- add tboot-bsc#1207833-copy-mbi.patch: correctly move MBI from a lower

address above tboot (bsc#1207833). This fixes a broken boot situation in some configurations stopping with log line "TBOOT: loader context was moved from 0x<address> to 0x<address>". this patch syncs the Factory package with the SLE package. For some reason I forgot to add the patch to Factory first. Also upstream did not react to the patch, that I posted to their mailing list, so it's not contained in the upstream tarball. OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=118
2024-06-25 07:38:05 +00:00 · 2024-06-25 07:38:05 +00:00 · d464f59886
commit d464f59886
parent 077993b9b0
3 changed files with 38 additions and 0 deletions
--- a/tboot-bsc#1207833-copy-mbi.patch
+++ b/tboot-bsc#1207833-copy-mbi.patch
@ -0,0 +1,24 @@
+--- tboot-1.10.2/tboot/common/loader.c.orig	2023-05-31 01:49:45.935321582 -0500
+++ tboot-1.10.2/tboot/common/loader.c	2023-05-31 01:57:27.914405762 -0500
+@@ -1099,11 +1099,17 @@ move_modules(loader_ctx *lctx)
+ 
+     if ( below_tboot(lowest) )
+         from = lowest;
+-    else
+-        if ( below_tboot((unsigned long)lctx->addr) )
+
+    /*
+     * if MBI is below tboot & the lowest module, make sure it gets
+     * copied, too!
+     */
+    if ( below_tboot((unsigned long)lctx->addr) && 
+	 (unsigned long)lctx->addr < lowest )
+             from = (unsigned long)lctx->addr;
+-        else
+-            return;
+
+    if (from == 0)
+	    return;
+ 
+     unsigned long highest = get_highest_mod_end(lctx);
+     unsigned long to = PAGE_UP(highest);
--- a/tboot.changes
+++ b/tboot.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Jun 25 07:34:57 UTC 2024 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- add tboot-bsc#1207833-copy-mbi.patch: correctly move MBI from a lower
+  address above tboot (bsc#1207833). This fixes a broken boot situation in
+  some configurations stopping with log line "TBOOT: loader context was moved
+  from 0x<address> to 0x<address>".
+
+  this patch syncs the Factory package with the SLE package. For some reason I
+  forgot to add the patch to Factory first. Also upstream did not react to the
+  patch, that I posted to their mailing list, so it's not contained in the
+  upstream tarball.
+
 -------------------------------------------------------------------
 Mon Jun 17 13:09:34 UTC 2024 - Matthias Gerstner <matthias.gerstner@suse.com>

--- a/tboot.spec
+++ b/tboot.spec
@ -30,6 +30,7 @@ Patch3:         tboot-grub2-fix-menu-in-xen-host-server.patch
 Patch4:         tboot-grub2-fix-xen-submenu-name.patch
 Patch7:         tboot-distributor.patch
 Patch8:         tboot-grub2-refuse-secure-boot.patch
+Patch9:         tboot-bsc#1207833-copy-mbi.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExclusiveArch:  %{ix86} x86_64
 BuildRequires:  openssl-devel