Created by Phillip Susi on 2012-11-28 and last modified on 2012-11-29
Get this branch:
bzr branch lp:~psusi/ubuntu/quantal/grub2/fix-ldm
Only Phillip Susi can upload to this branch. If you are Phillip Susi please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Phillip Susi

Recent revisions

161. By Phillip Susi on 2012-11-28

debian/ldm-require-sfs-partition.patch: Only recognize ldm partition
table if there is an SFS partition listed in the DOS MBR (LP: #1061255)

160. By Colin Watson on 2012-10-14

* Fix incorrect initrd minimum address calculation (LP: #1055686).
* Add keystatus and loadenv to signed image (LP: #1066399).

159. By Colin Watson on 2012-10-12

Ignore symlink traversal failures in grub-mount readdir (LP: #1051306).

158. By Colin Watson on 2012-10-12

Fix patch to forbid insmod on UEFI secure boot to also forbid other
methods of loading modules (LP: #1065621).

157. By Colin Watson on 2012-10-11

Add some extra debugging to signed/unsigned kernel logic, to make it
easier to work out why it fails for some people.

156. By Colin Watson on 2012-10-10

Make embedded FAT filesystem a multiple of 32 blocks so that mtools is
happy with it.

155. By Colin Watson on 2012-10-10

GRUB's rescue parser doesn't understand 'if', so the embedded
configuration file in gcdx64.efi emitted errors. Add the memdisk
module, embed a tiny FAT filesystem containing the grub.cfg with the
search-and-chain logic, and embed a bootstrap configuration file that
loads that using 'normal'.

154. By Colin Watson on 2012-10-09

Embed a configuration file in gcdx64.efi which looks for a real boot
disk containing /.disk/info or /.disk/mini-info and chains to
/boot/grub/$platform/grub.cfg there.

153. By Colin Watson on 2012-10-08

[ Colin Watson ]
* Install signed images if UEFI Secure Boot is enabled (LP: #1063602).

[ Steve Langasek ]
* debian/patches/ubuntu_uefi_firmware_setup.patch: Output a menu entry
  for firmware setup on UEFI FastBoot systems.

152. By Colin Watson on 2012-10-07

* If the postinst is running in a container, skip grub-install and all its
  associated questions (LP: #1060404).
* Merge UEFI secure boot tweaks from Fedora:
  - Don't error on insmod on UEFI/SB, but also don't do any insmodding.
  - Add sleep to the list of modules in the signed image.
* Move Ubuntu modifications to the Fedora linuxefi patch into separate
  patches, to ease maintenance.
* Implement secure boot handling policy as outlined by Steve Langasek:
  - Make the linux module call linuxefi when necessary, simplifying
    configuration. Add the linux module to the signed image.
  - If secure boot is enabled and the kernel is signed, linux will call
    linuxefi to hand over to it without calling ExitBootServices.
  - Otherwise, linux will fall through to previous code, call
    ExitBootServices itself, and boot the kernel normally.
  - Change linuxefi to return GRUB_ERR_ACCESS_DENIED rather than
    GRUB_ERR_INVALID_COMMAND in the case of an invalid signature, to make
    it easier to implement different handling of unsigned kernels in
    future if necessary.
* Build two images for signing: one with prefix /EFI/BOOT for use on
  removable media, and one with prefix /EFI/ubuntu (and with the lvm,
  mdraid09, and mdraid1x modules added) for use on fixed disks. Setup
  mostly borrowed from Fedora.
* Generate configuration for signed UEFI kernels if available.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.