util: grub-install on EFI if forced

.grub2.metadata

@@ -0,0 +1,4 @@
+3b39cb0830367171760ec536cab805abdbe08bc5 unifont-13.0.06.pcf.gz
+cf0b7763c528902da7e8b05cfa248f20c8825ce5 theme.tar.bz2
+c9f93f1e195ec7a5a21d36a13b469788c0b29f0f grub-2.06.tar.xz
+d08376d97163f99ce0d61fce160d6f7667c5c944 gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz

0344-grub-install-on-EFI-if-forced.patch

@@ -0,0 +1,77 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marta Lewandowska <mlewando@redhat.com>
+Date: Fri, 13 Oct 2023 09:13:41 +0200
+Subject: [PATCH] grub-install on EFI if forced
+
+UEFI Secure Boot requires signed grub binaries to work, so grub-
+install should not be used. However, users who have Secure Boot
+disabled and wish to use the command should not be prevented from
+doing so if they invoke --force.
+
+fixes bz#1917213 / bz#2240994
+
+Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
+---
+ util/grub-install.c | 42 ++++++++++++++++++++++++++----------------
+ 1 file changed, 26 insertions(+), 16 deletions(-)
+
+diff --git a/util/grub-install.c b/util/grub-install.c
+index 5babc7af5518..162162bec6e2 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -899,22 +899,6 @@ main (int argc, char *argv[])
+ 
+   platform = grub_install_get_target (grub_install_source_directory);
+ 
+-  switch (platform)
+-    {
+-    case GRUB_INSTALL_PLATFORM_ARM_EFI:
+-    case GRUB_INSTALL_PLATFORM_ARM64_EFI:
+-    case GRUB_INSTALL_PLATFORM_I386_EFI:
+-    case GRUB_INSTALL_PLATFORM_IA64_EFI:
+-    case GRUB_INSTALL_PLATFORM_X86_64_EFI:
+-      is_efi = 1;
+-      grub_util_error (_("this utility cannot be used for EFI platforms"
+-                         " because it does not support UEFI Secure Boot"));
+-      break;
+-    default:
+-      is_efi = 0;
+-      break;
+-    }
+-
+   {
+     char *platname = grub_install_get_platform_name (platform);
+     fprintf (stderr, _("Installing for %s platform.\n"), platname);
+@@ -1027,6 +1011,32 @@ main (int argc, char *argv[])
+   grub_hostfs_init ();
+   grub_host_init ();
+ 
++  switch (platform)
++    {
++    case GRUB_INSTALL_PLATFORM_I386_EFI:
++    case GRUB_INSTALL_PLATFORM_X86_64_EFI:
++    case GRUB_INSTALL_PLATFORM_ARM_EFI:
++    case GRUB_INSTALL_PLATFORM_ARM64_EFI:
++    case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
++    case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
++    case GRUB_INSTALL_PLATFORM_IA64_EFI:
++      is_efi = 1;
++      if (!force)
++        grub_util_error (_("This utility should not be used for EFI platforms"
++                          " because it does not support UEFI Secure Boot."
++                          " If you really wish to proceed, invoke the --force"
++                          " option.\nMake sure Secure Boot is disabled before"
++                          " proceeding"));
++      break;
++    default:
++      is_efi = 0;
++      break;
++
++      /* pacify warning.  */
++    case GRUB_INSTALL_PLATFORM_MAX:
++      break;
++    }
++
+   /* Find the EFI System Partition.  */
+   if (is_efi)
+     {

grub.patches

@@ -341,3 +341,4 @@ Patch0340: 0340-fs-ntfs-Make-code-more-readable.patch
 Patch0341: 0341-grub_dl_set_mem_attrs-fix-format-string.patch
 Patch0342: 0342-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch
 Patch0343: 0343-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch
+Patch0344: 0344-grub-install-on-EFI-if-forced.patch

grub2.spec

@@ -16,7 +16,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	77%{?dist}
+Release:	78%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -533,6 +533,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
+* Thu Feb 22 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-78
+- util: grub-install on EFI if forced
+- Resolves: #RHEL-20443
+
 * Thu Feb 22 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-77
 - kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes
 - Resolves: #RHEL-26322