Compare commits
No commits in common. "a9_new_sb" and "c8" have entirely different histories.
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,4 +1,4 @@
|
||||
SOURCES/gnulib-fixes.tar.gz
|
||||
SOURCES/grub-2.06.tar.xz
|
||||
SOURCES/almalinuxsecurebootca0.cer
|
||||
SOURCES/grub-2.02.tar.xz
|
||||
SOURCES/theme.tar.bz2
|
||||
SOURCES/unifont-13.0.06.pcf.gz
|
||||
SOURCES/unifont-5.1.20080820.pcf.gz
|
||||
|
@ -1,4 +0,0 @@
|
||||
1a07692dfaa916675a92b1383885141f490f98d2 SOURCES/gnulib-fixes.tar.gz
|
||||
c9f93f1e195ec7a5a21d36a13b469788c0b29f0f SOURCES/grub-2.06.tar.xz
|
||||
cf0b7763c528902da7e8b05cfa248f20c8825ce5 SOURCES/theme.tar.bz2
|
||||
3b39cb0830367171760ec536cab805abdbe08bc5 SOURCES/unifont-13.0.06.pcf.gz
|
@ -35,19 +35,20 @@ moves the check into grub_dl_load_file.
|
||||
grub-core/loader/i386/efi/linux.c | 335 ++++++++++++++++++++++++++++++++++++++
|
||||
grub-core/loader/i386/pc/linux.c | 10 +-
|
||||
include/grub/arm/linux.h | 9 +
|
||||
include/grub/arm64/linux.h | 9 +
|
||||
include/grub/arm64/linux.h | 10 ++
|
||||
include/grub/efi/efi.h | 7 +-
|
||||
include/grub/efi/linux.h | 31 ++++
|
||||
13 files changed, 618 insertions(+), 69 deletions(-)
|
||||
include/grub/i386/linux.h | 1 +
|
||||
14 files changed, 620 insertions(+), 69 deletions(-)
|
||||
create mode 100644 grub-core/loader/efi/linux.c
|
||||
create mode 100644 grub-core/loader/i386/efi/linux.c
|
||||
create mode 100644 include/grub/efi/linux.h
|
||||
|
||||
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
|
||||
index 8022e1c0a79..45d3edaa4dc 100644
|
||||
index 9590e87d9..0b4b0c212 100644
|
||||
--- a/grub-core/Makefile.core.def
|
||||
+++ b/grub-core/Makefile.core.def
|
||||
@@ -1734,13 +1734,6 @@ module = {
|
||||
@@ -1626,13 +1626,6 @@ module = {
|
||||
enable = i386_pc;
|
||||
};
|
||||
|
||||
@ -61,7 +62,7 @@ index 8022e1c0a79..45d3edaa4dc 100644
|
||||
module = {
|
||||
name = ntldr;
|
||||
i386_pc = loader/i386/pc/ntldr.c;
|
||||
@@ -1796,7 +1789,9 @@ module = {
|
||||
@@ -1685,7 +1678,9 @@ module = {
|
||||
|
||||
module = {
|
||||
name = linux;
|
||||
@ -69,13 +70,13 @@ index 8022e1c0a79..45d3edaa4dc 100644
|
||||
+ i386_pc = loader/i386/pc/linux.c;
|
||||
+ x86_64_efi = loader/i386/efi/linux.c;
|
||||
+ i386_efi = loader/i386/efi/linux.c;
|
||||
i386_xen_pvh = loader/i386/linux.c;
|
||||
xen = loader/i386/xen.c;
|
||||
i386_pc = lib/i386/pc/vesa_modes_table.c;
|
||||
@@ -1811,9 +1806,14 @@ module = {
|
||||
mips = loader/mips/linux.c;
|
||||
@@ -1696,9 +1691,14 @@ module = {
|
||||
arm_efi = loader/arm64/linux.c;
|
||||
arm_uboot = loader/arm/linux.c;
|
||||
arm64 = loader/arm64/linux.c;
|
||||
riscv32 = loader/riscv/linux.c;
|
||||
riscv64 = loader/riscv/linux.c;
|
||||
+ emu = loader/emu/linux.c;
|
||||
+ fdt = lib/fdt.c;
|
||||
+
|
||||
@ -88,7 +89,7 @@ index 8022e1c0a79..45d3edaa4dc 100644
|
||||
|
||||
module = {
|
||||
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
|
||||
index 48f8a79073d..b7149370950 100644
|
||||
index e394cd96f..04e804d16 100644
|
||||
--- a/grub-core/kern/dl.c
|
||||
+++ b/grub-core/kern/dl.c
|
||||
@@ -38,6 +38,14 @@
|
||||
@ -106,7 +107,7 @@ index 48f8a79073d..b7149370950 100644
|
||||
|
||||
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
@@ -695,6 +703,19 @@ grub_dl_load_file (const char *filename)
|
||||
@@ -686,6 +694,19 @@ grub_dl_load_file (const char *filename)
|
||||
void *core = 0;
|
||||
grub_dl_t mod = 0;
|
||||
|
||||
@ -125,13 +126,13 @@ index 48f8a79073d..b7149370950 100644
|
||||
+
|
||||
grub_boot_time ("Loading module %s", filename);
|
||||
|
||||
file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE);
|
||||
file = grub_file_open (filename);
|
||||
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
|
||||
index 8cff7be0289..35b8f670602 100644
|
||||
index 708581fcb..c8a9d8307 100644
|
||||
--- a/grub-core/kern/efi/efi.c
|
||||
+++ b/grub-core/kern/efi/efi.c
|
||||
@@ -286,6 +286,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
|
||||
return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL);
|
||||
@@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+grub_efi_boolean_t
|
||||
@ -166,7 +167,7 @@ index 8cff7be0289..35b8f670602 100644
|
||||
|
||||
/* Search the mods section from the PE32/PE32+ image. This code uses
|
||||
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
|
||||
index 9838fb2f50d..f6aef0ef649 100644
|
||||
index 42ad7c570..5cdf6c943 100644
|
||||
--- a/grub-core/kern/efi/mm.c
|
||||
+++ b/grub-core/kern/efi/mm.c
|
||||
@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address,
|
||||
@ -209,7 +210,7 @@ index 9838fb2f50d..f6aef0ef649 100644
|
||||
void *
|
||||
grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
|
||||
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
|
||||
index ef3e9f9444c..a312c668685 100644
|
||||
index 1f86229f8..6c00af98d 100644
|
||||
--- a/grub-core/loader/arm64/linux.c
|
||||
+++ b/grub-core/loader/arm64/linux.c
|
||||
@@ -29,6 +29,7 @@
|
||||
@ -220,7 +221,7 @@ index ef3e9f9444c..a312c668685 100644
|
||||
#include <grub/efi/pe32.h>
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/lib/cmdline.h>
|
||||
@@ -41,6 +42,7 @@ static int loaded;
|
||||
@@ -40,6 +41,7 @@ static int loaded;
|
||||
|
||||
static void *kernel_addr;
|
||||
static grub_uint64_t kernel_size;
|
||||
@ -228,7 +229,7 @@ index ef3e9f9444c..a312c668685 100644
|
||||
|
||||
static char *linux_args;
|
||||
static grub_uint32_t cmdline_size;
|
||||
@@ -67,7 +69,8 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh)
|
||||
@@ -66,7 +68,8 @@ grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh)
|
||||
static grub_err_t
|
||||
finalize_params_linux (void)
|
||||
{
|
||||
@ -238,7 +239,7 @@ index ef3e9f9444c..a312c668685 100644
|
||||
|
||||
void *fdt;
|
||||
|
||||
@@ -102,79 +105,70 @@ finalize_params_linux (void)
|
||||
@@ -101,79 +104,70 @@ finalize_params_linux (void)
|
||||
if (grub_fdt_install() != GRUB_ERR_NONE)
|
||||
goto failure;
|
||||
|
||||
@ -250,7 +251,7 @@ index ef3e9f9444c..a312c668685 100644
|
||||
-}
|
||||
-
|
||||
-grub_err_t
|
||||
-grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
|
||||
-grub_armxx_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
|
||||
-{
|
||||
- grub_efi_memory_mapped_device_path_t *mempath;
|
||||
- grub_efi_handle_t image_handle;
|
||||
@ -283,7 +284,7 @@ index ef3e9f9444c..a312c668685 100644
|
||||
-
|
||||
- grub_dprintf ("linux", "linux command line: '%s'\n", args);
|
||||
+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
|
||||
+ fdt);
|
||||
+ fdt);
|
||||
|
||||
/* Convert command line to UCS-2 */
|
||||
- loaded_image = grub_efi_get_loaded_image (image_handle);
|
||||
@ -303,7 +304,7 @@ index ef3e9f9444c..a312c668685 100644
|
||||
loaded_image->load_options_size =
|
||||
2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
|
||||
- (grub_uint8_t *) args, len, NULL);
|
||||
+ (grub_uint8_t *) linux_args, len, NULL);
|
||||
+ (grub_uint8_t *) linux_args, len, NULL);
|
||||
|
||||
- grub_dprintf ("linux", "starting image %p\n", image_handle);
|
||||
- status = b->start_image (image_handle, 0, NULL);
|
||||
@ -328,15 +329,15 @@ index ef3e9f9444c..a312c668685 100644
|
||||
+ if (loaded_image)
|
||||
+ {
|
||||
+ if (loaded_image->load_options)
|
||||
+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options,
|
||||
+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
|
||||
+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options,
|
||||
+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
|
||||
+ loaded_image->load_options = NULL;
|
||||
+ loaded_image->load_options_size = 0;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+grub_err_t
|
||||
+grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args)
|
||||
+grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args)
|
||||
+{
|
||||
+ grub_err_t retval;
|
||||
+
|
||||
@ -359,21 +360,21 @@ index ef3e9f9444c..a312c668685 100644
|
||||
- if (finalize_params_linux () != GRUB_ERR_NONE)
|
||||
- return grub_errno;
|
||||
-
|
||||
- return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr,
|
||||
- return (grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr,
|
||||
- kernel_size, linux_args));
|
||||
+ return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args));
|
||||
+ return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args);
|
||||
}
|
||||
|
||||
static grub_err_t
|
||||
@@ -288,6 +282,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -287,6 +281,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
{
|
||||
grub_file_t file = 0;
|
||||
struct linux_arch_kernel_header lh;
|
||||
struct linux_armxx_kernel_header lh;
|
||||
+ struct grub_armxx_linux_pe_header *pe;
|
||||
grub_err_t err;
|
||||
|
||||
grub_dl_ref (my_mod);
|
||||
@@ -333,6 +328,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
@@ -331,6 +326,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
|
||||
|
||||
@ -390,20 +391,20 @@ index ef3e9f9444c..a312c668685 100644
|
||||
linux_args = grub_malloc (cmdline_size);
|
||||
if (!linux_args)
|
||||
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
|
||||
index 22cc25eccd9..d9b7a9ba400 100644
|
||||
index 1003a0b99..f35b16caa 100644
|
||||
--- a/grub-core/loader/arm64/xen_boot.c
|
||||
+++ b/grub-core/loader/arm64/xen_boot.c
|
||||
@@ -266,7 +266,6 @@ xen_boot (void)
|
||||
return err;
|
||||
|
||||
return grub_arch_efi_linux_boot_image (xen_hypervisor->start,
|
||||
return grub_armxx_efi_linux_boot_image (xen_hypervisor->start,
|
||||
- xen_hypervisor->size,
|
||||
xen_hypervisor->cmdline);
|
||||
}
|
||||
|
||||
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
|
||||
new file mode 100644
|
||||
index 00000000000..c24202a5dd1
|
||||
index 000000000..c24202a5d
|
||||
--- /dev/null
|
||||
+++ b/grub-core/loader/efi/linux.c
|
||||
@@ -0,0 +1,70 @@
|
||||
@ -479,7 +480,7 @@ index 00000000000..c24202a5dd1
|
||||
+#pragma GCC diagnostic pop
|
||||
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
|
||||
new file mode 100644
|
||||
index 00000000000..bb2616a8092
|
||||
index 000000000..3db82e782
|
||||
--- /dev/null
|
||||
+++ b/grub-core/loader/i386/efi/linux.c
|
||||
@@ -0,0 +1,335 @@
|
||||
@ -588,7 +589,8 @@ index 00000000000..bb2616a8092
|
||||
+
|
||||
+ for (i = 0; i < argc; i++)
|
||||
+ {
|
||||
+ files[i] = grub_file_open (argv[i], GRUB_FILE_TYPE_LINUX_INITRD | GRUB_FILE_TYPE_NO_DECOMPRESS);
|
||||
+ grub_file_filter_disable_compression ();
|
||||
+ files[i] = grub_file_open (argv[i]);
|
||||
+ if (! files[i])
|
||||
+ goto fail;
|
||||
+ nfiles++;
|
||||
@ -641,7 +643,7 @@ index 00000000000..bb2616a8092
|
||||
+ int argc, char *argv[])
|
||||
+{
|
||||
+ grub_file_t file = 0;
|
||||
+ struct linux_i386_kernel_header lh;
|
||||
+ struct linux_kernel_header lh;
|
||||
+ grub_ssize_t len, start, filelen;
|
||||
+ void *kernel = NULL;
|
||||
+
|
||||
@ -653,7 +655,7 @@ index 00000000000..bb2616a8092
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL);
|
||||
+ file = grub_file_open (argv[0]);
|
||||
+ if (! file)
|
||||
+ goto fail;
|
||||
+
|
||||
@ -729,8 +731,7 @@ index 00000000000..bb2616a8092
|
||||
+ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE));
|
||||
+ grub_create_loader_cmdline (argc, argv,
|
||||
+ linux_cmdline + sizeof (LINUX_IMAGE) - 1,
|
||||
+ lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1),
|
||||
+ GRUB_VERIFY_KERNEL_CMDLINE);
|
||||
+ lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1));
|
||||
+
|
||||
+ lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline;
|
||||
+
|
||||
@ -819,10 +820,10 @@ index 00000000000..bb2616a8092
|
||||
+ grub_unregister_command (cmd_initrdefi);
|
||||
+}
|
||||
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
|
||||
index 2a299520160..8be4c3b3f48 100644
|
||||
index b69cb7a3a..a3c87cf2f 100644
|
||||
--- a/grub-core/loader/i386/pc/linux.c
|
||||
+++ b/grub-core/loader/i386/pc/linux.c
|
||||
@@ -474,14 +474,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -468,14 +468,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
return grub_errno;
|
||||
}
|
||||
|
||||
@ -844,7 +845,7 @@ index 2a299520160..8be4c3b3f48 100644
|
||||
grub_register_command ("initrd16", grub_cmd_initrd,
|
||||
0, N_("Load initrd."));
|
||||
my_mod = mod;
|
||||
@@ -490,5 +496,7 @@ GRUB_MOD_INIT(linux16)
|
||||
@@ -484,5 +490,7 @@ GRUB_MOD_INIT(linux16)
|
||||
GRUB_MOD_FINI(linux16)
|
||||
{
|
||||
grub_unregister_command (cmd_linux);
|
||||
@ -853,7 +854,7 @@ index 2a299520160..8be4c3b3f48 100644
|
||||
+ grub_unregister_command (cmd_initrd16);
|
||||
}
|
||||
diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h
|
||||
index bcd5a7eb186..b582f67f661 100644
|
||||
index 712ba17b9..5900fc8a4 100644
|
||||
--- a/include/grub/arm/linux.h
|
||||
+++ b/include/grub/arm/linux.h
|
||||
@@ -20,6 +20,7 @@
|
||||
@ -877,24 +878,25 @@ index bcd5a7eb186..b582f67f661 100644
|
||||
+
|
||||
#if defined(__arm__)
|
||||
# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE
|
||||
# define linux_arch_kernel_header linux_arm_kernel_header
|
||||
# define linux_armxx_kernel_header linux_arm_kernel_header
|
||||
+# define grub_armxx_linux_pe_header grub_arm_linux_pe_header
|
||||
#endif
|
||||
|
||||
#if defined GRUB_MACHINE_UBOOT
|
||||
diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h
|
||||
index 7e22b4ab699..ea030312df3 100644
|
||||
index 8655067e0..7b533b571 100644
|
||||
--- a/include/grub/arm64/linux.h
|
||||
+++ b/include/grub/arm64/linux.h
|
||||
@@ -19,6 +19,7 @@
|
||||
@@ -19,6 +19,8 @@
|
||||
#ifndef GRUB_ARM64_LINUX_HEADER
|
||||
#define GRUB_ARM64_LINUX_HEADER 1
|
||||
|
||||
+#include <grub/efi/pe32.h>
|
||||
#include <grub/types.h>
|
||||
|
||||
+
|
||||
#define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */
|
||||
@@ -38,9 +39,17 @@ struct linux_arm64_kernel_header
|
||||
|
||||
/* From linux/Documentation/arm64/booting.txt */
|
||||
@@ -36,9 +38,17 @@ struct linux_arm64_kernel_header
|
||||
grub_uint32_t hdr_offset; /* Offset of PE/COFF header */
|
||||
};
|
||||
|
||||
@ -907,13 +909,13 @@ index 7e22b4ab699..ea030312df3 100644
|
||||
+
|
||||
#if defined(__aarch64__)
|
||||
# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE
|
||||
# define linux_arch_kernel_header linux_arm64_kernel_header
|
||||
# define linux_armxx_kernel_header linux_arm64_kernel_header
|
||||
+# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header
|
||||
#endif
|
||||
|
||||
#endif /* ! GRUB_ARM64_LINUX_HEADER */
|
||||
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
|
||||
index 83d958f9945..6295df85f3f 100644
|
||||
index 2c6648d46..1061aee97 100644
|
||||
--- a/include/grub/efi/efi.h
|
||||
+++ b/include/grub/efi/efi.h
|
||||
@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address,
|
||||
@ -926,7 +928,7 @@ index 83d958f9945..6295df85f3f 100644
|
||||
void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address,
|
||||
grub_efi_uintn_t pages);
|
||||
grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void);
|
||||
@@ -88,6 +91,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
|
||||
@@ -82,6 +85,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
|
||||
const grub_efi_guid_t *guid,
|
||||
void *data,
|
||||
grub_size_t datasize);
|
||||
@ -934,19 +936,19 @@ index 83d958f9945..6295df85f3f 100644
|
||||
int
|
||||
EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
|
||||
const grub_efi_device_path_t *dp2);
|
||||
@@ -101,8 +105,7 @@ void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void);
|
||||
@@ -95,8 +99,7 @@ void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void);
|
||||
grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *);
|
||||
#include <grub/cpu/linux.h>
|
||||
grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh);
|
||||
-grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size,
|
||||
grub_err_t grub_armxx_efi_linux_check_image(struct linux_armxx_kernel_header *lh);
|
||||
-grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, grub_size_t size,
|
||||
- char *args);
|
||||
+grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args);
|
||||
+grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, char *args);
|
||||
#endif
|
||||
|
||||
grub_addr_t grub_efi_modules_addr (void);
|
||||
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
|
||||
new file mode 100644
|
||||
index 00000000000..d9ede36773b
|
||||
index 000000000..d9ede3677
|
||||
--- /dev/null
|
||||
+++ b/include/grub/efi/linux.h
|
||||
@@ -0,0 +1,31 @@
|
||||
@ -981,3 +983,15 @@ index 00000000000..d9ede36773b
|
||||
+ void *kernel_param);
|
||||
+
|
||||
+#endif /* ! GRUB_EFI_LINUX_HEADER */
|
||||
diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h
|
||||
index 60c7c3b5e..bb19dbd5a 100644
|
||||
--- a/include/grub/i386/linux.h
|
||||
+++ b/include/grub/i386/linux.h
|
||||
@@ -142,6 +142,7 @@ struct linux_i386_kernel_header
|
||||
grub_uint64_t setup_data;
|
||||
grub_uint64_t pref_address;
|
||||
grub_uint32_t init_size;
|
||||
+ grub_uint32_t handover_offset;
|
||||
} GRUB_PACKED;
|
||||
|
||||
/* Boot parameters for Linux based on 2.6.12. This is used by the setup
|
@ -1,24 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
||||
Date: Fri, 11 Jun 2021 12:10:45 +0200
|
||||
Subject: [PATCH] Revert "templates: Fix user-facing typo with an incorrect use
|
||||
of "it's""
|
||||
|
||||
This reverts commit 722737630889607c3b5761f1f5a48f1674cd2821.
|
||||
---
|
||||
util/grub.d/30_os-prober.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
|
||||
index 5984e92d291..94622481284 100644
|
||||
--- a/util/grub.d/30_os-prober.in
|
||||
+++ b/util/grub.d/30_os-prober.in
|
||||
@@ -36,7 +36,7 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n
|
||||
exit 0
|
||||
fi
|
||||
|
||||
-grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIts output will be used to detect bootable binaries on them and create new boot entries.")"
|
||||
+grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
|
||||
|
||||
OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
|
||||
if [ -z "${OSPROBED}" ] ; then
|
@ -1,71 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
||||
Date: Fri, 11 Jun 2021 12:10:54 +0200
|
||||
Subject: [PATCH] Revert "templates: Properly disable the os-prober by default"
|
||||
|
||||
This reverts commit 54e0a1bbf1e9106901a557195bb35e5e20fb3925.
|
||||
---
|
||||
util/grub-mkconfig.in | 5 +----
|
||||
util/grub.d/30_os-prober.in | 8 ++++----
|
||||
2 files changed, 5 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
|
||||
index f8cbb8d7a2b..d3e879b8e5c 100644
|
||||
--- a/util/grub-mkconfig.in
|
||||
+++ b/util/grub-mkconfig.in
|
||||
@@ -140,9 +140,6 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2
|
||||
GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`"
|
||||
GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true
|
||||
|
||||
-# Disable os-prober by default due to security reasons.
|
||||
-GRUB_DISABLE_OS_PROBER="true"
|
||||
-
|
||||
# Filesystem for the device containing our userland. Used for stuff like
|
||||
# choosing Hurd filesystem module.
|
||||
GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`"
|
||||
@@ -204,7 +201,6 @@ export GRUB_DEVICE \
|
||||
GRUB_DEVICE_PARTUUID \
|
||||
GRUB_DEVICE_BOOT \
|
||||
GRUB_DEVICE_BOOT_UUID \
|
||||
- GRUB_DISABLE_OS_PROBER \
|
||||
GRUB_FS \
|
||||
GRUB_FONT \
|
||||
GRUB_PRELOAD_MODULES \
|
||||
@@ -246,6 +242,7 @@ export GRUB_DEFAULT \
|
||||
GRUB_BACKGROUND \
|
||||
GRUB_THEME \
|
||||
GRUB_GFXPAYLOAD_LINUX \
|
||||
+ GRUB_DISABLE_OS_PROBER \
|
||||
GRUB_INIT_TUNE \
|
||||
GRUB_SAVEDEFAULT \
|
||||
GRUB_ENABLE_CRYPTODISK \
|
||||
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
|
||||
index 94622481284..80685b15f4d 100644
|
||||
--- a/util/grub.d/30_os-prober.in
|
||||
+++ b/util/grub.d/30_os-prober.in
|
||||
@@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@"
|
||||
|
||||
. "$pkgdatadir/grub-mkconfig_lib"
|
||||
|
||||
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
|
||||
- grub_warn "$(gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.")"
|
||||
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
|
||||
+ gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -36,12 +36,12 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n
|
||||
exit 0
|
||||
fi
|
||||
|
||||
-grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
|
||||
-
|
||||
OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
|
||||
if [ -z "${OSPROBED}" ] ; then
|
||||
# empty os-prober output, nothing doing
|
||||
exit 0
|
||||
+else
|
||||
+ grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
|
||||
fi
|
||||
|
||||
osx_entry() {
|
@ -6,17 +6,15 @@ Subject: [PATCH] Rework linux command
|
||||
We want a single buffer that contains the entire kernel image in order to
|
||||
perform a TPM measurement. Allocate one and copy the entire kernel into it
|
||||
before pulling out the individual blocks later on.
|
||||
|
||||
Signed-off-by: Matthew Garrett <mjg59@coreos.com>
|
||||
---
|
||||
grub-core/loader/i386/linux.c | 35 +++++++++++++++++++++++------------
|
||||
1 file changed, 23 insertions(+), 12 deletions(-)
|
||||
grub-core/loader/i386/linux.c | 37 ++++++++++++++++++++++++-------------
|
||||
1 file changed, 24 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
|
||||
index 9f74a96b19a..dccf3bb3005 100644
|
||||
index 9b53d3168..f7186be40 100644
|
||||
--- a/grub-core/loader/i386/linux.c
|
||||
+++ b/grub-core/loader/i386/linux.c
|
||||
@@ -649,13 +649,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -685,13 +685,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
{
|
||||
grub_file_t file = 0;
|
||||
struct linux_i386_kernel_header lh;
|
||||
@ -33,7 +31,7 @@ index 9f74a96b19a..dccf3bb3005 100644
|
||||
|
||||
grub_dl_ref (my_mod);
|
||||
|
||||
@@ -669,7 +671,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -705,7 +707,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
if (! file)
|
||||
goto fail;
|
||||
|
||||
@ -50,7 +48,7 @@ index 9f74a96b19a..dccf3bb3005 100644
|
||||
{
|
||||
if (!grub_errno)
|
||||
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
||||
@@ -677,6 +687,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -713,6 +723,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -60,25 +58,33 @@ index 9f74a96b19a..dccf3bb3005 100644
|
||||
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
|
||||
{
|
||||
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
|
||||
@@ -784,13 +797,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
/* We've already read lh so there is no need to read it second time. */
|
||||
len -= sizeof(lh);
|
||||
@@ -804,6 +817,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
preferred_address))
|
||||
goto fail;
|
||||
|
||||
- if ((len > 0) &&
|
||||
- (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len))
|
||||
+ linux_params_ptr = (void *)&linux_params;
|
||||
+ if (len > 0)
|
||||
{
|
||||
+
|
||||
grub_memset (&linux_params, 0, sizeof (linux_params));
|
||||
grub_memcpy (&linux_params.setup_sects, &lh.setup_sects, sizeof (lh) - 0x1F1);
|
||||
|
||||
@@ -812,13 +826,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
linux_params.ps_mouse = linux_params.padding10 = 0;
|
||||
|
||||
len = sizeof (linux_params) - sizeof (lh);
|
||||
- if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len)
|
||||
- {
|
||||
- if (!grub_errno)
|
||||
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
||||
- argv[0]);
|
||||
- goto fail;
|
||||
+ grub_memcpy (linux_params_ptr + sizeof (lh), kernel + kernel_offset, len);
|
||||
+ kernel_offset += len;
|
||||
}
|
||||
- }
|
||||
+
|
||||
+ linux_params_ptr = (void *)&linux_params;
|
||||
+ grub_memcpy (linux_params_ptr + sizeof (lh), kernel + kernel_offset, len);
|
||||
+ kernel_offset += len;
|
||||
|
||||
linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR;
|
||||
@@ -853,7 +864,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
|
||||
|
||||
@@ -877,7 +888,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
/* The other parameters are filled when booting. */
|
||||
|
||||
@ -87,8 +93,8 @@ index 9f74a96b19a..dccf3bb3005 100644
|
||||
|
||||
grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n",
|
||||
(unsigned) real_size, (unsigned) prot_size);
|
||||
@@ -1007,9 +1018,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
}
|
||||
@@ -1025,9 +1036,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
- (sizeof (LINUX_IMAGE) - 1));
|
||||
|
||||
len = prot_file_size;
|
||||
- if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
|
||||
@ -98,7 +104,7 @@ index 9f74a96b19a..dccf3bb3005 100644
|
||||
|
||||
if (grub_errno == GRUB_ERR_NONE)
|
||||
{
|
||||
@@ -1020,6 +1029,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -1038,6 +1047,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
fail:
|
||||
|
@ -1,70 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
||||
Date: Fri, 11 Jun 2021 12:10:58 +0200
|
||||
Subject: [PATCH] Revert "templates: Disable the os-prober by default"
|
||||
|
||||
This reverts commit e346414725a70e5c74ee87ca14e580c66f517666.
|
||||
---
|
||||
docs/grub.texi | 18 ++++++++----------
|
||||
util/grub.d/30_os-prober.in | 5 +----
|
||||
2 files changed, 9 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/docs/grub.texi b/docs/grub.texi
|
||||
index f8b4b3b21a7..69f08d289f9 100644
|
||||
--- a/docs/grub.texi
|
||||
+++ b/docs/grub.texi
|
||||
@@ -1519,13 +1519,10 @@ boot sequence. If you have problems, set this option to @samp{text} and
|
||||
GRUB will tell Linux to boot in normal text mode.
|
||||
|
||||
@item GRUB_DISABLE_OS_PROBER
|
||||
-The @command{grub-mkconfig} has a feature to use the external
|
||||
-@command{os-prober} program to discover other operating systems installed on
|
||||
-the same machine and generate appropriate menu entries for them. It is disabled
|
||||
-by default since automatic and silent execution of @command{os-prober}, and
|
||||
-creating boot entries based on that data, is a potential attack vector. Set
|
||||
-this option to @samp{false} to enable this feature in the
|
||||
-@command{grub-mkconfig} command.
|
||||
+Normally, @command{grub-mkconfig} will try to use the external
|
||||
+@command{os-prober} program, if installed, to discover other operating
|
||||
+systems installed on the same system and generate appropriate menu entries
|
||||
+for them. Set this option to @samp{true} to disable this.
|
||||
|
||||
@item GRUB_OS_PROBER_SKIP_LIST
|
||||
List of space-separated FS UUIDs of filesystems to be ignored from os-prober
|
||||
@@ -1853,9 +1850,10 @@ than zero; otherwise 0.
|
||||
@section Multi-boot manual config
|
||||
|
||||
Currently autogenerating config files for multi-boot environments depends on
|
||||
-os-prober and has several shortcomings. Due to that it is disabled by default.
|
||||
-It is advised to use the power of GRUB syntax and do it yourself. A possible
|
||||
-configuration is detailed here, feel free to adjust to your needs.
|
||||
+os-prober and has several shortcomings. While fixing it is scheduled for the
|
||||
+next release, meanwhile you can make use of the power of GRUB syntax and do it
|
||||
+yourself. A possible configuration is detailed here, feel free to adjust to your
|
||||
+needs.
|
||||
|
||||
First create a separate GRUB partition, big enough to hold GRUB. Some of the
|
||||
following entries show how to load OS installer images from this same partition,
|
||||
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
|
||||
index 80685b15f4d..1b91c102f35 100644
|
||||
--- a/util/grub.d/30_os-prober.in
|
||||
+++ b/util/grub.d/30_os-prober.in
|
||||
@@ -26,8 +26,7 @@ export TEXTDOMAINDIR="@localedir@"
|
||||
|
||||
. "$pkgdatadir/grub-mkconfig_lib"
|
||||
|
||||
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
|
||||
- gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
|
||||
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -40,8 +39,6 @@ OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
|
||||
if [ -z "${OSPROBED}" ] ; then
|
||||
# empty os-prober output, nothing doing
|
||||
exit 0
|
||||
-else
|
||||
- grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
|
||||
fi
|
||||
|
||||
osx_entry() {
|
@ -6,17 +6,15 @@ Subject: [PATCH] Rework linux16 command
|
||||
We want a single buffer that contains the entire kernel image in order to
|
||||
perform a TPM measurement. Allocate one and copy the entire kernel int it
|
||||
before pulling out the individual blocks later on.
|
||||
|
||||
Signed-off-by: Matthew Garrett <mjg59@coreos.com>
|
||||
---
|
||||
grub-core/loader/i386/pc/linux.c | 33 +++++++++++++++++++++------------
|
||||
1 file changed, 21 insertions(+), 12 deletions(-)
|
||||
grub-core/loader/i386/pc/linux.c | 34 +++++++++++++++++++++-------------
|
||||
1 file changed, 21 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
|
||||
index 8be4c3b3f48..4b1750e360e 100644
|
||||
index a3c87cf2f..caa76bee8 100644
|
||||
--- a/grub-core/loader/i386/pc/linux.c
|
||||
+++ b/grub-core/loader/i386/pc/linux.c
|
||||
@@ -124,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -123,13 +123,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_file_t file = 0;
|
||||
struct linux_i386_kernel_header lh;
|
||||
grub_uint8_t setup_sects;
|
||||
@ -32,7 +30,7 @@ index 8be4c3b3f48..4b1750e360e 100644
|
||||
|
||||
grub_dl_ref (my_mod);
|
||||
|
||||
@@ -144,7 +145,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -143,7 +144,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
if (! file)
|
||||
goto fail;
|
||||
|
||||
@ -49,7 +47,7 @@ index 8be4c3b3f48..4b1750e360e 100644
|
||||
{
|
||||
if (!grub_errno)
|
||||
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
||||
@@ -152,6 +161,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -151,6 +160,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -59,7 +57,7 @@ index 8be4c3b3f48..4b1750e360e 100644
|
||||
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
|
||||
{
|
||||
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
|
||||
@@ -320,13 +332,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -314,13 +326,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh));
|
||||
|
||||
len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh);
|
||||
@ -76,11 +74,12 @@ index 8be4c3b3f48..4b1750e360e 100644
|
||||
|
||||
if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE)
|
||||
|| grub_le_to_cpu16 (lh.version) < 0x0200)
|
||||
@@ -364,9 +372,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -355,10 +363,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
}
|
||||
|
||||
len = grub_linux16_prot_size;
|
||||
- if (grub_file_read (file, grub_linux_prot_chunk, len) != len && !grub_errno)
|
||||
- if (grub_file_read (file, grub_linux_prot_chunk, grub_linux16_prot_size)
|
||||
- != (grub_ssize_t) grub_linux16_prot_size && !grub_errno)
|
||||
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
||||
- argv[0]);
|
||||
+ grub_memcpy (grub_linux_prot_chunk, kernel + kernel_offset, len);
|
||||
@ -88,7 +87,7 @@ index 8be4c3b3f48..4b1750e360e 100644
|
||||
|
||||
if (grub_errno == GRUB_ERR_NONE)
|
||||
{
|
||||
@@ -376,6 +383,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -368,6 +374,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
fail:
|
||||
|
@ -1,6 +1,6 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Raymund Will <rw@suse.com>
|
||||
Date: Mon, 8 Jul 2019 11:55:18 +0200
|
||||
Date: Fri, 10 Apr 2015 01:45:02 -0400
|
||||
Subject: [PATCH] Add secureboot support on efi chainloader
|
||||
|
||||
Expand the chainloader to be able to verify the image by means of shim
|
||||
@ -167,18 +167,18 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
grub-core/kern/efi/efi.c | 14 +-
|
||||
grub-core/loader/arm64/linux.c | 4 +-
|
||||
grub-core/loader/efi/chainloader.c | 816 +++++++++++++++++++++++++++++++++----
|
||||
grub-core/loader/efi/chainloader.c | 817 +++++++++++++++++++++++++++++++++----
|
||||
grub-core/loader/efi/linux.c | 25 +-
|
||||
grub-core/loader/i386/efi/linux.c | 17 +-
|
||||
include/grub/efi/linux.h | 2 +-
|
||||
include/grub/efi/pe32.h | 52 ++-
|
||||
7 files changed, 840 insertions(+), 90 deletions(-)
|
||||
7 files changed, 840 insertions(+), 91 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
|
||||
index 35b8f670602..4a2259aa1c7 100644
|
||||
index c8a9d8307..91129e335 100644
|
||||
--- a/grub-core/kern/efi/efi.c
|
||||
+++ b/grub-core/kern/efi/efi.c
|
||||
@@ -296,14 +296,20 @@ grub_efi_secure_boot (void)
|
||||
@@ -283,14 +283,20 @@ grub_efi_secure_boot (void)
|
||||
grub_efi_boolean_t ret = 0;
|
||||
|
||||
secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
|
||||
@ -204,18 +204,18 @@ index 35b8f670602..4a2259aa1c7 100644
|
||||
if (*secure_boot && !*setup_mode)
|
||||
ret = 1;
|
||||
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
|
||||
index a312c668685..04994d5c67d 100644
|
||||
index 6c00af98d..a1ac7a388 100644
|
||||
--- a/grub-core/loader/arm64/linux.c
|
||||
+++ b/grub-core/loader/arm64/linux.c
|
||||
@@ -284,6 +284,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
struct linux_arch_kernel_header lh;
|
||||
@@ -282,6 +282,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_file_t file = 0;
|
||||
struct linux_armxx_kernel_header lh;
|
||||
struct grub_armxx_linux_pe_header *pe;
|
||||
grub_err_t err;
|
||||
+ int rc;
|
||||
|
||||
grub_dl_ref (my_mod);
|
||||
|
||||
@@ -328,7 +329,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -326,7 +327,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
|
||||
|
||||
@ -226,7 +226,7 @@ index a312c668685..04994d5c67d 100644
|
||||
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
|
||||
goto fail;
|
||||
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
||||
index 2bd80f4db3d..b54cf6986fc 100644
|
||||
index adc856366..af2189619 100644
|
||||
--- a/grub-core/loader/efi/chainloader.c
|
||||
+++ b/grub-core/loader/efi/chainloader.c
|
||||
@@ -32,6 +32,8 @@
|
||||
@ -261,7 +261,15 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
|
||||
grub_dl_unref (my_mod);
|
||||
return GRUB_ERR_NONE;
|
||||
@@ -213,20 +221,690 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
|
||||
@@ -173,7 +181,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
|
||||
/* Fill the file path for the directory. */
|
||||
d = (grub_efi_device_path_t *) ((char *) file_path
|
||||
+ ((char *) d - (char *) dp));
|
||||
- grub_efi_print_device_path (d);
|
||||
copy_file_path ((grub_efi_file_path_device_path_t *) d,
|
||||
dir_start, dir_end - dir_start);
|
||||
|
||||
@@ -191,20 +198,690 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
|
||||
return file_path;
|
||||
}
|
||||
|
||||
@ -955,7 +963,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
|
||||
if (argc == 0)
|
||||
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
||||
@@ -238,15 +916,45 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -216,15 +893,45 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
address = 0;
|
||||
image_handle = 0;
|
||||
file_path = 0;
|
||||
@ -989,7 +997,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
+ *(--p16) = 0;
|
||||
+ }
|
||||
+
|
||||
file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
|
||||
file = grub_file_open (filename);
|
||||
if (! file)
|
||||
goto fail;
|
||||
|
||||
@ -1003,7 +1011,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
if (! dev)
|
||||
goto fail;
|
||||
|
||||
@@ -283,17 +991,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -261,17 +968,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
if (! file_path)
|
||||
goto fail;
|
||||
|
||||
@ -1024,7 +1032,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
|
||||
status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES,
|
||||
GRUB_EFI_LOADER_CODE,
|
||||
@@ -307,7 +1012,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -285,7 +989,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
}
|
||||
|
||||
boot_image = (void *) ((grub_addr_t) address);
|
||||
@ -1033,7 +1041,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
{
|
||||
if (grub_errno == GRUB_ERR_NONE)
|
||||
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
||||
@@ -317,7 +1022,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -295,7 +999,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
}
|
||||
|
||||
#if defined (__i386__) || defined (__x86_64__)
|
||||
@ -1042,12 +1050,12 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
{
|
||||
struct grub_macho_fat_header *head = boot_image;
|
||||
if (head->magic
|
||||
@@ -326,6 +1031,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -304,6 +1008,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_uint32_t i;
|
||||
struct grub_macho_fat_arch *archs
|
||||
= (struct grub_macho_fat_arch *) (head + 1);
|
||||
+
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_BAD_OS,
|
||||
+ "MACHO binaries are forbidden with Secure Boot");
|
||||
@ -1057,7 +1065,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++)
|
||||
{
|
||||
if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype))
|
||||
@@ -340,79 +1053,39 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -318,79 +1030,39 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
> ~grub_cpu_to_le32 (archs[i].size)
|
||||
|| grub_cpu_to_le32 (archs[i].offset)
|
||||
+ grub_cpu_to_le32 (archs[i].size)
|
||||
@ -1154,7 +1162,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
if (dev)
|
||||
grub_device_close (dev);
|
||||
|
||||
@@ -424,6 +1097,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -402,6 +1074,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
|
||||
if (address)
|
||||
efi_call_2 (b->free_pages, address, pages);
|
||||
|
||||
@ -1165,7 +1173,7 @@ index 2bd80f4db3d..b54cf6986fc 100644
|
||||
|
||||
return grub_errno;
|
||||
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
|
||||
index c24202a5dd1..c8ecce6dfd0 100644
|
||||
index c24202a5d..c8ecce6df 100644
|
||||
--- a/grub-core/loader/efi/linux.c
|
||||
+++ b/grub-core/loader/efi/linux.c
|
||||
@@ -33,21 +33,34 @@ struct grub_efi_shim_lock
|
||||
@ -1210,10 +1218,10 @@ index c24202a5dd1..c8ecce6dfd0 100644
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
|
||||
index bb2616a8092..6b24cbb9483 100644
|
||||
index 3db82e782..8db228c5b 100644
|
||||
--- a/grub-core/loader/i386/efi/linux.c
|
||||
+++ b/grub-core/loader/i386/efi/linux.c
|
||||
@@ -117,6 +117,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -118,6 +118,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -1222,15 +1230,15 @@ index bb2616a8092..6b24cbb9483 100644
|
||||
params->ramdisk_size = size;
|
||||
params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem;
|
||||
|
||||
@@ -159,6 +161,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
struct linux_i386_kernel_header lh;
|
||||
@@ -160,6 +162,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
struct linux_kernel_header lh;
|
||||
grub_ssize_t len, start, filelen;
|
||||
void *kernel = NULL;
|
||||
+ int rc;
|
||||
|
||||
grub_dl_ref (my_mod);
|
||||
|
||||
@@ -184,11 +187,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -185,11 +188,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
if (grub_file_read (file, kernel, filelen) != filelen)
|
||||
{
|
||||
@ -1246,7 +1254,7 @@ index bb2616a8092..6b24cbb9483 100644
|
||||
{
|
||||
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
|
||||
argv[0]);
|
||||
@@ -203,6 +208,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -204,6 +209,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -1255,7 +1263,7 @@ index bb2616a8092..6b24cbb9483 100644
|
||||
grub_memset (params, 0, 16384);
|
||||
|
||||
grub_memcpy (&lh, kernel, sizeof (lh));
|
||||
@@ -241,6 +248,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
@@ -242,6 +249,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -1278,7 +1286,7 @@ index bb2616a8092..6b24cbb9483 100644
|
||||
grub_file_close (file);
|
||||
|
||||
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
|
||||
index d9ede36773b..0033d9305a9 100644
|
||||
index d9ede3677..0033d9305 100644
|
||||
--- a/include/grub/efi/linux.h
|
||||
+++ b/include/grub/efi/linux.h
|
||||
@@ -22,7 +22,7 @@
|
||||
@ -1291,10 +1299,10 @@ index d9ede36773b..0033d9305a9 100644
|
||||
grub_err_t
|
||||
EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,
|
||||
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
|
||||
index 0ed8781f037..a43adf27464 100644
|
||||
index 7d44732d2..c03cc599f 100644
|
||||
--- a/include/grub/efi/pe32.h
|
||||
+++ b/include/grub/efi/pe32.h
|
||||
@@ -223,7 +223,11 @@ struct grub_pe64_optional_header
|
||||
@@ -214,7 +214,11 @@ struct grub_pe64_optional_header
|
||||
struct grub_pe32_section_table
|
||||
{
|
||||
char name[8];
|
||||
@ -1307,7 +1315,7 @@ index 0ed8781f037..a43adf27464 100644
|
||||
grub_uint32_t virtual_address;
|
||||
grub_uint32_t raw_data_size;
|
||||
grub_uint32_t raw_data_offset;
|
||||
@@ -234,12 +238,18 @@ struct grub_pe32_section_table
|
||||
@@ -225,12 +229,18 @@ struct grub_pe32_section_table
|
||||
grub_uint32_t characteristics;
|
||||
};
|
||||
|
||||
@ -1330,7 +1338,7 @@ index 0ed8781f037..a43adf27464 100644
|
||||
|
||||
#define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000
|
||||
#define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000
|
||||
@@ -248,10 +258,28 @@ struct grub_pe32_section_table
|
||||
@@ -239,10 +249,28 @@ struct grub_pe32_section_table
|
||||
#define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000
|
||||
#define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000
|
||||
#define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000
|
||||
@ -1359,7 +1367,7 @@ index 0ed8781f037..a43adf27464 100644
|
||||
#define GRUB_PE32_SIGNATURE_SIZE 4
|
||||
|
||||
struct grub_pe32_header
|
||||
@@ -274,6 +302,20 @@ struct grub_pe32_header
|
||||
@@ -265,6 +293,20 @@ struct grub_pe32_header
|
||||
#endif
|
||||
};
|
||||
|
@ -9,94 +9,112 @@ won't register commands if SB is enabled."
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
grub-core/commands/iorw.c | 7 +++++++
|
||||
grub-core/commands/memrw.c | 7 +++++++
|
||||
grub-core/kern/dl.c | 3 ++-
|
||||
grub-core/kern/efi/efi.c | 34 ----------------------------------
|
||||
grub-core/loader/efi/appleloader.c | 7 +++++++
|
||||
grub-core/Makefile.core.def | 1 +
|
||||
grub-core/commands/iorw.c | 7 +++++
|
||||
grub-core/commands/memrw.c | 7 +++++
|
||||
grub-core/kern/dl.c | 1 +
|
||||
grub-core/kern/efi/efi.c | 34 --------------------
|
||||
grub-core/kern/efi/sb.c | 64 ++++++++++++++++++++++++++++++++++++++
|
||||
grub-core/loader/efi/appleloader.c | 7 +++++
|
||||
grub-core/loader/efi/chainloader.c | 1 +
|
||||
grub-core/loader/i386/bsd.c | 7 +++++++
|
||||
grub-core/loader/i386/linux.c | 7 +++++++
|
||||
grub-core/loader/i386/pc/linux.c | 7 +++++++
|
||||
grub-core/loader/multiboot.c | 7 +++++++
|
||||
grub-core/loader/xnu.c | 7 +++++++
|
||||
grub-core/loader/i386/bsd.c | 7 +++++
|
||||
grub-core/loader/i386/linux.c | 7 +++++
|
||||
grub-core/loader/i386/pc/linux.c | 7 +++++
|
||||
grub-core/loader/multiboot.c | 7 +++++
|
||||
grub-core/loader/xnu.c | 7 +++++
|
||||
include/grub/efi/efi.h | 1 -
|
||||
include/grub/efi/sb.h | 29 +++++++++++++++++
|
||||
include/grub/ia64/linux.h | 0
|
||||
include/grub/mips/linux.h | 0
|
||||
include/grub/powerpc/linux.h | 0
|
||||
include/grub/sparc64/linux.h | 0
|
||||
16 files changed, 59 insertions(+), 36 deletions(-)
|
||||
grub-core/Makefile.am | 1 +
|
||||
20 files changed, 153 insertions(+), 35 deletions(-)
|
||||
create mode 100644 grub-core/kern/efi/sb.c
|
||||
create mode 100644 include/grub/efi/sb.h
|
||||
create mode 100644 include/grub/ia64/linux.h
|
||||
create mode 100644 include/grub/mips/linux.h
|
||||
create mode 100644 include/grub/powerpc/linux.h
|
||||
create mode 100644 include/grub/sparc64/linux.h
|
||||
|
||||
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
|
||||
index 0b4b0c212..e92a7ef32 100644
|
||||
--- a/grub-core/Makefile.core.def
|
||||
+++ b/grub-core/Makefile.core.def
|
||||
@@ -195,6 +195,7 @@ kernel = {
|
||||
i386_multiboot = kern/i386/pc/acpi.c;
|
||||
i386_coreboot = kern/acpi.c;
|
||||
i386_multiboot = kern/acpi.c;
|
||||
+ common = kern/efi/sb.c;
|
||||
|
||||
x86 = kern/i386/tsc.c;
|
||||
x86 = kern/i386/tsc_pit.c;
|
||||
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
|
||||
index 584baec8f91..7b2999b14b5 100644
|
||||
index a0c164e54..41a7f3f04 100644
|
||||
--- a/grub-core/commands/iorw.c
|
||||
+++ b/grub-core/commands/iorw.c
|
||||
@@ -24,6 +24,7 @@
|
||||
@@ -23,6 +23,7 @@
|
||||
#include <grub/env.h>
|
||||
#include <grub/cpu/io.h>
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/lockdown.h>
|
||||
+#include <grub/efi/sb.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -119,6 +120,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
|
||||
@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
|
||||
|
||||
GRUB_MOD_INIT(memrw)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
cmd_read_byte =
|
||||
grub_register_extcmd ("inb", grub_cmd_read, 0,
|
||||
N_("PORT"), N_("Read 8-bit value from PORT."),
|
||||
@@ -147,6 +151,9 @@ GRUB_MOD_INIT(memrw)
|
||||
@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw)
|
||||
|
||||
GRUB_MOD_FINI(memrw)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
grub_unregister_extcmd (cmd_read_byte);
|
||||
grub_unregister_extcmd (cmd_read_word);
|
||||
grub_unregister_extcmd (cmd_read_dword);
|
||||
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
|
||||
index d401a6db0ef..39cf3a06dbd 100644
|
||||
index 98769eadb..088cbe9e2 100644
|
||||
--- a/grub-core/commands/memrw.c
|
||||
+++ b/grub-core/commands/memrw.c
|
||||
@@ -23,6 +23,7 @@
|
||||
@@ -22,6 +22,7 @@
|
||||
#include <grub/extcmd.h>
|
||||
#include <grub/env.h>
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/lockdown.h>
|
||||
+#include <grub/efi/sb.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -121,6 +122,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
|
||||
@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
|
||||
|
||||
GRUB_MOD_INIT(memrw)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
cmd_read_byte =
|
||||
grub_register_extcmd ("read_byte", grub_cmd_read, 0,
|
||||
N_("ADDR"), N_("Read 8-bit value from ADDR."),
|
||||
@@ -149,6 +153,9 @@ GRUB_MOD_INIT(memrw)
|
||||
@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw)
|
||||
|
||||
GRUB_MOD_FINI(memrw)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
grub_unregister_extcmd (cmd_read_byte);
|
||||
grub_unregister_extcmd (cmd_read_word);
|
||||
grub_unregister_extcmd (cmd_read_dword);
|
||||
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
|
||||
index b7149370950..7afb9e6f724 100644
|
||||
index 04e804d16..621070918 100644
|
||||
--- a/grub-core/kern/dl.c
|
||||
+++ b/grub-core/kern/dl.c
|
||||
@@ -32,6 +32,7 @@
|
||||
@ -107,21 +125,12 @@ index b7149370950..7afb9e6f724 100644
|
||||
|
||||
/* Platforms where modules are in a readonly area of memory. */
|
||||
#if defined(GRUB_MACHINE_QEMU)
|
||||
@@ -704,7 +705,7 @@ grub_dl_load_file (const char *filename)
|
||||
grub_dl_t mod = 0;
|
||||
|
||||
#ifdef GRUB_MACHINE_EFI
|
||||
- if (grub_efi_secure_boot ())
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
{
|
||||
#if 0
|
||||
/* This is an error, but grub2-mkconfig still generates a pile of
|
||||
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
|
||||
index 4a2259aa1c7..8cff7be0289 100644
|
||||
index 91129e335..708581fcb 100644
|
||||
--- a/grub-core/kern/efi/efi.c
|
||||
+++ b/grub-core/kern/efi/efi.c
|
||||
@@ -286,40 +286,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
|
||||
return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL);
|
||||
@@ -273,40 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-grub_efi_boolean_t
|
||||
@ -161,8 +170,78 @@ index 4a2259aa1c7..8cff7be0289 100644
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
/* Search the mods section from the PE32/PE32+ image. This code uses
|
||||
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
|
||||
new file mode 100644
|
||||
index 000000000..d74778b0c
|
||||
--- /dev/null
|
||||
+++ b/grub-core/kern/efi/sb.c
|
||||
@@ -0,0 +1,64 @@
|
||||
+/*
|
||||
+ * GRUB -- GRand Unified Bootloader
|
||||
+ * Copyright (C) 2014 Free Software Foundation, Inc.
|
||||
+ *
|
||||
+ * GRUB is free software: you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation, either version 3 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * GRUB is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License
|
||||
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||
+ */
|
||||
+
|
||||
+#include <grub/err.h>
|
||||
+#include <grub/mm.h>
|
||||
+#include <grub/types.h>
|
||||
+#include <grub/cpu/linux.h>
|
||||
+#include <grub/efi/efi.h>
|
||||
+#include <grub/efi/pe32.h>
|
||||
+#include <grub/efi/linux.h>
|
||||
+#include <grub/efi/sb.h>
|
||||
+
|
||||
+int
|
||||
+grub_efi_secure_boot (void)
|
||||
+{
|
||||
+#ifdef GRUB_MACHINE_EFI
|
||||
+ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
|
||||
+ grub_size_t datasize;
|
||||
+ char *secure_boot = NULL;
|
||||
+ char *setup_mode = NULL;
|
||||
+ grub_efi_boolean_t ret = 0;
|
||||
+
|
||||
+ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
|
||||
+ if (datasize != 1 || !secure_boot)
|
||||
+ {
|
||||
+ grub_dprintf ("secureboot", "No SecureBoot variable\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
|
||||
+
|
||||
+ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
|
||||
+ if (datasize != 1 || !setup_mode)
|
||||
+ {
|
||||
+ grub_dprintf ("secureboot", "No SetupMode variable\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
|
||||
+
|
||||
+ if (*secure_boot && !*setup_mode)
|
||||
+ ret = 1;
|
||||
+
|
||||
+ out:
|
||||
+ grub_free (secure_boot);
|
||||
+ grub_free (setup_mode);
|
||||
+ return ret;
|
||||
+#else
|
||||
+ return 0;
|
||||
+#endif
|
||||
+}
|
||||
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
|
||||
index 74888c463ba..585f2b57385 100644
|
||||
index 74888c463..69c2a10d3 100644
|
||||
--- a/grub-core/loader/efi/appleloader.c
|
||||
+++ b/grub-core/loader/efi/appleloader.c
|
||||
@@ -24,6 +24,7 @@
|
||||
@ -177,7 +256,7 @@ index 74888c463ba..585f2b57385 100644
|
||||
|
||||
GRUB_MOD_INIT(appleloader)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
|
||||
@ -187,13 +266,13 @@ index 74888c463ba..585f2b57385 100644
|
||||
|
||||
GRUB_MOD_FINI(appleloader)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
grub_unregister_command (cmd);
|
||||
}
|
||||
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
||||
index b54cf6986fc..3ff305b1d32 100644
|
||||
index af2189619..5cd9b6e08 100644
|
||||
--- a/grub-core/loader/efi/chainloader.c
|
||||
+++ b/grub-core/loader/efi/chainloader.c
|
||||
@@ -34,6 +34,7 @@
|
||||
@ -205,10 +284,10 @@ index b54cf6986fc..3ff305b1d32 100644
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/net.h>
|
||||
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
|
||||
index 5f3290ce17b..54befc26626 100644
|
||||
index 7f96515da..87709aa23 100644
|
||||
--- a/grub-core/loader/i386/bsd.c
|
||||
+++ b/grub-core/loader/i386/bsd.c
|
||||
@@ -40,6 +40,7 @@
|
||||
@@ -38,6 +38,7 @@
|
||||
#ifdef GRUB_MACHINE_PCBIOS
|
||||
#include <grub/machine/int.h>
|
||||
#endif
|
||||
@ -216,92 +295,92 @@ index 5f3290ce17b..54befc26626 100644
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -2137,6 +2138,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
|
||||
@@ -2124,6 +2125,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
|
||||
|
||||
GRUB_MOD_INIT (bsd)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
/* Net and OpenBSD kernels are often compressed. */
|
||||
grub_dl_load ("gzio");
|
||||
|
||||
@@ -2176,6 +2180,9 @@ GRUB_MOD_INIT (bsd)
|
||||
@@ -2163,6 +2167,9 @@ GRUB_MOD_INIT (bsd)
|
||||
|
||||
GRUB_MOD_FINI (bsd)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
grub_unregister_extcmd (cmd_freebsd);
|
||||
grub_unregister_extcmd (cmd_openbsd);
|
||||
grub_unregister_extcmd (cmd_netbsd);
|
||||
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
|
||||
index dccf3bb3005..4aeb0e4b9a6 100644
|
||||
index f7186be40..c84747ea8 100644
|
||||
--- a/grub-core/loader/i386/linux.c
|
||||
+++ b/grub-core/loader/i386/linux.c
|
||||
@@ -37,6 +37,7 @@
|
||||
@@ -35,6 +35,7 @@
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/lib/cmdline.h>
|
||||
#include <grub/linux.h>
|
||||
#include <grub/machine/kernel.h>
|
||||
#include <grub/safemath.h>
|
||||
+#include <grub/efi/sb.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -1138,6 +1139,9 @@ static grub_command_t cmd_linux, cmd_initrd;
|
||||
@@ -1156,6 +1157,9 @@ static grub_command_t cmd_linux, cmd_initrd;
|
||||
|
||||
GRUB_MOD_INIT(linux)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
cmd_linux = grub_register_command ("linux", grub_cmd_linux,
|
||||
0, N_("Load Linux."));
|
||||
cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
|
||||
@@ -1147,6 +1151,9 @@ GRUB_MOD_INIT(linux)
|
||||
@@ -1165,6 +1169,9 @@ GRUB_MOD_INIT(linux)
|
||||
|
||||
GRUB_MOD_FINI(linux)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
grub_unregister_command (cmd_linux);
|
||||
grub_unregister_command (cmd_initrd);
|
||||
}
|
||||
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
|
||||
index 4b1750e360e..e3fa1221e81 100644
|
||||
index caa76bee8..783a3cd93 100644
|
||||
--- a/grub-core/loader/i386/pc/linux.c
|
||||
+++ b/grub-core/loader/i386/pc/linux.c
|
||||
@@ -36,6 +36,7 @@
|
||||
@@ -35,6 +35,7 @@
|
||||
#include <grub/i386/floppy.h>
|
||||
#include <grub/lib/cmdline.h>
|
||||
#include <grub/linux.h>
|
||||
#include <grub/safemath.h>
|
||||
+#include <grub/efi/sb.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -487,6 +488,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16;
|
||||
@@ -480,6 +481,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16;
|
||||
|
||||
GRUB_MOD_INIT(linux16)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
cmd_linux =
|
||||
grub_register_command ("linux", grub_cmd_linux,
|
||||
0, N_("Load Linux."));
|
||||
@@ -504,6 +508,9 @@ GRUB_MOD_INIT(linux16)
|
||||
@@ -497,6 +501,9 @@ GRUB_MOD_INIT(linux16)
|
||||
|
||||
GRUB_MOD_FINI(linux16)
|
||||
{
|
||||
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
|
||||
+ if (grub_efi_secure_boot())
|
||||
+ return;
|
||||
+
|
||||
grub_unregister_command (cmd_linux);
|
||||
grub_unregister_command (cmd_linux16);
|
||||
grub_unregister_command (cmd_initrd);
|
||||
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
|
||||
index facb13f3d36..47e481f4576 100644
|
||||
index 40c67e824..26df46a41 100644
|
||||
--- a/grub-core/loader/multiboot.c
|
||||
+++ b/grub-core/loader/multiboot.c
|
||||
@@ -50,6 +50,7 @@
|
||||
@ -312,63 +391,63 @@ index facb13f3d |