diff --git a/.grub2.metadata b/.grub2.metadata new file mode 100644 index 0000000..b1fd706 --- /dev/null +++ b/.grub2.metadata @@ -0,0 +1,4 @@ +3b39cb0830367171760ec536cab805abdbe08bc5 unifont-13.0.06.pcf.gz +cf0b7763c528902da7e8b05cfa248f20c8825ce5 theme.tar.bz2 +c9f93f1e195ec7a5a21d36a13b469788c0b29f0f grub-2.06.tar.xz +d08376d97163f99ce0d61fce160d6f7667c5c944 gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz diff --git a/0344-grub-install-on-EFI-if-forced.patch b/0344-grub-install-on-EFI-if-forced.patch new file mode 100644 index 0000000..ad231ac --- /dev/null +++ b/0344-grub-install-on-EFI-if-forced.patch @@ -0,0 +1,77 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marta Lewandowska +Date: Fri, 13 Oct 2023 09:13:41 +0200 +Subject: [PATCH] grub-install on EFI if forced + +UEFI Secure Boot requires signed grub binaries to work, so grub- +install should not be used. However, users who have Secure Boot +disabled and wish to use the command should not be prevented from +doing so if they invoke --force. + +fixes bz#1917213 / bz#2240994 + +Signed-off-by: Marta Lewandowska +--- + util/grub-install.c | 42 ++++++++++++++++++++++++++---------------- + 1 file changed, 26 insertions(+), 16 deletions(-) + +diff --git a/util/grub-install.c b/util/grub-install.c +index 5babc7af5518..162162bec6e2 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -899,22 +899,6 @@ main (int argc, char *argv[]) + + platform = grub_install_get_target (grub_install_source_directory); + +- switch (platform) +- { +- case GRUB_INSTALL_PLATFORM_ARM_EFI: +- case GRUB_INSTALL_PLATFORM_ARM64_EFI: +- case GRUB_INSTALL_PLATFORM_I386_EFI: +- case GRUB_INSTALL_PLATFORM_IA64_EFI: +- case GRUB_INSTALL_PLATFORM_X86_64_EFI: +- is_efi = 1; +- grub_util_error (_("this utility cannot be used for EFI platforms" +- " because it does not support UEFI Secure Boot")); +- break; +- default: +- is_efi = 0; +- break; +- } +- + { + char *platname = grub_install_get_platform_name (platform); + fprintf (stderr, _("Installing for %s platform.\n"), platname); +@@ -1027,6 +1011,32 @@ main (int argc, char *argv[]) + grub_hostfs_init (); + grub_host_init (); + ++ switch (platform) ++ { ++ case GRUB_INSTALL_PLATFORM_I386_EFI: ++ case GRUB_INSTALL_PLATFORM_X86_64_EFI: ++ case GRUB_INSTALL_PLATFORM_ARM_EFI: ++ case GRUB_INSTALL_PLATFORM_ARM64_EFI: ++ case GRUB_INSTALL_PLATFORM_RISCV32_EFI: ++ case GRUB_INSTALL_PLATFORM_RISCV64_EFI: ++ case GRUB_INSTALL_PLATFORM_IA64_EFI: ++ is_efi = 1; ++ if (!force) ++ grub_util_error (_("This utility should not be used for EFI platforms" ++ " because it does not support UEFI Secure Boot." ++ " If you really wish to proceed, invoke the --force" ++ " option.\nMake sure Secure Boot is disabled before" ++ " proceeding")); ++ break; ++ default: ++ is_efi = 0; ++ break; ++ ++ /* pacify warning. */ ++ case GRUB_INSTALL_PLATFORM_MAX: ++ break; ++ } ++ + /* Find the EFI System Partition. */ + if (is_efi) + { diff --git a/grub.patches b/grub.patches index 7782ccd..98bdc3b 100644 --- a/grub.patches +++ b/grub.patches @@ -341,3 +341,4 @@ Patch0340: 0340-fs-ntfs-Make-code-more-readable.patch Patch0341: 0341-grub_dl_set_mem_attrs-fix-format-string.patch Patch0342: 0342-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch Patch0343: 0343-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch +Patch0344: 0344-grub-install-on-EFI-if-forced.patch diff --git a/grub2.spec b/grub2.spec index 9bf288e..d61257f 100644 --- a/grub2.spec +++ b/grub2.spec @@ -16,7 +16,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 77%{?dist} +Release: 78%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -533,6 +533,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Thu Feb 22 2024 Nicolas Frayer - 2.06-78 +- util: grub-install on EFI if forced +- Resolves: #RHEL-20443 + * Thu Feb 22 2024 Nicolas Frayer - 2.06-77 - kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes - Resolves: #RHEL-26322