Luca Boccassi [Tue, 15 May 2018 10:36:46 +0000 (11:36 +0100)]
Add patch to fix lockdown mode
Description: do not overwrite sentinel byte in boot_params, breaks lockdown
grub currently copies the entire boot_params, which includes setting sentinel
byte to 0xff, which triggers sanitize_boot_params in the kernel which in
turn clears various boot_params variables, including the indication that
the booloader chain is verified and thus the kernel disables lockdown mode.
According to the information on the Fedora bug tracker, only the information
from byte 0x1f1 is necessary, so start copying from there instead.
Author: Luca Boccassi <bluca@debian.org>
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
Forwarded: no
Patch-Name: fix_lockdown.patch
Linn Crosetto [Tue, 5 Apr 2016 17:49:05 +0000 (11:49 -0600)]
Disallow unsigned kernels if UEFI Secure Boot is enabled
If UEFI Secure Boot is enabled and kernel signature verification fails, do not
boot the kernel. Before this change, if kernel signature verification failed
then GRUB would fall back to calling ExitBootServices() and continuing the
boot.
Use grub-file to figure out whether multiboot2 should be used for Xen.gz
The multiboot2 is much more preferable than multiboot. Especiall
if booting under EFI where multiboot does not have the functionality
to pass ImageHandler.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: backport, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b4d709b6ee789cdaf3fa7a80fd90c721a16f48c2
Bug-Debian: https://bugs.debian.org/898947
Last-Update: 2018-06-16
Colin Watson [Tue, 30 Jan 2018 21:54:17 +0000 (21:54 +0000)]
build: Use pkg-config to find FreeType
pkg-config is apparently preferred over freetype-config these days (see
the BUGS section of freetype-config(1)). pkg-config support was added
to FreeType in version 2.1.5, which was released in 2003, so it should
comfortably be available everywhere by now.
We no longer need to explicitly substitute FREETYPE_CFLAGS and
FREETYPE_LIBS, since PKG_CHECK_MODULES does that automatically.
David E. Box [Fri, 15 Sep 2017 22:37:05 +0000 (15:37 -0700)]
tsc: Change default tsc calibration method to pmtimer on EFI systems
On efi systems, make pmtimer based tsc calibration the default over the
pit. This prevents Grub from hanging on Intel SoC systems that power gate
the pit.
Signed-off-by: David E. Box <david.e.box@linux.intel.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=446794de8da4329ea532cbee4ca877bcafd0e534
Bug-Debian: https://bugs.debian.org/883193
Last-Update: 2017-12-01
Eric Biggers [Thu, 29 Jun 2017 13:27:49 +0000 (13:27 +0000)]
Allow GRUB to mount ext2/3/4 filesystems that have the encryption feature.
On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
For a regular file, this means its contents are encrypted; for a
directory, this means the filenames in its directory entries are
encrypted; and for a symlink, this means its target is encrypted. Since
GRUB cannot decrypt encrypted contents or filenames, just issue an error
if it would need to do so. This is sufficient to allow unencrypted boot
files to co-exist with encrypted files elsewhere on the filesystem.
(Note that encrypted regular files and symlinks will not normally be
encountered outside an encrypted directory; however, it's possible via
hard links, so they still need to be handled.)
Tested by booting from an ext4 /boot partition on which I had run
'tune2fs -O encrypt'. I also verified that the expected error messages
are printed when trying to access encrypted directories, files, and
symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester
ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+.
Steve McIntyre [Mon, 30 Jan 2017 19:04:51 +0000 (19:04 +0000)]
Make grub-install check for errors from efibootmgr
Code is currently ignoring errors from efibootmgr, giving users
clearly bogus output like:
Setting up grub-efi-amd64 (2.02~beta3-4) ...
Installing for x86_64-efi platform.
Could not delete variable: No space left on device
Could not prepare Boot variable: No space left on device
Installation finished. No error reported.
and then potentially unbootable systems. If efibootmgr fails,
grub-install should know that and report it!
Signed-off-by: Steve McIntyre <93sam@debian.org>
Bug-Debian: https://bugs.debian.org/853234
Forwarded: https://lists.gnu.org/archive/html/grub-devel/2017-01/msg00107.html
Michael Chang [Thu, 27 Oct 2016 21:43:21 +0000 (17:43 -0400)]
efinet: Setting DNS server from UEFI protocol
In the URI device path node, any name rahter than address can be used for
looking up the resources so that DNS service become needed to get answer of the
name's address. Unfortunately the DNS is not defined in any of the device path
nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL
to obtain it.
These two protcols are defined the sections of UEFI specification.
include/grub/efi/api.h:
Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and
EFI_IP6_CONFIG_PROTOCOL.
grub-core/net/drivers/efi/efinet.c:
Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list
of DNS server address for IPv4 and IPv6 respectively. The address of DNS
servers is structured into DHCPACK packet and feed into the same DHCP packet
processing functions to ensure the network interface is setting up the same way
it used to be.
Signed-off-by: Michael Chang <mchang@suse.com> Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: efinet_set_dns_from_uefi_proto.patch
Michael Chang [Thu, 27 Oct 2016 21:43:05 +0000 (17:43 -0400)]
efinet: Setting network from UEFI device path
The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no
longer provided for HTTP Boot. Instead, we have to get the HTTP boot
information from the device path nodes defined in following UEFI Specification
sections.
include/grub/efi/api.h:
Add new structure of Uniform Resource Identifiers (URI) Device Path
grub-core/net/drivers/efi/efinet.c:
Check if PXE Base Code is available, if not it will try to obtain the netboot
information from the device path where the image booted from. The DHCPACK
packet is recoverd from the information in device patch and feed into the same
DHCP packet processing functions to ensure the network interface is setting up
the same way it used to be.
Signed-off-by: Michael Chang <mchang@suse.com> Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: efinet_set_network_from_uefi_devpath.patch
Michael Chang [Thu, 27 Oct 2016 21:42:19 +0000 (17:42 -0400)]
bootp: Add processing DHCPACK packet from HTTP Boot
The vendor class identifier with the string "HTTPClient" is used to denote the
packet as responding to HTTP boot request. In DHCP4 config, the filename for
HTTP boot is the URL of the boot file while for PXE boot it is the path to the
boot file. As a consequence, the next-server becomes obseleted because the HTTP
URL already contains the server address for the boot file. For DHCP6 config,
there's no difference definition in existing config as dhcp6.bootfile-url can
be used to specify URL for both HTTP and PXE boot file.
This patch adds processing for "HTTPClient" vendor class identifier in DHCPACK
packet by treating it as HTTP format, not as the PXE format.
Signed-off-by: Michael Chang <mchang@suse.com> Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: bootp_process_dhcpack_http_boot.patch
Michael Chang [Thu, 27 Oct 2016 21:41:21 +0000 (17:41 -0400)]
efinet: UEFI IPv6 PXE support
When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is
cached in firmware buffer which can be obtained by PXE Base Code protocol. The
network interface can be setup through the parameters in that obtained packet.
Signed-off-by: Michael Chang <mchang@suse.com> Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: efinet_uefi_ipv6_pxe_support.patch
Aaron Miller [Thu, 27 Oct 2016 21:39:49 +0000 (17:39 -0400)]
net: read bracketed ipv6 addrs and port numbers
Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses
to be recognized with brackets around them, which is required to specify a port
number
Aaron Miller [Thu, 27 Oct 2016 21:33:07 +0000 (17:33 -0400)]
misc: fix invalid character recongition in strto*l
Would previously allow digits larger than the base and didn't check that
subtracting the difference from 0-9 to lowercase letters for characters
larger than 9 didn't result in a value lower than 9, which allowed the
parses: ` = 9, _ = 8, ^ = 7, ] = 6, \ = 5, and [ = 4
Chad MILLER [Thu, 27 Oct 2016 21:15:07 +0000 (17:15 -0400)]
Tell zpool to emit full device names
zfs-initramfs currently provides extraneous, undesired symlinks to
devices directly underneath /dev/ to satisfy zpool's historical output
of unqualified device names. By including this environment variable to
signal our intent to zpool, zfs-linux packages can drop the symlink
behavior when updating to its upstream or backported output behavior.
Colin Watson [Sun, 18 Sep 2016 16:26:00 +0000 (17:26 +0100)]
syslinux_test: Fix out-of-tree build handling
When doing out-of-tree builds, abs_top_srcdir may well contain ".."
segments, and grub-syslinux2cfg canonicalises its --root argument. As a
result, the expansion of @abs_top_srcdir@ may not match what
grub-syslinux2cfg produces.
It's somewhat difficult to portably canonicalize a path in shell, and
autoconf/automake don't offer any support for this. But there's a much
simpler option: copy the test data to a temporary directory and make
substitutions in the expected output file based on that.
Steve McIntyre [Wed, 3 Dec 2014 01:25:12 +0000 (01:25 +0000)]
Add support for forcing EFI installation to the removable media path
Add an extra option to grub-install "--force-extra-removable". On EFI
platforms, this will cause an extra copy of the grub-efi image to be
written to the appropriate removable media patch
/boot/efi/EFI/BOOT/BOOT$ARCH.EFI as well. This will help with broken
UEFI implementations where the firmware does not work when configured
with new boot paths.
Signed-off-by: Steve McIntyre <93sam@debian.org>
Bug-Debian: https://bugs.debian.org/767037 https://bugs.debian.org/773092
Forwarded: Not yet
Last-Update: 2014-12-20
Ian Campbell [Sun, 30 Nov 2014 12:12:52 +0000 (12:12 +0000)]
Arrange to insmod xzio and lzopio when booting a kernel as a Xen guest
This is needed in case the Linux kernel is compiled with CONFIG_KERNEL_XZ or
CONFIG_KERNEL_LZO rather than CONFIG_KERNEL_GZ (gzio is already loaded by
grub.cfg today).
Signed-off-by: Ian Campbell <ijc@debian.org>
Bug-Debian: https://bugs.debian.org/755256
Forwarded: http://lists.gnu.org/archive/html/grub-devel/2014-11/msg00091.html
Last-Update: 2014-11-30
Ian Campbell [Sat, 6 Sep 2014 11:20:12 +0000 (12:20 +0100)]
grub-install: Install PV Xen binaries into the upstream specified path
Upstream have defined a specification for where guests ought to place their
xenpv grub binaries in order to facilitate chainloading from a stage 1 grub
loaded from dom0.
VSX bit is enabled by default for Power7 and Power8 CPU models,
so we need to disable them in order to avoid instruction exceptions.
Kernel will activate it when necessary.
Colin Watson [Tue, 28 Jan 2014 14:40:02 +0000 (14:40 +0000)]
Port yaboot logic for various powerpc machine types
Some powerpc machines require not updating the NVRAM. This can be handled
by existing grub-install command-line options, but it's friendlier to detect
this automatically.
On chrp_ibm machines, use the nvram utility rather than nvsetenv. (This
is possibly suitable for other machines too, but that needs to be
verified.)
Evan Broder [Mon, 13 Jan 2014 12:13:29 +0000 (12:13 +0000)]
Add configure option to enable gfxpayload=keep dynamically
Set GRUB_GFXPAYLOAD_LINUX=keep unless it's known to be unsupported on
the current hardware. See
https://blueprints.launchpad.net/ubuntu/+spec/packageselection-foundations-n-grub2-boot-framebuffer.
Author: Colin Watson <cjwatson@ubuntu.com>
Forwarded: no
Last-Update: 2013-12-25
Colin Watson [Mon, 13 Jan 2014 12:13:28 +0000 (12:13 +0000)]
Add configure option to bypass boot menu if possible
If other operating systems are installed, then automatically unhide the
menu. Otherwise, if GRUB_HIDDEN_TIMEOUT is 0, then use keystatus if
available to check whether Shift is pressed. If it is, show the menu,
otherwise boot immediately. If keystatus is not available, then fall
back to a short delay interruptible with Escape.
This may or may not remain Ubuntu-specific, although it's not obviously
wanted upstream. It implements a requirement of
https://wiki.ubuntu.com/DesktopExperienceTeam/KarmicBootExperienceDesignSpec#Bootloader.
If the previous boot failed (defined as failing to get to the end of one
of the normal runlevels), then show the boot menu regardless.
Author: Richard Laager <rlaager@wiktel.com>
Author: Robie Basak <robie.basak@ubuntu.com>
Forwarded: no
Last-Update: 2015-09-04
Colin Watson [Mon, 13 Jan 2014 12:13:27 +0000 (12:13 +0000)]
Cope with Kubuntu setting GRUB_DISTRIBUTOR
This is not a very good approach, and certainly not sanely upstreamable;
we probably need to split GRUB_DISTRIBUTOR into a couple of different
variables.
Colin Watson [Mon, 13 Jan 2014 12:13:26 +0000 (12:13 +0000)]
Add configure option to reduce visual clutter at boot time
If this option is enabled, then do all of the following:
Don't display introductory message about line editing unless we're
actually offering a shell prompt. (This is believed to be a workaround
for a different bug. We'll go with this for now, but will drop this in
favour of a better fix upstream if somebody figures out what that is.)
Don't clear the screen just before booting if we never drew the menu in
the first place.
Remove verbose messages printed before reading configuration. In some
ways this is awkward because it makes debugging harder, but it's a
requirement for a smooth-looking boot process; we may be able to do
better in future. Upstream doesn't want this, though.
Disable the cursor as well, for similar reasons of tidiness.
Suppress kernel/initrd progress messages, except in recovery mode.
Suppress "GRUB loading" message unless Shift is held down. Upstream
doesn't want this, as it makes debugging harder. Ubuntu wants it to
provide a cleaner boot experience.
Colin Watson [Mon, 13 Jan 2014 12:13:24 +0000 (12:13 +0000)]
Skip Windows os-prober entries on Wubi systems
Since we're already being booted from the Windows boot loader, including
entries that take us back to it mostly just causes confusion, and stops
us from being able to hide the menu if there are no other OSes
installed.
Colin Watson [Mon, 13 Jan 2014 12:13:23 +0000 (12:13 +0000)]
Allow Shift to interrupt 'sleep --interruptible'
Upstream would like to consider this at more length. See
http://lists.gnu.org/archive/html/grub-devel/2009-08/msg00718.html, and
the rest of the thread for context.
Colin Watson [Mon, 13 Jan 2014 12:13:06 +0000 (12:13 +0000)]
"single" -> "recovery" when friendly-recovery is installed
If configured with --enable-ubuntu-recovery, also set nomodeset for
recovery mode, and disable 'set gfxpayload=keep' even if the system
normally supports it. See
https://launchpad.net/ubuntu/+spec/desktop-o-xorg-tools-and-processes.
Author: Stéphane Graber <stgraber@ubuntu.com>
Forwarded: no
Last-Update: 2013-12-25
Colin Watson [Mon, 13 Jan 2014 12:13:05 +0000 (12:13 +0000)]
Fall back to i386-pc if booted using EFI but -efi is missing
It may be possible, particularly in recovery situations, to be booted
using EFI on x86 when only the i386-pc target is installed. There's
nothing actually stopping us installing i386-pc from an EFI environment,
and it's better than returning a confusing error.
Colin Watson [Mon, 13 Jan 2014 12:13:03 +0000 (12:13 +0000)]
Bail out if trying to run grub-mkconfig during upgrade to 2.00
Since files in /etc/grub.d/ are conffiles, they are not put in place
until grub-common is configured, meaning that they may be out of sync
with the parts of grub-mkconfig that reside in /usr/. In GRUB 1.99,
/etc/grub.d/00_header contained a reference to ${GRUB_PREFIX}/video.lst.
This and other code from 1.99 breaks with 2.00's grub-mkconfig.
Deferring this to when grub-PLATFORM.postinst eventually runs is safe
and avoids this problem.
Colin Watson [Mon, 13 Jan 2014 12:13:01 +0000 (12:13 +0000)]
Restore grub-mkdevicemap
This is kind of a mess, requiring lots of OS-specific code to iterate
over all possible devices. However, we use it in a number of scripts to
discover devices and reimplementing those in terms of something else
would be very complicated.
Author: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Forwarded: no
Last-Update: 2018-03-16
Colin Watson [Mon, 13 Jan 2014 12:13:00 +0000 (12:13 +0000)]
Handle filesystems loop-mounted on file images
Improve prepare_grub_to_access_device to emit appropriate commands for
such filesystems, and ignore them in Linux grub.d scripts.
This is needed for Ubuntu's Wubi installation method.
This patch isn't inherently Debian/Ubuntu-specific. losetup and
/proc/mounts are Linux-specific, though, so we might need to refine this
before sending it upstream. The changes to the Linux grub.d scripts
might be better handled by integrating 10_lupin properly instead.
Colin Watson [Mon, 13 Jan 2014 12:12:57 +0000 (12:12 +0000)]
Disable gfxpayload=keep by default
Setting gfxpayload=keep has been known to cause efifb to be
inappropriately enabled. In any case, with the current Linux kernel the
result of this option is that early kernelspace will be unable to print
anything to the console, so (for example) if boot fails and you end up
dumped to an initramfs prompt, you won't be able to see anything on the
screen. As such it shouldn't be enabled by default in Debian, no matter
what kernel options are enabled.
gfxpayload=keep is a good idea but rather ahead of its time ...
Bug-Debian: http://bugs.debian.org/567245
Forwarded: no
Last-Update: 2013-12-25
Colin Watson [Fri, 16 Feb 2018 11:02:19 +0000 (11:02 +0000)]
Import replacement CRC operations from libgcrypt
Mostly backported from
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=06e122baa3321483a47bbf82fd2a4540becfa0c9,
but importing bufhelp.h from libgcrypt 1.7.0 as well. We can drop this
once GRUB updates to a newer import of libgcrypt.
The new implementation is not encumbered by the restrictive Internet
Society licence on RFCs.
i386, x86_64, ppc: fix switch fallthrough cases with GCC7
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.
In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.
In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.
In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).
Andrei Borzenkov [Tue, 14 Mar 2017 04:12:32 +0000 (04:12 +0000)]
efi: skip iPXE block device.
iPXE adds Simple File System Protocol to loaded image handle, as side
effect it also adds Block IO protocol (according to comments, to work
around some bugs in EDK2). GRUB assumes that every device with Block IO
is disk and skips network initialization entirely. But iPXE Block IO
implementation is just a stub which always fails for every operation
so cannot be used. Attempt to detect and skip such devices.
We are using media ID which iPXE sets to "iPXE" and block IO size in
hope that no real device would announce 1B block ...
Andrei Borzenkov [Sun, 26 Feb 2017 11:38:04 +0000 (14:38 +0300)]
grub-fs-tester: improve squash4 tests
1. Make sure files are not multiple of block size. This will ensure tail packing
for squash4 and may also trigger more codes paths in other filesystems.
2. Call mksquashfs with -always-use-fragments to force tail packing.
This was triggered by commit ce95549cc54b5d6f494608a7c390dba3aab4fba7;
before it we built Path Name without trailing NULL, and apparently all
other bootloaders use single File Path node, thus not exposing this bug.
Andrei Borzenkov [Fri, 24 Feb 2017 16:10:43 +0000 (19:10 +0300)]
squash4: fix handling of fragments and sparse files
1. Do not assume block list and fragment are mutually exclusive. Squash
can pack file tail as fragment (unless -no-fragments is specified); so
check read offset and read either from block list or from fragments as
appropriate.
2. Support sparse files with zero blocks.
3. Fix fragment read - frag.offset is absolute fragment position,
not offset relative to ino.chunk.
Reported and tested by Carlo Caione <carlo@endlessm.com>
In case of GRUB we put remapper after domain pages and not at 0x0.
In this case we use max_addr to put remapper. Unfortunately we increment
max_addr as well in this case resulting in virt mapping mapping page
at old max_addr and trying to boot using new max_addr.
documentation: Clarify documentation for special environment variable "default".
The current documentation for the special environment variable
"default" is confusing and unclear. This patch attempts to clean it
up.
In particular, the current documentation refers to the "number or
title", but then in the example it gives, the menu entries and
submenus all have numbers *in* their title; furthermore, there is no
example given about how to choose the number, or any indication about
whether counting is zero-indexed or 1-indexed.
Having a cleaner example and presenting all variants (numeric, title,
and id) should make it clearer to the user.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kiper [Thu, 2 Feb 2017 14:19:18 +0000 (15:19 +0100)]
i386/relocator: Align stack in grub_relocator64_efi relocator
Unified Extensible Firmware Interface Specification, Version 2.6,
section 2.3.4, x64 Platforms, boot services, says among others:
The stack must be 16-byte aligned. So, do it. Otherwise OS may
boot only by chance as it happens right now.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>