forked from pool/grub2
a3bdb368a2
- Version bump to 2.06
* rediff
- 0001-add-support-for-UEFI-network-protocols.patch
- 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
- 0003-Make-grub_error-more-verbose.patch
- 0003-bootp-New-net_bootp6-command.patch
- 0005-grub.texi-Add-net_bootp6-doument.patch
- 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
- 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
- 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
- 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- grub-install-force-journal-draining-to-ensure-data-i.patch
- grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
- grub2-diskfilter-support-pv-without-metadatacopies.patch
- grub2-efi-HP-workaround.patch
- grub2-efi-xen-cfg-unquote.patch
- grub2-efi-xen-chainload.patch
- grub2-fix-menu-in-xen-host-server.patch
- grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
- grub2-install-remove-useless-check-PReP-partition-is-empty.patch
- grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
- grub2-mkconfig-default-entry-correction.patch
- grub2-pass-corret-root-for-nfsroot.patch
- grub2-s390x-03-output-7-bit-ascii.patch
- grub2-s390x-04-grub2-install.patch
- grub2-secureboot-install-signed-grub.patch
- grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
- use-grub2-as-a-package-name.patch
* update by patch squashed:
- 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
OBS-URL: https://build.opensuse.org/request/show/904721
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=386
60 lines
2.3 KiB
Diff
60 lines
2.3 KiB
Diff
From 3741c6807923ae97b0d87e61c59c8de8af544484 Mon Sep 17 00:00:00 2001
|
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
Date: Thu, 23 Apr 2020 15:06:46 +0200
|
|
Subject: [PATCH 6/9] efi: Set image base address before jumping to the PE/COFF
|
|
entry point
|
|
|
|
Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux
|
|
kernel. But our custom EFI loader that supports Secure Boot instead uses
|
|
the EFI handover protocol (for x86) or jumping directly to the PE/COFF
|
|
entry point (for aarch64).
|
|
|
|
This is done to allow the bootloader to verify the images using the shim
|
|
lock protocol to avoid booting untrusted binaries.
|
|
|
|
Since the bootloader loads the kernel from the boot media instead of using
|
|
LoadImage(), it is responsible to set the Loaded Image base address before
|
|
booting the kernel.
|
|
|
|
Otherwise the kernel EFI stub will complain that it was not set correctly
|
|
and print the following warning message:
|
|
|
|
EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value
|
|
|
|
Resolves: rhbz#1825411
|
|
|
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
---
|
|
grub-core/loader/arm64/efi/linux.c | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c
|
|
===================================================================
|
|
--- grub-2.06~rc1.orig/grub-core/loader/arm64/efi/linux.c
|
|
+++ grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c
|
|
@@ -58,9 +58,24 @@ static grub_err_t
|
|
grub_efi_linux_boot (void *kernel_address, grub_off_t offset,
|
|
void *kernel_params)
|
|
{
|
|
+ grub_efi_loaded_image_t *loaded_image = NULL;
|
|
handover_func hf;
|
|
|
|
+ /*
|
|
+ * Since the EFI loader is not calling the LoadImage() and StartImage()
|
|
+ * services for loading the kernel and booting respectively, it has to
|
|
+ * set the Loaded Image base address.
|
|
+ */
|
|
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
|
|
+ if (loaded_image)
|
|
+ loaded_image->image_base = kernel_addr;
|
|
+ else
|
|
+ grub_dprintf ("linux", "Loaded Image base address could not be set\n");
|
|
+
|
|
+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
|
|
+ kernel_address, (void *)(grub_efi_uintn_t)offset, kernel_params);
|
|
hf = (handover_func)((char *)kernel_address + offset);
|
|
+ grub_dprintf ("linux", "handover_func() = %p\n", hf);
|
|
hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
|
|
|
|
return GRUB_ERR_BUG;
|