forked from pool/tboot
Matthias Gerstner
c703ba81f8
- updated to v1.11.1 / 20230125:
20230125: v1.11.1
- Revert log memory range extension (caused memory overlaps and boot failures)
20221223: v1.11.0
- Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
- Exteded low memory range for logs (HCC CPUs had issue with not enough memory)
- "agile" removed from PCR Extend policy options (requested deprecation)
- Added handling for flexible ACM Info Table format
- lcptools: CPPFLAGS use by environment in build
- lcptools: removed __DATE__ refs to make build reproducible
- Only platform-matchin SINIT modules can be selected
- txt-acminfo: Map TXT heap using mmap
- Typo fix in man page
20220304: v1.10.5
- Fixed mlehash.c to bring back functionality and make it GCC12 compliant
- Reverted change for replacing EFI memory to bring back Tboot in-memory logs
20220224: v1.10.4
- Fix hash printing for SHA384, SHA512 and SM3
- Touch ups for GCC12
- Set GDT to map CS and DS to 4GB before jumping to Linux
- make efi_memmap_reserve handle gaps like e820_protect_region
- Ensure that growth of Multiboot tags does not go beyond original area
- Replace EFI memory map in Multiboot2 info
- Fix endianness of pcr_info->pcr_selection.size_of_select
- Don't ignore locality in PCR file
- Fix composite hashing algorithm for PCONF elements to match lcptools-1
20211210: v1.10.3
- Add UNI-VGA license information
- Remove poly1305 object files on clean
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=112
118 lines
4.0 KiB
Diff
118 lines
4.0 KiB
Diff
From: Michael Chang <mchang@suse.com>
|
|
Subject: [PATCH] fix menu in xen host server
|
|
|
|
References: bnc#771689, bnc#757895
|
|
Patch-Mainline: no
|
|
|
|
When system is configred as "Xen Virtual Machines Host Server", the
|
|
grub2 menu is not well organized. We could see some issues on it.
|
|
|
|
- Many duplicated xen entries generated by links to xen hypervisor
|
|
- Non bootable kernel entries trying to boot xen kernel natively
|
|
- The -dbg xen hypervisor takes precedence over release version
|
|
|
|
This patch fixes above three issues.
|
|
|
|
v2:
|
|
References: bnc#877040
|
|
Create only hypervisor pointed by /boot/xen.gz symlink to not clutter
|
|
the menu with multiple versions and also not include -dbg. Use custom.cfg
|
|
if you need any other custom entries.
|
|
|
|
v3:
|
|
References: bnc#865815
|
|
Porting to tboot in order to fix duplicated xen entries
|
|
|
|
Index: tboot-1.11.1/tboot/20_linux_tboot
|
|
===================================================================
|
|
--- tboot-1.11.1.orig/tboot/20_linux_tboot
|
|
+++ tboot-1.11.1/tboot/20_linux_tboot
|
|
@@ -219,6 +219,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
|
|
break
|
|
fi
|
|
done
|
|
+
|
|
+ config=
|
|
+ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
|
|
+ if test -e "${i}" ; then
|
|
+ config="${i}"
|
|
+ break
|
|
+ fi
|
|
+ done
|
|
+
|
|
+ # try to get the kernel config if $linux is a symlink
|
|
+ if test -z "${config}" ; then
|
|
+ lnk_version=`basename \`readlink -f $linux\` | sed -e "s,^[^0-9]*-,,g"`
|
|
+ if (test -n ${lnk_version} && test -e "${dirname}/config-${lnk_version}") ; then
|
|
+ config="${dirname}/config-${lnk_version}"
|
|
+ fi
|
|
+ fi
|
|
+
|
|
+ # check if we are in xen domU
|
|
+ if [ ! -e /proc/xen/xsd_port -a -e /proc/xen ]; then
|
|
+ # we're running on xen domU guest
|
|
+ dmi=/sys/class/dmi/id
|
|
+ if [ -r "${dmi}/product_name" -a -r "${dmi}/sys_vendor" ]; then
|
|
+ product_name=`cat ${dmi}/product_name`
|
|
+ sys_vendor=`cat ${dmi}/sys_vendor`
|
|
+ if test "${sys_vendor}" = "Xen" -a "${product_name}" = "HVM domU"; then
|
|
+ # xen HVM guest
|
|
+ xen_pv_domU=false
|
|
+ fi
|
|
+ fi
|
|
+ else
|
|
+ # we're running on baremetal or xen dom0
|
|
+ xen_pv_domU=false
|
|
+ fi
|
|
+
|
|
+ if test "$xen_pv_domU" = "false" ; then
|
|
+ # prevent xen kernel without pv_opt support from booting
|
|
+ if (grep -qx "CONFIG_XEN=y" "${config}" 2> /dev/null && ! grep -qx "CONFIG_PARAVIRT=y" "${config}" 2> /dev/null); then
|
|
+ echo "Skip xenlinux kernel $linux" >&2
|
|
+ list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
|
|
+ continue
|
|
+ fi
|
|
+ fi
|
|
+
|
|
if test -n "${initrd}" ; then
|
|
echo "Found initrd image: ${dirname}/${initrd}" >&2
|
|
else
|
|
Index: tboot-1.11.1/tboot/20_linux_xen_tboot
|
|
===================================================================
|
|
--- tboot-1.11.1.orig/tboot/20_linux_xen_tboot
|
|
+++ tboot-1.11.1/tboot/20_linux_xen_tboot
|
|
@@ -58,6 +58,12 @@ fi
|
|
export TEXTDOMAIN=grub
|
|
export TEXTDOMAINDIR=${prefix}/share/locale
|
|
|
|
+if [ ! -e /proc/xen/xsd_port -a -e /proc/xen ]; then
|
|
+# we're running on xen domU guest
|
|
+# prevent setting up nested virt on HVM or PV domU guest
|
|
+ exit 0
|
|
+fi
|
|
+
|
|
CLASS="--class gnu-linux --class gnu --class os --class xen"
|
|
|
|
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
|
|
@@ -191,9 +197,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
|
|
if [ "x${linux_list}" = "x" ] ; then
|
|
exit 0
|
|
fi
|
|
-xen_list=`for i in /boot/xen*; do
|
|
- if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
|
|
- done`
|
|
+# bnc#877040 - Duplicate entries for boot menu created
|
|
+# only create /boot/xen.gz symlink boot entry
|
|
+if test -L /boot/xen.gz; then
|
|
+ xen_list=`readlink -f /boot/xen.gz`
|
|
+else
|
|
+ # bnc#757895 - Grub2 menu items incorrect when "Xen Virtual Machines Host Server" selected
|
|
+ # wildcard expasion with correct suffix (.gz) for not generating many duplicated menu entries
|
|
+ xen_list=`for i in /boot/xen*.gz; do
|
|
+ if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi
|
|
+ done`
|
|
+fi
|
|
tboot_list=`for i in /boot/tboot*.gz; do
|
|
if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
|
|
done`
|