tpm: Disable the tpm verifier if the TPM device is not present
powerpc: increase MIN RMA size for CAS negotiation
Resolves: #RHEL-76558
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
The removed patch was part of the CVE patches ported recently into RHEL but
is causing segfaults on dual boot (Windows & RHEL) systems when generating the
grub configuration with the grub2-mkconfig tool. At some point the same patch
will come back with the corresponding fix but for the time being, it is removed.
Related: RHEL-83117
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
When upgrading from <=2.06-90 to newer versions, the grub config stub
may have different mode than 0600, so set the latter if this is the case.
Resolves: #RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
Fix the rpm verificaton issues (see NOTE below) introduced in 2.06-83 [1].
On the other hand, 2.06-85 [2] introduced a change on grub2-mkconfig where
it prevents overwritting `${EFI_HOME}/grub.cfg` with side effects on the
`%posttrans` scriptlet, where it tries to recreate it in case this
file does not exist but due to [2] the `${EFI}/grub.cfg` file is never
created. Fix the `%posttrans` code with the logic but applied to
${GRUB_HOME}/grub.cfg. On the same scriplet, make sure
${EFI_HOME}/grub.cfg is present before grepping into it. The changes also
fix the issue reported on RHEL-45870 where now /boot/grub2/grub.cfg
conf file has the right permission (-rw-------).
NOTE: With 2.06-83 release, the grub.cfg configuration files regressed on
file's mode (M) verification
[root@localhost ~]# rpm -Va
S.5....T. c /etc/ssh/sshd_config
.M....... c /boot/efi/EFI/redhat/grub.cfg
.M....... c /boot/grub2/grub.cfg
The following change fixes the issues above as seen in log
[root@localhost ~]# rpm -Va
S.5....T. c /etc/ssh/sshd_config
[1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=694ab652e3443719e3876e3d183e59b2f9e055fd
[2] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=0185426fb4d693307cda0c7740e9dcf9907cc146
Resolves: #RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.
Resolves: #RHEL-21368
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
This is an updated version of commit 8378a93e60Resolves: #2203203Resolves: #2212320Resolves: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
The kernel-install script is also used to install kernels when built from
source using the `make install` target.
And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.
This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.
But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.
Related: #2184069
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
