Update to be newer than f24's branch.

- Add grub2-get-kernel-settings Related: rhbz#1226325 Signed-off-by: Peter Jones <pjones@redhat.com>
2016-08-25 14:42:57 -04:00 · 2016-08-25 14:42:57 -04:00 · 9d15b4d492
commit 9d15b4d492
parent 336bf36497
102 changed files with 1947 additions and 2027 deletions
--- a/0001-IBM-client-architecture-CAS-reboot-support.patch
+++ b/0001-IBM-client-architecture-CAS-reboot-support.patch
@ -1,7 +1,7 @@
-From ea9eb6e9fb40a19264fc453778087e7e5fec24fa Mon Sep 17 00:00:00 2001
+From e32c57d2abd034cbdea24a8f51de8dbef453bd96 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Thu, 20 Sep 2012 18:07:39 -0300
-Subject: [PATCH 01/89] IBM client architecture (CAS) reboot support
+Subject: [PATCH 01/87] IBM client architecture (CAS) reboot support

 This is an implementation of IBM client architecture (CAS) reboot for GRUB.

@ -170,5 +170,5 @@ index 8e42513..9f26c69 100644
 #define FOR_IEEE1275_DEVALIASES(alias) for (grub_ieee1275_devalias_init_iterator (&(alias)); grub_ieee1275_devalias_next (&(alias));)
 
 -- 
-2.5.5
+2.7.4

--- a/0002-for-ppc-reset-console-display-attr-when-clear-screen.patch
+++ b/0002-for-ppc-reset-console-display-attr-when-clear-screen.patch
@ -1,7 +1,7 @@
-From 6c2b5d14fe79a8e0eefabef4b711133b5ce02c94 Mon Sep 17 00:00:00 2001
+From 4f82466e3b1fcf3370d82432e406f51906e1fa46 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Wed, 24 Apr 2013 10:51:48 -0300
-Subject: [PATCH 02/89] for ppc, reset console display attr when clear screen
+Subject: [PATCH 02/87] for ppc, reset console display attr when clear screen

 v2: Also use \x0c instead of a literal ^L to make future patches less
 awkward.
@ -28,5 +28,5 @@ index f0d3e3d..9bb75c1 100644
       data->reverse_video_off = grub_strdup ("\e[m");
       if (grub_strcmp ("ieee1275", str) == 0)
 -- 
-2.5.5
+2.7.4

--- a/0003-Disable-GRUB-video-support-for-IBM-power-machines.patch
+++ b/0003-Disable-GRUB-video-support-for-IBM-power-machines.patch
@ -1,7 +1,7 @@
-From 4b4bbc963438157b29fec6b38b6567e16d1e2e56 Mon Sep 17 00:00:00 2001
+From 9cff6efa3a7e15a6968fed29a29f38713da864fd Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Tue, 11 Jun 2013 15:14:05 -0300
-Subject: [PATCH 03/89] Disable GRUB video support for IBM power machines
+Subject: [PATCH 03/87] Disable GRUB video support for IBM power machines

 Should fix the problem in bugzilla:
 https://bugzilla.redhat.com/show_bug.cgi?id=973205
@ -61,5 +61,5 @@ index 9f26c69..ab4f284 100644
 
 extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum grub_ieee1275_flag flag);
 -- 
-2.5.5
+2.7.4

--- a/0004-Fix-bzr-s-ignore-artificats-in-.gitignore.patch
+++ b/0004-Fix-bzr-s-ignore-artificats-in-.gitignore.patch
@ -1,7 +1,7 @@
-From 668d1227194fc45d19dec7c90b4d004378c822af Mon Sep 17 00:00:00 2001
+From 512fe6865738286c94f87da64ca6b475bc3e2f38 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 7 Jul 2015 10:13:14 -0400
-Subject: [PATCH 04/89] Fix bzr's ignore artificats in .gitignore
+Subject: [PATCH 04/87] Fix bzr's ignore artificats in .gitignore

 We lost a man page because of incompatibilities between bzr's ignore
 system and .gitignore, so solve that slightly better.
@ -367,5 +367,5 @@ index 18ab8e8..06c9f3a 100644
 -/grub-fs-tester
 +xzcompress_test
 -- 
-2.5.5
+2.7.4

--- a/0005-Honor-a-symlink-when-generating-configuration-by-gru.patch
+++ b/0005-Honor-a-symlink-when-generating-configuration-by-gru.patch
@ -1,7 +1,7 @@
-From 3be0a8cb87161ffb64ef9e94cf893e228a84f630 Mon Sep 17 00:00:00 2001
+From 7f1ea377390345b8ef7609ad0fa2952708b17e19 Mon Sep 17 00:00:00 2001
 From: Marcel Kolaja <mkolaja@redhat.com>
 Date: Tue, 21 Jan 2014 10:57:08 -0500
-Subject: [PATCH 05/89] Honor a symlink when generating configuration by
+Subject: [PATCH 05/87] Honor a symlink when generating configuration by
 grub2-mkconfig

 Honor a symlink when generating configuration by grub2-mkconfig, so that
@ -25,5 +25,5 @@ index f8496d2..3b070fd 100644
 fi
 
 -- 
-2.5.5
+2.7.4

--- a/0006-Move-bash-completion-script-922997.patch
+++ b/0006-Move-bash-completion-script-922997.patch
@ -1,7 +1,7 @@
-From 3dca3dbb01a52fdc90f548a2461c8fc8e04336ab Mon Sep 17 00:00:00 2001
+From 5b77e510eb6e4b649c53ab0790cdc9fdf0c85be9 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 3 Apr 2013 14:35:34 -0400
-Subject: [PATCH 06/89] Move bash completion script (#922997)
+Subject: [PATCH 06/87] Move bash completion script (#922997)

 Apparently these go in a new place now.
 ---
@ -10,7 +10,7 @@ Apparently these go in a new place now.
 2 files changed, 11 insertions(+), 1 deletion(-)

 diff --git a/configure.ac b/configure.ac
-index 57e1713..21023ae 100644
+index 9ddfc53..ab9134c 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -287,6 +287,14 @@ AC_SUBST(grubdirname)
@ -28,7 +28,7 @@ index 57e1713..21023ae 100644
 #
 # Checks for build programs.
 #
-@@ -475,6 +483,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags"
+@@ -476,6 +484,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags"
 # Check for target programs.
 #
 
@ -51,5 +51,5 @@ index 136287c..61108f0 100644
 
 $(bash_completion_script): $(bash_completion_source) $(top_builddir)/config.status
 -- 
-2.5.5
+2.7.4

--- a/0007-Update-to-minilzo-2.08.patch
+++ b/0007-Update-to-minilzo-2.08.patch
@ -1,7 +1,7 @@
-From fcbba25979fc9e26ab8e6eed5c84668a5f134b12 Mon Sep 17 00:00:00 2001
+From 579ecb682efc5221b4a13b8009af1731f5349912 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 4 Dec 2014 15:36:09 -0500
-Subject: [PATCH 07/89] Update to minilzo-2.08
+Subject: [PATCH 07/87] Update to minilzo-2.08

 This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow

@ -8786,5 +8786,5 @@ index 74fefa9..7937454 100644
 
 
 -- 
-2.5.5
+2.7.4

--- a/0008-Add-vlan-tag-support-on-IBM-PPC-machines.patch
+++ b/0008-Add-vlan-tag-support-on-IBM-PPC-machines.patch
@ -1,7 +1,7 @@
-From 99745ca3450dbbd364569a13b61fbf2a36cb3a88 Mon Sep 17 00:00:00 2001
+From de423b22780b0fd225a1ee476166777af29d53d0 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Tue, 30 Oct 2012 15:19:39 -0200
-Subject: [PATCH 08/89] Add vlan-tag support on IBM PPC machines
+Subject: [PATCH 08/87] Add vlan-tag support on IBM PPC machines

 This patch adds support for virtual LAN (VLAN) tagging. VLAN tagging allows
 multiple VLANs in a bridged network to share the same physical network link but
@ -182,5 +182,5 @@ index 2192fa1..6ac9d72 100644
 +
 #endif /* ! GRUB_NET_HEADER */
 -- 
-2.5.5
+2.7.4

--- a/0009-Allow-fallback-to-include-entries-by-title-not-just-.patch
+++ b/0009-Allow-fallback-to-include-entries-by-title-not-just-.patch
@ -1,7 +1,7 @@
-From 10da6e0e6bf723e99332fb1c34e6355a98bbb83f Mon Sep 17 00:00:00 2001
+From 196ae5abd961cd64b60d9ab41bfc02d340e8bb6f Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Fri, 5 Sep 2014 10:07:04 -0400
-Subject: [PATCH 09/89] Allow "fallback" to include entries by title, not just
+Subject: [PATCH 09/87] Allow "fallback" to include entries by title, not just
 number.

 Resolves: rhbz#1026084
@ -140,5 +140,5 @@ index 719e2fb..2e8a7bd 100644
 static int
 get_entry_number (grub_menu_t menu, const char *name)
 -- 
-2.5.5
+2.7.4

--- a/0010-Add-GRUB_DISABLE_UUID.patch
+++ b/0010-Add-GRUB_DISABLE_UUID.patch
@ -1,7 +1,7 @@
-From c13e60be8ff3c4b1c2ba0a1aebd4b09f8ec7dbc0 Mon Sep 17 00:00:00 2001
+From 8f405e93871ad51cd9ab4dfdea844042a33fa7f0 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 4 Sep 2014 16:49:25 -0400
-Subject: [PATCH 10/89] Add GRUB_DISABLE_UUID.
+Subject: [PATCH 10/87] Add GRUB_DISABLE_UUID.

 This will cause "search --fs-uuid --set=root ..." not to be generated by
 grub2-mkconfig, and instead simply attempt to use the grub device name
@ -95,5 +95,5 @@ index 60b31ca..cf35e41 100644
   else
     echo $device |sed 's, ,_,g'
 -- 
-2.5.5
+2.7.4

--- a/0011-Make-exit-take-a-return-code.patch
+++ b/0011-Make-exit-take-a-return-code.patch
@ -1,7 +1,7 @@
-From 898b245564f15fbbe02692423d40e1dad08f60ad Mon Sep 17 00:00:00 2001
+From 6879936079d17ace35cebcab787f7fb9f8cd205e Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 26 Feb 2014 21:49:12 -0500
-Subject: [PATCH 11/89] Make "exit" take a return code.
+Subject: [PATCH 11/87] Make "exit" take a return code.

 This adds "exit" with a return code.  With this patch, any "exit"
 command /may/ include a return code, and on platforms that support
@ -255,5 +255,5 @@ index 2a9f87c..0620814 100644
 					  grub_uint64_t d,
 					  grub_uint64_t *r);
 -- 
-2.5.5
+2.7.4

--- a/0012-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch
+++ b/0012-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch
@ -1,7 +1,7 @@
-From db6df67d0aca17b1ebf6a73dc21cc09ec44c2187 Mon Sep 17 00:00:00 2001
+From ef756db92dd4f47ed4bb4aede86d33326b0b9188 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 22 Jul 2015 11:21:01 -0400
-Subject: [PATCH 12/89] Mark po/exclude.pot as binary so git won't try to diff
+Subject: [PATCH 12/87] Mark po/exclude.pot as binary so git won't try to diff
 nonprintables.

 Signed-off-by: Peter Jones <pjones@redhat.com>
@ -18,5 +18,5 @@ index 0000000..33ffaa4
@@ -0,0 +1 @@
 +po/exclude.pot binary
 -- 
-2.5.5
+2.7.4

--- a/0013-Make-efi-machines-load-an-env-block-from-a-variable.patch
+++ b/0013-Make-efi-machines-load-an-env-block-from-a-variable.patch
@ -1,7 +1,7 @@
-From 09d7e9f1a0bfbbdcf816c0165a95b2fee6a0297e Mon Sep 17 00:00:00 2001
+From e14c5369fea76d1e067ca9f7e5e55bfe615cb639 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 7 Dec 2015 14:20:49 -0500
-Subject: [PATCH 13/89] Make efi machines load an env block from a variable
+Subject: [PATCH 13/87] Make efi machines load an env block from a variable

 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -80,5 +80,5 @@ index e9c85de..a5b6c1d 100644
 			     char **path);
 
 -- 
-2.5.5
+2.7.4

--- a/0014-DHCP-client-ID-and-UUID-options-added.patch
+++ b/0014-DHCP-client-ID-and-UUID-options-added.patch
@ -1,7 +1,7 @@
-From 9a13b0203bf45cdc961bbc6bdcce763aec289038 Mon Sep 17 00:00:00 2001
+From 12fb24b4d8a8f0fd7f79bc224157c290ebab31f4 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Tue, 27 Nov 2012 17:18:53 -0200
-Subject: [PATCH 14/89] DHCP client ID and UUID options added.
+Subject: [PATCH 14/87] DHCP client ID and UUID options added.

 ---
 grub-core/net/bootp.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++-----
@ -141,5 +141,5 @@ index 6ac9d72..96aa9fa 100644
   };
 
 -- 
-2.5.5
+2.7.4

--- a/0015-trim-arp-packets-with-abnormal-size.patch
+++ b/0015-trim-arp-packets-with-abnormal-size.patch
@ -1,7 +1,7 @@
-From 03011792061af809b53023bb4458627af80f0b8f Mon Sep 17 00:00:00 2001
+From a6f4624278357f853e3e8888e538eb0ef3654556 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Wed, 5 Feb 2014 09:42:42 -0200
-Subject: [PATCH 15/89] trim arp packets with abnormal size
+Subject: [PATCH 15/87] trim arp packets with abnormal size

 GRUB uses arp request to create the arp response. If the incoming packet
 is foobared, GRUB needs to trim the arp response packet before sending it.
@ -27,5 +27,5 @@ index 4b68c41..f7c59d3 100644
 	struct grub_net_buff nb_reply;
 	struct arppkt *arp_reply;
 -- 
-2.5.5
+2.7.4

--- a/0016-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch
+++ b/0016-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch
@ -1,7 +1,7 @@
-From ff07352c36d9d307428f55881d951f0513af40fa Mon Sep 17 00:00:00 2001
+From c22139b340f1a306ad718646a4cd4bc1d4039d7b Mon Sep 17 00:00:00 2001
 From: Prarit Bhargava <prarit@redhat.com>
 Date: Wed, 12 Mar 2014 10:58:16 -0400
-Subject: [PATCH 16/89] Fix bad test on GRUB_DISABLE_SUBMENU.
+Subject: [PATCH 16/87] Fix bad test on GRUB_DISABLE_SUBMENU.

 The file /etc/grub.d/10_linux does

@ -37,5 +37,5 @@ index de9044c..cf6331f 100644
     "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
 
 -- 
-2.5.5
+2.7.4

--- a/0017-Add-support-for-UEFI-operating-systems-returned-by-o.patch
+++ b/0017-Add-support-for-UEFI-operating-systems-returned-by-o.patch
@ -0,0 +1,50 @@
+From f0daa044a90c508f8f60d23e5ef39597ec80c2cc Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Wed, 12 Jun 2013 11:51:49 -0400
+Subject: [PATCH 17/87] Add support for UEFI operating systems returned by
+ os-prober
+
+os-prober returns UEFI operating systems in the form:
+
+path:long-name:name
+
+where path is the path under the EFI directory on the ESP. This is in
+contrast to legacy OSes, where path is the device string. Handle this case.
+---
+ util/grub.d/30_os-prober.in | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
+index 515a68c..9b8f596 100644
+--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
+@@ -328,8 +328,23 @@ EOF
+ EOF
+     ;;
+     *)
+-      # TRANSLATORS: %s is replaced by OS name.
+-      gettext_printf "%s is not yet supported by grub-mkconfig.\n" "  ${LONGNAME}" >&2
+-    ;;
+      case ${DEVICE} in
+	*.efi)
+	  cat << EOF
+menuentry '$(echo "${LONGNAME}" | grub_quote)' {
+EOF
+	  save_default_entry | grub_add_tab
+	  cat << EOF
+	  chainloader /EFI/${DEVICE}
+	  boot
+}
+EOF
+	  ;;
+	*)
+          echo -n "  "
+          # TRANSLATORS: %s is replaced by OS name.
+          gettext_printf "%s is not yet supported by grub-mkconfig.\n" "${LONGNAME}" >&2
+        ;;
+      esac
+   esac
+ done
+-- 
+2.7.4
+
--- a/0018-Migrate-PPC-from-Yaboot-to-Grub2.patch
+++ b/0018-Migrate-PPC-from-Yaboot-to-Grub2.patch
@ -1,7 +1,7 @@
-From 672a3f12ad7f52da6e03e2dc361cfe6ef1b4e52b Mon Sep 17 00:00:00 2001
+From 0e433858169473aa7a042c28dd6f0d4e1adab8d7 Mon Sep 17 00:00:00 2001
 From: Mark Hamzy <hamzy@us.ibm.com>
 Date: Wed, 28 Mar 2012 14:46:41 -0500
-Subject: [PATCH 17/89] Migrate PPC from Yaboot to Grub2
+Subject: [PATCH 18/87] Migrate PPC from Yaboot to Grub2

 Add configuration support for serial terminal consoles.  This will set the
 maximum screen size so that text is not overwritten.
@ -150,5 +150,5 @@ index 0000000..10d6658
 +  terminfo -g ${X}x${Y} ${TERMINAL}
 +EOF
 -- 
-2.5.5
+2.7.4

--- a/0019-Add-fw_path-variable-revised.patch
+++ b/0019-Add-fw_path-variable-revised.patch
@ -1,7 +1,7 @@
-From 88c7ba4163340b2652f9009b65d850625588b6a9 Mon Sep 17 00:00:00 2001
+From fdc52554d998170f56ed45856082f4a3bfeb3e2a Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Wed, 19 Sep 2012 21:22:55 -0300
-Subject: [PATCH 18/89] Add fw_path variable (revised)
+Subject: [PATCH 19/87] Add fw_path variable (revised)

 This patch makes grub look for its config file on efi where the app was
 found. It was originally written by Matthew Garrett, and adapted to fix the
@ -77,5 +77,5 @@ index 249e19b..759c475 100644
       prefix = grub_env_get ("prefix");
       if (prefix)
 -- 
-2.5.5
+2.7.4

--- a/0020-Add-support-for-linuxefi.patch
+++ b/0020-Add-support-for-linuxefi.patch
@ -1,7 +1,7 @@
-From b1ce49059c27b9d2f35ced805acd09d867954a5e Mon Sep 17 00:00:00 2001
+From a64179016df64b72cc956fd6085ca3ed1a41baac Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg@redhat.com>
 Date: Tue, 10 Jul 2012 11:58:52 -0400
-Subject: [PATCH 19/89] Add support for linuxefi
+Subject: [PATCH 20/87] Add support for linuxefi

 ---
 grub-core/Makefile.core.def       |   8 +
@ -478,5 +478,5 @@ index da0ca3b..fc36bda 100644
 
 /* Boot parameters for Linux based on 2.6.12. This is used by the setup
 -- 
-2.5.5
+2.7.4

--- a/0021-Use-linuxefi-and-initrdefi-where-appropriate.patch
+++ b/0021-Use-linuxefi-and-initrdefi-where-appropriate.patch
@ -1,7 +1,7 @@
-From fa62e2f81abb3a06357cc48a1f983bd2579b7a28 Mon Sep 17 00:00:00 2001
+From 5894e3bfaf055554c786b4c1a9452d4e3bb9f568 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 16 Jul 2012 18:57:11 -0400
-Subject: [PATCH 20/89] Use "linuxefi" and "initrdefi" where appropriate.
+Subject: [PATCH 21/87] Use "linuxefi" and "initrdefi" where appropriate.

 ---
 util/grub.d/10_linux.in | 18 ++++++++++++++++--
@ -46,5 +46,5 @@ index cf6331f..8ccf012 100644
   sed "s/^/$submenu_indentation/" << EOF
 }
 -- 
-2.5.5
+2.7.4

--- a/0022-Don-t-allow-insmod-when-secure-boot-is-enabled.patch
+++ b/0022-Don-t-allow-insmod-when-secure-boot-is-enabled.patch
@ -1,7 +1,7 @@
-From ad7ed5502c54e6979dbc77604e14afc637c34abe Mon Sep 17 00:00:00 2001
+From 9d70f7f9a356d965ed48963e2ead12af8de97615 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Tue, 23 Oct 2012 10:40:49 -0400
-Subject: [PATCH 21/89] Don't allow insmod when secure boot is enabled.
+Subject: [PATCH 22/87] Don't allow insmod when secure boot is enabled.

 Hi,

@ -17,16 +17,23 @@ I'm currently test-building this patch (replacing your current
 grub-2.00-no-insmod-on-sb.patch), but this should be more correct.  It
 moves the check into grub_dl_load_file.
 ---
- grub-core/kern/dl.c      | 21 +++++++++++++++++++++
+ grub-core/kern/dl.c      | 22 ++++++++++++++++++++++
 grub-core/kern/efi/efi.c | 28 ++++++++++++++++++++++++++++
 include/grub/efi/efi.h   |  1 +
- 3 files changed, 50 insertions(+)
+ 3 files changed, 51 insertions(+)

 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index e394cd9..04e804d 100644
+index e394cd9..6210709 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -38,6 +38,14 @@
+@@ -32,12 +32,21 @@
+ #include <grub/env.h>
+ #include <grub/cache.h>
+ #include <grub/i18n.h>
+#include <grub/efi/sb.h>
+ 
+ /* Platforms where modules are in a readonly area of memory.  */
+ #if defined(GRUB_MACHINE_QEMU)
 #define GRUB_MODULES_MACHINE_READONLY
 #endif
 
@ -41,7 +48,7 @@ index e394cd9..04e804d 100644
 
 
 #pragma GCC diagnostic ignored "-Wcast-align"
-@@ -686,6 +694,19 @@ grub_dl_load_file (const char *filename)
+@@ -686,6 +695,19 @@ grub_dl_load_file (const char *filename)
   void *core = 0;
   grub_dl_t mod = 0;
 
@ -113,5 +120,5 @@ index 9a2da0e..2245632 100644
 EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
 					     const grub_efi_device_path_t *dp2);
 -- 
-2.5.5
+2.7.4

--- a/0023-Pass-x-hex-hex-straight-through-unmolested.patch
+++ b/0023-Pass-x-hex-hex-straight-through-unmolested.patch
@ -1,7 +1,7 @@
-From 5645686a740bfa3689a139bf1131e0330054d09f Mon Sep 17 00:00:00 2001
+From c2a19ee447623af8765254b87ff83cbb5b8253bc Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 1 Oct 2012 13:24:37 -0400
-Subject: [PATCH 22/89] Pass "\x[[:hex:]][[:hex:]]" straight through
+Subject: [PATCH 23/87] Pass "\x[[:hex:]][[:hex:]]" straight through
 unmolested.

 ---
@ -179,5 +179,5 @@ index ab78ca8..cf6cd66 100644
       case '$':
 	if (escaped)
 -- 
-2.5.5
+2.7.4

--- a/0024-Add-X-option-to-printf-functions.patch
+++ b/0024-Add-X-option-to-printf-functions.patch
@ -1,7 +1,7 @@
-From 4cf5e2dd84a0842bf20d5371ec8b9f6b38562458 Mon Sep 17 00:00:00 2001
+From c482ec700b2ba4b1fabccaa5848cccae466d3a12 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Tue, 27 Nov 2012 16:58:39 -0200
-Subject: [PATCH 23/89] Add %X option to printf functions.
+Subject: [PATCH 24/87] Add %X option to printf functions.

 ---
 grub-core/kern/misc.c | 7 +++++--
@ -54,5 +54,5 @@ index 6bb0351..81be344 100644
 	case 'd':
 	  {
 -- 
-2.5.5
+2.7.4

--- a/0025-Search-for-specific-config-file-for-netboot.patch
+++ b/0025-Search-for-specific-config-file-for-netboot.patch
@ -1,7 +1,7 @@
-From 48251724559eba74c10106007edb373a9a9261e5 Mon Sep 17 00:00:00 2001
+From 70a8c5e075d59ec13fdee4c3868b3862a8cd8aa4 Mon Sep 17 00:00:00 2001
 From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
 Date: Tue, 27 Nov 2012 17:22:07 -0200
-Subject: [PATCH 24/89] Search for specific config file for netboot
+Subject: [PATCH 25/87] Search for specific config file for netboot

 This patch implements a search for a specific configuration when the config
 file is on a remoteserver. It uses the following order:
@ -22,10 +22,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=873406
 3 files changed, 135 insertions(+), 4 deletions(-)

 diff --git a/grub-core/net/net.c b/grub-core/net/net.c
-index 9424595..e53d9a0 100644
+index 10773fc..0769bf8 100644
 --- a/grub-core/net/net.c
 +++ b/grub-core/net/net.c
-@@ -1725,6 +1725,124 @@ grub_net_restore_hw (void)
+@@ -1735,6 +1735,124 @@ grub_net_restore_hw (void)
   return GRUB_ERR_NONE;
 }
 
@ -199,5 +199,5 @@ index 96aa9fa..e13ae1e 100644
 +
 #endif /* ! GRUB_NET_HEADER */
 -- 
-2.5.5
+2.7.4

--- a/0026-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
+++ b/0026-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
@ -1,7 +1,7 @@
-From fbc0fcdfd649c1c053be735311ca15deea7a40ff Mon Sep 17 00:00:00 2001
+From 8992c2812e1e914e803429314b9164a19af4398b Mon Sep 17 00:00:00 2001
 From: Fedora Ninjas <grub2-owner@fedoraproject.org>
 Date: Tue, 22 Jan 2013 06:31:38 +0100
-Subject: [PATCH 25/89] blscfg: add blscfg module to parse Boot Loader
+Subject: [PATCH 26/87] blscfg: add blscfg module to parse Boot Loader
 Specification snippets

 http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
@ -247,5 +247,5 @@ index 0000000..4274aca
 +  grub_unregister_extcmd (cmd);
 +}
 -- 
-2.5.5
+2.7.4

--- a/0027-Don-t-write-messages-to-the-screen.patch
+++ b/0027-Don-t-write-messages-to-the-screen.patch
@ -1,7 +1,7 @@
-From 0b4548eb7f9c6f9d5b2ca5650f404a55bc3c0e9b Mon Sep 17 00:00:00 2001
+From 3e83ff704af9a967fa55d60cc3917bc4ccd85f32 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Wed, 15 May 2013 13:30:20 -0400
-Subject: [PATCH 26/89] Don't write messages to the screen
+Subject: [PATCH 27/87] Don't write messages to the screen

 Writing messages to the screen before the menus or boot splash
 happens so quickly it looks like something is wrong and isn't
@ -177,5 +177,5 @@ index 8ccf012..a3d9711 100644
 EOF
     fi
 -- 
-2.5.5
+2.7.4

--- a/0028-Don-t-print-GNU-GRUB-header.patch
+++ b/0028-Don-t-print-GNU-GRUB-header.patch
@ -1,7 +1,7 @@
-From 2f50942631fb6cc004ee527831eaab37803e379e Mon Sep 17 00:00:00 2001
+From 9bd3d2fb49a6b8e3807ce7275876fd4b416545c9 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Wed, 15 May 2013 13:53:48 -0400
-Subject: [PATCH 27/89] Don't print GNU GRUB header
+Subject: [PATCH 28/87] Don't print GNU GRUB header

 No one cares.
 ---
@ -41,5 +41,5 @@ index b2654ef..f57b750 100644
 
 static void
 -- 
-2.5.5
+2.7.4

--- a/0029-Don-t-add-to-highlighted-row.patch
+++ b/0029-Don-t-add-to-highlighted-row.patch
@ -1,7 +1,7 @@
-From fc2611a52df05b340939f26787a2a2357b9e233f Mon Sep 17 00:00:00 2001
+From dd2c80ddd0e5e57b33a9d06894225e629b1b8b5e Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Wed, 15 May 2013 17:49:45 -0400
-Subject: [PATCH 28/89] Don't add '*' to highlighted row
+Subject: [PATCH 29/87] Don't add '*' to highlighted row

 It is already highlighted.
 ---
@ -22,5 +22,5 @@ index e22bb91..a3d1f23 100644
   grub_print_ucs4_menu (unicode_title,
 			unicode_title + len,
 -- 
-2.5.5
+2.7.4

--- a/0030-Message-string-cleanups.patch
+++ b/0030-Message-string-cleanups.patch
@ -1,7 +1,7 @@
-From 960e7ed921ae6ce005d621fa251a77c2d1fc799d Mon Sep 17 00:00:00 2001
+From 4cc90ad7d495b896e0b6b2677285ced8ce70cee1 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Fri, 7 Jun 2013 11:09:04 -0400
-Subject: [PATCH 29/89] Message string cleanups
+Subject: [PATCH 30/87] Message string cleanups

 Make use of terminology consistent. Remove jargon.
 ---
@ -67,5 +67,5 @@ index a3d1f23..64a8386 100644
     {
       grub_print_error ();
 -- 
-2.5.5
+2.7.4

--- a/0031-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch
+++ b/0031-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch
@ -1,7 +1,7 @@
-From 469c9b26660bf04751c0d53c302fb43693399447 Mon Sep 17 00:00:00 2001
+From ee01481e906071d01649b61925eaac0348f9a9a7 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Fri, 7 Jun 2013 14:08:23 -0400
-Subject: [PATCH 30/89] Fix border spacing now that we aren't displaying it
+Subject: [PATCH 31/87] Fix border spacing now that we aren't displaying it

 ---
 grub-core/normal/menu_text.c | 6 +++---
@ -28,5 +28,5 @@ index 64a8386..1062d64 100644
   geo->timeout_lines = 2;
 
 -- 
-2.5.5
+2.7.4

--- a/0032-Use-the-correct-indentation-for-the-term-help-text.patch
+++ b/0032-Use-the-correct-indentation-for-the-term-help-text.patch
@ -1,7 +1,7 @@
-From bc50b0f8f8e15860ba13c71d373f7456993832fe Mon Sep 17 00:00:00 2001
+From 748c629f47f4191c66011646e010cdf5ab506b90 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Fri, 7 Jun 2013 14:08:49 -0400
-Subject: [PATCH 31/89] Use the correct indentation for the term help text
+Subject: [PATCH 32/87] Use the correct indentation for the term help text

 That is consistent with the menu help text
 ---
@ -24,5 +24,5 @@ index f57b750..0ce59fd 100644
       grub_print_message_indented (msg_formatted, 0, 0, term);
     grub_putcode ('\n', term);
 -- 
-2.5.5
+2.7.4

--- a/0033-Indent-menu-entries.patch
+++ b/0033-Indent-menu-entries.patch
@ -1,7 +1,7 @@
-From e7da891c287928fec2e88db06073485ce84b39ef Mon Sep 17 00:00:00 2001
+From 93092c8a33db0cb36392c9684a60c12fbc823554 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Fri, 7 Jun 2013 14:30:55 -0400
-Subject: [PATCH 32/89] Indent menu entries
+Subject: [PATCH 33/87] Indent menu entries

 ---
 grub-core/normal/menu_text.c | 3 ++-
@ -22,5 +22,5 @@ index 1062d64..ecc60f9 100644
   grub_print_ucs4_menu (unicode_title,
 			unicode_title + len,
 -- 
-2.5.5
+2.7.4

--- a/0034-Fix-margins.patch
+++ b/0034-Fix-margins.patch
@ -1,7 +1,7 @@
-From 40b049c635b0ebd9d98010facbbeb668e8cb90a7 Mon Sep 17 00:00:00 2001
+From ee7064d8667cf51d12f2cc5ead9b428446c563ad Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Fri, 7 Jun 2013 14:59:36 -0400
-Subject: [PATCH 33/89] Fix margins
+Subject: [PATCH 34/87] Fix margins

 ---
 grub-core/normal/menu_text.c | 8 +++-----
@ -33,5 +33,5 @@ index ecc60f9..0e43f2c 100644
     - geo->timeout_lines /* timeout */
     - 1 /* empty final line  */;
 -- 
-2.5.5
+2.7.4

--- a/0035-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch
+++ b/0035-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch
@ -1,7 +1,7 @@
-From a7358954fc6bbcadadc3c6421bed25eb10c53815 Mon Sep 17 00:00:00 2001
+From 712f456d542ec913c4a5bc13f86443f79912cbf3 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Fri, 21 Jun 2013 14:44:08 -0400
-Subject: [PATCH 34/89] Use -2 instead of -1 for our right-hand margin, so
+Subject: [PATCH 35/87] Use -2 instead of -1 for our right-hand margin, so
 linewrapping works (#976643).

 Signed-off-by: Peter Jones <grub2-owner@fedoraproject.org>
@ -23,5 +23,5 @@ index 0e43f2c..537d4bf 100644
   geo->first_entry_y = 3; /* three empty lines*/
 
 -- 
-2.5.5
+2.7.4

--- a/0036-Use-linux16-when-appropriate-880840.patch
+++ b/0036-Use-linux16-when-appropriate-880840.patch
@ -1,7 +1,7 @@
-From 6de3939ead9a9d895f708bf445b36ddf4eef67f4 Mon Sep 17 00:00:00 2001
+From aedb9655a10717fe3678a9e2fc720b55f5b0ffbc Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 28 Oct 2013 10:05:07 -0400
-Subject: [PATCH 35/89] Use linux16 when appropriate (#880840)
+Subject: [PATCH 36/87] Use linux16 when appropriate (#880840)

 The kernel group really would prefer that we use the 16 bit entry point
 on x86 bios machines.
@ -48,5 +48,5 @@ index a3d9711..f3bf6ac 100644
     fi
   fi
 -- 
-2.5.5
+2.7.4

--- a/0037-Enable-pager-by-default.-985860.patch
+++ b/0037-Enable-pager-by-default.-985860.patch
@ -1,7 +1,7 @@
-From c821c54717446a38213d4c440207728877e06758 Mon Sep 17 00:00:00 2001
+From 0b72348759eaec7d1d488e9788e724a2d48ce3f7 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 28 Oct 2013 10:09:27 -0400
-Subject: [PATCH 36/89] Enable pager by default. (#985860)
+Subject: [PATCH 37/87] Enable pager by default. (#985860)

 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -22,5 +22,5 @@ index 93a9023..858b526 100644
   load_env
 fi
 -- 
-2.5.5
+2.7.4

--- a/0038-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch
+++ b/0038-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch
@ -1,7 +1,7 @@
-From 0108e8e1d09affa11f7b365be1499bfb25ff50c1 Mon Sep 17 00:00:00 2001
+From 55d0f5f5fdecfab6c8439520491e08a0178bd5dc Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 28 Oct 2013 10:13:27 -0400
-Subject: [PATCH 37/89] F10 doesn't work on serial, so don't tell the user to
+Subject: [PATCH 38/87] F10 doesn't work on serial, so don't tell the user to
 hit it (#987443)

 Signed-off-by: Peter Jones <pjones@redhat.com>
@ -23,5 +23,5 @@ index 537d4bf..452d55b 100644
 					       STANDARD_MARGIN, STANDARD_MARGIN,
 					       term, dry_run);
 -- 
-2.5.5
+2.7.4

--- a/0039-Don-t-say-GNU-Linux-in-generated-menus.patch
+++ b/0039-Don-t-say-GNU-Linux-in-generated-menus.patch
@ -1,7 +1,7 @@
-From 801b0d582436988fd2806b919a095f2987fc3ef5 Mon Sep 17 00:00:00 2001
+From d110064c73c1604b07cdaa3d41751074b2701142 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 14 Mar 2011 14:27:42 -0400
-Subject: [PATCH 38/89] Don't say "GNU/Linux" in generated menus.
+Subject: [PATCH 39/87] Don't say "GNU/Linux" in generated menus.

 ---
 util/grub.d/10_linux.in     | 4 ++--
@ -41,5 +41,5 @@ index c48af94..25e3c41 100644
 fi
 
 -- 
-2.5.5
+2.7.4

--- a/0040-Don-t-draw-a-border-around-the-menu.patch
+++ b/0040-Don-t-draw-a-border-around-the-menu.patch
@ -1,7 +1,7 @@
-From 3cb9a57c4bd888c7513700deb4026c86080778ff Mon Sep 17 00:00:00 2001
+From fbd9d8969c059d6e5572b1acfa42ba48bc4299e2 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Wed, 15 May 2013 16:47:33 -0400
-Subject: [PATCH 39/89] Don't draw a border around the menu
+Subject: [PATCH 40/87] Don't draw a border around the menu

 It looks cleaner without it.
 ---
@ -70,5 +70,5 @@ index 452d55b..1ed2bd9 100644
   grub_term_highlight_color = old_color_highlight;
   geo->timeout_y = geo->first_entry_y + geo->num_entries
 -- 
-2.5.5
+2.7.4

--- a/0041-Use-the-standard-margin-for-the-timeout-string.patch
+++ b/0041-Use-the-standard-margin-for-the-timeout-string.patch
@ -1,7 +1,7 @@
-From 06c049445cc4fd428072e849c3098796dc9becd7 Mon Sep 17 00:00:00 2001
+From 3aeba4760755b9b263ed4ba60dc0431352b63fe7 Mon Sep 17 00:00:00 2001
 From: William Jon McCann <william.jon.mccann@gmail.com>
 Date: Fri, 7 Jun 2013 10:52:32 -0400
-Subject: [PATCH 40/89] Use the standard margin for the timeout string
+Subject: [PATCH 41/87] Use the standard margin for the timeout string

 So that it aligns with the other messages
 ---
@ -39,5 +39,5 @@ index 1ed2bd9..7681f7d 100644
     }
 
 -- 
-2.5.5
+2.7.4

--- a/0042-Add-.eh_frame-to-list-of-relocations-stripped.patch
+++ b/0042-Add-.eh_frame-to-list-of-relocations-stripped.patch
@ -1,7 +1,7 @@
-From 0b6d27b7407be21d753a66c09444ed8c19815854 Mon Sep 17 00:00:00 2001
+From 333159a74035a726841c6c888f43d983a40ed959 Mon Sep 17 00:00:00 2001
 From: Fedora Ninjas <grub2-owner@fedoraproject.org>
 Date: Mon, 13 Jan 2014 21:50:59 -0500
-Subject: [PATCH 41/89] Add .eh_frame to list of relocations stripped
+Subject: [PATCH 42/87] Add .eh_frame to list of relocations stripped

 ---
 conf/Makefile.common | 2 +-
@ -21,5 +21,5 @@ index 11296b5..a476ab5 100644
 CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
 LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
 -- 
-2.5.5
+2.7.4

--- a/0043-Make-10_linux-work-with-our-changes-for-linux16-and-.patch
+++ b/0043-Make-10_linux-work-with-our-changes-for-linux16-and-.patch
@ -1,7 +1,7 @@
-From 48e48d6b9b6f75bf01a080272f260df7132ab9c7 Mon Sep 17 00:00:00 2001
+From 5fa65416bae89efb88015e72cb21c28fe3833fc8 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 14 Jan 2014 13:12:23 -0500
-Subject: [PATCH 42/89] Make 10_linux work with our changes for linux16 and
+Subject: [PATCH 43/87] Make 10_linux work with our changes for linux16 and
 linuxefi on aarch64

 Signed-off-by: Peter Jones <pjones@redhat.com>
@ -81,5 +81,5 @@ index ef52cf3..191aebe 100644
   for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
     if test -e "${i}" ; then
 -- 
-2.5.5
+2.7.4

--- a/0044-Don-t-print-during-fdt-loading-method.patch
+++ b/0044-Don-t-print-during-fdt-loading-method.patch
@ -1,7 +1,7 @@
-From 6b35fd42bdd803b1b38fd3b04eb642ff822b700f Mon Sep 17 00:00:00 2001
+From e89fd78bb3f62064d930c82ad14cd490166d1a2c Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 14 Jan 2014 16:15:46 -0500
-Subject: [PATCH 43/89] Don't print during fdt loading method.
+Subject: [PATCH 44/87] Don't print during fdt loading method.

 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -23,5 +23,5 @@ index 191aebe..452a9f6 100644
 EOF
   fi
 -- 
-2.5.5
+2.7.4

--- a/0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch
+++ b/0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch
@ -1,7 +1,7 @@
-From dd7c64ce04e1e95265b85163427bb8ff570c12f0 Mon Sep 17 00:00:00 2001
+From 7683e149c587abf2d35de11c39ddb0810572b2e4 Mon Sep 17 00:00:00 2001
 From: Hans de Goede <hdegoede@redhat.com>
 Date: Mon, 30 Jun 2014 14:16:46 -0400
-Subject: [PATCH 44/89] Don't munge raw spaces when we're doing our cmdline
+Subject: [PATCH 45/87] Don't munge raw spaces when we're doing our cmdline
 escaping (#923374)

 Signed-off-by: Peter Jones <pjones@redhat.com>
@ -32,5 +32,5 @@ index 0a5b2af..970ea86 100644
 	    {
 	      *buf++ = *c++;
 -- 
-2.5.5
+2.7.4

--- a/0046-Don-t-require-a-password-to-boot-entries-generated-b.patch
+++ b/0046-Don-t-require-a-password-to-boot-entries-generated-b.patch
@ -1,7 +1,7 @@
-From 84d97657cf6af3929cf8ff3c9faea002ac6d77c3 Mon Sep 17 00:00:00 2001
+From 8a11a21d904e7e823ee6f17faedbf45a8e28044a Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 11 Feb 2014 11:14:50 -0500
-Subject: [PATCH 45/89] Don't require a password to boot entries generated by
+Subject: [PATCH 46/87] Don't require a password to boot entries generated by
 grub-mkconfig.

 When we set a password, we just want that to mean you can't /edit/ an entry.
@ -27,5 +27,5 @@ index 452a9f6..79a747e 100644
 if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
   OS="$(sed 's, release .*$,,g' /etc/system-release)"
 -- 
-2.5.5
+2.7.4

--- a/0047-Don-t-emit-Booting-.-message.patch
+++ b/0047-Don-t-emit-Booting-.-message.patch
@ -1,7 +1,7 @@
-From 72d44b7bd5aa2bff64d8a6e40d086dc51aab5684 Mon Sep 17 00:00:00 2001
+From 5468ac6eef409220e59741ccf1073d92916cdddf Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 18 Feb 2014 09:37:49 -0500
-Subject: [PATCH 46/89] Don't emit "Booting ..." message.
+Subject: [PATCH 47/87] Don't emit "Booting ..." message.

 UI team still hates this stuff, so we're disabling it for RHEL 7.

@ -48,5 +48,5 @@ index eeeee55..8349049 100644
   errs_before = grub_err_printed_errors;
 
 -- 
-2.5.5
+2.7.4

--- a/0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch
+++ b/0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch
@ -1,8 +1,9 @@
-From 1f68f3b40b8b476e95f29eac40c76dbba892cd17 Mon Sep 17 00:00:00 2001
+From cce065ff19272aa908a293632a265211201d7237 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 4 Mar 2014 11:00:23 -0500
-Subject: [PATCH 47/89] May as well try it.
+Subject: [PATCH 48/87] Replace a lot of man pages with slightly nicer ones.

+Replace a bunch of machine generated ones with ones that look nicer.
 ---
 conf/Makefile.extra-dist          |   1 -
 configure.ac                      |  23 ++++++
@ -133,7 +134,7 @@ index b16bd92..39eb94b 100644
 EXTRA_DIST += docs/grub.cfg
 EXTRA_DIST += docs/osdetect.cfg
 diff --git a/configure.ac b/configure.ac
-index 21023ae..e976e85 100644
+index ab9134c..9937a82 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -70,6 +70,29 @@ grub_TRANSFORM([grub-set-default])
@ -1958,5 +1959,5 @@ index 0000000..37ea2dd
 +.SH SEE ALSO
 +.BR "info grub"
 -- 
-2.5.5
+2.7.4

--- a/0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
+++ b/0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
@ -1,7 +1,7 @@
-From 4fd04da5eded81f854dd058f6435c4aef4f31f2d Mon Sep 17 00:00:00 2001
+From c28ddef07d11d790d89ee6ec8e3a8cc7e1aace0d Mon Sep 17 00:00:00 2001
 From: Fedora Ninjas <grub2-owner@fedoraproject.org>
 Date: Wed, 19 Feb 2014 15:58:43 -0500
-Subject: [PATCH 48/89] use fw_path prefix when fallback searching for grub
+Subject: [PATCH 49/87] use fw_path prefix when fallback searching for grub
 config

 When PXE booting via UEFI firmware, grub was searching for grub.cfg
@ -41,5 +41,5 @@ index 0ce59fd..a3713ef 100644
         {
           grub_size_t config_len;
 -- 
-2.5.5
+2.7.4

--- a/0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
+++ b/0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
@ -1,7 +1,7 @@
-From f0925300caaea3344007689452e24a543fd6cf8a Mon Sep 17 00:00:00 2001
+From 82812e4ade82c9aa4f2e8f091b60b714ecfd82e5 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 6 Mar 2014 11:51:33 -0500
-Subject: [PATCH 49/89] Try mac/guid/etc before grub.cfg on tftp config files.
+Subject: [PATCH 50/87] Try mac/guid/etc before grub.cfg on tftp config files.

 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
@ -110,5 +110,5 @@ index a3713ef..7d9c4f0 100644
   else
     grub_enter_normal_mode (argv[0]);
 -- 
-2.5.5
+2.7.4

--- a/0051-Fix-convert-function-to-support-NVMe-devices.patch
+++ b/0051-Fix-convert-function-to-support-NVMe-devices.patch
@ -1,7 +1,7 @@
-From 31bfe8719af1e91099d8b56793ad175e3f4bd335 Mon Sep 17 00:00:00 2001
+From b954efc0812579f973031b24c68a2f593bd89ba1 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 18 Feb 2014 11:34:00 -0500
-Subject: [PATCH 50/89] Fix convert function to support NVMe devices
+Subject: [PATCH 51/87] Fix convert function to support NVMe devices

 This is adapted from the patch at
 https://bugzilla.redhat.com/show_bug.cgi?id=1019660 , which is against
@ -55,5 +55,5 @@ index 92c0d70..bf317a2 100644
     return grub_util_devmapper_part_to_disk (&st, is_part, os_dev);
 
 -- 
-2.5.5
+2.7.4

--- a/0052-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch
+++ b/0052-Switch-to-use-APM-Mustang-device-tree-for-hardware-t.patch
@ -1,7 +1,7 @@
-From b6f8f9ef2dcde4ad9db1a270740ed60705c31e7b Mon Sep 17 00:00:00 2001
+From 6900527741a21097f57a72854944f3e078a0ee42 Mon Sep 17 00:00:00 2001
 From: Fedora Ninjas <grub2-owner@fedoraproject.org>
 Date: Mon, 10 Feb 2014 16:13:10 -0500
-Subject: [PATCH 51/89] Switch to use APM Mustang device tree, for hardware
+Subject: [PATCH 52/87] Switch to use APM Mustang device tree, for hardware
 testing.

 Signed-off-by: David A. Marlin <d.marlin@redhat.com>
@ -25,5 +25,5 @@ index 79a747e..462b461 100644
     fi
   done
 -- 
-2.5.5
+2.7.4

--- a/0053-Use-the-default-device-tree-from-the-grub-default-fi.patch
+++ b/0053-Use-the-default-device-tree-from-the-grub-default-fi.patch
@ -1,7 +1,7 @@
-From 8b7bd5624770ad0aeef2c2f21d4e667bcef77e74 Mon Sep 17 00:00:00 2001
+From 823290f622902f1ae06efa29efbe4ca15af1aafe Mon Sep 17 00:00:00 2001
 From: Fedora Ninjas <grub2-owner@fedoraproject.org>
 Date: Wed, 12 Feb 2014 14:54:04 -0500
-Subject: [PATCH 52/89] Use the default device tree from the grub default file
+Subject: [PATCH 53/87] Use the default device tree from the grub default file

 instead of hardcoding a value.

@ -41,5 +41,5 @@ index 462b461..a9692a0 100644
     fi
   done
 -- 
-2.5.5
+2.7.4

--- a/0054-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
+++ b/0054-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
@ -1,7 +1,7 @@
-From 27e661936f8f001100c143036749a0e620d63cbf Mon Sep 17 00:00:00 2001
+From e119353dad1eadc771a011f82bf90bd04fc00f9a Mon Sep 17 00:00:00 2001
 From: Fedora Ninjas <grub2-owner@fedoraproject.org>
 Date: Sat, 15 Feb 2014 15:10:22 -0500
-Subject: [PATCH 53/89] reopen SNP protocol for exclusive use by grub
+Subject: [PATCH 54/87] reopen SNP protocol for exclusive use by grub

 ---
 grub-core/net/drivers/efi/efinet.c | 16 ++++++++++++++++
@ -42,5 +42,5 @@ index 5388f95..ea0e0ca 100644
   }
 }
 -- 
-2.5.5
+2.7.4

--- a/0055-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
+++ b/0055-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
@ -1,14 +1,16 @@
-From a78e0a65325ad61e378acbf8facc94497c519787 Mon Sep 17 00:00:00 2001
+From 5d47b56198754190c62179ae10ef175c00d1474d Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
-Date: Thu, 7 Apr 2016 10:58:06 -0400
-Subject: [PATCH 54/89] Revert "reopen SNP protocol for exclusive use by grub"
+Date: Fri, 4 Mar 2016 15:13:59 -0500
+Subject: [PATCH 55/87] Revert "reopen SNP protocol for exclusive use by grub"

-I *think* this should have been replaced by upstream's
-49426e9fd2e562c73a4f1206f32eff9e424a1a73, so I'm reverting for now.
+This reverts commit a3f2c756ce34c9666bddef35e3b3b85ccecdcffc , which is
+obsoleted by these:

-May resolve rhbz#1251600 .
+49426e9 efinet: open Simple Network Protocol exclusively
+f348aee efinet: enable hardware filters when opening interface
+c52ae40 efinet: skip virtual IPv4 and IPv6 devices when enumerating cards

-This reverts commit 27e661936f8f001100c143036749a0e620d63cbf.
+Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 grub-core/net/drivers/efi/efinet.c | 16 ----------------
 1 file changed, 16 deletions(-)
@ -48,5 +50,5 @@ index ea0e0ca..5388f95 100644
   }
 }
 -- 
-2.5.5
+2.7.4

--- a/0056-Add-grub_util_readlink.patch
+++ b/0056-Add-grub_util_readlink.patch
@ -1,7 +1,7 @@
-From 2cca74e577dc886b099ba66b6ebb2d320587d1e3 Mon Sep 17 00:00:00 2001
+From 5a69c7fbfff14bcea80e781fcd6acad07c904e22 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 3 Sep 2014 10:01:03 -0400
-Subject: [PATCH 55/89] Add grub_util_readlink()
+Subject: [PATCH 56/87] Add grub_util_readlink()

 Add grub_util_readlink().  This requires pulling in stat and readlink from
 gnulib, which pulls in stat and related headers, but after that the
@ -3730,5 +3730,5 @@ index 0000000..9852778
 +  REPLACE_LOCALTIME=0;                   AC_SUBST([REPLACE_LOCALTIME])
 +])
 -- 
-2.5.5
+2.7.4

--- a/0057-Make-editenv-chase-symlinks-including-those-across-d.patch
+++ b/0057-Make-editenv-chase-symlinks-including-those-across-d.patch
@ -1,7 +1,7 @@
-From 265457ae86fae6837b05b7790ea734680434f13f Mon Sep 17 00:00:00 2001
+From a867dc42c711385634d86f04176cf3193d548f1d Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 3 Sep 2014 10:38:00 -0400
-Subject: [PATCH 56/89] Make editenv chase symlinks including those across
+Subject: [PATCH 57/87] Make editenv chase symlinks including those across
 devices.

 This lets us make /boot/grub2/grubenv a symlink to
@ -102,5 +102,5 @@ index c6f8d22..d8d1dad 100644
 +  free (rename_target);
 }
 -- 
-2.5.5
+2.7.4

--- a/0058-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
+++ b/0058-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
@ -1,7 +1,7 @@
-From e0e8ef8a46fbc9009129e5598fb977f08260e250 Mon Sep 17 00:00:00 2001
+From 14b8db374bfc41fffa278ec33084324008384417 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 4 Sep 2014 14:23:23 -0400
-Subject: [PATCH 57/89] Generate OS and CLASS in 10_linux from /etc/os-release
+Subject: [PATCH 58/87] Generate OS and CLASS in 10_linux from /etc/os-release

 This makes us use pretty names in the titles we generate in
 grub2-mkconfig when GRUB_DISTRIBUTOR isn't set.
@ -28,5 +28,5 @@ index a9692a0..c662726 100644
   OS="${GRUB_DISTRIBUTOR}"
   CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
 -- 
-2.5.5
+2.7.4

--- a/0059-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch
+++ b/0059-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch
@ -1,7 +1,7 @@
-From ef7d69e6362a0204349c4097913d8cff1c944b44 Mon Sep 17 00:00:00 2001
+From 700c631b4c887778951503346afe5b7ee70bf7dd Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 4 Sep 2014 15:52:08 -0400
-Subject: [PATCH 58/89] Minimize the sort ordering for .debug and -rescue-
+Subject: [PATCH 59/87] Minimize the sort ordering for .debug and -rescue-
 kernels.

 Resolves: rhbz#1065360
@ -11,24 +11,24 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 8 insertions(+)

 diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
-index cf35e41..38dbcee 100644
+index cf35e41..10fabee 100644
 --- a/util/grub-mkconfig_lib.in
 +++ b/util/grub-mkconfig_lib.in
@@ -248,6 +248,14 @@ version_test_gt ()
     *.old:*.old) ;;
     *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;;
     *:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;;
-+    *-rescue-*:*-rescue-*) ;;
-+    *.debug:*.debug) ;;
-+    *-rescue-*:*.debug) return 1 ;;
-+    *.debug:*-rescue-*) return 0 ;;
-+    *-rescue-*:*) return 1 ;;
-+    *:*-rescue-*) return 0 ;;
-+    *.debug:*) return 1 ;;
-+    *:*.debug) return 0 ;;
+    *-rescue*:*-rescue*) ;;
+    *?debug:*?debug) ;;
+    *-rescue*:*?debug) return 1 ;;
+    *?debug:*-rescue*) return 0 ;;
+    *-rescue*:*) return 1 ;;
+    *:*-rescue*) return 0 ;;
+    *?debug:*) return 1 ;;
+    *:*?debug) return 0 ;;
   esac
   version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b"
   return "$?"
 -- 
-2.5.5
+2.7.4

--- a/0060-Load-arm-with-SB-enabled.patch
+++ b/0060-Load-arm-with-SB-enabled.patch
@ -1,7 +1,7 @@
-From 9450fbbbb6ac6a9973a3e6d85477afe0ded656c8 Mon Sep 17 00:00:00 2001
+From cae0d2cdb28017df75358e0839c60a9c2521cb82 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Sep 2014 11:26:14 -0400
-Subject: [PATCH 59/89] Load arm with SB enabled.
+Subject: [PATCH 60/87] Load arm with SB enabled.

 Make sure we actually try to validate secure boot on this platform (even
 though we're not shipping it enabled by default.)
@ -12,11 +12,11 @@ is enabled.
 ---
 grub-core/Makefile.core.def       |   3 +
 grub-core/loader/arm64/linux.c    | 117 ++++++++++++++++++++------------------
- grub-core/loader/efi/linux.c      |  66 +++++++++++++++++++++
+ grub-core/loader/efi/linux.c      |  65 +++++++++++++++++++++
 grub-core/loader/i386/efi/linux.c |  39 +------------
 include/grub/arm64/linux.h        |   7 +++
 include/grub/efi/linux.h          |  31 ++++++++++
- 6 files changed, 172 insertions(+), 91 deletions(-)
+ 6 files changed, 171 insertions(+), 91 deletions(-)
 create mode 100644 grub-core/loader/efi/linux.c
 create mode 100644 include/grub/efi/linux.h

@ -226,10 +226,10 @@ index 9519d2e..4756ef7 100644
   if (!linux_args)
 diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
 new file mode 100644
-index 0000000..8634578
+index 0000000..aea378a
 --- /dev/null
 +++ b/grub-core/loader/efi/linux.c
-@@ -0,0 +1,66 @@
+@@ -0,0 +1,65 @@
 +/*
 + *  GRUB  --  GRand Unified Bootloader
 + *  Copyright (C) 2014 Free Software Foundation, Inc.
@ -295,7 +295,6 @@ index 0000000..8634578
 +
 +  return GRUB_ERR_BUG;
 +}
-+
 diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
 index b79e632..e5b7785 100644
 --- a/grub-core/loader/i386/efi/linux.c
@ -425,5 +424,5 @@ index 0000000..d9ede36
 +
 +#endif /* ! GRUB_EFI_LINUX_HEADER */
 -- 
-2.5.5
+2.7.4

--- a/0061-Try-prefix-if-fw_path-doesn-t-work.patch
+++ b/0061-Try-prefix-if-fw_path-doesn-t-work.patch
@ -1,7 +1,7 @@
-From 2218efcd483112983b1bff2a3c7f232a2279a00f Mon Sep 17 00:00:00 2001
+From d255a98813193eb2c23f9217106b121278843023 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Fri, 3 Oct 2014 11:08:03 -0400
-Subject: [PATCH 60/89] Try $prefix if $fw_path doesn't work.
+Subject: [PATCH 61/87] Try $prefix if $fw_path doesn't work.

 Related: rhbz#1148652

@ -57,10 +57,10 @@ index 8a3ecd5..8efa1a6 100644
 }
 
 diff --git a/grub-core/net/net.c b/grub-core/net/net.c
-index e53d9a0..9af9a1f 100644
+index 0769bf8..16d2ce0 100644
 --- a/grub-core/net/net.c
 +++ b/grub-core/net/net.c
-@@ -1840,7 +1840,7 @@ grub_net_search_configfile (char *config)
+@@ -1850,7 +1850,7 @@ grub_net_search_configfile (char *config)
   /* Remove the remaining minus sign at the end. */
   config[config_len] = '\0';
 
@ -207,5 +207,5 @@ index 7d9c4f0..b69f9e7 100644
 }
 
 -- 
-2.5.5
+2.7.4

--- a/0062-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch
+++ b/0062-Try-to-emit-linux16-initrd16-and-linuxefi-initrdefi-.patch
@ -1,7 +1,7 @@
-From adafd393d61acdfdda0217740748233318b6a0e8 Mon Sep 17 00:00:00 2001
+From 8e6fc0ea14aa01817cc9103ffd5e328a78e56857 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 27 Oct 2014 09:22:55 -0400
-Subject: [PATCH 61/89] Try to emit linux16/initrd16 and linuxefi/initrdefi in
+Subject: [PATCH 62/87] Try to emit linux16/initrd16 and linuxefi/initrdefi in
 30-os_prober.

 Resolves: rhbz#1108296
@ -12,7 +12,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 26 insertions(+), 4 deletions(-)

 diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
-index 515a68c..9d9b9de 100644
+index 9b8f596..dc98eac 100644
 --- a/util/grub.d/30_os-prober.in
 +++ b/util/grub.d/30_os-prober.in
@@ -141,6 +141,28 @@ for OS in ${OSPROBED} ; do
@ -73,5 +73,5 @@ index 515a68c..9d9b9de 100644
         fi
         cat << EOF
 -- 
-2.5.5
+2.7.4

--- a/0063-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
+++ b/0063-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
@ -1,7 +1,7 @@
-From 3c30052fb24e5f4cd4d9e1ab86ec107f90e54cc6 Mon Sep 17 00:00:00 2001
+From b6e3ffe7ae7e4222cc15876cb72c691112f3c4b0 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 28 Apr 2015 11:15:03 -0400
-Subject: [PATCH 62/89] Make grub2-mkconfig construct titles that look like the
+Subject: [PATCH 63/87] Make grub2-mkconfig construct titles that look like the
 ones we want elsewhere.

 Resolves: rhbz#1215839
@ -50,5 +50,5 @@ index c662726..1215241 100644
       echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
   else
 -- 
-2.5.5
+2.7.4

--- a/0063-Make-rescue-and-debug-entries-sort-right-again-in-gr.patch
+++ b/0063-Make-rescue-and-debug-entries-sort-right-again-in-gr.patch
@ -1,43 +0,0 @@
-From 3debfb747ba8b289514dd399a0af6f47897c1913 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 28 Apr 2015 11:17:02 -0400
-Subject: [PATCH 63/89] Make rescue and debug entries sort right /again/ in
- grub2-mkconfig.
-
-Related: rhbz#12145839
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- util/grub-mkconfig_lib.in | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
-index 38dbcee..10fabee 100644
--- a/util/grub-mkconfig_lib.in
-+++ b/util/grub-mkconfig_lib.in
-@@ -248,14 +248,14 @@ version_test_gt ()
-     *.old:*.old) ;;
-     *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;;
-     *:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;;
-    *-rescue-*:*-rescue-*) ;;
-    *.debug:*.debug) ;;
-    *-rescue-*:*.debug) return 1 ;;
-    *.debug:*-rescue-*) return 0 ;;
-    *-rescue-*:*) return 1 ;;
-    *:*-rescue-*) return 0 ;;
-    *.debug:*) return 1 ;;
-    *:*.debug) return 0 ;;
-+    *-rescue*:*-rescue*) ;;
-+    *?debug:*?debug) ;;
-+    *-rescue*:*?debug) return 1 ;;
-+    *?debug:*-rescue*) return 0 ;;
-+    *-rescue*:*) return 1 ;;
-+    *:*-rescue*) return 0 ;;
-+    *?debug:*) return 1 ;;
-+    *:*?debug) return 0 ;;
-   esac
-   version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b"
-   return "$?"
-- 
-2.5.5
-
--- a/0064-Update-info-with-grub.cfg-netboot-selection-order-11.patch
+++ b/0064-Update-info-with-grub.cfg-netboot-selection-order-11.patch
@ -1,7 +1,7 @@
-From 06b2144858484c69f77387211ffeac90b590c409 Mon Sep 17 00:00:00 2001
+From c4be6106eae8c1b479c325f531a1f81188f400e8 Mon Sep 17 00:00:00 2001
 From: Robert Marshall <rmarshall@redhat.com>
 Date: Mon, 16 Mar 2015 16:34:51 -0400
-Subject: [PATCH 64/89] Update info with grub.cfg netboot selection order
+Subject: [PATCH 64/87] Update info with grub.cfg netboot selection order
 (#1148650)

 Added documentation to the grub info page that specifies the order
@ -66,5 +66,5 @@ index 98d4d0d..4c6323b 100644
 @samp{(tftp)} device.
 
 -- 
-2.5.5
+2.7.4

--- a/0065-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch
+++ b/0065-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch
@ -1,7 +1,7 @@
-From c448414b19a09f4f2815e8a65de4e3d1a8e65330 Mon Sep 17 00:00:00 2001
+From 11abe391636d0819902357591aebf0ea01b88130 Mon Sep 17 00:00:00 2001
 From: Robert Marshall <rmarshall@redhat.com>
 Date: Mon, 16 Mar 2015 14:14:19 -0400
-Subject: [PATCH 65/89] Use Distribution Package Sort for grub2-mkconfig
+Subject: [PATCH 65/87] Use Distribution Package Sort for grub2-mkconfig
 (#1124074)

 Users reported that newly installed kernels on their systems installed
@ -61,7 +61,7 @@ index 2061104..d846b81 100644
   name = grub-mkconfig;
   common = util/grub-mkconfig.in;
 diff --git a/configure.ac b/configure.ac
-index e976e85..ad2cff3 100644
+index 9937a82..d5e8d90 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath])
@ -80,7 +80,7 @@ index e976e85..ad2cff3 100644
 grub_TRANSFORM([grub-reboot.3])
 grub_TRANSFORM([grub-render-label.3])
 grub_TRANSFORM([grub-script-check.3])
-@@ -1742,6 +1744,33 @@ fi
+@@ -1743,6 +1745,33 @@ fi
 
 AC_SUBST([LIBDEVMAPPER])
 
@ -456,5 +456,5 @@ index 0000000..f33bd1e
 +  return 0;
 +}
 -- 
-2.5.5
+2.7.4

--- a/0066-Add-friendly-grub2-password-config-tool-985962.patch
+++ b/0066-Add-friendly-grub2-password-config-tool-985962.patch
@ -1,7 +1,7 @@
-From 0a0766bc5edf53ea319126c8582b2568303c4c8d Mon Sep 17 00:00:00 2001
+From f7574b40f89ded29d82e5cfdb7494f8884bc1cdb Mon Sep 17 00:00:00 2001
 From: Robert Marshall <rmarshall@redhat.com>
 Date: Thu, 25 Jun 2015 11:13:11 -0400
-Subject: [PATCH 66/89] Add friendly grub2 password config tool (#985962)
+Subject: [PATCH 66/87] Add friendly grub2 password config tool (#985962)

 Provided a tool for users to reset the grub2 root user password
 without having to alter the grub.cfg. The hashed password now
@ -65,7 +65,7 @@ index d846b81..226c46b 100644
   common = util/grub-mkconfig_lib.in;
   installdir = noinst;
 diff --git a/configure.ac b/configure.ac
-index ad2cff3..627c146 100644
+index d5e8d90..67ff20c 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath])
@ -91,7 +91,7 @@ index 9d595ac..fb87247 100644
         echo
 diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
 new file mode 100644
-index 0000000..5973abe
+index 0000000..49200a8
 --- /dev/null
 +++ b/util/grub-setpassword.8
@@ -0,0 +1,28 @@
@ -106,7 +106,7 @@ index 0000000..5973abe
 +\fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user.
 +
 +The file has the format:
-+GRUB_2PASSWORD=<\fIhashed password\fR>.
+GRUB2_PASSWORD=<\fIhashed password\fR>.
 +
 +.SH OPTIONS
 +.TP
@ -254,7 +254,7 @@ index 0000000..dd76f00
 +echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg"
 diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in
 new file mode 100644
-index 0000000..facd409
+index 0000000..db2f44b
 --- /dev/null
 +++ b/util/grub.d/01_users.in
@@ -0,0 +1,11 @@
@ -262,7 +262,7 @@ index 0000000..facd409
 +cat << EOF
 +if [ -f \${prefix}/user.cfg ]; then
 +  source \${prefix}/user.cfg
-+  if [ -n \${GRUB2_PASSWORD} ]; then
+  if [ -n "\${GRUB2_PASSWORD}" ]; then
 +    set superusers="root"
 +    export superusers
 +    password_pbkdf2 root \${GRUB2_PASSWORD}
@ -270,5 +270,5 @@ index 0000000..facd409
 +fi
 +EOF
 -- 
-2.5.5
+2.7.4

--- a/0067-Fix-race-in-EFI-validation.patch
+++ b/0067-Fix-race-in-EFI-validation.patch
@ -1,7 +1,7 @@
-From 8c9e77f5664df793aa6e38a04d0be519d8061ebf Mon Sep 17 00:00:00 2001
+From a605e7af01dc697021b96fe6fbaf92ef3fca017c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Tue, 14 Jul 2015 16:58:51 -0700
-Subject: [PATCH 67/89] Fix race in EFI validation
+Subject: [PATCH 67/87] Fix race in EFI validation

 ---
 grub-core/loader/i386/efi/linux.c | 44 ++++++++++-----------------------------
@ -93,5 +93,5 @@ index e5b7785..7ccf32d 100644
     {
       grub_dl_unref (my_mod);
 -- 
-2.5.5
+2.7.4

--- a/0068-ppc64le-sync-mkconfig-to-disk-1212114.patch
+++ b/0068-ppc64le-sync-mkconfig-to-disk-1212114.patch
@ -1,7 +1,7 @@
-From 1ef61c2257c1fc19d35346f6c47c0c4d8b184783 Mon Sep 17 00:00:00 2001
+From 63efe6a207f59ffa9e55cc10a0aed272f3571227 Mon Sep 17 00:00:00 2001
 From: Don Zickus <dzickus@redhat.com>
 Date: Wed, 22 Jul 2015 13:59:55 -0400
-Subject: [PATCH 68/89] ppc64le sync mkconfig to disk (#1212114)
+Subject: [PATCH 68/87] ppc64le sync mkconfig to disk (#1212114)

 If creating a new grub2 entry using grub2-mkconfig, the entry is not
 immediately sync'd to disk.  If a crash happens before the writeback,
@ -38,5 +38,5 @@ index fb87247..73a18f7 100644
 +    sync && mountpoint -q /boot &&fsfreeze -f /boot && fsfreeze -u /boot
 +fi
 -- 
-2.5.5
+2.7.4

--- a/0069-Use-device-part-of-chainloader-target-if-present.patch
+++ b/0069-Use-device-part-of-chainloader-target-if-present.patch
@ -1,7 +1,7 @@
-From 8c140c6ed73af6c0a39619dab7f50a4c1bc6ac66 Mon Sep 17 00:00:00 2001
+From 9d47b2c482b6db238c99fe106f4b2e3c612f3a91 Mon Sep 17 00:00:00 2001
 From: Raymund Will <rw@suse.com>
 Date: Fri, 10 Apr 2015 01:45:02 -0400
-Subject: [PATCH 69/89] Use device part of chainloader target, if present.
+Subject: [PATCH 69/87] Use device part of chainloader target, if present.

 Otherwise chainloading is restricted to '$root', which might not even
 be readable by EFI!
@ -33,5 +33,5 @@ index 522a716..6b47497 100644
     goto fail;
 
 -- 
-2.5.5
+2.7.4

--- a/0070-Add-secureboot-support-on-efi-chainloader.patch
+++ b/0070-Add-secureboot-support-on-efi-chainloader.patch
@ -1,7 +1,7 @@
-From abaf10c18b70eede23dd6fcc7398835fac9cd2ce Mon Sep 17 00:00:00 2001
+From 9cbf35d19f4ffafdf2683acf7b6a320b55bbdfca Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 6 Oct 2015 13:04:37 -0400
-Subject: [PATCH 70/89] Add secureboot support on efi chainloader
+Subject: [PATCH 70/87] Add secureboot support on efi chainloader

 Expand the chainloader to be able to verify the image by means of shim
 lock protocol. The PE/COFF image is loaded and relocated by the
@ -796,5 +796,5 @@ index f79c36c..f79782e 100644
 {
   grub_uint32_t page_rva;
 -- 
-2.5.5
+2.7.4

--- a/0071-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch
+++ b/0071-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch
@ -1,7 +1,7 @@
-From 50f24247c94609c146042aa1a260267b2abba412 Mon Sep 17 00:00:00 2001
+From c1d31b6a26e5542142d569c94a70f1dc8e07afd6 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 6 Oct 2015 16:09:25 -0400
-Subject: [PATCH 71/89] Make any of the loaders that link in efi mode honor
+Subject: [PATCH 71/87] Make any of the loaders that link in efi mode honor
 secure boot.

 And in this case "honor" means "even if somebody does link this in, they
@ -24,11 +24,17 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 grub-core/loader/xnu.c             |  7 +++++
 include/grub/efi/efi.h             |  1 -
 include/grub/efi/sb.h              | 29 +++++++++++++++++++
- include/grub/powerpc/linux.h       | 23 +++++++++++++++
- 16 files changed, 169 insertions(+), 29 deletions(-)
+ include/grub/ia64/linux.h          |  0
+ include/grub/mips/linux.h          |  0
+ include/grub/powerpc/linux.h       |  0
+ include/grub/sparc64/linux.h       |  0
+ 19 files changed, 146 insertions(+), 29 deletions(-)
 create mode 100644 grub-core/kern/efi/sb.c
 create mode 100644 include/grub/efi/sb.h
+ create mode 100644 include/grub/ia64/linux.h
+ create mode 100644 include/grub/mips/linux.h
 create mode 100644 include/grub/powerpc/linux.h
+ create mode 100644 include/grub/sparc64/linux.h

 diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
 index 04e9395..fd715a8 100644
@ -471,35 +477,18 @@ index 0000000..9629fbb
 +int EXPORT_FUNC (grub_efi_secure_boot) (void);
 +
 +#endif /* ! GRUB_EFI_SB_HEADER */
+diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
+new file mode 100644
+index 0000000..e69de29
+diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
+new file mode 100644
+index 0000000..e69de29
 diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
 new file mode 100644
-index 0000000..6cecb2e
--- /dev/null
-+++ b/include/grub/powerpc/linux.h
-@@ -0,0 +1,23 @@
-+/* linux.h - PowerPC linux specific definitions */
-+/*
-+ *  GRUB  --  GRand Unified Bootloader
-+ *  Copyright (C) 2013  Free Software Foundation, Inc.
-+ *
-+ *  GRUB is free software: you can redistribute it and/or modify
-+ *  it under the terms of the GNU General Public License as published by
-+ *  the Free Software Foundation, either version 3 of the License, or
-+ *  (at your option) any later version.
-+ *
-+ *  GRUB is distributed in the hope that it will be useful,
-+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ *  GNU General Public License for more details.
-+ *
-+ *  You should have received a copy of the GNU General Public License
-+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#ifndef GRUB_LINUX_CPU_HEADER
-+#define GRUB_LINUX_CPU_HEADER 1
-+
-+#endif /* ! GRUB_LINUX_CPU_HEADER */
+index 0000000..e69de29
+diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
+new file mode 100644
+index 0000000..e69de29
 -- 
-2.5.5
+2.7.4

--- a/0072-Fix-security-issue-when-reading-username-and-passwor.patch
+++ b/0072-Fix-security-issue-when-reading-username-and-passwor.patch
@ -1,7 +1,7 @@
-From 6c7c6069398cc5e1affa51f4f2ccf515c5f9908f Mon Sep 17 00:00:00 2001
+From 5a0d703884a73f93a68753c6ed64bdf08797c82a Mon Sep 17 00:00:00 2001
 From: Hector Marco-Gisbert <hecmargi@upv.es>
 Date: Fri, 13 Nov 2015 16:21:09 +0100
-Subject: [PATCH 72/89] Fix security issue when reading username and password
+Subject: [PATCH 72/87] Fix security issue when reading username and password

  This patch fixes two integer underflows at:
    * grub-core/lib/crypto.c
@ -43,5 +43,5 @@ index 7338f82..6d6dc7d 100644
 	  if (cur_len)
 	    {
 -- 
-2.5.5
+2.7.4

--- a/0073-01_users-Handle-GRUB_PASSWORD-better.patch
+++ b/0073-01_users-Handle-GRUB_PASSWORD-better.patch
@ -1,44 +0,0 @@
-From 59e628d70d795e2cc7aafad78aba4ef5d5006160 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 4 Dec 2015 09:28:38 -0500
-Subject: [PATCH 73/89] 01_users: Handle GRUB_PASSWORD better.
-
-Only handle GRUB2_PASSWORD not GRUB_PASSWORD.
-
-Related: rhbz#1284370
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- util/grub-setpassword.8 | 2 +-
- util/grub.d/01_users.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
-index 5973abe..49200a8 100644
--- a/util/grub-setpassword.8
-+++ b/util/grub-setpassword.8
-@@ -9,7 +9,7 @@
- \fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user.
- 
- The file has the format:
-GRUB_2PASSWORD=<\fIhashed password\fR>.
-+GRUB2_PASSWORD=<\fIhashed password\fR>.
- 
- .SH OPTIONS
- .TP
-diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in
-index facd409..db2f44b 100644
--- a/util/grub.d/01_users.in
-+++ b/util/grub.d/01_users.in
-@@ -2,7 +2,7 @@
- cat << EOF
- if [ -f \${prefix}/user.cfg ]; then
-   source \${prefix}/user.cfg
-  if [ -n \${GRUB2_PASSWORD} ]; then
-+  if [ -n "\${GRUB2_PASSWORD}" ]; then
-     set superusers="root"
-     export superusers
-     password_pbkdf2 root \${GRUB2_PASSWORD}
-- 
-2.5.5
-
--- a/0073-Make-grub_fatal-also-backtrace.patch
+++ b/0073-Make-grub_fatal-also-backtrace.patch
@ -0,0 +1,175 @@
+From c37a4f02e5fd0c3aa5f54baaeaf32eed0e3c110b Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 27 Jan 2016 09:22:42 -0500
+Subject: [PATCH 73/87] Make grub_fatal() also backtrace.
+
+---
+ grub-core/Makefile.core.def     |  3 ++
+ grub-core/kern/misc.c           |  8 +++++-
+ grub-core/lib/arm64/backtrace.c | 62 +++++++++++++++++++++++++++++++++++++++++
+ grub-core/lib/backtrace.c       |  2 ++
+ grub-core/lib/i386/backtrace.c  | 14 +++++++++-
+ 5 files changed, 87 insertions(+), 2 deletions(-)
+ create mode 100644 grub-core/lib/arm64/backtrace.c
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index ac195d1..990e41b 100644
+--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
+@@ -157,6 +157,9 @@ kernel = {
+ 
+   softdiv = lib/division.c;
+ 
+  x86 = lib/i386/backtrace.c;
+  x86 = lib/backtrace.c;
+
+   i386 = kern/i386/dl.c;
+   i386_xen = kern/i386/dl.c;
+ 
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index 81be344..d7dcd97 100644
+--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
+@@ -24,6 +24,7 @@
+ #include <grub/term.h>
+ #include <grub/env.h>
+ #include <grub/i18n.h>
+#include <grub/backtrace.h>
+ 
+ union printf_arg
+ {
+@@ -1087,8 +1088,13 @@ grub_xasprintf (const char *fmt, ...)
+ static void __attribute__ ((noreturn))
+ grub_abort (void)
+ {
+#ifndef GRUB_UTIL
+#if defined(__i386__) || defined(__x86_64__)
+  grub_backtrace();
+#endif
+#endif
+   grub_printf ("\nAborted.");
+-  
+
+ #ifndef GRUB_UTIL
+   if (grub_term_inputs)
+ #endif
+diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c
+new file mode 100644
+index 0000000..1079b53
+--- /dev/null
+++ b/grub-core/lib/arm64/backtrace.c
+@@ -0,0 +1,62 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2009  Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/misc.h>
+#include <grub/command.h>
+#include <grub/err.h>
+#include <grub/dl.h>
+#include <grub/mm.h>
+#include <grub/term.h>
+#include <grub/backtrace.h>
+
+#define MAX_STACK_FRAME 102400
+
+void
+grub_backtrace_pointer (int frame)
+{
+  while (1)
+    {
+      void *lp = __builtin_return_address (frame);
+      if (!lp)
+	break;
+
+      lp = __builtin_extract_return_addr (lp);
+
+      grub_printf ("%p: ", lp);
+      grub_backtrace_print_address (lp);
+      grub_printf (" (");
+      for (i = 0; i < 2; i++)
+	grub_printf ("%p,", ((void **)ptr) [i + 2]);
+      grub_printf ("%p)\n", ((void **)ptr) [i + 2]);
+      nptr = *(void **)ptr;
+      if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME
+	  || nptr == ptr)
+	{
+	  grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr);
+	  break;
+	}
+      ptr = nptr;
+    }
+}
+
+void
+grub_backtrace (void)
+{
+  grub_backtrace_pointer (1);
+}
+
+diff --git a/grub-core/lib/backtrace.c b/grub-core/lib/backtrace.c
+index 825a880..c0ad6ab 100644
+--- a/grub-core/lib/backtrace.c
+++ b/grub-core/lib/backtrace.c
+@@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ void
+ grub_backtrace_print_address (void *addr)
+ {
+#ifndef GRUB_UTIL
+   grub_dl_t mod;
+ 
+   FOR_DL_MODULES (mod)
+@@ -44,6 +45,7 @@ grub_backtrace_print_address (void *addr)
+ 	}
+   }
+ 
+#endif
+   grub_printf ("%p", addr);
+ }
+ 
+diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c
+index c3e03c7..c67273d 100644
+--- a/grub-core/lib/i386/backtrace.c
+++ b/grub-core/lib/i386/backtrace.c
+@@ -15,11 +15,23 @@
+  *  You should have received a copy of the GNU General Public License
+  *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+  */
+#include <config.h>
+#ifdef GRUB_UTIL
+#define REALLY_GRUB_UTIL GRUB_UTIL
+#undef GRUB_UTIL
+#endif
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+#ifdef REALLY_GRUB_UTIL
+#define GRUB_UTIL REALLY_GRUB_UTIL
+#undef REALLY_GRUB_UTIL
+#endif
+ 
+ #include <grub/misc.h>
+ #include <grub/command.h>
+ #include <grub/err.h>
+-#include <grub/dl.h>
+ #include <grub/mm.h>
+ #include <grub/term.h>
+ #include <grub/backtrace.h>
+-- 
+2.7.4
+
--- a/0074-Core-TPM-support.patch
+++ b/0074-Core-TPM-support.patch
@ -1,789 +0,0 @@
-From 41608d2581dda4672d6a41c931d0b08fefe6308b Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Tue, 14 Jul 2015 17:06:35 -0700
-Subject: [PATCH 74/89] Core TPM support
-
-Add support for performing basic TPM measurements. Right now this only
-supports extending PCRs statically and only on UEFI and BIOS systems, but
-will measure all modules as they're loaded.
---
- grub-core/Makefile.am        |   1 +
- grub-core/Makefile.core.def  |   3 +
- grub-core/kern/dl.c          |   3 +
- grub-core/kern/efi/tpm.c     | 282 +++++++++++++++++++++++++++++++++++++++++++
- grub-core/kern/i386/pc/tpm.c | 132 ++++++++++++++++++++
- grub-core/kern/tpm.c         |  13 ++
- include/grub/efi/tpm.h       | 153 +++++++++++++++++++++++
- include/grub/tpm.h           |  91 ++++++++++++++
- 8 files changed, 678 insertions(+)
- create mode 100644 grub-core/kern/efi/tpm.c
- create mode 100644 grub-core/kern/i386/pc/tpm.c
- create mode 100644 grub-core/kern/tpm.c
- create mode 100644 include/grub/efi/tpm.h
- create mode 100644 include/grub/tpm.h
-
-diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
-index fd715a8..d082933 100644
--- a/grub-core/Makefile.am
-+++ b/grub-core/Makefile.am
-@@ -93,6 +93,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h
-+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/tpm.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h
- 
- if COND_i386_pc
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index ac195d1..9af5479 100644
--- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -126,6 +126,7 @@ kernel = {
-   common = kern/rescue_parser.c;
-   common = kern/rescue_reader.c;
-   common = kern/term.c;
-+  common = kern/tpm.c;
- 
-   noemu = kern/compiler-rt.c;
-   noemu = kern/mm.c;
-@@ -174,6 +175,7 @@ kernel = {
-   efi = kern/acpi.c;
-   efi = kern/efi/acpi.c;
-   efi = lib/envblk.c;
-+  efi = kern/efi/tpm.c;
-   i386_coreboot = kern/i386/pc/acpi.c;
-   i386_multiboot = kern/i386/pc/acpi.c;
-   i386_coreboot = kern/acpi.c;
-@@ -219,6 +221,7 @@ kernel = {
- 
-   i386_pc = kern/i386/pc/init.c;
-   i386_pc = kern/i386/pc/mmap.c;
-+  i386_pc = kern/i386/pc/tpm.c;
-   i386_pc = term/i386/pc/console.c;
- 
-   i386_qemu = bus/pci.c;
-diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 04e804d..247cd0a 100644
--- a/grub-core/kern/dl.c
-+++ b/grub-core/kern/dl.c
-@@ -32,6 +32,7 @@
- #include <grub/env.h>
- #include <grub/cache.h>
- #include <grub/i18n.h>
-+#include <grub/tpm.h>
- 
- /* Platforms where modules are in a readonly area of memory.  */
- #if defined(GRUB_MACHINE_QEMU)
-@@ -733,6 +734,8 @@ grub_dl_load_file (const char *filename)
-      opens of the same device.  */
-   grub_file_close (file);
- 
-+  grub_tpm_measure(core, size, GRUB_TPM_PCR, filename);
-+
-   mod = grub_dl_load_core (core, size);
-   grub_free (core);
-   if (! mod)
-diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
-new file mode 100644
-index 0000000..c9fb3c1
--- /dev/null
-+++ b/grub-core/kern/efi/tpm.c
-@@ -0,0 +1,282 @@
-+#include <grub/err.h>
-+#include <grub/i18n.h>
-+#include <grub/efi/api.h>
-+#include <grub/efi/efi.h>
-+#include <grub/efi/tpm.h>
-+#include <grub/mm.h>
-+#include <grub/tpm.h>
-+#include <grub/term.h>
-+
-+static grub_efi_guid_t tpm_guid = EFI_TPM_GUID;
-+static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID;
-+
-+static grub_efi_boolean_t grub_tpm_present(grub_efi_tpm_protocol_t *tpm)
-+{
-+  grub_efi_status_t status;
-+  TCG_EFI_BOOT_SERVICE_CAPABILITY caps;
-+  grub_uint32_t flags;
-+  grub_efi_physical_address_t eventlog, lastevent;
-+
-+  caps.Size = (grub_uint8_t)sizeof(caps);
-+
-+  status = efi_call_5(tpm->status_check, tpm, &caps, &flags, &eventlog,
-+		      &lastevent);
-+
-+  if (status != GRUB_EFI_SUCCESS || caps.TPMDeactivatedFlag
-+      || !caps.TPMPresentFlag)
-+    return 0;
-+
-+  return 1;
-+}
-+
-+static grub_efi_boolean_t grub_tpm2_present(grub_efi_tpm2_protocol_t *tpm)
-+{
-+  grub_efi_status_t status;
-+  EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
-+
-+  caps.Size = (grub_uint8_t)sizeof(caps);
-+
-+  status = efi_call_2(tpm->get_capability, tpm, &caps);
-+
-+  if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
-+    return 0;
-+
-+  return 1;
-+}
-+
-+static grub_efi_boolean_t grub_tpm_handle_find(grub_efi_handle_t *tpm_handle,
-+					       grub_efi_uint8_t *protocol_version)
-+{
-+  grub_efi_handle_t *handles;
-+  grub_efi_uintn_t num_handles;
-+
-+  handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm_guid, NULL,
-+				    &num_handles);
-+  if (handles && num_handles > 0) {
-+    *tpm_handle = handles[0];
-+    *protocol_version = 1;
-+    return 1;
-+  }
-+
-+  handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL,
-+				    &num_handles);
-+  if (handles && num_handles > 0) {
-+    *tpm_handle = handles[0];
-+    *protocol_version = 2;
-+    return 1;
-+  }
-+
-+  return 0;
-+}
-+
-+static grub_err_t
-+grub_tpm1_execute(grub_efi_handle_t tpm_handle,
-+		  PassThroughToTPM_InputParamBlock *inbuf,
-+		  PassThroughToTPM_OutputParamBlock *outbuf)
-+{
-+  grub_efi_status_t status;
-+  grub_efi_tpm_protocol_t *tpm;
-+  grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn);
-+  grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut);
-+
-+  tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
-+				GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
-+
-+  if (!grub_tpm_present(tpm))
-+    return 0;
-+
-+  /* UEFI TPM protocol takes the raw operand block, no param block header */
-+  status = efi_call_5 (tpm->pass_through_to_tpm, tpm,
-+		       inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn,
-+		       outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut);
-+
-+  switch (status) {
-+  case GRUB_EFI_SUCCESS:
-+    return 0;
-+  case GRUB_EFI_DEVICE_ERROR:
-+    return grub_error (GRUB_ERR_IO, N_("Command failed"));
-+  case GRUB_EFI_INVALID_PARAMETER:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
-+  case GRUB_EFI_BUFFER_TOO_SMALL:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
-+  case GRUB_EFI_NOT_FOUND:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
-+  default:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
-+  }
-+}
-+
-+static grub_err_t
-+grub_tpm2_execute(grub_efi_handle_t tpm_handle,
-+		  PassThroughToTPM_InputParamBlock *inbuf,
-+		  PassThroughToTPM_OutputParamBlock *outbuf)
-+{
-+  grub_efi_status_t status;
-+  grub_efi_tpm2_protocol_t *tpm;
-+  grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn);
-+  grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut);
-+
-+  tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
-+				GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
-+
-+  if (!grub_tpm2_present(tpm))
-+    return 0;
-+
-+  /* UEFI TPM protocol takes the raw operand block, no param block header */
-+  status = efi_call_5 (tpm->submit_command, tpm,
-+		       inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn,
-+		       outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut);
-+
-+  switch (status) {
-+  case GRUB_EFI_SUCCESS:
-+    return 0;
-+  case GRUB_EFI_DEVICE_ERROR:
-+    return grub_error (GRUB_ERR_IO, N_("Command failed"));
-+  case GRUB_EFI_INVALID_PARAMETER:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
-+  case GRUB_EFI_BUFFER_TOO_SMALL:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
-+  case GRUB_EFI_NOT_FOUND:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
-+  default:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
-+  }
-+}
-+
-+grub_err_t
-+grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
-+		 PassThroughToTPM_OutputParamBlock *outbuf)
-+{
-+  grub_efi_handle_t tpm_handle;
-+   grub_uint8_t protocol_version;
-+
-+  /* It's not a hard failure for there to be no TPM */
-+  if (!grub_tpm_handle_find(&tpm_handle, &protocol_version))
-+    return 0;
-+
-+  if (protocol_version == 1) {
-+    return grub_tpm1_execute(tpm_handle, inbuf, outbuf);
-+  } else {
-+    return grub_tpm2_execute(tpm_handle, inbuf, outbuf);
-+  }
-+}
-+
-+typedef struct {
-+	grub_uint32_t pcrindex;
-+	grub_uint32_t eventtype;
-+	grub_uint8_t digest[20];
-+	grub_uint32_t eventsize;
-+	grub_uint8_t event[1];
-+} Event;
-+
-+
-+static grub_err_t
-+grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
-+		    grub_size_t size, grub_uint8_t pcr,
-+		    const char *description)
-+{
-+  Event *event;
-+  grub_efi_status_t status;
-+  grub_efi_tpm_protocol_t *tpm;
-+  grub_efi_physical_address_t lastevent;
-+  grub_uint32_t algorithm;
-+  grub_uint32_t eventnum = 0;
-+
-+  tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
-+				GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
-+
-+  if (!grub_tpm_present(tpm))
-+    return 0;
-+
-+  event = grub_zalloc(sizeof (Event) + grub_strlen(description) + 1);
-+  if (!event)
-+    return grub_error (GRUB_ERR_OUT_OF_MEMORY,
-+		       N_("cannot allocate TPM event buffer"));
-+
-+  event->pcrindex = pcr;
-+  event->eventtype = EV_IPL;
-+  event->eventsize = grub_strlen(description) + 1;
-+  grub_memcpy(event->event, description, event->eventsize);
-+
-+  algorithm = TCG_ALG_SHA;
-+  status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
-+		       algorithm, event, &eventnum, &lastevent);
-+
-+  switch (status) {
-+  case GRUB_EFI_SUCCESS:
-+    return 0;
-+  case GRUB_EFI_DEVICE_ERROR:
-+    return grub_error (GRUB_ERR_IO, N_("Command failed"));
-+  case GRUB_EFI_INVALID_PARAMETER:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
-+  case GRUB_EFI_BUFFER_TOO_SMALL:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
-+  case GRUB_EFI_NOT_FOUND:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
-+  default:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
-+  }
-+}
-+
-+static grub_err_t
-+grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
-+		   grub_size_t size, grub_uint8_t pcr,
-+		   const char *description)
-+{
-+  EFI_TCG2_EVENT *event;
-+  grub_efi_status_t status;
-+  grub_efi_tpm2_protocol_t *tpm;
-+
-+  tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
-+				GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
-+
-+  if (!grub_tpm2_present(tpm))
-+    return 0;
-+
-+  event = grub_zalloc(sizeof (EFI_TCG2_EVENT) + grub_strlen(description) + 1);
-+  if (!event)
-+    return grub_error (GRUB_ERR_OUT_OF_MEMORY,
-+		       N_("cannot allocate TPM event buffer"));
-+
-+  event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
-+  event->Header.HeaderVersion = 1;
-+  event->Header.PCRIndex = pcr;
-+  event->Header.EventType = EV_IPL;
-+  event->Size = sizeof(*event) - sizeof(event->Event) + grub_strlen(description) + 1;
-+  grub_memcpy(event->Event, description, grub_strlen(description) + 1);
-+
-+  status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
-+		       (grub_uint64_t) size, event);
-+
-+  switch (status) {
-+  case GRUB_EFI_SUCCESS:
-+    return 0;
-+  case GRUB_EFI_DEVICE_ERROR:
-+    return grub_error (GRUB_ERR_IO, N_("Command failed"));
-+  case GRUB_EFI_INVALID_PARAMETER:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
-+  case GRUB_EFI_BUFFER_TOO_SMALL:
-+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
-+  case GRUB_EFI_NOT_FOUND:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
-+  default:
-+    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
-+  }
-+}
-+
-+grub_err_t
-+grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
-+		   const char *description)
-+{
-+  grub_efi_handle_t tpm_handle;
-+  grub_efi_uint8_t protocol_version;
-+
-+  if (!grub_tpm_handle_find(&tpm_handle, &protocol_version))
-+    return 0;
-+
-+  if (protocol_version == 1) {
-+    return grub_tpm1_log_event(tpm_handle, buf, size, pcr, description);
-+  } else {
-+    return grub_tpm2_log_event(tpm_handle, buf, size, pcr, description);
-+  }
-+}
-diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
-new file mode 100644
-index 0000000..8c6c1e6
--- /dev/null
-+++ b/grub-core/kern/i386/pc/tpm.c
-@@ -0,0 +1,132 @@
-+#include <grub/err.h>
-+#include <grub/i18n.h>
-+#include <grub/mm.h>
-+#include <grub/tpm.h>
-+#include <grub/misc.h>
-+#include <grub/i386/pc/int.h>
-+
-+#define TCPA_MAGIC 0x41504354
-+
-+int tpm_present(void);
-+
-+int tpm_present(void)
-+{
-+  struct grub_bios_int_registers regs;
-+
-+  regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-+  regs.eax = 0xbb00;
-+  regs.ebx = TCPA_MAGIC;
-+  grub_bios_interrupt (0x1a, &regs);
-+
-+  if (regs.eax == 0)
-+    return 1;
-+
-+  return 0;
-+}
-+
-+grub_err_t
-+grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
-+		 PassThroughToTPM_OutputParamBlock *outbuf)
-+{
-+  struct grub_bios_int_registers regs;
-+  grub_addr_t inaddr, outaddr;
-+
-+  if (!tpm_present())
-+    return 0;
-+
-+  inaddr = (grub_addr_t) inbuf;
-+  outaddr = (grub_addr_t) outbuf;
-+  regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-+  regs.eax = 0xbb02;
-+  regs.ebx = TCPA_MAGIC;
-+  regs.ecx = 0;
-+  regs.edx = 0;
-+  regs.es = (inaddr & 0xffff0000) >> 4;
-+  regs.edi = inaddr & 0xffff;
-+  regs.ds = outaddr >> 4;
-+  regs.esi = outaddr & 0xf;
-+
-+  grub_bios_interrupt (0x1a, &regs);
-+
-+  if (regs.eax)
-+    return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
-+
-+  return 0;
-+}
-+
-+typedef struct {
-+	grub_uint32_t pcrindex;
-+	grub_uint32_t eventtype;
-+	grub_uint8_t digest[20];
-+	grub_uint32_t eventdatasize;
-+	grub_uint8_t event[0];
-+} GRUB_PACKED Event;
-+
-+typedef struct {
-+	grub_uint16_t ipblength;
-+	grub_uint16_t reserved;
-+	grub_uint32_t hashdataptr;
-+	grub_uint32_t hashdatalen;
-+	grub_uint32_t pcr;
-+	grub_uint32_t reserved2;
-+	grub_uint32_t logdataptr;
-+	grub_uint32_t logdatalen;
-+} GRUB_PACKED EventIncoming;
-+
-+typedef struct {
-+	grub_uint16_t opblength;
-+	grub_uint16_t reserved;
-+	grub_uint32_t eventnum;
-+	grub_uint8_t  hashvalue[20];
-+} GRUB_PACKED EventOutgoing;
-+
-+grub_err_t
-+grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
-+		   const char *description)
-+{
-+	struct grub_bios_int_registers regs;
-+	EventIncoming incoming;
-+	EventOutgoing outgoing;
-+	Event *event;
-+	grub_uint32_t datalength;
-+
-+	if (!tpm_present())
-+		return 0;
-+
-+	datalength = grub_strlen(description);
-+	event = grub_zalloc(datalength + sizeof(Event));
-+	if (!event)
-+		return grub_error (GRUB_ERR_OUT_OF_MEMORY,
-+				   N_("cannot allocate TPM event buffer"));
-+
-+	event->pcrindex = pcr;
-+	event->eventtype = 0x0d;
-+	event->eventdatasize = grub_strlen(description);
-+	grub_memcpy(event->event, description, datalength);
-+
-+	incoming.ipblength = sizeof(incoming);
-+	incoming.hashdataptr = (grub_uint32_t)buf;
-+	incoming.hashdatalen = size;
-+	incoming.pcr = pcr;
-+	incoming.logdataptr = (grub_uint32_t)event;
-+	incoming.logdatalen = datalength + sizeof(Event);
-+
-+	regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-+	regs.eax = 0xbb01;
-+	regs.ebx = TCPA_MAGIC;
-+	regs.ecx = 0;
-+	regs.edx = 0;
-+	regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4;
-+	regs.edi = ((grub_addr_t) &incoming) & 0xffff;
-+	regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4;
-+	regs.esi = ((grub_addr_t) &outgoing) & 0xffff;
-+
-+	grub_bios_interrupt (0x1a, &regs);
-+
-+	grub_free(event);
-+
-+	if (regs.eax)
-+		return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
-+
-+	return 0;
-+}
-diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
-new file mode 100644
-index 0000000..1a99187
--- /dev/null
-+++ b/grub-core/kern/tpm.c
-@@ -0,0 +1,13 @@
-+#include <grub/err.h>
-+#include <grub/i18n.h>
-+#include <grub/misc.h>
-+#include <grub/mm.h>
-+#include <grub/tpm.h>
-+#include <grub/term.h>
-+
-+grub_err_t
-+grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
-+		  const char *description)
-+{
-+  return grub_tpm_log_event(buf, size, pcr, description);
-+}
-diff --git a/include/grub/efi/tpm.h b/include/grub/efi/tpm.h
-new file mode 100644
-index 0000000..e2aff4a
--- /dev/null
-+++ b/include/grub/efi/tpm.h
-@@ -0,0 +1,153 @@
-+/*
-+ *  GRUB  --  GRand Unified Bootloader
-+ *  Copyright (C) 2015  Free Software Foundation, Inc.
-+ *
-+ *  GRUB is free software: you can redistribute it and/or modify
-+ *  it under the terms of the GNU General Public License as published by
-+ *  the Free Software Foundation, either version 3 of the License, or
-+ *  (at your option) any later version.
-+ *
-+ *  GRUB is distributed in the hope that it will be useful,
-+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ *  GNU General Public License for more details.
-+ *
-+ *  You should have received a copy of the GNU General Public License
-+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#ifndef GRUB_EFI_TPM_HEADER
-+#define GRUB_EFI_TPM_HEADER 1
-+
-+#define EFI_TPM_GUID {0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd }};
-+#define EFI_TPM2_GUID {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }};
-+
-+typedef struct {
-+  grub_efi_uint8_t Major;
-+  grub_efi_uint8_t Minor;
-+  grub_efi_uint8_t RevMajor;
-+  grub_efi_uint8_t RevMinor;
-+} TCG_VERSION;
-+
-+typedef struct _TCG_EFI_BOOT_SERVICE_CAPABILITY {
-+  grub_efi_uint8_t          Size;                /// Size of this structure.
-+  TCG_VERSION    StructureVersion;
-+  TCG_VERSION    ProtocolSpecVersion;
-+  grub_efi_uint8_t          HashAlgorithmBitmap; /// Hash algorithms .
-+  char        TPMPresentFlag;      /// 00h = TPM not present.
-+  char        TPMDeactivatedFlag;  /// 01h = TPM currently deactivated.
-+} TCG_EFI_BOOT_SERVICE_CAPABILITY;
-+
-+typedef struct {
-+  grub_efi_uint32_t PCRIndex;
-+  grub_efi_uint32_t EventType;
-+  grub_efi_uint8_t digest[20];
-+  grub_efi_uint32_t EventSize;
-+  grub_efi_uint8_t  Event[1];
-+} TCG_PCR_EVENT;
-+
-+struct grub_efi_tpm_protocol
-+{
-+  grub_efi_status_t (*status_check) (struct grub_efi_tpm_protocol *this,
-+				     TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
-+				     grub_efi_uint32_t *TCGFeatureFlags,
-+				     grub_efi_physical_address_t *EventLogLocation,
-+				     grub_efi_physical_address_t *EventLogLastEntry);
-+  grub_efi_status_t (*hash_all) (struct grub_efi_tpm_protocol *this,
-+				 grub_efi_uint8_t *HashData,
-+				 grub_efi_uint64_t HashLen,
-+				 grub_efi_uint32_t AlgorithmId,
-+				 grub_efi_uint64_t *HashedDataLen,
-+				 grub_efi_uint8_t **HashedDataResult);
-+  grub_efi_status_t (*log_event) (struct grub_efi_tpm_protocol *this,
-+				  TCG_PCR_EVENT *TCGLogData,
-+				  grub_efi_uint32_t *EventNumber,
-+				  grub_efi_uint32_t Flags);
-+  grub_efi_status_t (*pass_through_to_tpm) (struct grub_efi_tpm_protocol *this,
-+					    grub_efi_uint32_t TpmInputParameterBlockSize,
-+					    grub_efi_uint8_t *TpmInputParameterBlock,
-+					    grub_efi_uint32_t TpmOutputParameterBlockSize,
-+					    grub_efi_uint8_t *TpmOutputParameterBlock);
-+  grub_efi_status_t (*log_extend_event) (struct grub_efi_tpm_protocol *this,
-+					 grub_efi_physical_address_t HashData,
-+					 grub_efi_uint64_t HashDataLen,
-+					 grub_efi_uint32_t AlgorithmId,
-+					 TCG_PCR_EVENT *TCGLogData,
-+					 grub_efi_uint32_t *EventNumber,
-+					 grub_efi_physical_address_t *EventLogLastEntry);
-+};
-+
-+typedef struct grub_efi_tpm_protocol grub_efi_tpm_protocol_t;
-+
-+typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_BITMAP;
-+typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_FORMAT;
-+typedef grub_efi_uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP;
-+
-+typedef struct tdEFI_TCG2_VERSION {
-+  grub_efi_uint8_t Major;
-+  grub_efi_uint8_t Minor;
-+} GRUB_PACKED EFI_TCG2_VERSION;
-+
-+typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
-+  grub_efi_uint8_t Size;
-+  EFI_TCG2_VERSION StructureVersion;
-+  EFI_TCG2_VERSION ProtocolVersion;
-+  EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
-+  EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
-+  grub_efi_boolean_t TPMPresentFlag;
-+  grub_efi_uint16_t MaxCommandSize;
-+  grub_efi_uint16_t MaxResponseSize;
-+  grub_efi_uint32_t ManufacturerID;
-+  grub_efi_uint32_t NumberOfPcrBanks;
-+  EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
-+} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
-+
-+typedef grub_efi_uint32_t TCG_PCRINDEX;
-+typedef grub_efi_uint32_t TCG_EVENTTYPE;
-+
-+typedef struct tdEFI_TCG2_EVENT_HEADER {
-+  grub_efi_uint32_t HeaderSize;
-+  grub_efi_uint16_t HeaderVersion;
-+  TCG_PCRINDEX PCRIndex;
-+  TCG_EVENTTYPE EventType;
-+} GRUB_PACKED EFI_TCG2_EVENT_HEADER;
-+
-+typedef struct tdEFI_TCG2_EVENT {
-+  grub_efi_uint32_t Size;
-+  EFI_TCG2_EVENT_HEADER Header;
-+  grub_efi_uint8_t Event[1];
-+} GRUB_PACKED EFI_TCG2_EVENT;
-+
-+struct grub_efi_tpm2_protocol
-+{
-+  grub_efi_status_t (*get_capability) (struct grub_efi_tpm2_protocol *this,
-+				       EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
-+  grub_efi_status_t (*get_event_log) (struct grub_efi_tpm2_protocol *this,
-+				      EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
-+				      grub_efi_physical_address_t *EventLogLocation,
-+				      grub_efi_physical_address_t *EventLogLastEntry,
-+				      grub_efi_boolean_t *EventLogTruncated);
-+  grub_efi_status_t (*hash_log_extend_event) (struct grub_efi_tpm2_protocol *this,
-+					      grub_efi_uint64_t Flags,
-+					      grub_efi_physical_address_t *DataToHash,
-+					      grub_efi_uint64_t DataToHashLen,
-+					      EFI_TCG2_EVENT *EfiTcgEvent);
-+  grub_efi_status_t (*submit_command) (struct grub_efi_tpm2_protocol *this,
-+				       grub_efi_uint32_t InputParameterBlockSize,
-+				       grub_efi_uint8_t *InputParameterBlock,
-+				       grub_efi_uint32_t OutputParameterBlockSize,
-+				       grub_efi_uint8_t *OutputParameterBlock);
-+  grub_efi_status_t (*get_active_pcr_blanks) (struct grub_efi_tpm2_protocol *this,
-+					      grub_efi_uint32_t *ActivePcrBanks);
-+  grub_efi_status_t (*set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this,
-+					     grub_efi_uint32_t ActivePcrBanks);
-+  grub_efi_status_t (*get_result_of_set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this,
-+							   grub_efi_uint32_t *OperationPresent,
-+							   grub_efi_uint32_t *Response);
-+};
-+
-+typedef struct grub_efi_tpm2_protocol grub_efi_tpm2_protocol_t;
-+
-+#define TCG_ALG_SHA 0x00000004
-+
-+#endif
-diff --git a/include/grub/tpm.h b/include/grub/tpm.h
-new file mode 100644
-index 0000000..40d3cf6
--- /dev/null
-+++ b/include/grub/tpm.h
-@@ -0,0 +1,91 @@
-+/*
-+ *  GRUB  --  GRand Unified Bootloader
-+ *  Copyright (C) 2015  Free Software Foundation, Inc.
-+ *
-+ *  GRUB is free software: you can redistribute it and/or modify
-+ *  it under the terms of the GNU General Public License as published by
-+ *  the Free Software Foundation, either version 3 of the License, or
-+ *  (at your option) any later version.
-+ *
-+ *  GRUB is distributed in the hope that it will be useful,
-+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ *  GNU General Public License for more details.
-+ *
-+ *  You should have received a copy of the GNU General Public License
-+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#ifndef GRUB_TPM_HEADER
-+#define GRUB_TPM_HEADER 1
-+
-+#define SHA1_DIGEST_SIZE 20
-+
-+#define TPM_BASE 0x0
-+#define TPM_SUCCESS TPM_BASE
-+#define TPM_AUTHFAIL (TPM_BASE + 0x1)
-+#define TPM_BADINDEX (TPM_BASE + 0x2)
-+
-+#define GRUB_TPM_PCR 9
-+#define GRUB_KERNEL_PCR 10
-+#define GRUB_INITRD_PCR 11
-+#define GRUB_CMDLINE_PCR 12
-+
-+#define TPM_TAG_RQU_COMMAND 0x00C1
-+#define TPM_ORD_Extend 0x14
-+
-+#define EV_IPL 0x0d
-+
-+/* TCG_PassThroughToTPM Input Parameter Block */
-+typedef struct {
-+        grub_uint16_t IPBLength;
-+        grub_uint16_t Reserved1;
-+        grub_uint16_t OPBLength;
-+        grub_uint16_t Reserved2;
-+        grub_uint8_t TPMOperandIn[1];
-+} GRUB_PACKED PassThroughToTPM_InputParamBlock;
-+
-+/* TCG_PassThroughToTPM Output Parameter Block */
-+typedef struct {
-+        grub_uint16_t OPBLength;
-+        grub_uint16_t Reserved;
-+        grub_uint8_t TPMOperandOut[1];
-+} GRUB_PACKED PassThroughToTPM_OutputParamBlock;
-+
-+typedef struct {
-+        grub_uint16_t tag;
-+        grub_uint32_t paramSize;
-+        grub_uint32_t ordinal;
-+        grub_uint32_t pcrNum;
-+        grub_uint8_t inDigest[SHA1_DIGEST_SIZE];                /* The 160 bit value representing the event to be recorded. */
-+} GRUB_PACKED ExtendIncoming;
-+
-+/* TPM_Extend Outgoing Operand */
-+typedef struct {
-+        grub_uint16_t tag;
-+        grub_uint32_t paramSize;
-+        grub_uint32_t returnCode;
-+        grub_uint8_t outDigest[SHA1_DIGEST_SIZE];               /* The PCR value after execution of the command. */
-+} GRUB_PACKED ExtendOutgoing;
-+
-+grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
-+					  grub_uint8_t pcr,
-+					  const char *description);
-+#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
-+grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
-+			    PassThroughToTPM_OutputParamBlock *outbuf);
-+grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size,
-+			      grub_uint8_t pcr, const char *description);
-+#else
-+static inline grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
-+					  PassThroughToTPM_OutputParamBlock *outbuf) { return 0; };
-+static inline grub_err_t grub_tpm_log_event(unsigned char *buf,
-+					    grub_size_t size,
-+					    grub_uint8_t pcr,
-+					    const char *description)
-+{
-+	return 0;
-+};
-+#endif
-+
-+#endif
-- 
-2.5.5
-
--- a/0074-Rework-linux-command.patch
+++ b/0074-Rework-linux-command.patch
@ -1,7 +1,7 @@
-From b8f66041637fd7a2f131f6239e693c26c7c5b7d9 Mon Sep 17 00:00:00 2001
+From 33d11870bbc2fa554fa9344c3c180279c258736a Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Sun, 9 Aug 2015 16:12:39 -0700
-Subject: [PATCH 77/89] Rework linux command
+Subject: [PATCH 74/87] Rework linux command

 We want a single buffer that contains the entire kernel image in order to
 perform a TPM measurement. Allocate one and copy the entire kernel into it
@ -103,5 +103,5 @@ index b0afcca..5eb7d17 100644
     grub_file_close (file);
 
 -- 
-2.5.5
+2.7.4

--- a/0075-Measure-kernel-initrd.patch
+++ b/0075-Measure-kernel-initrd.patch
@ -1,42 +0,0 @@
-From 400fcf2edf17eb587f0ac084af59c073d117fedc Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Thu, 16 Jul 2015 15:22:34 -0700
-Subject: [PATCH 75/89] Measure kernel + initrd
-
-Measure the kernel and initrd when loaded on UEFI systems
---
- grub-core/loader/i386/efi/linux.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
-index 7ccf32d..4ee45e9 100644
--- a/grub-core/loader/i386/efi/linux.c
-+++ b/grub-core/loader/i386/efi/linux.c
-@@ -27,6 +27,7 @@
- #include <grub/lib/cmdline.h>
- #include <grub/efi/efi.h>
- #include <grub/efi/linux.h>
-+#include <grub/tpm.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -129,6 +130,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
-                         argv[i]);
-           goto fail;
-         }
-+      grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd");
-       ptr += cursize;
-       grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
-       ptr += ALIGN_UP_OVERHEAD (cursize, 4);
-@@ -184,6 +186,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-       goto fail;
-     }
- 
-+  grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel");
-+
-   if (! grub_linuxefi_secure_validate (kernel, filelen))
-     {
-       grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
-- 
-2.5.5
-
--- a/0075-Rework-linux16-command.patch
+++ b/0075-Rework-linux16-command.patch
@ -1,7 +1,7 @@
-From 90a9b1d29e8e65cfa9567fbb5be57e705ad05db0 Mon Sep 17 00:00:00 2001
+From 0b86b309de12b4f3ea920124faa60841ffedf472 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Sun, 9 Aug 2015 16:20:58 -0700
-Subject: [PATCH 78/89] Rework linux16 command
+Subject: [PATCH 75/87] Rework linux16 command

 We want a single buffer that contains the entire kernel image in order to
 perform a TPM measurement. Allocate one and copy the entire kernel int it
@ -97,5 +97,5 @@ index 9128315..b864e54 100644
     grub_file_close (file);
 
 -- 
-2.5.5
+2.7.4

--- a/0076-Add-BIOS-boot-measurement.patch
+++ b/0076-Add-BIOS-boot-measurement.patch
@ -1,179 +0,0 @@
-From 004209cacbcae811af6399439da98be452322f63 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Sun, 9 Aug 2015 15:48:51 -0700
-Subject: [PATCH 76/89] Add BIOS boot measurement
-
-Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware
-can't do this stage for us.
---
- grub-core/boot/i386/pc/boot.S     | 30 +++++++++++++++++++++++++-
- grub-core/boot/i386/pc/diskboot.S | 44 +++++++++++++++++++++++++++++++++++++++
- 2 files changed, 73 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
-index ea167fe..c1df86d 100644
--- a/grub-core/boot/i386/pc/boot.S
-+++ b/grub-core/boot/i386/pc/boot.S
-@@ -24,11 +24,14 @@
-  *  defines for the code go here
-  */
- 
-+#define TPM 1
-+
- 	/* Print message string */
- #define MSG(x)	movw $x, %si; call LOCAL(message)
- #define ERR(x)	movw $x, %si; jmp LOCAL(error_message)
- 
- 	.macro floppy
-+#ifndef TPM
- part_start:
- 
- LOCAL(probe_values):
-@@ -85,6 +88,7 @@ fd_probe_error_string:	.asciz "Floppy"
- 	movb	MACRO_DOLLAR(79), %ch
- 
- 	jmp	LOCAL(final_init)
-+#endif
- 	.endm
- 
- 	.macro scratch
-@@ -252,6 +256,7 @@ real_start:
- 	/* set %si to the disk address packet */
- 	movw	$disk_address_packet, %si
- 
-+#ifndef TPM
- 	/* check if LBA is supported */
- 	movb	$0x41, %ah
- 	movw	$0x55aa, %bx
-@@ -271,6 +276,7 @@ real_start:
- 
- 	andw	$1, %cx
- 	jz	LOCAL(chs_mode)
-+#endif
- 
- LOCAL(lba_mode):
- 	xorw	%ax, %ax
-@@ -314,6 +320,9 @@ LOCAL(lba_mode):
- 	jmp	LOCAL(copy_buffer)
- 
- LOCAL(chs_mode):
-+#ifdef TPM
-+	jmp	LOCAL(general_error)
-+#else
- 	/*
- 	 *  Determine the hard disk geometry from the BIOS!
- 	 *  We do this first, so that LS-120 IDE floppies work correctly.
-@@ -425,7 +434,7 @@ setup_sectors:
- 	jc	LOCAL(read_error)
- 
- 	movw	%es, %bx
-
-+#endif /* TPM */
- LOCAL(copy_buffer):
- 	/*
- 	 * We need to save %cx and %si because the startup code in
-@@ -448,6 +457,25 @@ LOCAL(copy_buffer):
- 	popw	%ds
- 	popa
- 
-+#ifdef TPM
-+	pusha
-+
-+	movw	$0xBB00, %ax		/* TCG_StatusCheck */
-+	int	$0x1A
-+	test	%eax, %eax
-+	jnz	boot			/* No TPM or TPM deactivated */
-+
-+	movw	$0xBB07, %ax		/* TCG_CompactHashLogExtendEvent */
-+	movw	$GRUB_BOOT_MACHINE_KERNEL_ADDR, %di
-+	xorl	%esi, %esi
-+	movl	$0x41504354, %ebx	/* TCPA */
-+	movl	$0x200, %ecx		/* Measure 512 bytes */
-+	movl	$0x8, %edx		/* PCR 8 */
-+	int	$0x1A
-+
-+	popa
-+#endif
-+boot:
- 	/* boot kernel */
- 	jmp	*(LOCAL(kernel_address))
- 
-diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
-index c8b87ed..05dd7fa 100644
--- a/grub-core/boot/i386/pc/diskboot.S
-+++ b/grub-core/boot/i386/pc/diskboot.S
-@@ -19,6 +19,8 @@
- #include <grub/symbol.h>
- #include <grub/machine/boot.h>
- 
-+#define TPM 1
-+
- /*
-  *  defines for the code go here
-  */
-@@ -53,6 +55,21 @@ _start:
- 	/* this sets up for the first run through "bootloop" */
- 	movw	$LOCAL(firstlist), %di
- 
-+#ifdef TPM
-+        /* clear EAX to remove potential garbage */
-+	xorl    %eax, %eax
-+	/* 8(%di) = number of sectors to read */
-+	movw    8(%di), %ax
-+
-+	/* Multiply number of sectors to read with 512 bytes. EAX is 32bit
-+	* which is large enough to hold values of up to 4GB. I doubt there
-+	* will ever be a core.img larger than that. ;-) */
-+	shll    $9, %eax
-+
-+	/* write result to bytes_to_measure var */
-+	movl    %eax, bytes_to_measure
-+#endif
-+
- 	/* save the sector number of the second sector in %ebp */
- 	movl	(%di), %ebp
- 
-@@ -290,6 +307,29 @@ LOCAL(copy_buffer):
- /* END OF MAIN LOOP */
- 
- LOCAL(bootit):
-+#ifdef TPM
-+	pusha
-+	movw	$0xBB07, %ax		/* TCG_CompactHashLogExtendEvent */
-+
-+	movw	$0x0, %bx
-+	movw	%bx, %es
-+
-+	/* We've already measured the first 512 bytes, now measure the rest */
-+	xorl	%edi, %edi
-+	movw	$(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di
-+
-+	movl	$0x41504354, %ebx	/* EBX = "TCPA" */
-+
-+	/* %ecx = The length, in bytes, of the buffer to measure  */
-+	movl	$bytes_to_measure, %esi
-+	movl	(%esi), %ecx
-+	xorl	%esi, %esi
-+	movl	$0x9, %edx		/* PCR 9 */
-+
-+	int	$0x1A
-+
-+	popa
-+#endif
- 	/* print a newline */
- 	MSG(notification_done)
- 	popw	%dx	/* this makes sure %dl is our "boot" drive */
-@@ -324,6 +364,10 @@ geometry_error_string:	.asciz "Geom"
- read_error_string:	.asciz "Read"
- general_error_string:	.asciz " Error"
- 
-+#ifdef TPM
-+bytes_to_measure:	.long 0
-+#endif
-+
- /*
-  * message: write the string pointed to by %si
-  *
-- 
-2.5.5
-
--- a/0076-Make-grub-editenv-build-again.patch
+++ b/0076-Make-grub-editenv-build-again.patch
@ -1,7 +1,7 @@
-From b24ff20535415944f34bc7e36fc9bc2d9a58849e Mon Sep 17 00:00:00 2001
+From edaa6c877917816d57603e26d660107c82ffbb5d Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Fri, 4 Mar 2016 16:29:13 -0500
-Subject: [PATCH 83/89] Make grub-editenv build again.
+Subject: [PATCH 76/87] Make grub-editenv build again.

 36212460d3565b18439a3a8130b28e6c97702c6a split how some of the mkimage
 utility functions are defined, and they wind up being linked into
@ -26,5 +26,5 @@ index 226c46b..8007de9 100644
   common = util/config.c;
   common = util/resolve.c;
 -- 
-2.5.5
+2.7.4

--- a/0077-Fix-locale-issue-in-grub-setpassword-1294243.patch
+++ b/0077-Fix-locale-issue-in-grub-setpassword-1294243.patch
@ -1,7 +1,7 @@
-From 805a40238db66c43f1d847530704664352621a90 Mon Sep 17 00:00:00 2001
+From d2f552900d87b62ca0dbc740902d561bc32f32be Mon Sep 17 00:00:00 2001
 From: Robert Marshall <rmarshall@redhat.com>
 Date: Fri, 29 Jan 2016 17:34:02 -0500
-Subject: [PATCH 84/89] Fix locale issue in grub-setpassword (#1294243)
+Subject: [PATCH 77/87] Fix locale issue in grub-setpassword (#1294243)

 A shell substitution was expecting non-translated output to grab the
 hashed password and put it in the user.cfg file. Modified code to force
@ -26,5 +26,5 @@ index dd76f00..2923f43 100644
         sed -e "s/PBKDF2 hash of your password is //"
 }
 -- 
-2.5.5
+2.7.4

--- a/0078-Fix-up-some-man-pages-rpmdiff-noticed.patch
+++ b/0078-Fix-up-some-man-pages-rpmdiff-noticed.patch
@ -1,7 +1,7 @@
-From 3b1718192f814b2705bfdafbbdaa0d65cd97247f Mon Sep 17 00:00:00 2001
+From 216188f920d3ade19626d6e8fe450cea2c427e53 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 23 Sep 2014 09:58:49 -0400
-Subject: [PATCH 85/89] Fix up some man pages rpmdiff noticed.
+Subject: [PATCH 78/87] Fix up some man pages rpmdiff noticed.

 ---
 configure.ac             |  2 ++
@ -13,7 +13,7 @@ Subject: [PATCH 85/89] Fix up some man pages rpmdiff noticed.
 create mode 100644 util/grub-syslinux2cfg.1

 diff --git a/configure.ac b/configure.ac
-index 627c146..ec3ae9c 100644
+index 67ff20c..25de2c1 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -78,6 +78,7 @@ grub_TRANSFORM([grub-fstest.3])
@ -149,5 +149,5 @@ index 0000000..8530948
 +.SH SEE ALSO
 +.BR "info grub"
 -- 
-2.5.5
+2.7.4

--- a/0079-Handle-rssd-storage-devices.patch
+++ b/0079-Handle-rssd-storage-devices.patch
@ -1,7 +1,7 @@
-From 9857940f9b685eda3711ee6533c2669c70198b2b Mon Sep 17 00:00:00 2001
+From 90e2d3fbb161d494cdfc0ad0da740a6a4f651d70 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 30 Jun 2015 15:50:41 -0400
-Subject: [PATCH 86/89] Handle rssd storage devices.
+Subject: [PATCH 79/87] Handle rssd storage devices.

 Resolves: rhbz#1087962

@ -11,10 +11,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
 1 file changed, 13 insertions(+)

 diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
-index 10480b6..469923b 100644
+index 09e7e6e..ad7b774 100644
 --- a/grub-core/osdep/linux/getroot.c
 +++ b/grub-core/osdep/linux/getroot.c
-@@ -892,6 +892,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st,
+@@ -898,6 +898,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st,
 	  return path;
 	}
 
@ -35,5 +35,5 @@ index 10480b6..469923b 100644
       if ((strncmp ("loop", p, 4) == 0) && p[4] >= '0' && p[4] <= '9')
 	{
 -- 
-2.5.5
+2.7.4

--- a/0079-Measure-kernel-and-initrd-on-BIOS-systems.patch
+++ b/0079-Measure-kernel-and-initrd-on-BIOS-systems.patch
@ -1,87 +0,0 @@
-From 14b0cec058b100b50a5e373249cef19df05a812a Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Sun, 9 Aug 2015 16:28:29 -0700
-Subject: [PATCH 79/89] Measure kernel and initrd on BIOS systems
-
-Measure the kernel and initrd when loaded on BIOS systems
---
- grub-core/loader/i386/linux.c    | 5 +++++
- grub-core/loader/i386/pc/linux.c | 3 +++
- grub-core/loader/linux.c         | 2 ++
- 3 files changed, 10 insertions(+)
-
-diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
-index 5eb7d17..342c9fe 100644
--- a/grub-core/loader/i386/linux.c
-+++ b/grub-core/loader/i386/linux.c
-@@ -36,6 +36,7 @@
- #include <grub/lib/cmdline.h>
- #include <grub/linux.h>
- #include <grub/efi/sb.h>
-+#include <grub/tpm.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -717,7 +718,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-       goto fail;
-     }
- 
-+  grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel");
-+
-   grub_memcpy (&lh, kernel, sizeof (lh));
-+
-   kernel_offset = sizeof (lh);
- 
-   if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
-@@ -1026,6 +1030,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
- 
-   len = prot_file_size;
-   grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
-+  kernel_offset += len;
- 
-   if (grub_errno == GRUB_ERR_NONE)
-     {
-diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
-index b864e54..6b8f365 100644
--- a/grub-core/loader/i386/pc/linux.c
-+++ b/grub-core/loader/i386/pc/linux.c
-@@ -36,6 +36,7 @@
- #include <grub/lib/cmdline.h>
- #include <grub/linux.h>
- #include <grub/efi/sb.h>
-+#include <grub/tpm.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -161,6 +162,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-       goto fail;
-     }
- 
-+  grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel");
-+
-   grub_memcpy (&lh, kernel, sizeof (lh));
-   kernel_offset = sizeof (lh);
- 
-diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
-index be6fa0f..3005c0d 100644
--- a/grub-core/loader/linux.c
-+++ b/grub-core/loader/linux.c
-@@ -4,6 +4,7 @@
- #include <grub/misc.h>
- #include <grub/file.h>
- #include <grub/mm.h>
-+#include <grub/tpm.h>
- 
- struct newc_head
- {
-@@ -288,6 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
- 	  grub_initrd_close (initrd_ctx);
- 	  return grub_errno;
- 	}
-+      grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd");
-       ptr += cursize;
-     }
-   if (newc)
-- 
-2.5.5
-
--- a/0080-Measure-the-kernel-commandline.patch
+++ b/0080-Measure-the-kernel-commandline.patch
@ -1,43 +0,0 @@
-From 64e659a7843a49aab05a7ff29c52e52f78845831 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Sun, 9 Aug 2015 16:32:29 -0700
-Subject: [PATCH 80/89] Measure the kernel commandline
-
-Measure the kernel commandline to ensure that it hasn't been modified
---
- grub-core/lib/cmdline.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
-index 970ea86..6b56304 100644
--- a/grub-core/lib/cmdline.c
-+++ b/grub-core/lib/cmdline.c
-@@ -19,6 +19,7 @@
- 
- #include <grub/lib/cmdline.h>
- #include <grub/misc.h>
-+#include <grub/tpm.h>
- 
- static int
- is_hex(char c)
-@@ -79,7 +80,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
- {
-   int i, space;
-   unsigned int arg_size;
-  char *c;
-+  char *c, *orig = buf;
- 
-   for (i = 0; i < argc; i++)
-     {
-@@ -125,5 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
- 
-   *buf = 0;
- 
-+  grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR,
-+		    "Kernel Commandline");
-+
-   return i;
- }
-- 
-2.5.5
-
--- a/0080-Warn-if-grub-password-will-not-be-read-1290803.patch
+++ b/0080-Warn-if-grub-password-will-not-be-read-1290803.patch
@ -0,0 +1,31 @@
+From f46e9b0378cfaced22f0de5e8061ddb0c6829ee8 Mon Sep 17 00:00:00 2001
+From: Robert Marshall <rmarshall@redhat.com>
+Date: Mon, 22 Feb 2016 15:30:05 -0500
+Subject: [PATCH 80/87] Warn if grub password will not be read (#1290803)
+
+It is possible for a system to have never run grub-mkconfig and add the
+section that reads the user.cfg file which contains a user set GRUB
+password. Users in that scenario will now be warned that grub-mkconfig
+must be run prior to their newly set password taking effect.
+
+Resolves: rhbz#1290803
+---
+ util/grub-setpassword.in | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in
+index 2923f43..dd7b793 100644
+--- a/util/grub-setpassword.in
+++ b/util/grub-setpassword.in
+@@ -121,3 +121,8 @@ fi
+ install -m 0600 /dev/null "${grubdir}/user.cfg" 2>/dev/null || :
+ chmod 0600 "${grubdir}/user.cfg" 2>/dev/null || :
+ echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg"
+
+if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${grubdir}/grub.cfg"; then
+    echo "WARNING: The current configuration lacks password support!"
+    echo "Update your configuration with @grub_mkconfig@ to support this feature."
+fi
+-- 
+2.7.4
+
--- a/0081-Clean-up-grub-setpassword-documentation-1290799.patch
+++ b/0081-Clean-up-grub-setpassword-documentation-1290799.patch
@ -0,0 +1,58 @@
+From f41adcd85164ef8a0d0918f0508f29dcf3c7467d Mon Sep 17 00:00:00 2001
+From: Robert Marshall <rmarshall@redhat.com>
+Date: Tue, 26 Jan 2016 10:28:35 -0500
+Subject: [PATCH 81/87] Clean up grub-setpassword documentation (#1290799)
+
+The output for --help had some errors. Corrected those and polished the
+text to be a little easier to follow. Carried verbage over to man page
+to maintain internal consistency.
+
+Resolves: rhbz#1290799
+---
+ util/grub-setpassword.8  |  2 +-
+ util/grub-setpassword.in | 15 +++++++--------
+ 2 files changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8
+index 49200a8..dc91dd6 100644
+--- a/util/grub-setpassword.8
+++ b/util/grub-setpassword.8
+@@ -19,7 +19,7 @@ Display program usage and exit.
+ -v, --version
+ Display the current version.
+ .TP
+--o, --output[=\fIDIRECTORY PATH\fR]
+-o, --output=<\fIDIRECTORY\fR>
+ Choose the file path to which user.cfg will be written.
+ 
+ .SH SEE ALSO
+diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in
+index dd7b793..d7924af 100644
+--- a/util/grub-setpassword.in
+++ b/util/grub-setpassword.in
+@@ -16,15 +16,14 @@ grub_mkpasswd="${bindir}/@grub_mkpasswd_pbkdf2@"
+ # Print the usage.
+ usage () {
+     cat <<EOF
+-Usage: $0 [OPTION] [SOURCE]
+-Run GRUB script in a Qemu instance.
+-
+-  -h, --help              print this message and exit
+-  -v, --version           print the version information and exit
+-  -o, --output_path       choose a custom output path for user.cfg
+-
+Usage: $0 [OPTION]
+ $0 prompts the user to set a password on the grub bootloader. The password
+-is written to a file named user.cfg.
+is written to a file named user.cfg which lives in the GRUB directory
+located by default at ${grubdir}.
+
+  -h, --help                     print this message and exit
+  -v, --version                  print the version information and exit
+  -o, --output_path <DIRECTORY>  put user.cfg in a user-selected directory
+ 
+ Report bugs at https://bugzilla.redhat.com.
+ EOF
+-- 
+2.7.4
+
--- a/0081-Measure-commands.patch
+++ b/0081-Measure-commands.patch
@ -1,76 +0,0 @@
-From d73f9224234a35ad371891f3dd3f005274969d86 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@srcf.ucam.org>
-Date: Mon, 10 Aug 2015 15:27:12 -0700
-Subject: [PATCH 81/89] Measure commands
-
-Measure each command executed by grub, which includes script execution.
---
- grub-core/script/execute.c | 25 +++++++++++++++++++++++--
- include/grub/tpm.h         |  1 +
- 2 files changed, 24 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
-index cf6cd66..9ae04a0 100644
--- a/grub-core/script/execute.c
-+++ b/grub-core/script/execute.c
-@@ -30,6 +30,7 @@
- #ifdef GRUB_MACHINE_IEEE1275
- #include <grub/ieee1275/ieee1275.h>
- #endif
-+#include <grub/tpm.h>
- 
- /* Max digits for a char is 3 (0xFF is 255), similarly for an int it
-    is sizeof (int) * 3, and one extra for a possible -ve sign.  */
-@@ -967,8 +968,9 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
-   grub_err_t ret = 0;
-   grub_script_function_t func = 0;
-   char errnobuf[18];
-  char *cmdname;
-  int argc;
-+  char *cmdname, *cmdstring;
-+  int argc, offset = 0, cmdlen = 0;
-+  unsigned int i;
-   char **args;
-   int invert;
-   struct grub_script_argv argv = { 0, 0, 0 };
-@@ -977,6 +979,25 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
-   if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
-     return grub_errno;
- 
-+  for (i = 0; i < argv.argc; i++) {
-+	  cmdlen += grub_strlen (argv.args[i]) + 1;
-+  }
-+
-+  cmdstring = grub_malloc (cmdlen);
-+  if (!cmdstring)
-+  {
-+	  return grub_error (GRUB_ERR_OUT_OF_MEMORY,
-+			     N_("cannot allocate command buffer"));
-+  }
-+
-+  for (i = 0; i < argv.argc; i++) {
-+	  offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
-+				   argv.args[i]);
-+  }
-+  cmdstring[cmdlen-1]= '\0';
-+  grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR,
-+		    cmdstring);
-+  grub_free(cmdstring);
-   invert = 0;
-   argc = argv.argc - 1;
-   args = argv.args + 1;
-diff --git a/include/grub/tpm.h b/include/grub/tpm.h
-index 40d3cf6..7fc9d77 100644
--- a/include/grub/tpm.h
-+++ b/include/grub/tpm.h
-@@ -30,6 +30,7 @@
- #define GRUB_KERNEL_PCR 10
- #define GRUB_INITRD_PCR 11
- #define GRUB_CMDLINE_PCR 12
-+#define GRUB_COMMAND_PCR 13
- 
- #define TPM_TAG_RQU_COMMAND 0x00C1
- #define TPM_ORD_Extend 0x14
-- 
-2.5.5
-
--- a/0082-Measure-multiboot-images-and-modules.patch
+++ b/0082-Measure-multiboot-images-and-modules.patch
@ -1,76 +0,0 @@
-From dbbb480855f86c3c47cd941de6511d1a1dfdeb31 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Tue, 1 Sep 2015 16:02:55 -0700
-Subject: [PATCH 82/89] Measure multiboot images and modules
-
---
- grub-core/loader/i386/multiboot_mbi.c | 3 +++
- grub-core/loader/multiboot.c          | 2 ++
- grub-core/loader/multiboot_mbi2.c     | 3 +++
- 3 files changed, 8 insertions(+)
-
-diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
-index f60b702..43a08e4 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
-+++ b/grub-core/loader/i386/multiboot_mbi.c
-@@ -36,6 +36,7 @@
- #include <grub/net.h>
- #include <grub/i18n.h>
- #include <grub/lib/cmdline.h>
-+#include <grub/tpm.h>
- 
- #ifdef GRUB_MACHINE_EFI
- #include <grub/efi/efi.h>
-@@ -164,6 +165,8 @@ grub_multiboot_load (grub_file_t file, const char *filename)
-       return grub_errno;
-     }
- 
-+  grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename);
-+
-   header = find_header (buffer, len);
- 
-   if (header == 0)
-diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
-index 64a6513..58e6329 100644
--- a/grub-core/loader/multiboot.c
-+++ b/grub-core/loader/multiboot.c
-@@ -43,6 +43,7 @@
- #include <grub/memory.h>
- #include <grub/i18n.h>
- #include <grub/efi/sb.h>
-+#include <grub/tpm.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -385,6 +386,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
-     }
- 
-   grub_file_close (file);
-+  grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]);
-   return GRUB_ERR_NONE;
- }
- 
-diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
-index f147d67..8f163ea 100644
--- a/grub-core/loader/multiboot_mbi2.c
-+++ b/grub-core/loader/multiboot_mbi2.c
-@@ -36,6 +36,7 @@
- #include <grub/i18n.h>
- #include <grub/net.h>
- #include <grub/lib/cmdline.h>
-+#include <grub/tpm.h>
- 
- #if defined (GRUB_MACHINE_EFI)
- #include <grub/efi/efi.h>
-@@ -126,6 +127,8 @@ grub_multiboot_load (grub_file_t file, const char *filename)
- 
-   COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
- 
-+  grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename);
-+
-   header = find_header (buffer, len);
- 
-   if (header == 0)
-- 
-2.5.5
-
--- a/0082-Re-work-some-intricacies-of-PE-loading.patch
+++ b/0082-Re-work-some-intricacies-of-PE-loading.patch
@ -0,0 +1,353 @@
+From e2b22111a8ec58091603fc785f54b1b998888735 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 9 Jun 2016 12:22:29 -0400
+Subject: [PATCH 82/87] Re-work some intricacies of PE loading.
+
+The PE spec is not a well written document, and awesomely every place
+where there's an ambiguous way to read something, Windows' bootmgfw.efi
+takes a different read than either of them.
+---
+ grub-core/loader/efi/chainloader.c | 156 +++++++++++++++++++++++++++++--------
+ include/grub/efi/pe32.h            |  32 +++++++-
+ 2 files changed, 152 insertions(+), 36 deletions(-)
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index c4184fa..323f873 100644
+--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
+@@ -297,7 +297,7 @@ image_is_64_bit (grub_pe_header_t *pe_hdr)
+   return 0;
+ }
+ 
+-static const grub_uint16_t machine_type =
+static const grub_uint16_t machine_type __attribute__((__unused__)) =
+ #if defined(__x86_64__)
+   GRUB_PE32_MACHINE_X86_64;
+ #elif defined(__aarch64__)
+@@ -363,10 +363,10 @@ relocate_coff (pe_coff_loader_image_context_t *context,
+ 
+   reloc_base = image_address (orig, size, section->raw_data_offset);
+   reloc_base_end = image_address (orig, size, section->raw_data_offset
+-				  + section->virtual_size - 1);
+				  + section->virtual_size);
+ 
+-  grub_dprintf ("chain", "reloc_base %p reloc_base_end %p\n", reloc_base,
+-		reloc_base_end);
+  grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n",
+		reloc_base, reloc_base_end);
+ 
+   if (!reloc_base && !reloc_base_end)
+     return GRUB_EFI_SUCCESS;
+@@ -503,12 +503,13 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+   grub_efi_status_t efi_status;
+   char *buffer = NULL;
+   char *buffer_aligned = NULL;
+-  grub_efi_uint32_t i, size;
+  grub_efi_uint32_t i;
+   struct grub_pe32_section_table *section;
+   char *base, *end;
+   pe_coff_loader_image_context_t context;
+   grub_uint32_t section_alignment;
+   grub_uint32_t buffer_size;
+  int found_entry_point = 0;
+ 
+   b = grub_efi_system_table->boot_services;
+ 
+@@ -522,8 +523,28 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+       goto error_exit;
+     }
+ 
+  /*
+   * The spec says, uselessly, of SectionAlignment:
+   * =====
+   * The alignment (in bytes) of sections when they are loaded into
+   * memory. It must be greater than or equal to FileAlignment. The
+   * default is the page size for the architecture.
+   * =====
+   * Which doesn't tell you whose responsibility it is to enforce the
+   * "default", or when.  It implies that the value in the field must
+   * be > FileAlignment (also poorly defined), but it appears visual
+   * studio will happily write 512 for FileAlignment (its default) and
+   * 0 for SectionAlignment, intending to imply PAGE_SIZE.
+   *
+   * We only support one page size, so if it's zero, nerf it to 4096.
+   */
+   section_alignment = context.section_alignment;
+  if (section_alignment == 0)
+    section_alignment = 4096;
+
+   buffer_size = context.image_size + section_alignment;
+  grub_dprintf ("chain", "image size is %08lx, datasize is %08x\n",
+	       context.image_size, datasize);
+ 
+   efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA,
+ 			   buffer_size, &buffer);
+@@ -535,7 +556,6 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+     }
+ 
+   buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment);
+-
+   if (!buffer_aligned)
+     {
+       grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+@@ -544,27 +564,62 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+ 
+   grub_memcpy (buffer_aligned, data, context.size_of_headers);
+ 
+  entry_point = image_address (buffer_aligned, context.image_size,
+			       context.entry_point);
+
+  grub_dprintf ("chain", "entry_point: %p\n", entry_point);
+  if (!entry_point)
+    {
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point");
+      goto error_exit;
+    }
+
+   char *reloc_base, *reloc_base_end;
+-  reloc_base = image_address (buffer_aligned, datasize,
+  grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n",
+		(void *)(unsigned long long)context.reloc_dir->rva,
+		context.reloc_dir->size);
+  reloc_base = image_address (buffer_aligned, context.image_size,
+ 			      context.reloc_dir->rva);
+   /* RelocBaseEnd here is the address of the last byte of the table */
+-  reloc_base_end = image_address (buffer_aligned, datasize,
+  reloc_base_end = image_address (buffer_aligned, context.image_size,
+ 				  context.reloc_dir->rva
+ 				  + context.reloc_dir->size - 1);
+  grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n",
+		reloc_base, reloc_base_end);
+
+   struct grub_pe32_section_table *reloc_section = NULL;
+ 
+   section = context.first_section;
+   for (i = 0; i < context.number_of_sections; i++, section++)
+     {
+-      size = section->virtual_size;
+-      if (size > section->raw_data_size)
+-        size = section->raw_data_size;
+      char name[9];
+ 
+       base = image_address (buffer_aligned, context.image_size,
+ 			    section->virtual_address);
+       end = image_address (buffer_aligned, context.image_size,
+-			   section->virtual_address + size - 1);
+			   section->virtual_address + section->virtual_size -1);
+ 
+      grub_strncpy(name, section->name, 9);
+      name[8] = '\0';
+      grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i,
+		   name, base, end);
+
+      if (end < base)
+	{
+	  grub_dprintf ("chain", " base is %p but end is %p... bad.\n",
+		       base, end);
+	  grub_error (GRUB_ERR_BAD_ARGUMENT,
+		      "Image has invalid negative size");
+	  goto error_exit;
+	}
+
+      if (section->virtual_address <= context.entry_point &&
+	  (section->virtual_address + section->raw_data_size - 1)
+	  > context.entry_point)
+	{
+	  found_entry_point++;
+	  grub_dprintf ("chain", " section contains entry point\n");
+	}
+ 
+       /* We do want to process .reloc, but it's often marked
+        * discardable, so we don't want to memcpy it. */
+@@ -583,21 +638,46 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+ 	  if (section->raw_data_size && section->virtual_size &&
+ 	      base && end && reloc_base == base && reloc_base_end == end)
+ 	    {
+	      grub_dprintf ("chain", " section is relocation section\n");
+ 	      reloc_section = section;
+ 	    }
+	  else
+	    {
+	      grub_dprintf ("chain", " section is not reloc section?\n");
+	      grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n",
+			    section->raw_data_size, section->virtual_size);
+	      grub_dprintf ("chain", " base: %p end: %p\n", base, end);
+	      grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n",
+			    reloc_base, reloc_base_end);
+	    }
+ 	}
+ 
+-      if (section->characteristics && GRUB_PE32_SCN_MEM_DISCARDABLE)
+-	continue;
+      grub_dprintf ("chain", " Section characteristics are %08x\n",
+		   section->characteristics);
+      grub_dprintf ("chain", " Section virtual size: %08x\n",
+		   section->virtual_size);
+      grub_dprintf ("chain", " Section raw_data size: %08x\n",
+		   section->raw_data_size);
+      if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE)
+	{
+	  grub_dprintf ("chain", " Discarding section\n");
+	  continue;
+	}
+ 
+       if (!base || !end)
+         {
+	  grub_dprintf ("chain", " section is invalid\n");
+           grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size");
+           goto error_exit;
+         }
+ 
+-      if (section->virtual_address < context.size_of_headers ||
+-	  section->raw_data_offset < context.size_of_headers)
+      if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA)
+	{
+	  if (section->raw_data_size != 0)
+	    grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n");
+	}
+      else if (section->virtual_address < context.size_of_headers ||
+	       section->raw_data_offset < context.size_of_headers)
+ 	{
+ 	  grub_error (GRUB_ERR_BAD_ARGUMENT,
+ 		      "Section %d is inside image headers", i);
+@@ -605,13 +685,24 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+ 	}
+ 
+       if (section->raw_data_size > 0)
+-        grub_memcpy (base, (grub_efi_uint8_t*)data + section->raw_data_offset,
+-		     size);
+	{
+	  grub_dprintf ("chain", " copying 0x%08x bytes to %p\n",
+			section->raw_data_size, base);
+	  grub_memcpy (base,
+		       (grub_efi_uint8_t*)data + section->raw_data_offset,
+		       section->raw_data_size);
+	}
+ 
+-      if (size < section->virtual_size)
+-        grub_memset (base + size, 0, section->virtual_size - size);
+      if (section->raw_data_size < section->virtual_size)
+	{
+	  grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n",
+			section->virtual_size - section->raw_data_size,
+			base + section->raw_data_size);
+	  grub_memset (base + section->raw_data_size, 0,
+		       section->virtual_size - section->raw_data_size);
+	}
+ 
+-      grub_dprintf ("chain", "copied section %s\n", section->name);
+      grub_dprintf ("chain", " finished section %s\n", name);
+     }
+ 
+   /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */
+@@ -634,12 +725,15 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+ 	}
+     }
+ 
+-  entry_point = image_address (buffer_aligned, context.image_size,
+-			       context.entry_point);
+-
+-  if (!entry_point)
+  if (!found_entry_point)
+     {
+-      grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point");
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections");
+      goto error_exit;
+    }
+  if (found_entry_point > 1)
+    {
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point",
+		  found_entry_point);
+       goto error_exit;
+     }
+ 
+@@ -657,26 +751,24 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+   li->load_options_size = cmdline_len;
+   li->file_path = grub_efi_get_media_file_path (file_path);
+   li->device_handle = dev_handle;
+-  if (li->file_path)
+-    {
+-      grub_printf ("file path: ");
+-      grub_efi_print_device_path (li->file_path);
+-    }
+-  else
+  if (!li->file_path)
+     {
+       grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found");
+       goto error_exit;
+     }
+ 
+  grub_dprintf ("chain", "booting via entry point\n");
+   efi_status = efi_call_2 (entry_point, grub_efi_image_handle,
+ 			   grub_efi_system_table);
+ 
+  grub_dprintf ("chain", "entry_point returned %ld\n", efi_status);
+   grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t));
+   efi_status = efi_call_1 (b->free_pool, buffer);
+ 
+   return 1;
+ 
+ error_exit:
+  grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno);
+   if (buffer)
+       efi_call_1 (b->free_pool, buffer);
+ 
+diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
+index f79782e..8396bde 100644
+--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
+@@ -227,12 +227,18 @@ struct grub_pe32_section_table
+   grub_uint32_t characteristics;
+ };
+ 
+#define GRUB_PE32_SCN_TYPE_NO_PAD		0x00000008
+ #define GRUB_PE32_SCN_CNT_CODE			0x00000020
+ #define GRUB_PE32_SCN_CNT_INITIALIZED_DATA	0x00000040
+-#define GRUB_PE32_SCN_MEM_DISCARDABLE		0x02000000
+-#define GRUB_PE32_SCN_MEM_EXECUTE		0x20000000
+-#define GRUB_PE32_SCN_MEM_READ			0x40000000
+-#define GRUB_PE32_SCN_MEM_WRITE			0x80000000
+#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA	0x00000080
+#define GRUB_PE32_SCN_LNK_OTHER			0x00000100
+#define GRUB_PE32_SCN_LNK_INFO			0x00000200
+#define GRUB_PE32_SCN_LNK_REMOVE		0x00000800
+#define GRUB_PE32_SCN_LNK_COMDAT		0x00001000
+#define GRUB_PE32_SCN_GPREL			0x00008000
+#define GRUB_PE32_SCN_MEM_16BIT			0x00020000
+#define GRUB_PE32_SCN_MEM_LOCKED		0x00040000
+#define GRUB_PE32_SCN_MEM_PRELOAD		0x00080000
+ 
+ #define GRUB_PE32_SCN_ALIGN_1BYTES		0x00100000
+ #define GRUB_PE32_SCN_ALIGN_2BYTES		0x00200000
+@@ -241,10 +247,28 @@ struct grub_pe32_section_table
+ #define GRUB_PE32_SCN_ALIGN_16BYTES		0x00500000
+ #define GRUB_PE32_SCN_ALIGN_32BYTES		0x00600000
+ #define GRUB_PE32_SCN_ALIGN_64BYTES		0x00700000
+#define GRUB_PE32_SCN_ALIGN_128BYTES		0x00800000
+#define GRUB_PE32_SCN_ALIGN_256BYTES		0x00900000
+#define GRUB_PE32_SCN_ALIGN_512BYTES		0x00A00000
+#define GRUB_PE32_SCN_ALIGN_1024BYTES		0x00B00000
+#define GRUB_PE32_SCN_ALIGN_2048BYTES		0x00C00000
+#define GRUB_PE32_SCN_ALIGN_4096BYTES		0x00D00000
+#define GRUB_PE32_SCN_ALIGN_8192BYTES		0x00E00000
+ 
+ #define GRUB_PE32_SCN_ALIGN_SHIFT		20
+ #define GRUB_PE32_SCN_ALIGN_MASK		7
+ 
+#define GRUB_PE32_SCN_LNK_NRELOC_OVFL		0x01000000
+#define GRUB_PE32_SCN_MEM_DISCARDABLE		0x02000000
+#define GRUB_PE32_SCN_MEM_NOT_CACHED		0x04000000
+#define GRUB_PE32_SCN_MEM_NOT_PAGED		0x08000000
+#define GRUB_PE32_SCN_MEM_SHARED		0x10000000
+#define GRUB_PE32_SCN_MEM_EXECUTE		0x20000000
+#define GRUB_PE32_SCN_MEM_READ			0x40000000
+#define GRUB_PE32_SCN_MEM_WRITE			0x80000000
+
+
+
+ #define GRUB_PE32_SIGNATURE_SIZE 4
+ 
+ struct grub_pe32_header
+-- 
+2.7.4
+
--- a/0083-Rework-even-more-of-efi-chainload-so-non-sb-cases-wo.patch
+++ b/0083-Rework-even-more-of-efi-chainload-so-non-sb-cases-wo.patch
@ -0,0 +1,386 @@
+From 8b4deb97529ba7ff689a11639f2a5bfdb29ad2ea Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 10 Jun 2016 14:06:15 -0400
+Subject: [PATCH 83/87] Rework even more of efi chainload so non-sb cases work
+ right.
+
+This ensures that if shim protocol is not loaded, or is loaded but shim
+is disabled, we will fall back to a correct load method for the efi
+chain loader.
+
+Here's what I tested with this version:
+
+results                             expected    actual
+------------------------------------------------------------
+sb + enabled + shim + fedora        success     success
+sb + enabled + shim + win           success     success
+sb + enabled + grub + fedora        fail        fail
+sb + enabled + grub + win           fail        fail
+
+sb + mokdisabled + shim + fedora    success     success
+sb + mokdisabled + shim + win       success     success
+sb + mokdisabled + grub + fedora    fail        fail
+sb + mokdisabled + grub + win       fail        fail
+
+sb disabled + shim + fedora         success     success*
+sb disabled + shim + win            success     success*
+sb disabled + grub + fedora         success     success
+sb disabled + grub + win            success     success
+
+nosb + shim + fedora                success     success*
+nosb + shim + win                   success     success*
+nosb + grub + fedora                success     success
+nosb + grub + win                   success     success
+
+* for some reason shim protocol is being installed in these cases, and I
+  can't see why, but I think it may be this firmware build returning an
+  erroneous value.  But this effectively falls back to the mokdisabled
+  behavior, which works correctly, and the presence of the "grub" (i.e.
+  no shim) tests effectively tests the desired behavior here.
+
+Resolves: rhbz#1344512
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/kern/efi/sb.c            |  14 +++--
+ grub-core/loader/arm64/linux.c     |   4 +-
+ grub-core/loader/efi/chainloader.c | 115 ++++++++++++++++++++++---------------
+ grub-core/loader/efi/linux.c       |  13 +++--
+ grub-core/loader/i386/efi/linux.c  |  10 +++-
+ include/grub/efi/linux.h           |   2 +-
+ 6 files changed, 99 insertions(+), 59 deletions(-)
+
+diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
+index a41b6c5..d74778b 100644
+--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
+@@ -36,14 +36,20 @@ grub_efi_secure_boot (void)
+   grub_efi_boolean_t ret = 0;
+ 
+   secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
+-
+   if (datasize != 1 || !secure_boot)
+-    goto out;
+    {
+      grub_dprintf ("secureboot", "No SecureBoot variable\n");
+      goto out;
+    }
+  grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
+ 
+   setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
+-
+   if (datasize != 1 || !setup_mode)
+-    goto out;
+    {
+      grub_dprintf ("secureboot", "No SetupMode variable\n");
+      goto out;
+    }
+  grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
+ 
+   if (*secure_boot && !*setup_mode)
+     ret = 1;
+diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
+index 4756ef7..f83820e 100644
+--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
+@@ -251,6 +251,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+   grub_file_t file = 0;
+   struct grub_arm64_linux_kernel_header lh;
+   struct grub_arm64_linux_pe_header *pe;
+  int rc;
+ 
+   grub_dl_ref (my_mod);
+ 
+@@ -295,7 +296,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ 
+   grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
+ 
+-  if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size))
+  rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);
+  if (rc < 0)
+     {
+       grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
+       goto fail;
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index 323f873..49a7662 100644
+--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
+@@ -178,7 +178,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
+   /* Fill the file path for the directory.  */
+   d = (grub_efi_device_path_t *) ((char *) file_path
+ 				  + ((char *) d - (char *) dp));
+-  grub_efi_print_device_path (d);
+   copy_file_path ((grub_efi_file_path_device_path_t *) d,
+ 		  dir_start, dir_end - dir_start);
+ 
+@@ -248,10 +247,9 @@ read_header (void *data, grub_efi_uint32_t size,
+   grub_efi_status_t status;
+ 
+   shim_lock = grub_efi_locate_protocol (&guid, NULL);
+-
+   if (!shim_lock)
+     {
+-      grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol");
+      grub_dprintf ("chain", "no shim lock protocol");
+       return 0;
+     }
+ 
+@@ -276,7 +274,7 @@ read_header (void *data, grub_efi_uint32_t size,
+       break;
+     }
+ 
+-  return 0;
+  return -1;
+ }
+ 
+ static void*
+@@ -510,17 +508,24 @@ handle_image (void *data, grub_efi_uint32_t datasize)
+   grub_uint32_t section_alignment;
+   grub_uint32_t buffer_size;
+   int found_entry_point = 0;
+  int rc;
+ 
+   b = grub_efi_system_table->boot_services;
+ 
+-  if (read_header (data, datasize, &context))
+  rc = read_header (data, datasize, &context);
+  if (rc < 0)
+     {
+-      grub_dprintf ("chain", "Succeed to read header\n");
+      grub_dprintf ("chain", "Failed to read header\n");
+      goto error_exit;
+    }
+  else if (rc == 0)
+    {
+      grub_dprintf ("chain", "Secure Boot is not enabled\n");
+      return 0;
+     }
+   else
+     {
+-      grub_dprintf ("chain", "Failed to read header\n");
+-      goto error_exit;
+      grub_dprintf ("chain", "Header read without error\n");
+     }
+ 
+   /*
+@@ -793,9 +798,55 @@ grub_secureboot_chainloader_unload (void)
+ }
+ 
+ static grub_err_t
+grub_load_and_start_image(void *boot_image)
+{
+  grub_efi_boot_services_t *b;
+  grub_efi_status_t status;
+  grub_efi_loaded_image_t *loaded_image;
+
+  b = grub_efi_system_table->boot_services;
+
+  status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
+		       boot_image, fsize, &image_handle);
+  if (status != GRUB_EFI_SUCCESS)
+    {
+      if (status == GRUB_EFI_OUT_OF_RESOURCES)
+	grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
+      else
+	grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+      return -1;
+    }
+
+  /* LoadImage does not set a device handler when the image is
+     loaded from memory, so it is necessary to set it explicitly here.
+     This is a mess.  */
+  loaded_image = grub_efi_get_loaded_image (image_handle);
+  if (! loaded_image)
+    {
+      grub_error (GRUB_ERR_BAD_OS, "no loaded image available");
+      return -1;
+    }
+  loaded_image->device_handle = dev_handle;
+
+  if (cmdline)
+    {
+      loaded_image->load_options = cmdline;
+      loaded_image->load_options_size = cmdline_len;
+    }
+
+  return 0;
+}
+
+static grub_err_t
+ grub_secureboot_chainloader_boot (void)
+ {
+-  handle_image ((void *)address, fsize);
+  int rc;
+  rc = handle_image ((void *)address, fsize);
+  if (rc == 0)
+    {
+      grub_load_and_start_image((void *)address);
+    }
+
+   grub_loader_unset ();
+   return grub_errno;
+ }
+@@ -809,9 +860,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+   grub_efi_boot_services_t *b;
+   grub_device_t dev = 0;
+   grub_efi_device_path_t *dp = 0;
+-  grub_efi_loaded_image_t *loaded_image;
+   char *filename;
+   void *boot_image = 0;
+  int rc;
+ 
+   if (argc == 0)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+@@ -898,9 +949,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+   if (! file_path)
+     goto fail;
+ 
+-  grub_printf ("file path: ");
+-  grub_efi_print_device_path (file_path);
+-
+   fsize = grub_file_size (file);
+   if (!fsize)
+     {
+@@ -975,51 +1023,28 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+     }
+ #endif
+ 
+-  if (grub_linuxefi_secure_validate((void *)address, fsize))
+  rc = grub_linuxefi_secure_validate((void *)address, fsize);
+  grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc);
+  if (rc > 0)
+     {
+       grub_file_close (file);
+       grub_loader_set (grub_secureboot_chainloader_boot,
+ 		       grub_secureboot_chainloader_unload, 0);
+       return 0;
+     }
+-
+-  status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
+-		       boot_image, fsize, &image_handle);
+-  if (status != GRUB_EFI_SUCCESS)
+  else if (rc == 0)
+     {
+-      if (status == GRUB_EFI_OUT_OF_RESOURCES)
+-	grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
+-      else
+-	grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+-
+-      goto fail;
+-    }
+-
+-  /* LoadImage does not set a device handler when the image is
+-     loaded from memory, so it is necessary to set it explicitly here.
+-     This is a mess.  */
+-  loaded_image = grub_efi_get_loaded_image (image_handle);
+-  if (! loaded_image)
+-    {
+-      grub_error (GRUB_ERR_BAD_OS, "no loaded image available");
+-      goto fail;
+-    }
+-  loaded_image->device_handle = dev_handle;
+      grub_load_and_start_image(boot_image);
+      grub_file_close (file);
+      grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+ 
+-  if (cmdline)
+-    {
+-      loaded_image->load_options = cmdline;
+-      loaded_image->load_options_size = cmdline_len;
+      return 0;
+     }
+ 
+   grub_file_close (file);
+   grub_device_close (dev);
+ 
+-  grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+-  return 0;
+-
+- fail:
+-
+fail:
+   if (dev)
+     grub_device_close (dev);
+ 
+diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
+index aea378a..8890bdf 100644
+--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
+@@ -33,21 +33,24 @@ struct grub_efi_shim_lock
+ };
+ typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
+ 
+-grub_efi_boolean_t
+int
+ grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
+ {
+   grub_efi_guid_t guid = SHIM_LOCK_GUID;
+   grub_efi_shim_lock_t *shim_lock;
+  grub_efi_status_t status;
+ 
+   shim_lock = grub_efi_locate_protocol(&guid, NULL);
+-
+  grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
+   if (!shim_lock)
+-    return 1;
+    return 0;
+ 
+-  if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
+  status = shim_lock->verify(data, size);
+  grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status);
+  if (status == GRUB_EFI_SUCCESS)
+     return 1;
+ 
+-  return 0;
+  return -1;
+ }
+ 
+ typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *);
+diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
+index 7ccf32d..82f75b7 100644
+--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
+@@ -155,6 +155,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+   struct linux_kernel_header lh;
+   grub_ssize_t len, start, filelen;
+   void *kernel = NULL;
+  int rc;
+ 
+   grub_dl_ref (my_mod);
+ 
+@@ -180,13 +181,16 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ 
+   if (grub_file_read (file, kernel, filelen) != filelen)
+     {
+-      grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]);
+      grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"),
+		  argv[0]);
+       goto fail;
+     }
+ 
+-  if (! grub_linuxefi_secure_validate (kernel, filelen))
+  rc = grub_linuxefi_secure_validate (kernel, filelen);
+  if (rc < 0)
+     {
+-      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
+      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
+		  argv[0]);
+       grub_free (kernel);
+       goto fail;
+     }
+diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
+index d9ede36..0033d93 100644
+--- a/include/grub/efi/linux.h
+++ b/include/grub/efi/linux.h
+@@ -22,7 +22,7 @@
+ #include <grub/err.h>
+ #include <grub/symbol.h>
+ 
+-grub_efi_boolean_t
+int
+ EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size);
+ grub_err_t
+ EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,
+-- 
+2.7.4
+
--- a/0084-linuxefi-fix-double-free-on-verification-failure.patch
+++ b/0084-linuxefi-fix-double-free-on-verification-failure.patch
@ -0,0 +1,25 @@
+From 0a3a4d0b69b5d68f3e4b6b74fe2e6b5d4dcace4f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 14 Jun 2016 09:50:25 -0400
+Subject: [PATCH 84/87] linuxefi: fix double free on verification failure.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/loader/i386/efi/linux.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
+index 82f75b7..010bf98 100644
+--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
+@@ -191,7 +191,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+     {
+       grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
+ 		  argv[0]);
+-      grub_free (kernel);
+       goto fail;
+     }
+ 
+-- 
+2.7.4
+
--- a/0085-fix-machine-type-test-in-30_os-prober.in.patch
+++ b/0085-fix-machine-type-test-in-30_os-prober.in.patch
@ -0,0 +1,25 @@
+From be4d338b0c086e9cbbd2d353cd88abad67c000c9 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 11 Jul 2016 13:36:45 -0400
+Subject: [PATCH 85/87] fix machine type test in 30_os-prober.in
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ util/grub.d/30_os-prober.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
+index dc98eac..e40274f 100644
+--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
+@@ -144,6 +144,7 @@ for OS in ${OSPROBED} ; do
+   sixteenbit=""
+   linuxefi="linux"
+   initrdefi="initrd"
+  machine=`uname -m`
+   case "$machine" in
+     i?86|x86_64)
+       sixteenbit="16"
+-- 
+2.7.4
+
--- a/0086-ppc64le-has-no-separate-boot-mount-1261926.patch
+++ b/0086-ppc64le-has-no-separate-boot-mount-1261926.patch
@ -0,0 +1,44 @@
+From 12a2215a6f13f2503a9e38d84fff64789c6a34b7 Mon Sep 17 00:00:00 2001
+From: Robert Marshall <rmarshall@redhat.com>
+Date: Fri, 17 Jun 2016 11:47:34 -0400
+Subject: [PATCH 86/87] ppc64le has no separate /boot mount (#1261926)
+
+The patch for rhbz#1212114 ensures that ppc64le systems sync grub config
+changes to disk prior to grub-mkconfig completion and a reboot.
+
+This patch required checking for /boot as its own mount point because
+issuing fsfreeze to a root partition is unwise. For administrators who
+configured a ppc64le system with no separate /boot partition, the failed
+check results in an error message. The file is written and would work
+most of the time, however, it also introduces a corner case where the
+behavior manifested in rhbz#1212114 could re-appear on these systems.
+
+The system call issued by fsfreeeze is being issued by methods within
+the anaconda installer and can be removed from GRUB proper.
+
+Related: rhbz#1315468
+Resolves: rhbz#1261926
+---
+ util/grub-mkconfig.in | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index 73a18f7..fb87247 100644
+--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
+@@ -294,12 +294,3 @@ fi
+ 
+ gettext "done" >&2
+ echo >&2
+-
+-# make sure changes make it to the disk.
+-# if /boot is a mountpoint, force the meta data on disk
+-# to by-pass writeback delay.
+-# PPC64LE-only to deal with Petitboot issues
+-ARCH=$(uname -m)
+-if [ "${ARCH}" = "ppc64le" ]; then
+-    sync && mountpoint -q /boot &&fsfreeze -f /boot && fsfreeze -u /boot
+-fi
+-- 
+2.7.4
+
--- a/0087-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch
+++ b/0087-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch
@ -0,0 +1,302 @@
+From d3d42740661dce4df12330e57a1681a3b296622e Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 23 Jun 2016 11:01:39 -0400
+Subject: [PATCH 87/87] Add grub-get-kernel-settings and use it in 10_linux
+
+This patch adds grub-get-kernel-settings, which reads the system kernel
+installation configuration from /etc/sysconfig/kernel, and outputs
+${GRUB_...} variables suitable for evaluation by grub-mkconfig.  Those
+variables are then used by 10_linux to choose whether or not to create
+debug stanzas.
+
+Resolves: rhbz#1226325
+---
+ .gitignore                                     |  1 +
+ Makefile.util.def                              |  7 +++
+ configure.ac                                   |  2 +
+ util/bash-completion.d/grub-completion.bash.in | 22 ++++++++
+ util/grub-get-kernel-settings.3                | 20 +++++++
+ util/grub-get-kernel-settings.in               | 78 ++++++++++++++++++++++++++
+ util/grub-mkconfig.in                          |  3 +
+ util/grub.d/10_linux.in                        | 23 ++++++--
+ 8 files changed, 151 insertions(+), 5 deletions(-)
+ create mode 100644 util/grub-get-kernel-settings.3
+ create mode 100644 util/grub-get-kernel-settings.in
+
+diff --git a/.gitignore b/.gitignore
+index 53a391e..f2f1ef5 100644
+--- a/.gitignore
+++ b/.gitignore
+@@ -112,6 +112,7 @@ grub-emu-lite
+ grub-file
+ grub-fs-tester
+ grub-fstest
+grub-get-kernel-settings
+ grub-glue-efi
+ grub-install
+ grub-kbdcomp
+diff --git a/Makefile.util.def b/Makefile.util.def
+index 8007de9..38cdf4c 100644
+--- a/Makefile.util.def
+++ b/Makefile.util.def
+@@ -716,6 +716,13 @@ script = {
+ };
+ 
+ script = {
+  name = grub-get-kernel-settings;
+  common = util/grub-get-kernel-settings.in;
+  mansection = 3;
+  installdir = sbin;
+};
+
+script = {
+   name = grub-set-default;
+   common = util/grub-set-default.in;
+   mansection = 8;
+diff --git a/configure.ac b/configure.ac
+index 25de2c1..1d8f7e7 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -58,6 +58,7 @@ grub_TRANSFORM([grub-install])
+ grub_TRANSFORM([grub-mkconfig])
+ grub_TRANSFORM([grub-mkfont])
+ grub_TRANSFORM([grub-mkimage])
+grub_TRANSFORM([grub-get-kernel-settings])
+ grub_TRANSFORM([grub-glue-efi])
+ grub_TRANSFORM([grub-mklayout])
+ grub_TRANSFORM([grub-mkpasswd-pbkdf2])
+@@ -75,6 +76,7 @@ grub_TRANSFORM([grub-file])
+ grub_TRANSFORM([grub-bios-setup.3])
+ grub_TRANSFORM([grub-editenv.1])
+ grub_TRANSFORM([grub-fstest.3])
+grub_TRANSFORM([grub-get-kernel-settings.3])
+ grub_TRANSFORM([grub-glue-efi.3])
+ grub_TRANSFORM([grub-install.1])
+ grub_TRANSFORM([grub-kbdcomp.3])
+diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in
+index 44bf135..5c4acd4 100644
+--- a/util/bash-completion.d/grub-completion.bash.in
+++ b/util/bash-completion.d/grub-completion.bash.in
+@@ -265,6 +265,28 @@ unset __grub_sparc64_setup_program
+ 
+ 
+ #
+# grub-get-kernel-settings
+#
+_grub_get_kernel_settings () {
+    local cur
+
+    COMPREPLY=()
+    cur=`_get_cword`
+
+    if [[ "$cur" == -* ]]; then
+        __grubcomp "$(__grub_get_options_from_help)"
+    else
+        # Default complete with a filename
+        _filedir
+    fi
+}
+__grub_get_kernel_settings_program="@grub_get_kernel_settings@"
+have ${__grub_get_kernel_settings_program} && \
+ complete -F _grub_get_kernel_settings -o filenames ${__grub_get_kernel_settings_program}
+unset __grub_get_kernel_settings_program
+
+
+#
+ # grub-install
+ #
+ _grub_install () {
+diff --git a/util/grub-get-kernel-settings.3 b/util/grub-get-kernel-settings.3
+new file mode 100644
+index 0000000..ba33330
+--- /dev/null
+++ b/util/grub-get-kernel-settings.3
+@@ -0,0 +1,20 @@
+.TH GRUB-GET-KERNEL-SETTINGS 3 "Thu Jun 25 2015"
+.SH NAME
+\fBgrub-get-kernel-settings\fR \(em Evaluate the system's kernel installation settings for use while making a grub configuration file.
+
+.SH SYNOPSIS
+\fBgrub-get-kernel-settings\fR [OPTION]
+
+.SH DESCRIPTION
+\fBgrub-get-kernel-settings\fR reads the kernel installation settings on the host system, and emits a set of grub settings suitable for use when creating a grub configuration file.
+
+.SH OPTIONS
+.TP
+-h, --help
+Display program usage and exit.
+.TP
+-v, --version
+Display the current version.
+
+.SH SEE ALSO
+.BR "info grub"
+diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
+new file mode 100644
+index 0000000..1204621
+--- /dev/null
+++ b/util/grub-get-kernel-settings.in
+@@ -0,0 +1,78 @@
+#!/bin/sh
+set -e
+
+# Evaluate new-kernel-pkg's configuration file.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+
+PACKAGE_NAME=@PACKAGE_NAME@
+PACKAGE_VERSION=@PACKAGE_VERSION@
+datadir="@datadir@"
+if [ "x$pkgdatadir" = x ]; then
+    pkgdatadir="${datadir}/@PACKAGE@"
+fi
+
+self=`basename $0`
+
+export TEXTDOMAIN=@PACKAGE@
+export TEXTDOMAINDIR="@localedir@"
+
+. "${pkgdatadir}/grub-mkconfig_lib"
+
+# Usage: usage
+# Print the usage.
+usage () {
+    gettext_printf "Usage: %s [OPTION]\n" "$self"
+    gettext "Evaluate new-kernel-pkg configuration"; echo
+    echo
+    print_option_help "-h, --help" "$(gettext "print this message and exit")"
+    print_option_help "-v, --version" "$(gettext "print the version information and exit")"
+    echo
+}
+
+# Check the arguments.
+while test $# -gt 0
+do
+    option=$1
+    shift
+
+    case "$option" in
+    -h | --help)
+	usage
+	exit 0 ;;
+    -v | --version)
+	echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}"
+	exit 0 ;;
+    -*)
+	gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
+	usage
+	exit 1
+	;;
+    # Explicitly ignore non-option arguments, for compatibility.
+    esac
+done
+
+if test -f /etc/sysconfig/kernel ; then
+    . /etc/sysconfig/kernel
+fi
+
+if [ "$MAKEDEBUG" = "yes" ]; then
+    echo GRUB_LINUX_MAKE_DEBUG=true
+    echo export GRUB_LINUX_MAKE_DEBUG
+    echo GRUB_CMDLINE_LINUX_DEBUG=\"systemd.log_level=debug systemd.log_target=kmsg\"
+    echo export GRUB_CMDLINE_LINUX_DEBUG
+    echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\"
+    echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX
+fi
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index fb87247..e32de5e 100644
+--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
+@@ -45,6 +45,7 @@ grub_probe="${sbindir}/@grub_probe@"
+ grub_file="${bindir}/@grub_file@"
+ grub_editenv="${bindir}/@grub_editenv@"
+ grub_script_check="${bindir}/@grub_script_check@"
+grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
+ 
+ export TEXTDOMAIN=@PACKAGE@
+ export TEXTDOMAINDIR="@localedir@"
+@@ -151,6 +152,8 @@ if test -f ${sysconfdir}/default/grub ; then
+   . ${sysconfdir}/default/grub
+ fi
+ 
+eval "$("${grub_get_kernel_settings}")" || true
+
+ if [ "x$GRUB_DISABLE_UUID" != "xtrue" -a -z "$GRUB_DEVICE_UUID" ]; then
+   GRUB_DEVICE_UUID="$GRUB_DEVICE_UUID_GENERATED"
+ fi
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index 1215241..0c5b227 100644
+--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
+@@ -84,7 +84,8 @@ linux_entry ()
+   os="$1"
+   version="$2"
+   type="$3"
+-  args="$4"
+  isdebug="$4"
+  args="$5"
+ 
+   sixteenbit=""
+   linuxefi="linux"
+@@ -116,6 +117,9 @@ linux_entry ()
+ 	  quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
+ 	  title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
+       fi
+      if [ x$isdebug = xdebug ]; then
+	  title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}"
+      fi
+       echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+   else
+       echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+@@ -273,11 +277,15 @@ while [ "x$list" != "x" ] ; do
+   fi
+ 
+   if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
+-    linux_entry "${OS}" "${version}" simple \
+    linux_entry "${OS}" "${version}" simple standard \
+     "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+    if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+      linux_entry "${OS}" "${version}" simple debug \
+        "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
+    fi
+ 
+     submenu_indentation="$grub_tab"
+-    
+
+     if [ -z "$boot_device_id" ]; then
+ 	boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+     fi
+@@ -286,10 +294,15 @@ while [ "x$list" != "x" ] ; do
+     is_top_level=false
+   fi
+ 
+-  linux_entry "${OS}" "${version}" advanced \
+  linux_entry "${OS}" "${version}" advanced standard \
+               "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+  if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+    linux_entry "${OS}" "${version}" advanced debug \
+                "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
+  fi
+
+   if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
+-    linux_entry "${OS}" "${version}" recovery \
+    linux_entry "${OS}" "${version}" recovery standard \
+                 "single ${GRUB_CMDLINE_LINUX}"
+   fi
+ 
+-- 
+2.7.4
+
--- a/0087-Fix-boot-when-there-s-no-TPM.patch
+++ b/0087-Fix-boot-when-there-s-no-TPM.patch
@ -1,31 +0,0 @@
-From 3c140c43b91594e2fdd90362499c63733e2d0a8a Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Wed, 23 Mar 2016 16:49:42 -0700
-Subject: [PATCH 87/89] Fix boot when there's no TPM
-
-If the firmware has TPM support but has no TPM, we're jumping to core.img
-without popping the registers back onto the stack. Fix that.
-
-(cherry picked from commit c2eee36ec08f8ed0cd25b8030276347680be4843)
---
- grub-core/boot/i386/pc/boot.S | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
-index c1df86d..acab373 100644
--- a/grub-core/boot/i386/pc/boot.S
-+++ b/grub-core/boot/i386/pc/boot.S
-@@ -473,9 +473,9 @@ LOCAL(copy_buffer):
- 	movl	$0x8, %edx		/* PCR 8 */
- 	int	$0x1A
- 
-+boot:
- 	popa
- #endif
-boot:
- 	/* boot kernel */
- 	jmp	*(LOCAL(kernel_address))
- 
-- 
-2.5.5
-
--- a/0088-Rework-TPM-measurements.patch
+++ b/0088-Rework-TPM-measurements.patch
@ -1,219 +0,0 @@
-From f4ed8103fcc767b5a39b0b051e72901b543bf8d5 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Wed, 23 Mar 2016 17:03:43 -0700
-Subject: [PATCH 88/89] Rework TPM measurements
-
-Rework TPM measurements to use fewer PCRs. After discussion with upstream,
-it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
-and 9 but use a prefix in the event log to indicate which subsystem carried
-out the measurements.
-
-(cherry picked from commit bb3473d7c8741ad5ef7cf8aafbbcf094df08bfc9)
---
- grub-core/kern/dl.c                   |  2 +-
- grub-core/kern/tpm.c                  | 10 ++++++++--
- grub-core/lib/cmdline.c               |  4 ++--
- grub-core/loader/i386/efi/linux.c     |  4 ++--
- grub-core/loader/i386/linux.c         |  2 +-
- grub-core/loader/i386/multiboot_mbi.c |  2 +-
- grub-core/loader/i386/pc/linux.c      |  2 +-
- grub-core/loader/linux.c              |  2 +-
- grub-core/loader/multiboot.c          |  2 +-
- grub-core/loader/multiboot_mbi2.c     |  2 +-
- grub-core/script/execute.c            |  4 ++--
- include/grub/tpm.h                    |  9 +++------
- 12 files changed, 24 insertions(+), 21 deletions(-)
-
-diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 247cd0a..a023d3b 100644
--- a/grub-core/kern/dl.c
-+++ b/grub-core/kern/dl.c
-@@ -734,7 +734,7 @@ grub_dl_load_file (const char *filename)
-      opens of the same device.  */
-   grub_file_close (file);
- 
-  grub_tpm_measure(core, size, GRUB_TPM_PCR, filename);
-+  grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename);
- 
-   mod = grub_dl_load_core (core, size);
-   grub_free (core);
-diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
-index 1a99187..cb5a812 100644
--- a/grub-core/kern/tpm.c
-+++ b/grub-core/kern/tpm.c
-@@ -7,7 +7,13 @@
- 
- grub_err_t
- grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
-		  const char *description)
-+		  const char *kind, const char *description)
- {
-  return grub_tpm_log_event(buf, size, pcr, description);
-+  grub_err_t ret;
-+  char *desc = grub_xasprintf("%s %s", kind, description);
-+  if (!desc)
-+    return GRUB_ERR_OUT_OF_MEMORY;
-+  ret = grub_tpm_log_event(buf, size, pcr, description);
-+  grub_free(desc);
-+  return ret;
- }
-diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
-index 6b56304..178f738 100644
--- a/grub-core/lib/cmdline.c
-+++ b/grub-core/lib/cmdline.c
-@@ -126,8 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
- 
-   *buf = 0;
- 
-  grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR,
-		    "Kernel Commandline");
-+  grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_ASCII_PCR,
-+		    "grub_kernel_cmdline", orig);
- 
-   return i;
- }
-diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
-index 4ee45e9..bd80be4 100644
--- a/grub-core/loader/i386/efi/linux.c
-+++ b/grub-core/loader/i386/efi/linux.c
-@@ -130,7 +130,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
-                         argv[i]);
-           goto fail;
-         }
-      grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd");
-+      grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_linuxefi", "Initrd");
-       ptr += cursize;
-       grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
-       ptr += ALIGN_UP_OVERHEAD (cursize, 4);
-@@ -186,7 +186,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-       goto fail;
-     }
- 
-  grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel");
-+  grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel");
- 
-   if (! grub_linuxefi_secure_validate (kernel, filelen))
-     {
-diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
-index 342c9fe..90d3392 100644
--- a/grub-core/loader/i386/linux.c
-+++ b/grub-core/loader/i386/linux.c
-@@ -718,7 +718,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-       goto fail;
-     }
- 
-  grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel");
-+  grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Kernel");
- 
-   grub_memcpy (&lh, kernel, sizeof (lh));
- 
-diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
-index 43a08e4..efaa66c 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
-+++ b/grub-core/loader/i386/multiboot_mbi.c
-@@ -165,7 +165,7 @@ grub_multiboot_load (grub_file_t file, const char *filename)
-       return grub_errno;
-     }
- 
-  grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename);
-+  grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename);
- 
-   header = find_header (buffer, len);
- 
-diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
-index 6b8f365..7edbc5e 100644
--- a/grub-core/loader/i386/pc/linux.c
-+++ b/grub-core/loader/i386/pc/linux.c
-@@ -162,7 +162,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-       goto fail;
-     }
- 
-  grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel");
-+  grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel");
- 
-   grub_memcpy (&lh, kernel, sizeof (lh));
-   kernel_offset = sizeof (lh);
-diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
-index 3005c0d..78c41e3 100644
--- a/grub-core/loader/linux.c
-+++ b/grub-core/loader/linux.c
-@@ -289,7 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
- 	  grub_initrd_close (initrd_ctx);
- 	  return grub_errno;
- 	}
-      grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd");
-+      grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Initrd");
-       ptr += cursize;
-     }
-   if (newc)
-diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
-index 58e6329..234164b 100644
--- a/grub-core/loader/multiboot.c
-+++ b/grub-core/loader/multiboot.c
-@@ -386,7 +386,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
-     }
- 
-   grub_file_close (file);
-  grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]);
-+  grub_tpm_measure (module, size, GRUB_BINARY_PCR, "grub_multiboot", argv[0]);
-   return GRUB_ERR_NONE;
- }
- 
-diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
-index 8f163ea..3d1117b 100644
--- a/grub-core/loader/multiboot_mbi2.c
-+++ b/grub-core/loader/multiboot_mbi2.c
-@@ -127,7 +127,7 @@ grub_multiboot_load (grub_file_t file, const char *filename)
- 
-   COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
- 
-  grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename);
-+  grub_tpm_measure ((unsigned char *)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename);
- 
-   header = find_header (buffer, len);
- 
-diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
-index 9ae04a0..976643c 100644
--- a/grub-core/script/execute.c
-+++ b/grub-core/script/execute.c
-@@ -995,8 +995,8 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
- 				   argv.args[i]);
-   }
-   cmdstring[cmdlen-1]= '\0';
-  grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR,
-		    cmdstring);
-+  grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR,
-+		    "grub_cmd", cmdstring);
-   grub_free(cmdstring);
-   invert = 0;
-   argc = argv.argc - 1;
-diff --git a/include/grub/tpm.h b/include/grub/tpm.h
-index 7fc9d77..ecb2d09 100644
--- a/include/grub/tpm.h
-+++ b/include/grub/tpm.h
-@@ -26,11 +26,8 @@
- #define TPM_AUTHFAIL (TPM_BASE + 0x1)
- #define TPM_BADINDEX (TPM_BASE + 0x2)
- 
-#define GRUB_TPM_PCR 9
-#define GRUB_KERNEL_PCR 10
-#define GRUB_INITRD_PCR 11
-#define GRUB_CMDLINE_PCR 12
-#define GRUB_COMMAND_PCR 13
-+#define GRUB_ASCII_PCR 8
-+#define GRUB_BINARY_PCR 9
- 
- #define TPM_TAG_RQU_COMMAND 0x00C1
- #define TPM_ORD_Extend 0x14
-@@ -70,7 +67,7 @@ typedef struct {
- } GRUB_PACKED ExtendOutgoing;
- 
- grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
-					  grub_uint8_t pcr,
-+					  grub_uint8_t pcr, const char *kind,
- 					  const char *description);
- #if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
- grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
-- 
-2.5.5
-
--- a/0089-Fix-event-log-prefix.patch
+++ b/0089-Fix-event-log-prefix.patch
@ -1,29 +0,0 @@
-From c11f14d8b152ea83349670b029470d779e8b0ec7 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@coreos.com>
-Date: Tue, 29 Mar 2016 15:36:49 -0700
-Subject: [PATCH 89/89] Fix event log prefix
-
-We're not passing the prefixed version of the description to the event log.
-Fix that.
-
-(cherry picked from commit aab446306b8a78c741e229861c4988738cfc6426)
---
- grub-core/kern/tpm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c
-index cb5a812..e5e8fce 100644
--- a/grub-core/kern/tpm.c
-+++ b/grub-core/kern/tpm.c
-@@ -13,7 +13,7 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
-   char *desc = grub_xasprintf("%s %s", kind, description);
-   if (!desc)
-     return GRUB_ERR_OUT_OF_MEMORY;
-  ret = grub_tpm_log_event(buf, size, pcr, description);
-+  ret = grub_tpm_log_event(buf, size, pcr, desc);
-   grub_free(desc);
-   return ret;
- }
-- 
-2.5.5
-
--- a/grub-2.02-beta3-to-origin-master.patch
+++ b/grub-2.02-beta3-to-origin-master.patch
@ -66,10 +66,20 @@ index c9a975219fcc24162858e461f439886c4cb3841e..572eadb3ef27138481e91643b8bb60d2
 * Revision control moved to git.
 
 diff --git a/configure.ac b/configure.ac
-index a85b134ec58296e4f128b116918cb1c64ee17ecc..57e17138eb72aa4d4f985c525998d300f7121ccd 100644
+index a85b134ec58296e4f128b116918cb1c64ee17ecc..9ddfc53235396f7542a1c3f3b8076e0bddefe0a5 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1185,9 +1185,9 @@ CFLAGS="$TARGET_CFLAGS"
+@@ -388,7 +388,8 @@ fi
+ 
+ # Check for functions and headers.
+ AC_CHECK_FUNCS(posix_memalign memalign getextmntent)
+-AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h sys/mkdev.h limits.h)
+AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
+AC_HEADER_MAJOR
+ 
+ AC_CHECK_MEMBERS([struct statfs.f_fstypename],,,[$ac_includes_default
+ #include <sys/param.h>
+@@ -1185,9 +1186,9 @@ CFLAGS="$TARGET_CFLAGS"
 # Position independent executable.
 grub_CHECK_PIE
 [# Need that, because some distributions ship compilers that include
@ -179,6 +189,123 @@ index a088244b4cb1ce9f21d02c1f3024a99e681ccb1a..189551a483ab9413cdca27650b202672
     }
 
   return grub_error (GRUB_ERR_BAD_ARGUMENT,
+diff --git a/grub-core/net/http.c b/grub-core/net/http.c
+index 4684f8b333c2a7bca2e1b398f2a9891380fa6696..5aa4ad3befc15ba427797c7f1454d8a322d51b2f 100644
+--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
+@@ -381,9 +381,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial)
+       ptr = nb->tail;
+       grub_snprintf ((char *) ptr,
+ 		     sizeof ("Range: bytes=XXXXXXXXXXXXXXXXXXXX-"
+-			     "\r\n"
+ 			     "\r\n"),
+-		     "Range: bytes=%" PRIuGRUB_UINT64_T "-\r\n\r\n",
+		     "Range: bytes=%" PRIuGRUB_UINT64_T "-\r\n",
+ 		     offset);
+       grub_netbuff_put (nb, grub_strlen ((char *) ptr));
+     }
+@@ -450,6 +449,7 @@ http_seek (struct grub_file *file, grub_off_t off)
+     }
+ 
+   file->device->net->stall = 0;
+  file->device->net->eof = 0;
+   file->device->net->offset = off;
+ 
+   data = grub_zalloc (sizeof (*data));
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 9424595278c1a09174a32ad0f467d7790a5225e8..10773fc3435fc7a1baf19e9b7cffe3cdcbf7998c 100644
+--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
+@@ -1346,6 +1346,15 @@ grub_net_open_real (const char *name)
+ 		continue;
+ 	    }
+ 
+	  if (grub_strncmp (prefdev, "pxe", sizeof ("pxe") - 1) == 0 &&
+	      (!prefdev[sizeof ("pxe") - 1] || (prefdev[sizeof("pxe") - 1] == ':')))
+	    {
+	      grub_free (prefdev);
+	      prefdev = grub_strdup ("tftp");
+	      if (!prefdev)
+		continue;
+	    }
+
+ 	  comma = grub_strchr (prefdev, ',');
+ 	  if (comma)
+ 	    *comma = '\0';
+@@ -1672,6 +1681,7 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset)
+     file->device->net->packs.last = NULL;
+     file->device->net->offset = 0;
+     file->device->net->eof = 0;
+    file->device->net->stall = 0;
+     err = file->device->net->protocol->open (file, file->device->net->name);
+     if (err)
+       return err;
+diff --git a/grub-core/osdep/devmapper/getroot.c b/grub-core/osdep/devmapper/getroot.c
+index 05eda500a4060ac76aef94c6a16d9a1116f6aa39..72e5582752a9cd64d305d847c771b49677e0a0e9 100644
+--- a/grub-core/osdep/devmapper/getroot.c
+++ b/grub-core/osdep/devmapper/getroot.c
+@@ -40,6 +40,12 @@
+ #include <limits.h>
+ #endif
+ 
+#if defined(MAJOR_IN_MKDEV)
+#include <sys/mkdev.h>
+#elif defined(MAJOR_IN_SYSMACROS)
+#include <sys/sysmacros.h>
+#endif
+
+ #include <libdevmapper.h>
+ 
+ #include <grub/types.h>
+diff --git a/grub-core/osdep/devmapper/hostdisk.c b/grub-core/osdep/devmapper/hostdisk.c
+index 19c1101fdaca7f5abdef7d22b28a13e180a7e467..a697bcb4d8d91cd97343179fe7977d6806d4191e 100644
+--- a/grub-core/osdep/devmapper/hostdisk.c
+++ b/grub-core/osdep/devmapper/hostdisk.c
+@@ -24,6 +24,11 @@
+ #include <errno.h>
+ #include <limits.h>
+ 
+#if defined(MAJOR_IN_MKDEV)
+#include <sys/mkdev.h>
+#elif defined(MAJOR_IN_SYSMACROS)
+#include <sys/sysmacros.h>
+#endif
+ 
+ #ifdef HAVE_DEVICE_MAPPER
+ # include <libdevmapper.h>
+diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
+index 10480b646241d6ca8ede25427e433178c00cea57..09e7e6e6d6644a5bad6607bea6aaaa40ce45a873 100644
+--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
+@@ -35,6 +35,12 @@
+ #include <limits.h>
+ #endif
+ 
+#if defined(MAJOR_IN_MKDEV)
+#include <sys/mkdev.h>
+#elif defined(MAJOR_IN_SYSMACROS)
+#include <sys/sysmacros.h>
+#endif
+
+ #include <grub/types.h>
+ #include <sys/ioctl.h>         /* ioctl */
+ #include <sys/mount.h>
+diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c
+index 1079a919d112f24a2856f0735a1fdcd097d45c3a..4bf37b027be660a14994fb316f08dd478490c4e2 100644
+--- a/grub-core/osdep/unix/getroot.c
+++ b/grub-core/osdep/unix/getroot.c
+@@ -51,8 +51,10 @@
+ #endif
+ 
+ #include <sys/types.h>
+-#if defined(HAVE_SYS_MKDEV_H)
+#if defined(MAJOR_IN_MKDEV)
+ #include <sys/mkdev.h>
+#elif defined(MAJOR_IN_SYSMACROS)
+#include <sys/sysmacros.h>
+ #endif
+ 
+ #if defined(HAVE_LIBZFS) && defined(HAVE_LIBNVPAIR)
 diff --git a/include/multiboot2.h b/include/multiboot2.h
 index 9d4862759af38eb5a9d0fecb1807ef50ba791dee..8b8c1568ae32239d73ad80a3ca64010556d57099 100644
 --- a/include/multiboot2.h
--- a/Show More
+++ b/Show More