Compare commits

...

13 Commits
c8 ... a8

Author SHA1 Message Date
Andrew Lukoshko 835ebbe2c2 Sync with CS 2.02-150 2023-08-08 18:04:13 +00:00
Andrew Lukoshko 4117729e5d Merge AlmaLinux new SB key changes 2023-08-08 18:00:50 +00:00
eabdullin 57852366e1 Merge branch 'c8' into a8 2023-05-17 01:36:58 +00:00
eabdullin 9ded7eb3db Merge branch 'c8' into a8 2023-02-21 10:05:29 +00:00
Andrew Lukoshko 3d7e7f7222 Merge branch 'c8' into a8 2023-01-09 18:42:41 +00:00
Andrew Lukoshko c8fc592c96 Merge branch 'c8' into a8 2022-11-08 11:56:19 +00:00
Andrew Lukoshko 2485d22941 Remove epoch from Red Hat sbat entry 2022-06-18 12:18:02 +00:00
eabdullin bcb1651fe1 Update sbat 2022-06-17 12:25:51 +03:00
eabdullin 7c8932dcd0 Merge branch 'c8' into a8 2022-06-17 10:36:32 +03:00
Andrew Lukoshko 814bf9efb9 Keep Red Hat entry in SBAT 2022-05-10 15:39:20 +00:00
eabdullin 7faece4aae Merge branch 'c8' into a8 2022-05-10 10:22:50 +00:00
eabdullin 4bcb992cc3 AlmaLinux changes 2021-11-17 15:24:46 +03:00
Andrew Lukoshko 33d2c41b51 AlmaLinux changes 2021-09-15 09:21:47 +00:00
14 changed files with 254 additions and 18 deletions

View File

@ -0,0 +1,30 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Matt Hsiao <matt.hsiao@hpe.com>
Date: Mon, 24 Apr 2023 13:39:05 +0800
Subject: [PATCH] efi/http: change uint32_t to uintn_t for
grub_efi_http_message_t
Modify UINT32 to UINTN in EFI_HTTP_MESSAGE to be UEFI 2.9 compliant.
Signed-off-by: Matt Hsiao <matt.hsiao@hpe.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
include/grub/efi/http.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h
index c5e9a89f5050..ad164ba1913d 100644
--- a/include/grub/efi/http.h
+++ b/include/grub/efi/http.h
@@ -171,9 +171,9 @@ typedef struct {
grub_efi_http_request_data_t *request;
grub_efi_http_response_data_t *response;
} data;
- grub_efi_uint32_t header_count;
+ grub_efi_uintn_t header_count;
grub_efi_http_header_t *headers;
- grub_efi_uint32_t body_length;
+ grub_efi_uintn_t body_length;
void *body;
} grub_efi_http_message_t;

View File

@ -0,0 +1,46 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
Date: Thu, 23 Mar 2023 08:16:25 -0400
Subject: [PATCH] ieee1275 : Converting plain numbers to constants in Vec5
This patch converts the plain numbers used in Vec5 properties to
constants.
1. LPAR : Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR : Client program supports the Shared
Processor LPAR Option.
3. CMO : Enables the Cooperative Memory Over-commitment Option.
4. MAX_CPU : Defines maximum number of CPUs supported.
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
---
grub-core/kern/ieee1275/init.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 3ea9b73b2a59..2516e02091cb 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -56,6 +56,12 @@ extern char _end[];
grub_addr_t grub_ieee1275_original_stack;
#endif
+#define LPAR 0x80
+#define SPLPAR 0x40
+#define BYTE2 (LPAR | SPLPAR)
+#define CMO 0x80
+#define MAX_CPU 256
+
void
grub_exit (int rc __attribute__((unused)))
{
@@ -372,7 +378,7 @@ grub_ieee1275_ibm_cas (void)
.vec4 = 0x0001, // set required minimum capacity % to the lowest value
.vec5_size = 1 + sizeof(struct option_vector5) - 2,
.vec5 = {
- 0, 192, 0, 128, 0, 0, 0, 0, 256
+ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
}
};

View File

@ -0,0 +1,125 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
Date: Thu, 23 Mar 2023 08:33:12 -0400
Subject: [PATCH] ieee1275 : extended support in options vector5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch enables the multiple options in Options Vector5 which are
required and solves the boot issue seen on some machines which are looking for these specific options.
1. LPAR : Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR : Client program supports the Shared
Processor LPAR Option.
3. DYN_RCON_MEM : Client program supports the
“ibm,dynamic-reconfiguration-memory” property and it may be
presented in the device tree.
4. LARGE_PAGES : Client supports pages larger than 4 KB.
5. DONATE_DCPU_CLS : Client supports donating dedicated processor cycles.
6. PCI_EXP : Client supports PCI Express implementations
utilizing Message Signaled Interrupts (MSIs).
7. CMOC : Enables the Cooperative Memory Over-commitment Option.
8. EXT_CMO : Enables the Extended Cooperative Memory Over-commit
Option.
9. ASSOC_REF : Enables “ibm,associativity” and
“ibm,associativity-reference-points” properties.
10. AFFINITY : Enables Platform Resource Reassignment Notification.
11. NUMA : Supports NUMA Distance Lookup Table Option.
12. HOTPLUG_INTRPT : Supports Hotplug Interrupts.
13. HPT_RESIZE : Enable Hash Page Table Resize Option.
14. MAX_CPU : Defines maximum number of CPUs supported.
15. PFO_HWRNG : Supports Random Number Generator.
16. PFO_HW_COMP : Supports Compression Engine.
17. PFO_ENCRYPT : Supports Encryption Engine.
18. SUB_PROCESSORS : Supports Sub-Processors.
19. DY_MEM_V2 : Client program supports the “ibm,dynamic-memory-v2” property in the
“ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree.
20. DRC_INFO : Client program supports the “ibm,drc-info” property definition and it may be
presented in the device tree.
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
---
grub-core/kern/ieee1275/init.c | 47 ++++++++++++++++++++++++++++++++++++------
1 file changed, 41 insertions(+), 6 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 2516e02091cb..1fae84440403 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -56,11 +56,41 @@ extern char _end[];
grub_addr_t grub_ieee1275_original_stack;
#endif
-#define LPAR 0x80
-#define SPLPAR 0x40
-#define BYTE2 (LPAR | SPLPAR)
-#define CMO 0x80
-#define MAX_CPU 256
+/* Options vector5 properties */
+
+#define LPAR 0x80
+#define SPLPAR 0x40
+#define DYN_RCON_MEM 0x20
+#define LARGE_PAGES 0x10
+#define DONATE_DCPU_CLS 0x02
+#define PCI_EXP 0x01
+#define BYTE2 (LPAR | SPLPAR | DYN_RCON_MEM | LARGE_PAGES | DONATE_DCPU_CLS | PCI_EXP)
+
+#define CMOC 0x80
+#define EXT_CMO 0x40
+#define CMO (CMOC | EXT_CMO)
+
+#define ASSOC_REF 0x80
+#define AFFINITY 0x40
+#define NUMA 0x20
+#define ASSOCIATIVITY (ASSOC_REF | AFFINITY | NUMA)
+
+#define HOTPLUG_INTRPT 0x04
+#define HPT_RESIZE 0x01
+#define BIN_OPTS (HOTPLUG_INTRPT | HPT_RESIZE)
+
+#define MAX_CPU 256
+
+#define PFO_HWRNG 0x80000000
+#define PFO_HW_COMP 0x40000000
+#define PFO_ENCRYPT 0x20000000
+#define PLATFORM_FACILITIES (PFO_HWRNG | PFO_HW_COMP | PFO_ENCRYPT)
+
+#define SUB_PROCESSORS 1
+
+#define DY_MEM_V2 0x80
+#define DRC_INFO 0x40
+#define BYTE22 (DY_MEM_V2 | DRC_INFO)
void
grub_exit (int rc __attribute__((unused)))
@@ -323,6 +353,11 @@ struct option_vector5 {
grub_uint8_t micro_checkpoint;
grub_uint8_t reserved0;
grub_uint32_t max_cpus;
+ grub_uint16_t base_PAPR;
+ grub_uint16_t mem_reference;
+ grub_uint32_t platform_facilities;
+ grub_uint8_t sub_processors;
+ grub_uint8_t byte22;
} __attribute__((packed));
struct pvr_entry {
@@ -378,7 +413,7 @@ grub_ieee1275_ibm_cas (void)
.vec4 = 0x0001, // set required minimum capacity % to the lowest value
.vec5_size = 1 + sizeof(struct option_vector5) - 2,
.vec5 = {
- 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
+ 0, BYTE2, 0, CMO, ASSOCIATIVITY, BIN_OPTS, 0, 0, MAX_CPU, 0, 0, PLATFORM_FACILITIES, SUB_PROCESSORS, BYTE22
}
};

Binary file not shown.

View File

@ -285,7 +285,13 @@ Requires: %{name}-common = %{evr} \
Requires: %{name}-tools-minimal >= %{evr} \
Requires: %{name}-tools-extra = %{evr} \
Requires: %{name}-tools = %{evr} \
Requires: %{efi_esp_dir}/shim%%(echo %{1} | cut -d- -f2).efi \
Provides: %{name}-efi = %{evr} \
Provides: almalinux(grub2-sig-key) = 202303 \
%{expand:%%ifarch x86_64 \
Conflicts: shim-x64 <= 15.6-1.el8.alma \
Conflicts: shim-ia32 <= 15.6-1.el8.alma \
%%endif} \
%{?legacy_provides:Provides: %{name} = %{evr}} \
%{-o:Obsoletes: %{name}-efi < %{evr}} \
\
@ -540,7 +546,7 @@ install -D -m 700 unicode.pf2 \\\
$RPM_BUILD_ROOT%{efi_esp_dir}/fonts/unicode.pf2 \
${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\
${RPM_BUILD_ROOT}%{efi_esp_dir}/grubenv create \
ln -sf ../efi/EFI/%{efi_vendor}/grubenv \\\
ln -sf ../efi/EFI/%{efidir}/grubenv \\\
$RPM_BUILD_ROOT/boot/grub2/grubenv \
cd .. \
%{nil}

View File

@ -573,3 +573,6 @@ Patch0572: 0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
Patch0573: 0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
Patch0574: 0574-Enable-TDX-measurement-to-RTMR-register.patch
Patch0575: 0575-Enable-shared-processor-mode-in-vector-5.patch
Patch0576: 0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch
Patch0577: 0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch
Patch0578: 0578-ieee1275-extended-support-in-options-vector5.patch

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,3 +1,4 @@
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.rh,2,Red Hat,grub2,@@RHEL_VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.almalinux,2,AlmaLinux,grub2,@@VERSION_RELEASE@@,mail:security@almalinux.org

View File

@ -1,3 +1,7 @@
%global efi_vendor almalinux
%global efidir almalinux
%global efi_esp_dir /boot/efi/EFI/%{efidir}
%undefine _hardened_build
%global tarversion 2.02
@ -7,7 +11,7 @@
Name: grub2
Epoch: 1
Version: 2.02
Release: 148%{?dist}
Release: 148%{?dist}.1.alma
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
@ -24,31 +28,29 @@ Source6: gitignore
Source8: strtoull_test.c
Source9: 20-grub.install
Source12: 99-grub-mkconfig.install
Source13: redhatsecurebootca3.cer
Source14: redhatsecureboot301.cer
Source15: redhatsecurebootca5.cer
Source16: redhatsecureboot502.cer
Source17: redhatsecureboot601.cer
Source18: redhatsecureboot701.cer
Source13: almalinuxsecurebootca0.cer
Source19: sbat.csv.in
%include %{SOURCE1}
%if 0%{with_efi_arch}
%define old_sb_ca %{SOURCE13}
%define old_sb_cer %{SOURCE14}
%define old_sb_key redhatsecureboot301
%define sb_ca %{SOURCE15}
%define sb_cer %{SOURCE16}
%define sb_key redhatsecureboot502
%define old_sb_cer %{SOURCE13}
%define old_sb_key almalinuxsecurebootca0
%define sb_ca %{SOURCE13}
%define sb_cer %{SOURCE13}
%define sb_key almalinuxsecurebootca0
%endif
%ifarch ppc64le
%define old_sb_cer %{SOURCE17}
%define sb_cer %{SOURCE18}
%define sb_key redhatsecureboot702
%define old_sb_cer %{SOURCE13}
%define sb_cer %{SOURCE13}
%define sb_key almalinuxsecurebootca0
%endif
# AlmaLinux: keep upstream EVR for RHEL SBAT entry
%define rhel_version_release $(echo %{version}-%{release} | sed 's/\.alma.*//')
# generate with do-rebase
%include %{SOURCE2}
@ -166,7 +168,7 @@ This subpackage provides tools for support of all platforms.
mkdir grub-%{grubefiarch}-%{tarversion}
grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" -e "s,@@RHEL_VERSION_RELEASE@@,%{rhel_version_release},g" \
%{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
git add grub-%{grubefiarch}-%{tarversion}
%endif
@ -341,6 +343,20 @@ if [ "$1" = 0 ]; then
/sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/%{name}-dev.info.gz || :
fi
%if 0%{with_efi_arch}
%posttrans %{package_arch}
if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
fi
%endif
%if 0%{with_alt_efi_arch}
%posttrans %{alt_package_arch}
if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
fi
%endif
%files common -f grub.lang
%dir %{_libdir}/grub/
%dir %{_datarootdir}/grub/
@ -510,6 +526,15 @@ fi
%endif
%changelog
* Tue Aug 08 2023 Andrew Lukoshko <alukoshko@almalinux.org> - 2.02-148.1.alma
- efi/http: change uint32_t to uintn_t for grub_efi_http_message_t
- Resolves: #2178388
- kern/ieee1275/init: sync vec5 patchset with upstream
- Resolves: #2172111
* Wed May 17 2023 Andrew Lukoshko <alukoshko@almalinux.org> - 2.02-148.alma
- Debrand for AlmaLinux
* Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-148
- ppc64le: cas5, take 3
- Resolves: #2139508