lp:~psusi/ubuntu/quantal/grub2/fix-ldm

Branch merges

Propose for merging

No branches dependent on this one.

On hold for merging into lp:ubuntu/quantal-proposed/grub2

Ubuntu Development Team: Pending requested 2012-12-03

Diff: 2237 lines (+2103/-3)

10 files modified

.pc/applied-patches (+1/-0)
.pc/ldm-require-sfs-partition.patch/Makefile.util.def (+783/-0)
.pc/ldm-require-sfs-partition.patch/grub-core/disk/ldm.c (+1010/-0)
.pc/ldm-require-sfs-partition.patch/include/grub/msdos_partition.h (+126/-0)
Makefile.util.def (+1/-1)
debian/changelog (+7/-0)
debian/patches/ldm-require-sfs-partition.patch (+136/-0)
debian/patches/series (+1/-0)
grub-core/disk/ldm.c (+37/-2)
include/grub/msdos_partition.h (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1061255: GRUB recognizes defunct LDM headers

Critical

Won't Fix

Link a bug report

Related blueprints

161. By Phillip Susi on 2012-11-28

debian/ldm-require-sfs-partition.patch: Only recognize ldm partition
table if there is an SFS partition listed in the DOS MBR (LP: #1061255)

160. By Colin Watson on 2012-10-14

* Fix incorrect initrd minimum address calculation (LP: #1055686).
* Add keystatus and loadenv to signed image (LP: #1066399).

159. By Colin Watson on 2012-10-12

Ignore symlink traversal failures in grub-mount readdir (LP: #1051306).

158. By Colin Watson on 2012-10-12

Fix patch to forbid insmod on UEFI secure boot to also forbid other
methods of loading modules (LP: #1065621).

157. By Colin Watson on 2012-10-11

Add some extra debugging to signed/unsigned kernel logic, to make it
easier to work out why it fails for some people.

156. By Colin Watson on 2012-10-10

Make embedded FAT filesystem a multiple of 32 blocks so that mtools is
happy with it.

155. By Colin Watson on 2012-10-10

GRUB's rescue parser doesn't understand 'if', so the embedded
configuration file in gcdx64.efi emitted errors. Add the memdisk
module, embed a tiny FAT filesystem containing the grub.cfg with the
search-and-chain logic, and embed a bootstrap configuration file that
loads that using 'normal'.

154. By Colin Watson on 2012-10-09

Embed a configuration file in gcdx64.efi which looks for a real boot
disk containing /.disk/info or /.disk/mini-info and chains to
/boot/grub/$platform/grub.cfg there.

153. By Colin Watson on 2012-10-08

[ Colin Watson ]
* Install signed images if UEFI Secure Boot is enabled (LP: #1063602).

[ Steve Langasek ]
* debian/patches/ubuntu_uefi_firmware_setup.patch: Output a menu entry
  for firmware setup on UEFI FastBoot systems.

152. By Colin Watson on 2012-10-07

* If the postinst is running in a container, skip grub-install and all its
  associated questions (LP: #1060404).
* Merge UEFI secure boot tweaks from Fedora:
  - Don't error on insmod on UEFI/SB, but also don't do any insmodding.
  - Add sleep to the list of modules in the signed image.
* Move Ubuntu modifications to the Fedora linuxefi patch into separate
  patches, to ease maintenance.
* Implement secure boot handling policy as outlined by Steve Langasek:
  - Make the linux module call linuxefi when necessary, simplifying
    configuration. Add the linux module to the signed image.
  - If secure boot is enabled and the kernel is signed, linux will call
    linuxefi to hand over to it without calling ExitBootServices.
  - Otherwise, linux will fall through to previous code, call
    ExitBootServices itself, and boot the kernel normally.
  - Change linuxefi to return GRUB_ERR_ACCESS_DENIED rather than
    GRUB_ERR_INVALID_COMMAND in the case of an invalid signature, to make
    it easier to implement different handling of unsigned kernels in
    future if necessary.
* Build two images for signing: one with prefix /EFI/BOOT for use on
  removable media, and one with prefix /EFI/ubuntu (and with the lvm,
  mdraid09, and mdraid1x modules added) for use on fixed disks. Setup
  mostly borrowed from Fedora.
* Generate configuration for signed UEFI kernels if available.