~beidl/grub/+git/ubuntu:check-known-sigs

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

e085fe3... by Mathieu Trudel-Lapierre on 2019-01-09

grub-check-signatures: check kernel signatures against known certs from firmware

9154019... by Mathieu Trudel-Lapierre on 2019-01-07

releasing package grub2 version 2.02+dfsg1-5ubuntu9

a053265... by Mathieu Trudel-Lapierre on 2018-12-14

  * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
    leaves a trace of what files were sourced to help generate the config
    we're building.

4c5bf7a... by Mathieu Trudel-Lapierre on 2018-12-14

grub-mkconfig: leave a trace of what files were sourced to generate the config

Patch-Name: mkconfig_leave_breadcrumbs.patch
Signed-off-by: Mathieu Trudel-Lapierre <email address hidden>

e52002f... by Steve Langasek on 2018-10-30

If we don't have writable grubenv and we're on EFI, always show the menu.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1800722

896d6d6... by Steve Langasek on 2018-10-30

If we don't have writable grubenv and we're on EFI, always show the menu

If we don't have writable grubenv, recordfail doesn't work, which means our
quickboot behavior - with a timeout of 0 - leaves the user without a
reliable way to access the boot menu if they're on UEFI, because unlike
BIOS, UEFI does not support checking the state of modifier keys (i.e.
holding down shift at boot is not detectable).

Handle this corner case by always using a non-zero timeout on EFI when
save_env doesn't work.

Reuse GRUB_RECORDFAIL_TIMEOUT to avoid introducing another variable.

Patch-Name: quick-boot-lvm.patch
Signed-off-by: Steve Langasek <email address hidden>
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1800722

b62ee93... by Mathieu Trudel-Lapierre on 2018-10-30

releasing package grub2 version 2.02+dfsg1-5ubuntu8

e4ad383... by Mathieu Trudel-Lapierre on 2018-10-17

  * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to
    the EFI removable path to avoid boot failures after install when certs
    need to be enrolled and the system's firmware is confused. (LP: #1798171)

e149961... by Chris Glass on 2018-03-09

Added initrd-less boot capabilities.

In case the kernel fails to boot without an initrd, grub will fallback
to trying to boot the kernel with an initrd.

Signed-off-by: Steve Langasek <email address hidden>

Patch-Name: add-initrd-less-boot-fallback.patch

aa62f57... by Laszlo Ersek (Red Hat) on 2016-11-23

efi/chainloader: truncate overlong relocation section

The UEFI Windows 7 boot loader ("EFI/Microsoft/Boot/bootmgfw.efi", SHA1
31b410e029bba87d2068c65a80b88882f9f8ea25) has inconsistent headers.

Compare:

> The Data Directory
> ...
> Entry 5 00000000000d9000 00000574 Base Relocation Directory [.reloc]

Versus:

> Sections:
> Idx Name Size VMA LMA File off ...
> ...
> 10 .reloc 00000e22 00000000100d9000 00000000100d9000 000a1800 ...

That is, the size reported by the RelocDir entry (0x574) is smaller than
the virtual size of the .reloc section (0xe22).

Quoting the grub2 debug log for the same:

> chainloader.c:595: reloc_dir: 0xd9000 reloc_size: 0x00000574
> chainloader.c:603: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573
> ...
> chainloader.c:620: Section 10 ".reloc" at 0x7d208000..0x7d208e21
> chainloader.c:661: section is not reloc section?
> chainloader.c:663: rds: 0x00001000, vs: 00000e22
> chainloader.c:664: base: 0x7d208000 end: 0x7d208e21
> chainloader.c:666: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573
> chainloader.c:671: Section characteristics are 42000040
> chainloader.c:673: Section virtual size: 00000e22
> chainloader.c:675: Section raw_data size: 00001000
> chainloader.c:678: Discarding section

After hexdumping "bootmgfw.efi" and manually walking its relocation blocks
(yes, really), I determined that the (smaller) RelocDir value is correct.
The remaining area that extends up to the .reloc section size (== 0xe22 -
0x574 == 0x8ae bytes) exists as zero padding in the file.

This zero padding shouldn't be passed to relocate_coff() for parsing. In
order to cope with it, split the handling of .reloc sections into the
following branches:

- original case (equal size): original behavior (--> relocation
  attempted),

- overlong .reloc section (longer than reported by RelocDir): truncate the
  section to the RelocDir size for the purposes of relocate_coff(), and
  attempt relocation,

- .reloc section is too short, or other checks fail: original behavior
  (--> relocation not attempted).

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291
Signed-off-by: Laszlo Ersek <email address hidden>
Patch-Name: linuxefi_truncate_overlong_relocs.patch
Last-Update: 2018-09-25