Commit Graph

121 Commits

Author SHA1 Message Date
Javier Martinez Canillas
18d67626ee
Enable again multiboot and multiboot2 modules on EFI builds
Building the multiboot and multiboot2 modules was disabled for EFI builds.
But that made the menu entries created by the Xen package to stop working
since they use the multiboot2 module.

The modules were disabled modules because they can be used to bypass the
Secure Boot mechanism. But it's enough to not include these modules in the
grub2 EFI binary that's signed, which is the case already in the grub2 pkg.

Having them as modules if the user installs the grub2-efi-x64-modules is
a valid use case. And since module loading isn't allowed when Secure Boot
is enabled, it doesn't represent any security threat.

Resolves: rhbz#1703872

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-15 12:12:17 +02:00
Javier Martinez Canillas
f2b28b651f
Some fixes mostly for ARM
Fix failure to request grub.cfg over HTTP
Some ARM fixes (pbrobinson)
Preserve multi-device workflows (Yclept Nemo)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-06 15:16:40 +02:00
Javier Martinez Canillas
04d38248e3
A set of fixes mostly BLS related
Fix --bls-directory option comment in grub2-switch-to-blscfg man page
  Resolves: rhbz#1714835
10_linux_bls: use '=' to separate --id argument due a Petitboot bug
grub-set-bootflag: Print an error if failing to read from grubenv
  Resolves: rhbz#1702354
10_linux: generate BLS section even if no kernels are found in /boot
10_linux: don't search for OSTree kernels

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-06-27 17:27:11 +02:00
Javier Martinez Canillas
d8cdcb3a21
Fix error messages wrongly being printed when executing blscfg command
Resolves: rhbz#1699761

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-15 12:28:06 +02:00
Javier Martinez Canillas
a9b371c2fb
Make blscfg module compatible at least up to the Fedora 19 GRUB core
The blscfg module isn't compatible with the GRUB core.img installed by any
release older than Fedora 21.

This is because the blscfg module calls to the grub_file_size() function to
check if the BLS file size is correct, but the struct grub_file used as the
parameter for this function changed in the GRUB version used in Fedora 21.

So the function returns a wrong file size due the .size field offset being
different in the older GRUB from Fedora 20 and earlier.

This is causing all the BLS files to be ignored due having a wrong size and
leading to GRUB menu not being populated on boot.

Related: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-08 15:19:43 +02:00
Javier Martinez Canillas
a18e8e631d
Add grub2-emu subpackage
GRUB has an user-space program emulator that allows to parse config files
and execute boot entries using the kexec tool. Add a grub2-emu subpackage
to install the emulator.

The subpackage is disabled on ppc64le architecture for now since grub2-emu
fails to build there.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-05-03 15:39:28 +02:00
Javier Martinez Canillas
79551a59f5
Add 10_reset_boot_success to Makefile
This was missed when the script got added.

Related: rhbz#1701003

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-04-18 19:33:20 +02:00
Javier Martinez Canillas
62a05cdcd4
Some grub2-emu, HTTP boot and fallback fixes
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-04-18 11:57:05 +02:00
Javier Martinez Canillas
dd6e48876e
10_linux_bls: don't add --users option to generated menu entries
The generated menu entries have a --users $grub_users option but this will
fail on old versions of GRUB, since it expects the --users option argument
to either be a constant or a variable that has been set.

The latest GRUB version fix this but the GRUB core isn't updated on a GRUB
package update, so this will cause the entries to not be shown in the menu
after a system upgrade.

Since can cause issues and because the entries that weren't generated from
the BLS snippets didn't have the --users option either, just don't add it.

Resolves: rhbz#1693515

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-28 17:05:25 +01:00
Javier Martinez Canillas
88459565ec
A set of EFI fixes to support arm64 QCom UEFI firmwares
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-26 17:17:17 +01:00
Javier Martinez Canillas
c1ccaf8a0e
Fix some BLS snippets not being displayed in the GRUB menu
There was an error in the logic that stored the parsed BLS snippets in the
sorted linked list that is used to populate the GRUB boot menu entries.

Also add a fix found by coverity scan about a possible undefined behaviour
due grub_efi_status_t having the wrong type.

Resolves: rhbz#1691232

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-22 15:33:06 +01:00
Javier Martinez Canillas
242b306a29
Only set blsdir if /boot/loader/entries is in a btrfs or zfs partition
Commit bfc756f8d86 ("Set blsdir if the BLS directory path isn't one of the
looked up by default") attempted to set blsdir if /boot/loader/entries was
not the real path of the directory containing the BLS snippets. Which may
be the case if for example /boot/loader/entries is in a btrfs subvolume.

But in the case of ostree, /boot/loader is a symlink to the directory with
the entries for the current deployment. So with ostree the blsdir will be
wrongly set, since GRUB is able to follow the symlinks just fine. In fact,
it has to follow the symlink since otherwise GRUB will always use the BLS
files for the deployment that the symlink pointed out when blsdir was set.

So only set blsdir if /boot/loader/entries is in a btrfs or zfs partition.

Related: rhbz#1688453

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-03-20 16:54:35 +01:00
Javier Martinez Canillas
5d7e4540ed
Some BLS fixes
20-grub-install: Replace, rather than overwrite, the existing kernel (pjones)
  Resolves: rhbz#1642402
99-grub-mkconfig: Don't update grubenv generating entries on ppc64le
  Related: rhbz#1637875
blscfg: fallback to default_kernelopts if BLS option field isn't set
  Related: rhbz#1625124
grub-switch-to-blscfg: copy increment.mod for legacy BIOS and ppc64
  Resolves: rhbz#1652806

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-27 19:54:32 +01:00
Javier Martinez Canillas
f6d4ab8f83
Check if blsdir exists before attempting to get it's real path
Resolves: rhbz#1677415

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-15 18:22:18 +01:00
Javier Martinez Canillas
e3a408a521
A couple of fixes
Don't make grub_strtoull() print an error if no conversion is performed
  Resolves: rhbz#1674512
Set blsdir if the BLS directory path isn't one of the looked up by default
  Resolves: rhbz#1657240

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-13 13:41:46 +01:00
Javier Martinez Canillas
11b49b804e
BLS support enhancements and some fixes
- Don't build the grub2-efi-ia32-* packages on i686 (pjones)
- Add efi-export-env and efi-load-env commands (pjones)
- Make it possible to subtract conditions from debug= (pjones)
- Try to set -fPIE and friends on libgnu.a (pjones)
- Add more options to blscfg command to make it more flexible
- Add support for prepend early initrds to the BLS entries
- Fix grub.cfg-XXX look up when booting over TFTP

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-02-04 19:28:49 +01:00
Javier Martinez Canillas
4ff5f8dcef
Another set of BLS fixes
BLS files should only be copied by grub-switch-to-blscfg if BLS isn't set
  Related: rhbz#1638117
Fix get_entry_number() wrongly dereferencing the tail pointer
  Resolves: rhbz#1654936
Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in /etc/default/grub
  Resolves: rhbz#1637875

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-12-11 20:23:51 +01:00
Javier Martinez Canillas
1f092caba7
Drop two efinet patches that were causing issues and a bunch of other fixes
Add comments and revert logic changes in 01_fallback_counting
Remove quotes when reading ID value from /etc/os-release
  Related: rhbz#1650706
blscfg: expand grub_users before passing to grub_normal_add_menu_entry()
  Resolves: rhbz#1650706
Drop buggy downstream patch "efinet: retransmit if our device is busy"
  Resolves: rhbz#1649048
Make the menu entry users option argument to be optional
  Related: rhbz#1652434
10_linux_bls: add missing menu entries options
  Resolves: rhbz#1652434
Drop "Be more aggro about actually using the *configured* network device."
  Resolves: rhbz#1654388
Fix menu entry selection based on title
  Resolves: rhbz#1654936

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-12-01 03:28:36 +01:00
Javier Martinez Canillas
420527a50b
A bunch of fixes for BLS
- add 10_linux_bls grub.d snippet to generate menu entries from BLS files
  Resolves: rhbz#1636013
- Only set kernelopts in grubenv if it wasn't set before
  Resolves: rhbz#1636466
- kernel-install: Remove existing initramfs if it's older than the kernel (pjones)
  Resolves: rhbz#1638405
- Update the saved entry correctly after a kernel install (pjones)
  Resolves: rhbz#1638117
- blscfg: sort everything with rpm *package* comparison (pjones)
  Related: rhbz#1638103
- blscfg: Make 10_linux_bls sort the same way as well
  Related: rhbz#1638103
- don't set saved_entry on grub2-mkconfig
  Resolves: rhbz#1636466
- Fix menu entry selection based on ID and title (pjones)
  Resolves: rhbz#1640979

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-10-23 15:57:56 +02:00
Peter Jones
db4a99687c Exclude /etc/grub.d/01_fallback_counting until we work through some design
questions.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-04 17:11:21 -04:00
Peter Jones
7531222057 Fix the fallback counting script even harder. Apparently, this wasn't
tested well enough.
  Resolves: rhbz#1614637

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-03 15:57:52 -04:00
Peter Jones
a3bfe35d12 Various bug fixes
- Fix grub.cfg boot counting snippet generation (lorbus)
  Resolves: rhbz#1614637
- Fix spurrious allocation error reporting on EFI boot
  Resolves: rhbz#1635319
- Stop doing TPM on BIOS *again*.  It just doesn't work.
  Related: rhbz#1579835
- Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275
  builds
- Fix execstack cropping up in grub2-tools
- Ban stack trampolines with compiler flags.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:40:52 -04:00
Hans de Goede
ace3c257a6 Stop using pkexec for grub2-set-bootflag
Stop using pkexec for grub2-set-bootflag, it does not work under gdm instead
make it suid root (it was written with this in mind)

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-25 14:11:00 -04:00
Peter Jones
e30274adfa More EFI memory allocator work.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-25 14:10:22 -04:00
Peter Jones
c4e6bf30f6 Some more bug fixes and just some general hygiene.
Add 2 conditions to boot-success timer and service:
  Don't run it for system users
  Resolves: rhbz#1592201
  Don't run it when pkexec isn't available
  Resolves: rhbz#1619445
Use -Wsign-compare -Wconversion -Wextra in the build.
  Related: rhbz#1624532
  Related: rhbz#1626844

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-12 10:36:43 -04:00
Peter Jones
98536ecf37 Once more into the breach, dear friends.
- Limit grub_malloc() on x86_64 to < 31bit addresses, as some devices seem to
  have a colossally broken storage controller (or UEFI driver) that can't do
  DMA to higher memory addresses, but fails silently.
  Resolves: rhbz#1626844 (possibly really resolving it this time.)
- Also integrate Hans's attempt to fix the related error from -54, but do it
  the other way around: try the low addresses first and *then* the high one if
  the allocation fails.  This way we'll get low regions by default, and if
  kernel/initramfs don't fit anywhere, it'll try the higher addresses.
  Related: rhbz#1624532
- Coalesce all the intermediate debugging junk from -54/-55/-56.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-11 18:08:44 -04:00
Peter Jones
371309b06e More bug "fixes"...
Don't mangle fw_path even harder.
  Resolves: rhbz#1626844
Fix reboot being missing on some platforms, and make it alias to
  "reset" as well.
More dprintf().

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-11 11:07:08 -04:00
Peter Jones
76df8270f6 Several fixes.
Fix UEFI memory problem in a different way.
  Related: rhbz#1624532
Don't mangle fw_path with a / unless we're on http
  Resolves: rhbz#1626844

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-10 17:32:30 -04:00
Peter Jones
0c72748086 Fix UEFI booting in a different way.
Related: rhbz#1626844
Related: rhbz#1624532
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-09-10 17:05:51 -04:00
Kevin Fenzi
1b51084aaa Add patch from https://github.com/rhboot/grub2/pull/30 to fix uefi booting
Resolves: rhbz#1624532
2018-09-07 10:17:38 -07:00
Peter Jones
c2f7a5e9af Update some more stuff again and whatnot.
Fix AArch64 machines with no RAM latched lower than 1GB
  Resolves: rhbz#1615969
Set http_path and http_url when HTTP booting
Hopefully slightly better error reporting in some cases
Better allocation of kernel+initramfs on x86_64 and aarch64
  Resolves: rhbz#1572126

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-30 11:15:56 -04:00
Peter Jones
bed013f094 Fix arm32 off-by-one error on reading the PE header.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-16 13:55:16 -04:00
Peter Jones
73bf9047ae Kill .note.gnu.property with fire.
Resolves: rhbz#1612339

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-03 15:12:58 -04:00
Peter Jones
3e07ee7c3e Enable armv7 EFI builds. This was way harder than I expected.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-08-02 14:04:20 -04:00
Peter Jones
15a207211f Roll upstream's patches into one big patch here.
I don't really need to watch 150+ patches from upstream get applied.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-31 10:57:52 -04:00
Peter Jones
8d563110da --with-utils=host
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:52:55 -04:00
Peter Jones
da0e16c206 Fix autogen/autoconf invocation to actually re-make configure.
autogen.sh was running autoreconf, which *ran* configure but didn't actually
re-make it if it was there.  This means we effectively can't change our
configure invocation (for newer configure options), so that's bad.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-27 12:43:35 -04:00
Peter Jones
1f9267118f Fix some minor BLS issues
Rework the FDT module linking to make aarch64 build and boot right

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-17 16:50:04 -04:00
Peter Jones
1b55f4c84d Fix some lingering bls issues
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-17 16:46:37 -04:00
Peter Jones
ad4aff0c12 Rework SB patches and 10_linux.in changes even harder.
Apparently working on two identical trees at once is not good for doing things
right.

Resolves: rhbz#1601578
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-17 10:21:37 -04:00
Peter Jones
ce0f493268 Rebased to newer upstream for fedora-29
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-16 15:54:21 -04:00
Peter Jones
e08eb33a57 Revert broken moduledir fix *again*.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-13 10:16:42 -04:00
Peter Jones
321567331b Fix our linuxefi/linux comand reunion
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-12 23:20:02 -04:00
Peter Jones
dd7ef6cfa8 Nerf the fdt command out of arm64 builds
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-12 11:06:40 -04:00
Peter Jones
33444dc94a Rebased to newer upstream for fedora-29
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-11 14:42:27 -04:00
Peter Jones
ac03ec8379 Force gentpl to use python3
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-10 16:55:09 -04:00
Peter Jones
752ceb1640 Rebased to newer upstream for fedora-29
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-07-10 15:12:02 -04:00
Peter Jones
63f1a982b9 Various fixups (gcc 8, xfs, UEFI https)
Fixups to work with gcc 8
Experimental https boot support on UEFI
XFS fixes for sparse inode support
  Resolves: rhbz#1575797

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-16 11:15:49 -04:00
Javier Martinez Canillas
dc178ac546 Two more fixes for BLS support
- Use version field to sort BLS entries if id field isn't defined
 - Add version field to BLS fragments generated by 20-grub.install

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-05-11 10:13:07 -04:00
Peter Jones
a8d8dcf190 A couple of fixes needed by Fedora Atomic - javierm
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-11 10:13:05 -04:00
Peter Jones
c789522f7c Work around some issues with older automake found in CentOS.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-11 14:43:48 -04:00
Peter Jones
4fd69fdbcd Pull in some TPM fixes I missed.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-06 16:19:11 -04:00
Peter Jones
0bcec266a0 Enable TPM measurements
Set the default boot entry to the first entry when we're using BLS.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-06 15:42:49 -04:00
Peter Jones
78e1a10ec4 Add grub2-switch-to-blscfg
Fix for BLS paths on BIOS / non-UEFI (javierm)

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-03 13:41:24 -04:00
Peter Jones
ec4acbbd98 Update grub2 for f28
- Try to fix things for new compiler madness.
  I really don't know why gcc decided __attribute__((packed)) on a "typedef
  struct" should imply __attribute__((align (1))) and that it should have a
  warning that it does so.  The obvious behavior would be to keep the alignment
  of the first element unless it's used in another object or type that /also/
  hask the packed attribute.  Why should it change the default alignment at
  all?
- Merge in the BLS patches Javier and I wrote.
- Attempt to fix pmtimer initialization failures to not be super duper slow.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 10:08:00 -05:00
Peter Jones
6f1e3d5698 Dump a bunch of work-in-progress patches for now.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-17 17:04:51 -05:00
Peter Jones
da63b36ca7 Rebase to newer upstream and fix pmtimer.
- Rebase to current master
- Fix pmtimer calibration to not take forever to fail on kvm.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-17 15:41:44 -05:00
Peter Jones
307d019554 Handle xen module loading (somewhat) better
You'll still need to actually install grub2-${efiarch}-modules and then
use grub2-install to install the xen modules in /boot/grub2/,
but this should handle actually loading them from the grub config file.

Resolves: rhbz#1486002

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-10-24 12:53:12 -04:00
Peter Jones
32e67a5dba Various fixups
- Put grub2-mkimage in -tools, not -tools-extra.
- Fix i686 building
- Fix ppc HFS+ usage due to /boot/efi's presence.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-24 14:13:44 -04:00
Peter Jones
bbc6a8998a Rebased to newer upstream for fedora-27
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-16 11:14:30 -04:00
Peter Jones
dd84573118 Rebuild so it gets SB signed correctly.
Related: rhbz#1335533
Enable lsefi

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-03 13:35:21 -04:00
Peter Jones
bc092b9bcd Rebased to grub 2.02 for fedora-27
Signed-off-by: Peter Jones <pjones@redhat.com>
2017-07-11 07:38:34 -04:00
Peter Jones
377f5fc2d0 Rebased to newer upstream for fedora-26
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-02 16:18:30 -05:00
Peter Jones
475000b94d Rebased to newer upstream for fedora-26
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-01 17:18:47 -05:00
Peter Jones
9d15b4d492 Update to be newer than f24's branch.
- Add grub2-get-kernel-settings
  Related: rhbz#1226325

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-11-18 16:02:43 -05:00
Peter Jones
336bf36497 Revert 27e66193, which was replaced by upstream's 49426e9fd
Resolves: rhbz#1251600

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-07 11:01:55 -04:00
Peter Jones
0ac23e2378 Pull TPM updates from mjg59.
Resolves: rhbz#1318067

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-05 15:31:48 -04:00
Peter Jones
2ae5c1ecf9 Rebased to newer upstream for fedora-24
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 15:29:53 -05:00
Peter Jones
d9747d852b Reorder some patches to prep things for pushing upstream better.
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 14:25:32 -05:00
Peter Jones
b9efc549fa Bump for grub-2.02-beta3
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 14:08:54 -05:00
Peter Jones
52f24b72a1 Make a "do-rebase" script we can use when we've rebased the github repo.
This rebuilds our patchset automatically.

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-03-04 13:28:38 -05:00