diff --git a/safe_tpm_pcr_snapshot.patch b/safe_tpm_pcr_snapshot.patch index 5a1f6c5..b57523f 100644 --- a/safe_tpm_pcr_snapshot.patch +++ b/safe_tpm_pcr_snapshot.patch @@ -16,7 +16,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); -@@ -87,12 +89,6 @@ +@@ -97,12 +99,6 @@ .verify_string = grub_tpm_verify_string, }; @@ -29,7 +29,7 @@ static const struct grub_arg_option grub_tpm_record_pcrs_options[] = { { -@@ -108,6 +104,14 @@ +@@ -118,6 +114,14 @@ {0, 0, 0, 0, 0, 0} }; @@ -44,7 +44,7 @@ static grub_err_t grub_tpm_parse_pcr_index (const char *word, const char **end_ret, unsigned int *index) { -@@ -259,6 +263,10 @@ +@@ -269,6 +273,10 @@ grub_size_t size = 0; int n, rv = 1; @@ -55,7 +55,7 @@ if (argc == 0) pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT; else -@@ -287,6 +295,18 @@ +@@ -297,6 +305,18 @@ return rv; } @@ -76,7 +76,7 @@ GRUB_MOD_INIT (tpm) --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -1457,8 +1457,9 @@ +@@ -1501,8 +1501,9 @@ grub_util_unlink (load_cfg); @@ -87,7 +87,7 @@ load_cfg_f = grub_util_fopen (load_cfg, "wb"); have_load_cfg = 1; fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n"); -@@ -1466,7 +1467,8 @@ +@@ -1510,7 +1511,8 @@ if (debug_image && debug_image[0]) { diff --git a/tpm-record-pcrs.patch b/tpm-record-pcrs.patch index 4dde858..40bbb71 100644 --- a/tpm-record-pcrs.patch +++ b/tpm-record-pcrs.patch @@ -1,7 +1,5 @@ -Index: grub-2.06/grub-core/commands/tpm.c -=================================================================== ---- grub-2.06.orig/grub-core/commands/tpm.c -+++ grub-2.06/grub-core/commands/tpm.c +--- a/grub-core/commands/tpm.c ++++ b/grub-core/commands/tpm.c @@ -26,6 +26,9 @@ #include #include @@ -12,7 +10,7 @@ Index: grub-2.06/grub-core/commands/tpm.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -84,12 +87,220 @@ struct grub_file_verifier grub_tpm_verif +@@ -94,8 +97,214 @@ .verify_string = grub_tpm_verify_string, }; @@ -57,7 +55,7 @@ Index: grub-2.06/grub-core/commands/tpm.c +grub_tpm_parse_pcr_list (const char *arg, grub_uint32_t *bitmask) +{ + const char *word, *end; -+ unsigned int index, last_index; ++ unsigned int index, last_index = 0; + + if (!grub_strcmp (arg, "all")) + { @@ -165,12 +163,12 @@ Index: grub-2.06/grub-core/commands/tpm.c +static grub_err_t +grub_tpm_write_pcrs_to_efi (void *data, grub_size_t size, const char *var_name) +{ -+ grub_efi_guid_t vendor_guid = { 0x7ce323f2, 0xb841, 0x4d30, { 0xa0, 0xe9, 0x54, 0x74, 0xa7, 0x6c, 0x9a, 0x3f }}; ++ grub_guid_t vendor_guid = { 0x7ce323f2, 0xb841, 0x4d30, { 0xa0, 0xe9, 0x54, 0x74, 0xa7, 0x6c, 0x9a, 0x3f }}; + grub_err_t rc; + + rc = grub_efi_set_variable_with_attributes(var_name, &vendor_guid, -+ GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | GRUB_EFI_VARIABLE_RUNTIME_ACCESS, -+ data, size); ++ data, size, ++ GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | GRUB_EFI_VARIABLE_RUNTIME_ACCESS); + + if (rc) + return grub_error (GRUB_ERR_BAD_DEVICE, N_("Failed to publish PCR snapshot to UEFI variable %s"), var_name); @@ -220,16 +218,18 @@ Index: grub-2.06/grub-core/commands/tpm.c + GRUB_MOD_INIT (tpm) { - grub_verifier_register (&grub_tpm_verifier); -+ + cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0, + N_("LIST_OF_PCRS"), + N_("Snapshot one or more PCR values and record them in an EFI variable."), + grub_tpm_record_pcrs_options); - } + /* + * Even though this now calls ibmvtpm's grub_tpm_present() from GRUB_MOD_INIT(), + * it does seem to call it late enough in the initialization sequence so +@@ -109,6 +318,7 @@ GRUB_MOD_FINI (tpm) { - grub_verifier_unregister (&grub_tpm_verifier); + grub_unregister_extcmd (cmd); - } + if (!grub_tpm_present()) + return; + grub_verifier_unregister (&grub_tpm_verifier); diff --git a/use-grub2-as-a-package-name.patch b/use-grub2-as-a-package-name.patch index 1eaa3fc..25e2237 100644 --- a/use-grub2-as-a-package-name.patch +++ b/use-grub2-as-a-package-name.patch @@ -12,16 +12,14 @@ Signed-off-by: Jiri Slaby configure.ac | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) -Index: grub-2.06/configure.ac -=================================================================== ---- grub-2.06.orig/configure.ac -+++ grub-2.06/configure.ac -@@ -34,7 +34,7 @@ dnl "TARGET_" (such as TARGET_CC, TARGET +--- a/configure.ac ++++ b/configure.ac +@@ -34,7 +34,7 @@ dnl the target type. See INSTALL for full list of variables and dnl description of the relationships between them. --AC_INIT([GRUB],[2.06],[bug-grub@gnu.org]) -+AC_INIT([GRUB2],[2.06],[bug-grub@gnu.org]) - - AC_CONFIG_AUX_DIR([build-aux]) +-AC_INIT([GRUB],[2.12~rc1],[bug-grub@gnu.org]) ++AC_INIT([GRUB2],[2.12~rc1],[bug-grub@gnu.org]) + AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"], + [n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],