Merge ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu-2.06-clean into ~ubuntu-core-dev/grub/+git/ubuntu:debian-unapplied
- Git
- lp:~ubuntu-core-dev/grub/+git/ubuntu
- ubuntu-2.06-clean
- Merge into debian-unapplied
Status: | Work in progress | ||||
---|---|---|---|---|---|
Proposed branch: | ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu-2.06-clean | ||||
Merge into: | ~ubuntu-core-dev/grub/+git/ubuntu:debian-unapplied | ||||
Diff against target: |
30150 lines (+20897/-1697) 129 files modified
debian/build-efi-images (+14/-9) debian/canonical-uefi-ca.crt (+25/-0) debian/changelog (+1325/-0) debian/control (+17/-14) debian/dirs.in (+1/-0) debian/grub-check-signatures (+129/-0) debian/grub-common.dirs (+1/-0) debian/grub-common.install.in (+4/-0) debian/grub-common.service (+15/-0) debian/grub-common.templates (+53/-0) debian/grub-efi-amd64-bin.maintscript.in (+1/-0) debian/grub-efi-arm64-bin.maintscript.in (+1/-0) debian/grub-multi-install (+417/-0) debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch (+117/-0) debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch (+47/-0) debian/patches/cherrypick-efi-grub_efi_close_protocol.patch (+79/-0) debian/patches/cherrypick-efinet-correct-closing-snp-protocol.patch (+106/-0) debian/patches/efi-variable-storage-minimise-writes.patch (+3/-3) debian/patches/gfxpayload-dynamic.patch (+1/-1) debian/patches/grub-install-pvxen-paths.patch (+3/-3) debian/patches/install-efi-adjust-distributor.patch (+1/-1) debian/patches/install-powerpc-machtypes.patch (+1/-1) debian/patches/no-insmod-on-sb.patch (+45/-0) debian/patches/pc-verifiers-module.patch (+1/-1) debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch (+23/-0) debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch (+26/-0) debian/patches/rhboot-f34-make-exit-take-a-return-code.patch (+268/-0) debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch (+213/-0) debian/patches/series (+47/-5) debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch (+68/-0) debian/patches/suse-add-support-for-UEFI-network-protocols.patch (+4941/-0) debian/patches/suse-grub.texi-add-net_bootp6-document.patch (+49/-0) debian/patches/ubuntu-add-devicetree-command-support.patch (+51/-0) debian/patches/ubuntu-add-initrd-less-boot-fallback.patch (+214/-0) debian/patches/ubuntu-add-initrd-less-boot-messages.patch (+68/-0) debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch (+68/-0) debian/patches/ubuntu-dont-verify-loopback-images.patch (+36/-0) debian/patches/ubuntu-efi-allow-loopmount-chainload.patch (+126/-0) debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch (+29/-0) debian/patches/ubuntu-fix-reproducible-squashfs-test.patch (+30/-0) debian/patches/ubuntu-flavour-order.patch (+60/-0) debian/patches/ubuntu-grub-install-extra-removable.patch (+64/-38) debian/patches/ubuntu-install-signed.patch (+33/-30) debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch (+68/-0) debian/patches/ubuntu-linuxefi-arm64.patch (+184/-0) debian/patches/ubuntu-linuxefi.patch (+2579/-0) debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch (+28/-0) debian/patches/ubuntu-recovery-dis_ucode_ldr.patch (+83/-0) debian/patches/ubuntu-resilient-boot-boot-order.patch (+230/-0) debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch (+207/-0) debian/patches/ubuntu-shorter-version-info.patch (+40/-0) debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch (+58/-0) debian/patches/ubuntu-speed-zsys-history.patch (+157/-0) debian/patches/ubuntu-support-initrd-less-boot.patch (+81/-0) debian/patches/ubuntu-temp-keep-auto-nvram.patch (+38/-0) debian/patches/ubuntu-zfs-enhance-support.patch (+1047/-0) debian/patches/ubuntu-zfs-gfxpayload-dynamic.patch (+95/-0) debian/patches/ubuntu-zfs-gfxpayload-keep-default.patch (+38/-0) debian/patches/ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch (+32/-0) debian/patches/ubuntu-zfs-maybe-quiet.patch (+72/-0) debian/patches/ubuntu-zfs-mkconfig-recovery-title.patch (+49/-0) debian/patches/ubuntu-zfs-mkconfig-signed-kernel.patch (+51/-0) debian/patches/ubuntu-zfs-mkconfig-ubuntu-distributor.patch (+36/-0) debian/patches/ubuntu-zfs-mkconfig-ubuntu-recovery.patch (+66/-0) debian/patches/ubuntu-zfs-quick-boot.patch (+50/-0) debian/patches/ubuntu-zfs-vt-handoff.patch (+77/-0) debian/patches/uefi-secure-boot-cryptomount.patch (+2/-2) debian/patches/zstd-require-8-byte-buffer.patch (+63/-0) debian/po/ar.po (+99/-18) debian/po/ast.po (+107/-18) debian/po/be.po (+118/-18) debian/po/bg.po (+119/-18) debian/po/ca.po (+120/-18) debian/po/cs.po (+118/-18) debian/po/cy.po (+109/-18) debian/po/da.po (+119/-18) debian/po/de.po (+122/-18) debian/po/dz.po (+107/-18) debian/po/el.po (+120/-18) debian/po/eo.po (+118/-18) debian/po/es.po (+119/-18) debian/po/eu.po (+118/-18) debian/po/fa.po (+108/-18) debian/po/fi.po (+118/-18) debian/po/fr.po (+120/-18) debian/po/gl.po (+108/-18) debian/po/gu.po (+106/-18) debian/po/he.po (+117/-18) debian/po/hr.po (+118/-18) debian/po/hu.po (+109/-18) debian/po/id.po (+107/-18) debian/po/is.po (+119/-18) debian/po/it.po (+120/-18) debian/po/ja.po (+119/-18) debian/po/ka.po (+87/-18) debian/po/kk.po (+119/-18) debian/po/km.po (+106/-18) debian/po/ko.po (+118/-18) debian/po/lt.po (+118/-18) debian/po/lv.po (+118/-18) debian/po/mr.po (+117/-18) debian/po/nb.po (+119/-18) debian/po/nl.po (+120/-18) debian/po/pl.po (+120/-18) debian/po/pt.po (+120/-18) debian/po/pt_BR.po (+120/-18) debian/po/ro.po (+119/-18) debian/po/ru.po (+118/-18) debian/po/si.po (+106/-18) debian/po/sk.po (+107/-18) debian/po/sl.po (+118/-18) debian/po/sq.po (+105/-18) debian/po/sr.po (+107/-18) debian/po/sr@latin.po (+107/-18) debian/po/sv.po (+119/-18) debian/po/ta.po (+106/-18) debian/po/templates.pot (+87/-18) debian/po/th.po (+117/-18) debian/po/tr.po (+118/-18) debian/po/ug.po (+119/-18) debian/po/uk.po (+118/-18) debian/po/vi.po (+119/-18) debian/po/zh_CN.po (+105/-18) debian/po/zh_TW.po (+116/-18) debian/postinst.in (+96/-12) debian/rules (+93/-10) debian/sbat.ubuntu.csv.in (+3/-0) debian/templates.in (+78/-8) dev/null (+0/-551) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu Core Development Team | Pending | ||
Review via email: mp+412515@code.launchpad.net |
Commit message
Description of the change
Rebase of the Ubuntu changes against the Debian branch.
DO NOT MERGE: The target branch is set against the debian branch to review the delta against Debian.
- 652be79... by Julian Andres Klode
-
reconstruct changelog
- a7c790c... by Julian Andres Klode
-
UBUNTU: Revert "Add jfs module to signed UEFI images. Closes: #950959"
This reverts commit e24c17ada73c634
9be75eb2bfb099f 707f7ff7e0. - bf0a542... by Julian Andres Klode
-
UBUNTU: Revert "Add f2fs module to signed UEFI images"
This reverts commit 146d21cc9db01cc
a6f945e466e4adc 31d165782b. - 356f550... by Julian Andres Klode
-
Rebase the remaining Ubuntu patchset
- 186f7ca... by Julian Andres Klode
-
Install grub-initrd-
fallback. service again - 0ec8089... by Julian Andres Klode
-
UBUNTU: Replace linuxefi.patch with ubuntu one
Ours has arm64 support.
- 441a61c... by Julian Andres Klode
-
UBUNTU: Replace install-
signed. patch by ubuntu one - 3f8f647... by Julian Andres Klode
-
Fix zstd build on s390x
- 9abec3a... by Julian Andres Klode
-
cherrypick efinet SNP closing fixes
Unmerged commits
- 652be79... by Julian Andres Klode
-
reconstruct changelog
- 9abec3a... by Julian Andres Klode
-
cherrypick efinet SNP closing fixes
- 3f8f647... by Julian Andres Klode
-
Fix zstd build on s390x
- 1bf8752... by Julian Andres Klode
-
merge debian/po/
This is not strictly necessary but cleans the merge up
- 1fa2a0d... by Julian Andres Klode
-
Merge changelog
- 186f7ca... by Julian Andres Klode
-
Install grub-initrd-
fallback. service again - 356f550... by Julian Andres Klode
-
Rebase the remaining Ubuntu patchset
- bf0a542... by Julian Andres Klode
-
UBUNTU: Revert "Add f2fs module to signed UEFI images"
This reverts commit 146d21cc9db01cc
a6f945e466e4adc 31d165782b. - a7c790c... by Julian Andres Klode
-
UBUNTU: Revert "Add jfs module to signed UEFI images. Closes: #950959"
This reverts commit e24c17ada73c634
9be75eb2bfb099f 707f7ff7e0. - 443797f... by Dimitri John Ledkov
-
grub-common.
service: port init.d script to systemd unit. Add warning message, when initrdless boot fails triggering fallback. LP: #1901553
Preview Diff
1 | diff --git a/debian/build-efi-images b/debian/build-efi-images |
2 | index 5ac6676..3e6efd0 100755 |
3 | --- a/debian/build-efi-images |
4 | +++ b/debian/build-efi-images |
5 | @@ -71,6 +71,8 @@ EOF |
6 | cat >"$workdir/grub-netboot.cfg" <<EOF |
7 | if [ -e \$prefix/$platform/grub.cfg ]; then |
8 | source \$prefix/$platform/grub.cfg |
9 | +elif [ -e \$prefix/grub.cfg-$deb_arch ]; then |
10 | + source \$prefix/grub.cfg-default-$deb_arch |
11 | else |
12 | source \$prefix/grub.cfg |
13 | fi |
14 | @@ -95,7 +97,6 @@ CD_MODULES=" |
15 | ext2 |
16 | fat |
17 | font |
18 | - f2fs |
19 | gettext |
20 | gfxmenu |
21 | gfxterm |
22 | @@ -105,7 +106,6 @@ CD_MODULES=" |
23 | help |
24 | hfsplus |
25 | iso9660 |
26 | - jfs |
27 | jpeg |
28 | keystatus |
29 | loadenv |
30 | @@ -133,6 +133,7 @@ CD_MODULES=" |
31 | search_fs_file |
32 | search_label |
33 | sleep |
34 | + smbios |
35 | squash4 |
36 | test |
37 | true |
38 | @@ -187,6 +188,7 @@ GRUB_MODULES="$CD_MODULES |
39 | raid6rec |
40 | " |
41 | NET_MODULES="$CD_MODULES |
42 | + http |
43 | tftp |
44 | " |
45 | |
46 | @@ -218,12 +220,15 @@ echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name.efi" |
47 | # Special network boot image for d-i to use. Just the same as the |
48 | # normal network boot image, but with a different value baked in for |
49 | # the prefix setting |
50 | -echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name-installer.efi" |
51 | -"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \ |
52 | - -d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \ |
53 | - -m "$workdir/memdisk-netboot.fat" \ |
54 | - -p "/${efi_vendor}-installer/$deb_arch/grub" \ |
55 | - --sbat "$sbat_csv" \ |
56 | - $NET_MODULES |
57 | +# |
58 | +# but not on Ubuntu LP: #1863994 |
59 | +# |
60 | +#echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name-installer.efi" |
61 | +#"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \ |
62 | +# -d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \ |
63 | +# -m "$workdir/memdisk-netboot.fat" \ |
64 | +# -p "/${efi_vendor}-installer/$deb_arch/grub" \ |
65 | +# --sbat "$sbat_csv" \ |
66 | +# $NET_MODULES |
67 | |
68 | exit 0 |
69 | diff --git a/debian/canonical-uefi-ca.crt b/debian/canonical-uefi-ca.crt |
70 | new file mode 100644 |
71 | index 0000000..55c06d5 |
72 | --- /dev/null |
73 | +++ b/debian/canonical-uefi-ca.crt |
74 | @@ -0,0 +1,25 @@ |
75 | +-----BEGIN CERTIFICATE----- |
76 | +MIIENDCCAxygAwIBAgIJALlBJKAYLJJnMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD |
77 | +VQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xEDAOBgNVBAcMB0RvdWdsYXMx |
78 | +FzAVBgNVBAoMDkNhbm9uaWNhbCBMdGQuMTQwMgYDVQQDDCtDYW5vbmljYWwgTHRk |
79 | +LiBNYXN0ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDQxMjExMTI1MVoX |
80 | +DTQyMDQxMTExMTI1MVowgYQxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9m |
81 | +IE1hbjEQMA4GA1UEBwwHRG91Z2xhczEXMBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4x |
82 | +NDAyBgNVBAMMK0Nhbm9uaWNhbCBMdGQuIE1hc3RlciBDZXJ0aWZpY2F0ZSBBdXRo |
83 | +b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/WzoWdO4hXa5h |
84 | +7Z1WrL3e3nLz3X4tTGIPrMBtSAgRz42L+2EfJ8wRbtlVPTlU60A7sbvihTR5yvd7 |
85 | +v7p6yBAtGX2tWc+m1OlOD9quUupMnpDOxpkNTmdleF350dU4Skp6j5OcfxqjhdvO |
86 | ++ov3wqIhLZtUQTUQVxONbLwpBlBKfuqZqWinO8cHGzKeoBmHDnm7aJktfpNS5fbr |
87 | +yZv5K+24aEm82ZVQQFvFsnGq61xX3nH5QArdW6wehC1QGlLW4fNrbpBkT1u06yDk |
88 | +YRDaWvDq5ELXAcT+IR/ZucBUlUKBUnIfSWR6yGwk8QhwC02loDLRoBxXqE3jr6WO |
89 | +BQU+EEOhAgMBAAGjgaYwgaMwHQYDVR0OBBYEFK2RmQvCKrH1FwSMI7ZlWiaONFpj |
90 | +MB8GA1UdIwQYMBaAFK2RmQvCKrH1FwSMI7ZlWiaONFpjMA8GA1UdEwEB/wQFMAMB |
91 | +Af8wCwYDVR0PBAQDAgGGMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93d3cuY2Fu |
92 | +b25pY2FsLmNvbS9zZWN1cmUtYm9vdC1tYXN0ZXItY2EuY3JsMA0GCSqGSIb3DQEB |
93 | +CwUAA4IBAQA/ffZ2pbODtCt60G1SGgODxBKnUJxHkszAlHeC0q5Xs5kE9TI6xlUd |
94 | +B9sSqVb62NR2IOvkw1Hbmlyckj8Yc9qUaqGZOIykiG3B/Dlx0HR2FgM+ViM11VVH |
95 | +WxodQcLTEkzc/64KkpxiChcBnHPgXrH9vNa1GRF6fs0+A35m21uoyTlIUf9T4Zwx |
96 | +U5EbOxB1Axe65oECgJRwTEa3lLA9Fc0fjgLgaAKP+/lHHX2iAcYHUcSazO3dz6Nd |
97 | +7ZK7vtH95uwfM1FzBL48crB9CPgB/5h9y5zgaTl3JUdxiLGNJ6UuqPc/X4Bplz6p |
98 | +9JkU284DDgtmxBxtvbgnd8FClL38agq8 |
99 | +-----END CERTIFICATE----- |
100 | diff --git a/debian/changelog b/debian/changelog |
101 | index 7219e57..7dc537d 100644 |
102 | --- a/debian/changelog |
103 | +++ b/debian/changelog |
104 | @@ -1,3 +1,103 @@ |
105 | +grub2 (2.06-2ubuntu0~uefi5) jammy; urgency=medium |
106 | + |
107 | + * Merge from Debian unstable; remaining changes: |
108 | + - Build without lto |
109 | + - Add Ubuntu sbat data |
110 | + - Make prebuilt netboot image look for MAAS grub.cfg |
111 | + - build-efi-images: add smbios module to the prebuilt signed EFI images |
112 | + (LP: 1856424) |
113 | + - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 |
114 | + - build-efi-images: Add http to netboot images |
115 | + - grub-common: Install canonical-uefi-ca.crt |
116 | + - Check signatures |
117 | + - minilzo: built using the distribution's minilzo |
118 | + - Support installing to multiple ESP (LP: 1871821) |
119 | + - Disable various bits on i386 |
120 | + - Split out unsigned artefacts into grub2-unsigned |
121 | + - Vcs-Git: Point to ubuntu packaging branch |
122 | + - Relax dependencies on grub-common and grub2-common |
123 | + - grub-pc: Avoid the possibility of breaking grub on SRU update due |
124 | + to ABI change |
125 | + - UBUNTU: Default timeout changes |
126 | + - Disable os-prober for ppc64el on the PowerNV platform (for Petitboot) |
127 | + - dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) |
128 | + - Link grub-efi-{amd64,arm64}-bin docs directory |
129 | + - grub-common.service: port init.d script to systemd unit. Add warning |
130 | + message, when initrdless boot fails triggering fallback. LP: 1901553 |
131 | + - Removed patches: |
132 | + - grub-install-extra-removable.patch |
133 | + - grub-install-removable-shim.patch |
134 | + - Added patches: |
135 | + + ubuntu-grub-install-extra-removable.patch |
136 | + + ubuntu-zfs-enhance-support.patch |
137 | + + ubuntu-zfs-gfxpayload-keep-default.patch |
138 | + + ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
139 | + + ubuntu-zfs-mkconfig-signed-kernel.patch |
140 | + + ubuntu-zfs-maybe-quiet.patch |
141 | + + ubuntu-zfs-quick-boot.patch |
142 | + + ubuntu-zfs-gfxpayload-dynamic.patch |
143 | + + ubuntu-zfs-vt-handoff.patch |
144 | + + ubuntu-zfs-mkconfig-recovery-title.patch |
145 | + + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
146 | + + ubuntu-support-initrd-less-boot.patch |
147 | + + ubuntu-shorter-version-info.patch |
148 | + + ubuntu-add-initrd-less-boot-fallback.patch |
149 | + + ubuntu-mkconfig-leave-breadcrumbs.patch |
150 | + + ubuntu-fix-lzma-decompressor-objcopy.patch |
151 | + + ubuntu-temp-keep-auto-nvram.patch |
152 | + + ubuntu-add-devicetree-command-support.patch |
153 | + + ubuntu-boot-from-multipath-dependent-symlink.patch |
154 | + + ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch |
155 | + + ubuntu-efi-allow-loopmount-chainload.patch |
156 | + + 0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch |
157 | + + ubuntu-resilient-boot-ignore-alternative-esps.patch |
158 | + + ubuntu-resilient-boot-boot-order.patch |
159 | + + ubuntu-speed-zsys-history.patch |
160 | + + ubuntu-flavour-order.patch |
161 | + + ubuntu-dont-verify-loopback-images.patch |
162 | + + ubuntu-recovery-dis_ucode_ldr.patch |
163 | + + ubuntu-linuxefi-arm64.patch |
164 | + + ubuntu-add-initrd-less-boot-messages.patch |
165 | + + ubuntu-fix-reproducible-squashfs-test.patch |
166 | + + rhboot-f34-make-exit-take-a-return-code.patch |
167 | + + rhboot-f34-dont-use-int-for-efi-status.patch |
168 | + + rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
169 | + + suse-add-support-for-UEFI-network-protocols.patch |
170 | + + suse-AUDIT-0-http-boot-tracker-bug.patch |
171 | + + rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
172 | + + 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch |
173 | + * Dropped changes: |
174 | + - Remove obsolete dependencies on dh-autoreconf and automake |
175 | + - Remove explicit --with systemd in debhelper invocation |
176 | + - Remove debian/gettext-patches; they do not seem to be necessary anymore |
177 | + - Remove inadvertent change to debian/signing-template.json.in, we do not |
178 | + use that file anyway. |
179 | + - Merged upstream: |
180 | + + merged: 0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch |
181 | + + merged: 0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch |
182 | + + merged security patches 0081-0105, and 0128-0240 |
183 | + + various cherry picks: cherry-* and cherrypick-*.patch |
184 | + + grub-install-backup-and-restore.patch |
185 | + + uefi-firmware-setup.patch |
186 | + + sleep-shift.patch |
187 | + + vsnprintf-upper-case-hex.patch |
188 | + + rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch |
189 | + + suse-search-for-specific-config-files-for-netboot.patch |
190 | + + tftp-rollover-block-counter.patch |
191 | + + ubuntu-efi-console-set-text-mode-as-needed.patch |
192 | + - Merged in Debian: |
193 | + + install-efi-ubuntu-flavours.patch |
194 | + + ubuntu-dejavu-font-path.patch |
195 | + + ubuntu-tpm-unknown-error-non-fatal.patch |
196 | + - Not applicable: |
197 | + + 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch: The |
198 | + check has been removed. |
199 | + * Fix zstd build on s390x |
200 | + * Cherry-pick two upstream fixes to fix closing of SNP protocol in EFI |
201 | + networking stack |
202 | + |
203 | + -- Julian Andres Klode <juliank@ubuntu.com> Tue, 07 Dec 2021 11:34:30 +0100 |
204 | + |
205 | grub2 (2.06-2) unstable; urgency=medium |
206 | |
207 | * Update to minilzo-2.10, fixing build failures on armel, mips64el, |
208 | @@ -420,6 +520,705 @@ grub2 (2.04-2) unstable; urgency=medium |
209 | |
210 | -- Colin Watson <cjwatson@debian.org> Sat, 03 Aug 2019 13:42:49 +0100 |
211 | |
212 | +grub2 (2.04-1ubuntu48) jammy; urgency=medium |
213 | + |
214 | + * d/p/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch: |
215 | + Fix "error: can't find command `hwmatch'." on non-i386/pc |
216 | + platforms such as x86_64/efi. (LP: #1840560) |
217 | + |
218 | + -- Mauricio Faria de Oliveira <mfo@canonical.com> Thu, 04 Nov 2021 10:48:06 -0300 |
219 | + |
220 | +grub2 (2.04-1ubuntu47) impish; urgency=medium |
221 | + |
222 | + * Drop grub.cfg-400.patch (LP: #1933826) |
223 | + |
224 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 02 Sep 2021 14:37:43 +0200 |
225 | + |
226 | +grub2 (2.04-1ubuntu46) impish; urgency=medium |
227 | + |
228 | + * debian/grub-common.service: change type to oneshot, add wantedby |
229 | + sleep.target, after sleep.target. The service will now start after |
230 | + resume from hybernation. LP: #1929860 |
231 | + * grub-initrd-fallback.service: add wantedby sleep.target, after |
232 | + sleep.target. The service will now start after resume from |
233 | + hybernation. LP: #1929860 |
234 | + * cherrypick upstream fix to make armhf efi boot work. LP: #1788940 |
235 | + * debian/rules: disable LTO. LP: #1922005 |
236 | + * grub-initrd-fallback.service, debian/grub-common.service: only start |
237 | + units when booted with grub. Use presence of /boot/grub/grub.cfg as |
238 | + proxy. LP: #1925507 |
239 | + * tests: patch qemu command to use ide-hd instead of the removed |
240 | + ide-drive. |
241 | + |
242 | + -- Dimitri John Ledkov <dimitri.ledkov@canonical.com> Fri, 16 Jul 2021 14:01:31 +0100 |
243 | + |
244 | +grub2 (2.04-1ubuntu45) hirsute; urgency=medium |
245 | + |
246 | + * Unapply all patches. |
247 | + * Stop using git-dpm. |
248 | + * Start using gbp pq import|export --no-patch-numbers, this brings grub2 |
249 | + packaging closer to other non-debian distributions. |
250 | + * It would be nice to separate patches into topic subdirs - |
251 | + i.e. reverts, upstream cherry picks, debian, ubuntu, rhel, security, |
252 | + etc. |
253 | + * Drop redundant dh-systemd build-dependency. |
254 | + |
255 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 30 Mar 2021 11:55:05 +0100 |
256 | + |
257 | +grub2 (2.04-1ubuntu44) hirsute; urgency=medium |
258 | + |
259 | + * Compile grub-efi-amd64 installable i386 platform on hirsute, to make |
260 | + it available in bionic and earlier as part of onegrub builds. |
261 | + |
262 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 03 Mar 2021 11:42:28 +0000 |
263 | + |
264 | +grub2 (2.04-1ubuntu42) hirsute; urgency=medium |
265 | + |
266 | + * SECURITY UPDATE: acpi command allows privilleged user to load crafted |
267 | + ACPI tables when secure boot is enabled. |
268 | + - 0126-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch: Don't |
269 | + register the acpi command when secure boot is enabled. |
270 | + - CVE-2020-14372 |
271 | + * SECURITY UPDATE: use-after-free in rmmod command |
272 | + - 0128-dl-Only-allow-unloading-modules-that-are-not-depende.patch: Don't |
273 | + allow rmmod to unload modules that are dependencies of other modules. |
274 | + - CVE-2020-25632 |
275 | + * SECURITY UPDATE: out-of-bound write in grub_usb_device_initialize() |
276 | + - 0129-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch |
277 | + - CVE-2020-25647 |
278 | + * SECURITY UPDATE: Stack buffer overflow in grub_parser_split_cmdline |
279 | + - 0206-kern-parser-Introduce-process_char-helper.patch, |
280 | + 0207-kern-parser-Introduce-terminate_arg-helper.patch, |
281 | + 0208-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch, |
282 | + 0209-kern-buffer-Add-variable-sized-heap-buffer.patch, |
283 | + 0210-kern-parser-Fix-a-stack-buffer-overflow.patch: Add a variable |
284 | + sized heap buffer type and use this. |
285 | + - CVE-2020-27749 |
286 | + * SECURITY UPDATE: cutmem command allows privileged user to remove memory |
287 | + regions when Secure Boot is enabled. |
288 | + - 0127-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch: |
289 | + Don't register cutmem and badram commands when secure boot is enabled. |
290 | + - CVE-2020-27779 |
291 | + * SECURITY UPDATE: heap out-of-bounds write in short form option parser. |
292 | + - 0173-lib-arg-Block-repeated-short-options-that-require-an.patch: |
293 | + Block repeated short options that require an argument. |
294 | + - CVE-2021-20225 |
295 | + * SECURITY UPDATE: heap out-of-bound write due to mis-calculation of space |
296 | + required for quoting. |
297 | + - 0175-commands-menuentry-Fix-quoting-in-setparams_prefix.patch: Fix |
298 | + quoting in setparams_prefix() |
299 | + - CVE-2021-20233 |
300 | + * Partially backport the lockdown framework to restrict certain features |
301 | + when secure boot is enabled. |
302 | + * Backport various fixes for Coverity defects. |
303 | + * Add SBAT metadata to the grub EFI binary. |
304 | + - Backport patches to support adding SBAT metadata with grub-mkimage: |
305 | + + 0212-util-mkimage-Remove-unused-code-to-add-BSS-section.patch |
306 | + + 0213-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch |
307 | + + 0214-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch |
308 | + + 0215-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch |
309 | + + 0216-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch |
310 | + + 0217-util-mkimage-Improve-data_size-value-calculation.patch |
311 | + + 0218-util-mkimage-Refactor-section-setup-to-use-a-helper.patch |
312 | + + 0219-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch |
313 | + - Add debian/sbat.csv.in |
314 | + - Update debian/build-efi-image and debian/rules |
315 | + |
316 | + [ Dimitri John Ledkov & Steve Langasek LP: #1915536 ] |
317 | + * Allow grub-efi-amd64|arm64 & -bin & -dbg be built by |
318 | + src:grub2-unsigned (potentially of a higher version number). |
319 | + * Add debian/rules generate-grub2-unsigned target to quickly build |
320 | + src:grub2-unsigned for binary-copy backports. |
321 | + * postinst: allow postinst to with with or without grub-multi-install |
322 | + binary. |
323 | + * postinst: allow using various grub-install options to achieve |
324 | + --no-extra-removable. |
325 | + * postinst: only call grub-check-signatures if it exists. |
326 | + * control: relax dependency on grub2-common, as maintainer script got |
327 | + fixed up to work with grub2-common/grub-common as far back as trusty. |
328 | + * control: allow higher version depdencies from grub-efi package. |
329 | + * dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) as |
330 | + postinst script uses that directory, and yet relies on grub-common to |
331 | + create/ship it, which is not true in older releases. Also make sure |
332 | + dh_installdirs runs after the .dirs files are generated. |
333 | + |
334 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 23 Feb 2021 16:23:39 +0000 |
335 | + |
336 | +grub2 (2.04-1ubuntu41) hirsute; urgency=medium |
337 | + |
338 | + * No-change rebuild to drop the udeb package. |
339 | + |
340 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:33:38 +0100 |
341 | + |
342 | +grub2 (2.04-1ubuntu40) hirsute; urgency=medium |
343 | + |
344 | + * Revert: rhboot-f34-tcp-add-window-scaling-support.patch, |
345 | + rhboot-f34-support-non-ethernet.patch, |
346 | + ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, |
347 | + ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS |
348 | + LXD KVM pod deployments. LP: #1915288 |
349 | + |
350 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 12 Feb 2021 20:29:16 +0000 |
351 | + |
352 | +grub2 (2.04-1ubuntu39) hirsute; urgency=medium |
353 | + |
354 | + * Cherrypick a bunch of patches: |
355 | + - fix crash in http LP: #1915288 |
356 | + - add bootp6 documentation |
357 | + - add support for UEFI boot protocols |
358 | + - use UEFI protocols for http & https networking |
359 | + - make netboot search for by-mac/by-uuid/by-ip for grub.cfg |
360 | + - update documentation for netboot search paths of grub.cfg |
361 | + * Make prebuilt netboot image look for MAAS grub.cfg |
362 | + * Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815 |
363 | + |
364 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 12 Feb 2021 00:42:07 +0000 |
365 | + |
366 | +grub2 (2.04-1ubuntu38) hirsute; urgency=medium |
367 | + |
368 | + [ Jean-Baptiste Lallement ] |
369 | + [ Didier Roche ] |
370 | + * Fix warnings during grub menu generation. Thanks wdoekes for the patch |
371 | + (LP: #1898177) |
372 | + - Fix warnings when bpool doesn't exist. |
373 | + - Fix warnings when snapshot name contains dashes. |
374 | + * Do not fail to generate grub menu when name of the snapshot contains |
375 | + spaces. (LP: #1903524) |
376 | + |
377 | + -- Jean-Baptiste Lallement <jean-baptiste.lallement@ubuntu.com> Mon, 08 Feb 2021 10:50:21 +0100 |
378 | + |
379 | +grub2 (2.04-1ubuntu37) hirsute; urgency=medium |
380 | + |
381 | + * debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch |
382 | + to correctly initialyze the names of the modules to restore. LP: |
383 | + #1907085 |
384 | + * 10_linux: emit messages when initrdless boot is configured, attempted |
385 | + and fails triggering fallback. LP: #1901553 |
386 | + * grub-common.service: port init.d script to systemd unit. Add warning |
387 | + message, when initrdless boot fails triggering fallback. LP: #1901553 |
388 | + * debian/rules: undo po/ directory patching in |
389 | + override_dh_autoreconf_clean. |
390 | + * minilzo: built using the distribution's minilzo |
391 | + * ubuntu-fix-reproducible-squashfs-test.patch: fix squashfs-test with |
392 | + new squashfs-tools in hirsute. |
393 | + * rhboot-f34-make-exit-take-a-return-code.patch, |
394 | + rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit |
395 | + non-zero under EFI, this should allow falling back to the next |
396 | + BootOrder BootEntry. |
397 | + * rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot |
398 | + transfer speed. |
399 | + * rhboot-f34-support-non-ethernet.patch, |
400 | + ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, |
401 | + ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: |
402 | + add support for link layer addresses of up to 32-bytes. |
403 | + * rhboot-f34-make-pmtimer-tsc-calibration-fast.patch: |
404 | + speed up calibration time, especially when booting VMs. |
405 | + |
406 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 12 Dec 2020 00:50:47 +0000 |
407 | + |
408 | +grub2 (2.04-1ubuntu36) hirsute; urgency=medium |
409 | + |
410 | + * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels |
411 | + on arm64 by setting the image base address before jumping to the |
412 | + PE/COFF entry point LP: #1900774 |
413 | + * Fix tftp timeouts when fetch large files. LP: #1900773 |
414 | + |
415 | + -- dann frazier <dannf@ubuntu.com> Wed, 11 Nov 2020 07:17:49 -0700 |
416 | + |
417 | +grub2 (2.04-1ubuntu35) groovy; urgency=medium |
418 | + |
419 | + * postinst.in, grub-multi-install: fix logic of skipping installing onto |
420 | + any device, if one chose to not install bootloader on any device. LP: |
421 | + #1896608 |
422 | + * Do not finalize params twice on arm64. LP: #1897819 |
423 | + |
424 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 01 Oct 2020 22:59:51 +0800 |
425 | + |
426 | +grub2 (2.04-1ubuntu34) groovy; urgency=medium |
427 | + |
428 | + * configure.ac: one more dejavu font search path |
429 | + |
430 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 14 Sep 2020 10:53:07 +0100 |
431 | + |
432 | +grub2 (2.04-1ubuntu33) groovy; urgency=medium |
433 | + |
434 | + * Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core. |
435 | + |
436 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 13 Sep 2020 23:49:08 -0700 |
437 | + |
438 | +grub2 (2.04-1ubuntu32) groovy; urgency=medium |
439 | + |
440 | + * ubuntu-linuxefi-arm64.patch: Fix build on armhf |
441 | + |
442 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 11 Sep 2020 20:33:34 +0200 |
443 | + |
444 | +grub2 (2.04-1ubuntu31) groovy; urgency=medium |
445 | + |
446 | + * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch |
447 | + that got lost in the 2.04 rebase (LP: #1862279) |
448 | + |
449 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 11 Sep 2020 17:49:50 +0200 |
450 | + |
451 | +grub2 (2.04-1ubuntu30) groovy; urgency=medium |
452 | + |
453 | + * postinst.in: do not attempt to call grub-install upon fresh install of |
454 | + grub-pc because it it a job of installers to do that after fresh |
455 | + install. |
456 | + * grub-multi-install: fix non-interactive failures for grub-efi like it |
457 | + was fixed in postinst for grub-pc. |
458 | + |
459 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 03 Sep 2020 14:54:23 +0100 |
460 | + |
461 | +grub2 (2.04-1ubuntu29) groovy; urgency=medium |
462 | + |
463 | + * grub-install: cherry-pick patch from grub-devel to make grub-install |
464 | + fault tolerant. Create backup of files in /boot/grub, and restore them |
465 | + on failure to complete grub-install. LP: #1891680 |
466 | + * postinst.in: do not exit successfully when failing to show critical |
467 | + grub-pc/install_devices_failed and grub-pc/install_devices_empty |
468 | + prompts in non-interactive mode. This enables surfacing upgrade errors |
469 | + to the users and/or automation. LP: #1891680 |
470 | + * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit |
471 | + dpkg-reconfigure grub-pc. LP: #1892526 |
472 | + |
473 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 01 Sep 2020 20:04:44 +0100 |
474 | + |
475 | +grub2 (2.04-1ubuntu28) groovy; urgency=medium |
476 | + |
477 | + * Ensure that grub-multi-install can always find templates (LP: #1879948) |
478 | + * Fix changelog entries for security update |
479 | + |
480 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 10 Aug 2020 15:07:29 +0200 |
481 | + |
482 | +grub2 (2.04-1ubuntu27) groovy; urgency=medium |
483 | + |
484 | + * debian/patches/ubuntu-flavour-order.patch: |
485 | + - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel |
486 | + flavours as preferred, and specify an order between those preferred |
487 | + flavours (LP: #1882663) |
488 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
489 | + - Use version_find_latest for ordering kernels, so it also supports |
490 | + the GRUB_FLAVOUR_ORDER setting. |
491 | + * debian/patches/ubuntu-dont-verify-loopback-images.patch: |
492 | + - disk/loopback: Don't verify loopback images (LP: #1878541), |
493 | + Thanks to Chris Coulson for the patch |
494 | + * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch |
495 | + - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) |
496 | + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: |
497 | + - Merge changes from xnox to fix multiple initrds support (LP: #1878705) |
498 | + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: |
499 | + - Remove, no longer needed thanks to xnox's patch |
500 | + |
501 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 06 Aug 2020 14:47:52 +0200 |
502 | + |
503 | +grub2 (2.04-1ubuntu26.2) focal; urgency=medium |
504 | + |
505 | + * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc |
506 | + package, since we cannot be certain that it will install to the correct |
507 | + disk and a grub-install failure will render the system unbootable. |
508 | + LP: #1889556. |
509 | + |
510 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 30 Jul 2020 17:34:25 -0700 |
511 | + |
512 | +grub2 (2.04-1ubuntu26.1) focal; urgency=medium |
513 | + |
514 | + [ Julian Andres Klode ] |
515 | + * Move gettext patches out of git-dpm's way, so it does not delete them |
516 | + |
517 | + [ Chris Coulson ] |
518 | + * SECURITY UPDATE: Heap buffer overflow when encountering commands that |
519 | + cannot be tokenized to less than 8192 characters. |
520 | + - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make |
521 | + fatal lexer errors actually be fatal |
522 | + - CVE-2020-10713 |
523 | + * SECURITY UPDATE: Multiple integer overflow bugs that could result in |
524 | + heap buffer allocations that were too small and subsequent heap buffer |
525 | + overflows when handling certain filesystems, font files or PNG images. |
526 | + - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add |
527 | + arithmetic primitives that allow for overflows to be detected |
528 | + - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: |
529 | + Make sure that there is always an overflow checking implementation |
530 | + of calloc() available |
531 | + - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where |
532 | + appropriate |
533 | + - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use |
534 | + overflow-safe arithmetic primitives when performing allocations |
535 | + based on the results of operations that might overflow |
536 | + - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in |
537 | + hfsplus |
538 | + - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix |
539 | + more potential integer overflows in lvm |
540 | + - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 |
541 | + * SECURITY UPDATE: Use-after-free when executing a command that causes |
542 | + a currently executing function to be redefined. |
543 | + - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: |
544 | + Remove unused fields from grub_script_function |
545 | + - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: |
546 | + Avoid a use-after-free when redefining a function during execution |
547 | + - CVE-2020-15706 |
548 | + * SECURITY UPDATE: Integer overflows that could result in heap buffer |
549 | + allocations that were too small and subsequent heap buffer overflows |
550 | + during initrd loading. |
551 | + - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix |
552 | + integer overflows in initrd size handling |
553 | + - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix |
554 | + integer overflows in linuxefi grub_cmd_initrd |
555 | + - CVE-2020-15707 |
556 | + * Various fixes as a result of code review and static analysis: |
557 | + - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a |
558 | + memory leak on realloc failures when processing symbolic links |
559 | + - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a |
560 | + memory leak when processing font files with more than one NAME |
561 | + section |
562 | + - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap |
563 | + after it is freed in order to avoid a potential double free later on |
564 | + - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an |
565 | + out-of-bounds read in LzmaEncode |
566 | + - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use |
567 | + priority queues and fix a double free |
568 | + - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix |
569 | + various arithmetic errors with malformed device paths |
570 | + - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix |
571 | + a NULL deref in the chainloader command introduced by a previous |
572 | + patch |
573 | + - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a |
574 | + use-after-free in the halt and reboot commands by not freeing |
575 | + allocated memory in these paths |
576 | + - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: |
577 | + Avoid a double free in the chainloader command when validation fails |
578 | + - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: |
579 | + Protect grub_relocator_alloc_chunk_addr input arguments against |
580 | + integer overflow / underflow |
581 | + - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: |
582 | + Protect grub_relocator_alloc_chunk_align max_addr argument against |
583 | + integer underflow |
584 | + - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix |
585 | + grub_relocator_alloc_chunk_align top memory allocation |
586 | + - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: |
587 | + Avoid overflow on initrd size calculation |
588 | + |
589 | + [ Dimitri John Ledkov ] |
590 | + * SECURITY UPDATE: Grub does not enforce kernel signature validation |
591 | + when the shim protocol isn't present. |
592 | + - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: |
593 | + Fail kernel validation if the shim protocol isn't available |
594 | + - CVE-2020-15705 |
595 | + |
596 | + -- Chris Coulson <chris.coulson@canonical.com> Mon, 20 Jul 2020 19:19:08 +0100 |
597 | + |
598 | +grub2 (2.04-1ubuntu26) focal; urgency=medium |
599 | + |
600 | + [ Julian Andres Klode ] |
601 | + * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere |
602 | + (LP: #1872077) |
603 | + * Display disk name and size in the ESP selection dialog, instead of ??? |
604 | + |
605 | + [ Sebastien Bacher ] |
606 | + * debian/patches/gettext, |
607 | + debian/patches/rules: |
608 | + - backport upstream patches to fix the list of translated strings, |
609 | + reported on the ubuntu-translators mailing list. The changes would |
610 | + be overwritten by autoreconf so applying from a rules override. |
611 | + |
612 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 15 Apr 2020 13:31:27 +0200 |
613 | + |
614 | +grub2 (2.04-1ubuntu25) focal; urgency=medium |
615 | + |
616 | + [ Jean-Baptiste Lallement ] |
617 | + [ Didier Roche ] |
618 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
619 | + - fix trailing } when no advanced menu is printed |
620 | + - ensure we unmount all temporary snapshots path before zfs collect them |
621 | + out. |
622 | + * debian/patches/ubuntu-speed-zsys-history.patch: |
623 | + - Speed up navigating zsys history by reducing greatly grub.cfg file size. |
624 | + It used to take eg 80 seconds when loading 100 system snapshots. This is |
625 | + now instantaneous by using a function with parameters that the users can |
626 | + still easily edit. |
627 | + |
628 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 13 Apr 2020 15:17:42 +0200 |
629 | + |
630 | +grub2 (2.04-1ubuntu24) focal; urgency=medium |
631 | + |
632 | + * Support installing to multiple ESPs (LP: #1871821) |
633 | + |
634 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 09 Apr 2020 12:51:07 +0200 |
635 | + |
636 | +grub2 (2.04-1ubuntu23) focal; urgency=medium |
637 | + |
638 | + [ Jean-Baptiste Lallement ] |
639 | + [ Didier Roche ] |
640 | + * Performance improvements for update-grub on ZFS systems (LP: #1869885) |
641 | + |
642 | + -- Didier Roche <didrocks@ubuntu.com> Tue, 31 Mar 2020 15:30:36 +0200 |
643 | + |
644 | +grub2 (2.04-1ubuntu22) focal; urgency=medium |
645 | + |
646 | + * smbios: Add a --linux argument to apply linux modalias-like filtering |
647 | + * Make the linux command in EFI grub always try EFI handover; thanks |
648 | + to Chris Coulson for the patches (LP: #1864533) |
649 | + |
650 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 11 Mar 2020 17:46:35 +0100 |
651 | + |
652 | +grub2 (2.04-1ubuntu21) focal; urgency=medium |
653 | + |
654 | + * Make ZFS menu generation depending on new zsysd binary instead of eoan |
655 | + zsys compatibility symlink. |
656 | + |
657 | + -- Didier Roche <didrocks@ubuntu.com> Wed, 26 Feb 2020 09:59:49 +0100 |
658 | + |
659 | +grub2 (2.04-1ubuntu20) focal; urgency=medium |
660 | + |
661 | + * build-efi-images: do not produce -installer.efi.signed. LP: #1863994 |
662 | + |
663 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 25 Feb 2020 01:11:31 +0000 |
664 | + |
665 | +grub2 (2.04-1ubuntu19) focal; urgency=medium |
666 | + |
667 | + * uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings |
668 | + (LP: #1864547) |
669 | + * build-efi-images: add smbios module to the prebuilt signed EFI images |
670 | + (LP: #1856424) |
671 | + |
672 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 24 Feb 2020 20:34:13 +0000 |
673 | + |
674 | +grub2 (2.04-1ubuntu18) focal; urgency=medium |
675 | + |
676 | + * Cherry-pick fix from Colin W. in debian to build with python3. |
677 | + |
678 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 06 Feb 2020 18:37:44 +0100 |
679 | + |
680 | +grub2 (2.04-1ubuntu17) focal; urgency=medium |
681 | + |
682 | + * Fix ZFS menu generation with ZFS 0.8.x where mounted datasets can’t list |
683 | + snapshots due to an upstream change. |
684 | + https://github.com/zfsonlinux/zfs/issues/9958 |
685 | + |
686 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 06 Feb 2020 18:20:16 +0100 |
687 | + |
688 | +grub2 (2.04-1ubuntu16) focal; urgency=medium |
689 | + |
690 | + * Revert "Add smbios module to build-efi-images script" from previous |
691 | + upload, pending review see https://bugs.launchpad.net/bugs/1856424 |
692 | + |
693 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sun, 15 Dec 2019 01:28:49 +0000 |
694 | + |
695 | +grub2 (2.04-1ubuntu15) focal; urgency=medium |
696 | + |
697 | + * ubuntu-efi-allow-loopmount-chainload.patch: |
698 | + - Enable chainloading EFI apps from loopmounts |
699 | + * cherrypick-lsefisystab-define-smbios3.patch: |
700 | + * cherrypick-smbios-modules.patch: |
701 | + - Cherrypick from 2.05 module for retrieving SMBIOS information |
702 | + * cherrypick-lsefisystab-show-dtb.patch: |
703 | + - If dtb is provided by the firmware / DtbLoader driver, display it in |
704 | + human form, rather than just UUID |
705 | + |
706 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 13 Dec 2019 11:24:21 +0000 |
707 | + |
708 | +grub2 (2.04-1ubuntu14) focal; urgency=medium |
709 | + |
710 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
711 | + - Handle the case where grub-probe returns several devices for a single |
712 | + pool (LP: #1848856). Thanks jpb for the report and the proposed patch. |
713 | + - Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik |
714 | + for the patch. |
715 | + - Do not crash on invalid fstab and report the invalid entry. |
716 | + (LP: #1849347) Thanks Deltik for the patch. |
717 | + - When a pool fails to import, catch and display the error message and |
718 | + continue with other pools. Import all the pools in readonly mode so we |
719 | + can import other pools with unsupported features (LP: #1848399) Thanks |
720 | + satmandu for the investigation and the proposed patch |
721 | + |
722 | + -- Jean-Baptiste Lallement <jean-baptiste.lallement@ubuntu.com> Mon, 18 Nov 2019 11:22:43 +0100 |
723 | + |
724 | +grub2 (2.04-1ubuntu13) focal; urgency=medium |
725 | + |
726 | + * debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown" |
727 | + TPM errors as non-fatal, but still write up the details as debug messages |
728 | + so we can further track what happens with the systems throwing those up. |
729 | + (LP: #1848892) |
730 | + * debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot |
731 | + status in linuxefi_secure_validate(); it's unnecessary and blocking boot |
732 | + in chainload (like chainloading Windows) when SB is disabled. |
733 | + (LP: #1845289) |
734 | + |
735 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 31 Oct 2019 17:58:47 -0400 |
736 | + |
737 | +grub2 (2.04-1ubuntu12) eoan; urgency=medium |
738 | + |
739 | + * Move our identifier to com.ubuntu |
740 | + As we are not going to own org.zsys, move our identifier under |
741 | + com.ubuntu.zsys (LP: #1847711) |
742 | + |
743 | + -- Didier Roche <didrocks@ubuntu.com> Fri, 11 Oct 2019 15:57:47 +0200 |
744 | + |
745 | +grub2 (2.04-1ubuntu11) eoan; urgency=medium |
746 | + |
747 | + * Load all kernels (even those without .efi.signed) for secure boot mode |
748 | + as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581) |
749 | + |
750 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 10 Oct 2019 11:40:44 +0200 |
751 | + |
752 | +grub2 (2.04-1ubuntu10) eoan; urgency=medium |
753 | + |
754 | + * debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch: |
755 | + skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration. |
756 | + (LP: #1838525) |
757 | + |
758 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Mon, 07 Oct 2019 23:23:54 -0300 |
759 | + |
760 | +grub2 (2.04-1ubuntu9) eoan; urgency=medium |
761 | + |
762 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
763 | + - Handle case of pure zfs only snapshots giving additional "}", and as |
764 | + such, creating invalid grub menu. |
765 | + Spotted by grubzfs-testsuite autopkgtests. |
766 | + |
767 | + -- Didier Roche <didrocks@ubuntu.com> Wed, 02 Oct 2019 09:59:19 +0200 |
768 | + |
769 | +grub2 (2.04-1ubuntu8) eoan; urgency=medium |
770 | + |
771 | + * debian/patches/install-signed.patch -> ubuntu-install-signed.patch: |
772 | + Really fix the installation of UEFI artefacts to the distributor path (we |
773 | + only want shim, grub, and MokManager, and shim's boot.csv there), and to |
774 | + the removable /EFI/BOOT path (where we want shim and fallback only). |
775 | + Rename the patch to ubuntu- like others that are Ubuntu-specific or |
776 | + otherwise modified to avoid such confusion at merge time in the future. |
777 | + |
778 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 01 Oct 2019 11:29:24 -0400 |
779 | + |
780 | +grub2 (2.04-1ubuntu7) eoan; urgency=medium |
781 | + |
782 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
783 | + Disable history entry under some conditions: |
784 | + - Don't show up if the system is a zsys one and zsys isn't installed |
785 | + (LP: #1845333) |
786 | + - Don't show for pure zfs systems: we identified multiple issues due |
787 | + to the mount generator in upstream zfs which makes it incompatible. |
788 | + Disable for now (LP: #1845913) |
789 | + |
790 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 30 Sep 2019 09:35:03 +0200 |
791 | + |
792 | +grub2 (2.04-1ubuntu6) eoan; urgency=medium |
793 | + |
794 | + * debian/patches/install-signed.patch: fix paths for MokManager/fallback; |
795 | + shim no longer ships these with a .signed suffix. (LP: #1845466) |
796 | + |
797 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 26 Sep 2019 09:48:07 -0400 |
798 | + |
799 | +grub2 (2.04-1ubuntu5) eoan; urgency=medium |
800 | + |
801 | + * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix |
802 | + mis-spelling of helper function in final computation of GRUB_DEVICE in |
803 | + multipath case. |
804 | + |
805 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 13 Aug 2019 08:56:16 +1200 |
806 | + |
807 | +grub2 (2.04-1ubuntu4) eoan; urgency=medium |
808 | + |
809 | + * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is |
810 | + multipathed there will be multiple paths to the partition, so using |
811 | + root=UUID= exposes the boot process to udev races. In addition |
812 | + grub-probe --target device / in this case reports /dev/dm-1 or similar -- |
813 | + better to use a symlink that depends on the multipath name. (LP: #1429327) |
814 | + |
815 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 06 Aug 2019 12:37:18 +1200 |
816 | + |
817 | +grub2 (2.04-1ubuntu3) eoan; urgency=medium |
818 | + |
819 | + [ Mathieu Trudel-Lapierre ] |
820 | + * debian/patches/ubuntu-add-devicetree-command-support.patch: import patch |
821 | + into git-dpm: drop [PATCH] tag and add Patch-Name. |
822 | + |
823 | + [ Didier Roche ] |
824 | + * debian/patches/ubuntu-zfs-enhance-support.patch |
825 | + - Don't patch autoregenerated files. |
826 | + - rewrite generate MenuMeta implementation in shell (LP: #1834095) |
827 | + mawk doesn't support \s and other array features. |
828 | + + Change \s by their space or tab equivalent. |
829 | + + Rewrite the menumeta generation in pure shell, which is easier to |
830 | + debug, keeping globally the same algorithm |
831 | + + Support i18n in entry name generation. |
832 | + Co-authored with Jean-Baptiste. |
833 | + - Resplit all patches in debian/patches/*, so that we have upstreamable |
834 | + and non upstreamable parts separate. Also, any change in 10_linux patch |
835 | + will be reflected in 10_linux_zfs. |
836 | + - Always import pools (using force), as we don't mount them. Ensure also |
837 | + that we don't update the host cache, as we import all pools, and not |
838 | + only those attached to that system. |
839 | + |
840 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 29 Jul 2019 08:08:48 +0200 |
841 | + |
842 | +grub2 (2.04-1ubuntu2) eoan; urgency=medium |
843 | + |
844 | + * Add device-tree command support as installed by flash-kernel. |
845 | + |
846 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 17 Jul 2019 23:47:27 +0100 |
847 | + |
848 | +grub2 (2.04-1ubuntu1) eoan; urgency=medium |
849 | + |
850 | + * Merge against Debian; remaining changes: |
851 | + - debian/control: Update Vcs fields for code location on Ubuntu. |
852 | + - debian/control: Breaks shim (<< 13). |
853 | + - debian/patches/linuxefi.patch: Secure Boot support: use newer patchset |
854 | + from rhboot repo, flattened to a single patch. |
855 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
856 | + - Make sure if we install shim; it should also be exported as the default |
857 | + bootloader to install later to a removable path, if we do. |
858 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
859 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
860 | + to install on a removable device, or explicitly telling grub *not* to |
861 | + do it. |
862 | + - Install a BOOT.CSV for fallback to use. |
863 | + - Make sure postinst and templates know about the replacement of |
864 | + --force-extra-removable with --no-extra-removable. |
865 | + - debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd |
866 | + boot config. |
867 | + - debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel |
868 | + fails to boot without initrd, we will fallback to trying to boot the |
869 | + kernel with an initrd. |
870 | + - debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure |
871 | + grub-mkconfig leaves a trace of what files were sourced to help generate |
872 | + the config we're building. |
873 | + - debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI |
874 | + console, only set text-mode when we're actually going to need it. |
875 | + - debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support. |
876 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
877 | + number of entries/clutter from other OSes in Petitboot |
878 | + - debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream |
879 | + version in menu and console, and hide the package one in a |
880 | + package_version variable. |
881 | + - Verify that the current and newer kernels are signed when grub is |
882 | + updated, to make sure people do not accidentally shutdown without a |
883 | + signed kernel. |
884 | + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less |
885 | + confusing GRUB_TIMEOUT_STYLE=hidden. |
886 | + - debian/rules: shuffle files around for now to keep build artefacts |
887 | + for signing at the same location as they were expected by Launchpad. |
888 | + - debian/rules, debian/control: enable dh-systemd. |
889 | + - debian/grub-common.install.in: install the systemd unit that's part of |
890 | + initrd fallback handling, missed when the feature landed. |
891 | + - debian/build-efi-images: add http module to NET_MODULES. |
892 | + * debian/patches/linuxefi*.patch: Flatten linuxefi patches into one. |
893 | + * debian/patches: rename patches to use "-" as a separator rather than "_". |
894 | + * debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu" |
895 | + so it's clearer which are new or changed when doing a merge. |
896 | + * debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due |
897 | + to objcopy building an invalid binary padded with zeroes (LP: #1833234) |
898 | + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid |
899 | + spacing for the initrd command when not using early initrds. |
900 | + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd |
901 | + boot success/failure service to start later at boot time. (LP: #1823391) |
902 | + * debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which |
903 | + breaks with new linuxefi patchset. |
904 | + * debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the |
905 | + --auto-nvram option we previously had as a supported option in grub-install |
906 | + (with no effect now), to avoid breaking upgrades. "auto-nvram" is default |
907 | + behavior now that we use libefivar instead of calling efibootmgr. |
908 | + |
909 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 16 Jul 2019 11:31:29 -0400 |
910 | + |
911 | grub2 (2.04-1) unstable; urgency=medium |
912 | |
913 | * New upstream release. |
914 | @@ -553,6 +1352,112 @@ grub2 (2.02+dfsg1-13) unstable; urgency=medium |
915 | |
916 | -- Colin Watson <cjwatson@debian.org> Thu, 14 Mar 2019 10:33:24 +0000 |
917 | |
918 | +grub2 (2.02+dfsg1-12ubuntu3) eoan; urgency=medium |
919 | + |
920 | + * debian/patches/zfs_enhance_support.patch: |
921 | + Enhance ZFS grub support: |
922 | + - Support multiple zfs systems (grouped by machine-id) |
923 | + - Group zfs snapshots and clones with latest dataset for a given |
924 | + installation. |
925 | + - Support "history" entry with one time boot, recovery mode and |
926 | + consecutive reboots. |
927 | + - Pin kernel to particular snapshot, trying to reboot with the exact |
928 | + same kernel and initrd. |
929 | + - Disable in 10_linux zfs support if 10_linux_zfs is installed so that |
930 | + we don't end up with the same installation multiple times. |
931 | + * debian/patches/*: |
932 | + - Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs. |
933 | + |
934 | + Work done with Jean-Baptiste. |
935 | + |
936 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 17 Jun 2019 11:28:48 +0200 |
937 | + |
938 | +grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium |
939 | + |
940 | + * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console, |
941 | + only set text-mode when we're actually going to need it. |
942 | + * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630) |
943 | + |
944 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 11 Mar 2019 17:48:49 -0400 |
945 | + |
946 | +grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium |
947 | + |
948 | + * Merge against Debian unstable; remaining changes (LP: #564853): |
949 | + - debian/control: Update Vcs fields for code location on Ubuntu. |
950 | + - debian/control: Breaks shim (<< 13). |
951 | + - Secure Boot support: use newer patchset from rhboot repo: |
952 | + - many linuxefi_* patches added and modified |
953 | + - dropped debian/patches/linuxefi_require_shim.patch |
954 | + - renamed: debian/patches/no_insmod_on_sb.patch -> |
955 | + debian/patches/linuxefi_no_insmod_on_sb.patch |
956 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
957 | + - Make sure if we install shim; it should also be exported as the default |
958 | + bootloader to install later to a removable path, if we do. |
959 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
960 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
961 | + to install on a removable device, or explicitly telling grub *not* to |
962 | + do it. |
963 | + - Install a BOOT.CSV for fallback to use. |
964 | + - Make sure postinst and templates know about the replacement of |
965 | + --force-extra-removable with --no-extra-removable. |
966 | + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the |
967 | + --auto-nvram option to grub-install for auto-detecting NVRAM availability |
968 | + before attempting NVRAM updates. |
969 | + - debian/build-efi-images: provide a new grub EFI image which enforces that |
970 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
971 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
972 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
973 | + signed kernel. |
974 | + - Verify that the current and newer kernels are signed when grub is |
975 | + updated, to make sure people do not accidentally shutdown without a |
976 | + signed kernel. |
977 | + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less |
978 | + confusing GRUB_TIMEOUT_STYLE=hidden. |
979 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
980 | + non-initrd boot config. |
981 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
982 | + number of entries/clutter from other OSes in Petitboot |
983 | + - debian/patches/shorter_version_info.patch: Only show the upstream version |
984 | + in menu and console, and hide the package one in a package_version |
985 | + variable. |
986 | + - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the |
987 | + 'text' payload if it's not supported but present in gfxpayload, such as |
988 | + on EFI systems. |
989 | + - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file |
990 | + fizes as block sizes in bufio: this avoids potentially seeking back in |
991 | + the files unnecessarily, which may require re-open files that cannot be |
992 | + seeked into, such as via TFTP. |
993 | + - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize |
994 | + structs in bootpath parser. |
995 | + - debian/rules: shuffle files around for now to keep build artefacts |
996 | + for signing at the same location as they were expected by Launchpad. |
997 | + - debian/rules, debian/control: enable dh-systemd. |
998 | + - debian/grub-common.install.in: install the systemd unit that's part of |
999 | + initrd fallback handling, missed when the feature landed. |
1000 | + - debian/patches/quick-boot-lvm.patch: If we don't have writable |
1001 | + grubenv and we're on EFI, always show the menu. |
1002 | + - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig |
1003 | + leaves a trace of what files were sourced to help generate the config |
1004 | + we're building. |
1005 | + - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows |
1006 | + 7 bootloader has inconsistent headers; truncate to the smaller, correct |
1007 | + size to fix chainloading Windows 7. |
1008 | + - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in |
1009 | + relocate_coff() causing issues with relocation of code in chainload. |
1010 | + - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less |
1011 | + capabilities. If a kernel fails to boot without initrd, we will fallback |
1012 | + to trying to boot the kernel with an initrd. Patch by Chris Glass. |
1013 | + - debian/patches/grub-reboot-warn.patch: Warn when "for the next |
1014 | + boot only" promise cannot be kept. |
1015 | + * Refreshed patches and fixed up attribution to the right authors after |
1016 | + merge with Debian. |
1017 | + * debian/patches/linuxefi_missing_include.patch, |
1018 | + debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional |
1019 | + small fixes to casts, format strings, includes and Makefile to make sure |
1020 | + the newer linuxefi patches apply and build properly. |
1021 | + |
1022 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 05 Mar 2019 17:05:09 -0500 |
1023 | + |
1024 | grub2 (2.02+dfsg1-12) unstable; urgency=medium |
1025 | |
1026 | [ Colin Watson ] |
1027 | @@ -697,6 +1602,175 @@ grub2 (2.02+dfsg1-6) unstable; urgency=medium |
1028 | |
1029 | -- Colin Watson <cjwatson@debian.org> Tue, 28 Aug 2018 16:17:21 +0100 |
1030 | |
1031 | +grub2 (2.02+dfsg1-5ubuntu11) disco; urgency=medium |
1032 | + |
1033 | + [ Mathieu Trudel-Lapierre ] |
1034 | + * debian/grub-check-signatures: properly account for DB showing as empty on |
1035 | + some broken firmwares: Guard against mokutil --export --db failing, and do |
1036 | + a better job at finding the DER certs for conversion to PEM format. |
1037 | + (LP: #1814575) |
1038 | + |
1039 | + [ Steve Langasek ] |
1040 | + * debian/patches/quick-boot-lvm.patch: checking the return value of |
1041 | + 'lsefi' when the command doesn't exist does not do what's expected, so |
1042 | + instead check the value of $grub_platform which is simpler anyway. |
1043 | + LP: #1814403. |
1044 | + |
1045 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 04 Feb 2019 17:51:15 -0500 |
1046 | + |
1047 | +grub2 (2.02+dfsg1-5ubuntu10) disco; urgency=medium |
1048 | + |
1049 | + * debian/grub-check-signatures: check kernel signatures against keys known |
1050 | + in firmware, in case a kernel is signed but not using a key that will pass |
1051 | + validation, such as when using kernels coming from a PPA. (LP: #1789918) |
1052 | + |
1053 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 21 Jan 2019 09:34:36 -0500 |
1054 | + |
1055 | +grub2 (2.02+dfsg1-5ubuntu9) disco; urgency=medium |
1056 | + |
1057 | + [ Steve Langasek ] |
1058 | + * debian/patches/quick-boot-lvm.patch: If we don't have writable |
1059 | + grubenv and we're on EFI, always show the menu. Closes LP: #1800722. |
1060 | + |
1061 | + [ Mathieu Trudel-Lapierre ] |
1062 | + * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig |
1063 | + leaves a trace of what files were sourced to help generate the config |
1064 | + we're building. |
1065 | + |
1066 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 07 Jan 2019 17:32:01 -0500 |
1067 | + |
1068 | +grub2 (2.02+dfsg1-5ubuntu8) cosmic; urgency=medium |
1069 | + |
1070 | + * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to |
1071 | + the EFI removable path to avoid boot failures after install when certs |
1072 | + need to be enrolled and the system's firmware is confused. (LP: #1798171) |
1073 | + |
1074 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 17 Oct 2018 14:44:49 -0400 |
1075 | + |
1076 | +grub2 (2.02+dfsg1-5ubuntu7) cosmic; urgency=medium |
1077 | + |
1078 | + [ Steve Langasek ] |
1079 | + * debian/grub-common.install.in: install the systemd unit that's part of |
1080 | + initrd fallback handling, missed when the feature landed. |
1081 | + |
1082 | + [ Mathieu Trudel-Lapierre ] |
1083 | + * debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT, |
1084 | + to avoid unnecessary delay at boot time. (LP: #1784363) |
1085 | + |
1086 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Fri, 12 Oct 2018 11:10:10 -0400 |
1087 | + |
1088 | +grub2 (2.02+dfsg1-5ubuntu6) cosmic; urgency=medium |
1089 | + |
1090 | + [ Steve Langasek ] |
1091 | + * debian/grub-check-signatures: Handle the case where we have unsigned |
1092 | + vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727) |
1093 | + |
1094 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 03 Oct 2018 14:59:05 -0400 |
1095 | + |
1096 | +grub2 (2.02+dfsg1-5ubuntu5) cosmic; urgency=medium |
1097 | + |
1098 | + [ Mathieu Trudel-Lapierre ] |
1099 | + * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows |
1100 | + 7 bootloader has inconsistent headers; truncate to the smaller, correct |
1101 | + size to fix chainloading Windows 7. |
1102 | + |
1103 | + [ Steve Langasek ] |
1104 | + * debian/rules, debian/control: enable dh-systemd. |
1105 | + * debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less |
1106 | + capabilities. If a kernel fails to boot without initrd, grub will fallback |
1107 | + to trying to boot the kernel with an initrd. Patch by Chris Glass. |
1108 | + |
1109 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 25 Sep 2018 16:05:13 -0400 |
1110 | + |
1111 | +grub2 (2.02+dfsg1-5ubuntu4) cosmic; urgency=medium |
1112 | + |
1113 | + * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in |
1114 | + relocate_coff() causing issues with relocation of code in chainload. |
1115 | + (LP: #1792575) |
1116 | + |
1117 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 17 Sep 2018 07:45:49 -0400 |
1118 | + |
1119 | +grub2 (2.02+dfsg1-5ubuntu3) cosmic; urgency=medium |
1120 | + |
1121 | + * debian/patches/grub-reboot-warn.patch: Warn when "for the next |
1122 | + boot only" promise cannot be kept. (LP: #788298) |
1123 | + |
1124 | + -- dann frazier <dannf@ubuntu.com> Thu, 13 Sep 2018 15:28:50 -0600 |
1125 | + |
1126 | +grub2 (2.02+dfsg1-5ubuntu2) cosmic; urgency=medium |
1127 | + |
1128 | + * debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for |
1129 | + ext_lfb_base. (LP: #1785033) |
1130 | + |
1131 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 05 Sep 2018 14:29:04 -0400 |
1132 | + |
1133 | +grub2 (2.02+dfsg1-5ubuntu1) cosmic; urgency=medium |
1134 | + |
1135 | + [ Mathieu Trudel-Lapierre] |
1136 | + * Merge against Debian unstable; remaining changes: |
1137 | + - debian/control: Update Vcs fields for code location on Ubuntu. |
1138 | + - debian/control: Breaks shim (<< 13). |
1139 | + - Secure Boot support: use newer patchset from rhboot repo: |
1140 | + - many linuxefi_* patches added and modified |
1141 | + - dropped debian/patches/linuxefi_require_shim.patch |
1142 | + - renamed: debian/patches/no_insmod_on_sb.patch -> |
1143 | + debian/patches/linuxefi_no_insmod_on_sb.patch |
1144 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
1145 | + - Make sure if we install shim; it should also be exported as the default |
1146 | + bootloader to install later to a removable path, if we do. |
1147 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
1148 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
1149 | + to install on a removable device, or explicitly telling grub *not* to |
1150 | + do it. |
1151 | + - Move installing fb$arch.efi to --no-extra-removable; as we don't want |
1152 | + fallback to be installed unless we're also installing to /EFI/BOOT. |
1153 | + (LP: #1684341) |
1154 | + - Install a BOOT.CSV for fallback to use. |
1155 | + - Make sure postinst and templates know about the replacement of |
1156 | + --force-extra-removable with --no-extra-removable. |
1157 | + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the |
1158 | + --auto-nvram option to grub-install for auto-detecting NVRAM availability |
1159 | + before attempting NVRAM updates. |
1160 | + - debian/build-efi-images: provide a new grub EFI image which enforces that |
1161 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
1162 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
1163 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
1164 | + signed kernel. (LP: #1401532) |
1165 | + - Verify that the current and newer kernels are signed when grub is |
1166 | + updated, to make sure people do not accidentally shutdown without a |
1167 | + signed kernel. |
1168 | + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less |
1169 | + confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) |
1170 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
1171 | + non-initrd boot config. (LP: #1640878) |
1172 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
1173 | + number of entries/clutter from other OSes in Petitboot (LP: #1447500) |
1174 | + - debian/patches/shorter_version_info.patch: Only show the upstream version |
1175 | + in menu and console, and hide the package one in a package_version |
1176 | + variable. (LP: #1723434) |
1177 | + - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the |
1178 | + 'text' payload if it's not supported but present in gfxpayload, such as |
1179 | + on EFI systems. (LP: #1711452) |
1180 | + - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file |
1181 | + fizes as block sizes in bufio: this avoids potentially seeking back in |
1182 | + the files unnecessarily, which may require re-open files that cannot be |
1183 | + seeked into, such as via TFTP. (LP: #1743249) |
1184 | + * util/grub-install.c: Drop extra handling for x.efi.signed files for mok |
1185 | + and fallback binaries: shim now installs them without the .signed |
1186 | + extension. (LP: #1708245) |
1187 | + - debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and |
1188 | + the casting they do on some architectures: we don't want to fail build |
1189 | + because of some of the warnings that can show up since we otherwise build |
1190 | + with -Werror. |
1191 | + * debian/rules: shuffle files around for now to keep putting build artefacts |
1192 | + for signing at the same location as they were expected by Launchpad. |
1193 | + |
1194 | + [ Julian Andres Klode ] |
1195 | + * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize |
1196 | + structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859) |
1197 | + |
1198 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 23 Aug 2018 15:00:14 -0400 |
1199 | + |
1200 | grub2 (2.02+dfsg1-5) unstable; urgency=medium |
1201 | |
1202 | [ Colin Watson ] |
1203 | @@ -793,6 +1867,171 @@ grub2 (2.02-3) unstable; urgency=medium |
1204 | |
1205 | -- Colin Watson <cjwatson@debian.org> Sat, 10 Feb 2018 03:00:30 +0000 |
1206 | |
1207 | +grub2 (2.02-2ubuntu13) cosmic; urgency=medium |
1208 | + |
1209 | + * debian/patches/tests_update_for_new_qemu.patch: update qemu options to |
1210 | + remove deprecated options that fail tests. |
1211 | + * debian/patches: fix up busted patches due to git-dpm: |
1212 | + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch |
1213 | + - debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch |
1214 | + * debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose |
1215 | + of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as |
1216 | + R_X86_64_PC32. Make R_X86_64_PLT32 supported. |
1217 | + |
1218 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 19 Jul 2018 09:46:53 -0400 |
1219 | + |
1220 | +grub2 (2.02-2ubuntu12) cosmic; urgency=medium |
1221 | + |
1222 | + * debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise |
1223 | + and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) |
1224 | + |
1225 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 16 Jul 2018 14:18:46 -0400 |
1226 | + |
1227 | +grub2 (2.02-2ubuntu11) cosmic; urgency=medium |
1228 | + |
1229 | + * Verify that the current and newer kernels are signed when grub is updated, to |
1230 | + make sure people do not accidentally shutdown without a signed kernel. |
1231 | + |
1232 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 13 Jul 2018 15:21:48 +0200 |
1233 | + |
1234 | +grub2 (2.02-2ubuntu10) cosmic; urgency=medium |
1235 | + |
1236 | + * debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the |
1237 | + grub-shell test helper, disable seabios's serial console through fw_cfg |
1238 | + runtime configuration as its boot output interferes with testing. |
1239 | + (LP: #1775249) |
1240 | + |
1241 | + -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 06 Jun 2018 01:03:26 +0200 |
1242 | + |
1243 | +grub2 (2.02-2ubuntu9) cosmic; urgency=medium |
1244 | + |
1245 | + * debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the |
1246 | + --auto-nvram option to grub-install for auto-detecting NVRAM availability |
1247 | + before attempting NVRAM updates. |
1248 | + |
1249 | + -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Tue, 05 Jun 2018 00:34:38 +0200 |
1250 | + |
1251 | +grub2 (2.02-2ubuntu8) bionic; urgency=medium |
1252 | + |
1253 | + * Drop debian/patches/mkconfig_keep_native_term_active.patch, which can |
1254 | + lead to flickering between graphical and text mode when traversing the |
1255 | + menu. (LP: #1752767) |
1256 | + * debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS |
1257 | + with flex 2.6.4. |
1258 | + |
1259 | + -- dann frazier <dannf@ubuntu.com> Sun, 04 Mar 2018 06:11:35 -0700 |
1260 | + |
1261 | +grub2 (2.02-2ubuntu7) bionic; urgency=medium |
1262 | + |
1263 | + [ Julian Andres Klode ] |
1264 | + * debian/patches/shorter_version_info.patch: Only show the upstream version |
1265 | + in menu and console, and hide the package one in a package_version |
1266 | + variable. (LP: #1723434) |
1267 | + |
1268 | + [ Mathieu Trudel-Lapierre ] |
1269 | + * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the |
1270 | + 'text' payload if it's not supported but present in gfxpayload, such as |
1271 | + on EFI systems. (LP: #1711452) |
1272 | + |
1273 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Fri, 09 Feb 2018 16:30:45 -0500 |
1274 | + |
1275 | +grub2 (2.02-2ubuntu6) bionic; urgency=medium |
1276 | + |
1277 | + [ Steve Langasek ] |
1278 | + * debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file |
1279 | + fizes as block sizes in bufio: this avoids potentially seeking back in |
1280 | + the files unnecessarily, which may require re-open files that cannot be |
1281 | + seeked into, such as via TFTP. (LP: #1743249) |
1282 | + |
1283 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 05 Feb 2018 11:58:09 -0500 |
1284 | + |
1285 | +grub2 (2.02-2ubuntu5) bionic; urgency=medium |
1286 | + |
1287 | + * debian/patches/mkconfig_keep_native_term_active.patch: Keep the |
1288 | + default EFI console active while enabling gfxterm. (LP: #1743884) |
1289 | + |
1290 | + -- dann frazier <dannf@ubuntu.com> Wed, 31 Jan 2018 10:51:11 -0700 |
1291 | + |
1292 | +grub2 (2.02-2ubuntu4) bionic; urgency=medium |
1293 | + |
1294 | + * debian/patches/vt_handoff.patch: modify the existing patch to set |
1295 | + vt.handoff=1 instead of vt.handoff=7 as we now start display managers on |
1296 | + vt1 anyway. This also fixes issues with netboot installed server systems |
1297 | + not displaying the login prompt on boot. (LP: #1675453) |
1298 | + |
1299 | + -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Thu, 18 Jan 2018 18:32:31 +0100 |
1300 | + |
1301 | +grub2 (2.02-2ubuntu3) bionic; urgency=medium |
1302 | + |
1303 | + * util/grub-install.c: Drop extra handling for x.efi.signed files for mok |
1304 | + and fallback binaries: shim now installs them without the .signed |
1305 | + extension. (LP: #1708245) |
1306 | + * debian/control: Breaks shim (<< 13). |
1307 | + |
1308 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 17 Jan 2018 09:25:09 -0500 |
1309 | + |
1310 | +grub2 (2.02-2ubuntu2) bionic; urgency=medium |
1311 | + |
1312 | + * Cherry-pick upstream patch to change the default TSC calibration method |
1313 | + to pmtimer on EFI systems (LP: #1734278) |
1314 | + * debian/control: Update Vcs fields for code location on Ubuntu. |
1315 | + |
1316 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 05 Dec 2017 11:47:31 -0500 |
1317 | + |
1318 | +grub2 (2.02-2ubuntu1) bionic; urgency=medium |
1319 | + |
1320 | + * Merge with Debian; remaining changes: |
1321 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
1322 | + non-initrd boot config. (LP: #1640878) |
1323 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
1324 | + number of entries/clutter from other OSes in Petitboot (LP: #1447500) |
1325 | + - debian/build-efi-images: provide a new grub EFI image which enforces that |
1326 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
1327 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
1328 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
1329 | + signed kernel. (LP: #1401532) |
1330 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
1331 | + - Make sure if we install shim; it should also be exported as the default |
1332 | + bootloader to install later to a removable path, if we do. |
1333 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
1334 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
1335 | + to install on a removable device, or explicitly telling grub *not* to |
1336 | + do it. |
1337 | + - Move installing fb$arch.efi to --no-extra-removable; as we don't want |
1338 | + fallback to be installed unless we're also installing to /EFI/BOOT. |
1339 | + (LP: #1684341) |
1340 | + - Make sure postinst and templates know about the replacement of |
1341 | + --force-extra-removable with --no-extra-removable. |
1342 | + * Sync Secure Boot support patches with the upstream patch set from |
1343 | + rhboot/grub2:master-sb. Renamed some patches and updated descriptions for |
1344 | + the whole thing to make more sense, too: |
1345 | + - dropped debian/patches/linuxefi_require_shim.patch |
1346 | + - renamed: debian/patches/no_insmod_on_sb.patch -> |
1347 | + debian/patches/linuxefi_no_insmod_on_sb.patch |
1348 | + - debian/patches/linuxefi.patch |
1349 | + - debian/patches/linuxefi_debug.patch |
1350 | + - debian/patches/linuxefi_non_sb_fallback.patch |
1351 | + - debian/patches/linuxefi_add_sb_to_efi_chainload.patch |
1352 | + - debian/patches/linuxefi_cleanup_errors_in_loader.patch |
1353 | + - debian/patches/linuxefi_fix_efi_validation_race.patch |
1354 | + - debian/patches/linuxefi_handle_multiarch_boot.patch |
1355 | + - debian/patches/linuxefi_honor_sb_mode.patch |
1356 | + - debian/patches/linuxefi_move_fdt_helper.patch |
1357 | + - debian/patches/linuxefi_load_arm_with_sb.patch |
1358 | + - debian/patches/linuxefi_minor_cleanups.patch |
1359 | + - debian/patches/linuxefi_re-enable_linux_cmd.patch |
1360 | + - debian/patches/linuxefi_rework_linux16_cmd.patch |
1361 | + - debian/patches/linuxefi_rework_linux_cmd.patch |
1362 | + - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch |
1363 | + - debian/patches/linuxefi_rework_pe_loading.patch |
1364 | + - debian/patches/linuxefi_use_dev_chainloader_target.patch |
1365 | + * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and |
1366 | + the casting they do on some architectures: we don't want to fail build |
1367 | + because of some of the warnings that can show up since we otherwise build |
1368 | + with -Werror. |
1369 | + |
1370 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 06 Nov 2017 15:37:12 -0500 |
1371 | + |
1372 | grub2 (2.02-2) unstable; urgency=medium |
1373 | |
1374 | * Comment out debian/watch lines for betas and pre-releases for now. |
1375 | @@ -829,6 +2068,92 @@ grub2 (2.02~beta3-5) unstable; urgency=medium |
1376 | |
1377 | -- Colin Watson <cjwatson@debian.org> Sat, 11 Feb 2017 15:09:19 +0000 |
1378 | |
1379 | +grub2 (2.02~beta3-4ubuntu7) artful; urgency=medium |
1380 | + |
1381 | + * debian/patches/headers_for_device_macros.patch, |
1382 | + debian/patches/fix_check_for_sys_macros.patch: make sure the right |
1383 | + device macro header is included and that the deprecation warning |
1384 | + is dealt with. LP: #1722955. |
1385 | + |
1386 | + -- Tiago Stürmer Daitx <tiago.daitx@ubuntu.com> Thu, 12 Oct 2017 09:41:17 -0400 |
1387 | + |
1388 | +grub2 (2.02~beta3-4ubuntu6) artful; urgency=medium |
1389 | + |
1390 | + * debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to |
1391 | + mount an EXT4 partition that has the 'encrypt' feature enabled |
1392 | + (closes: 840204) |
1393 | + |
1394 | + -- Tyler Hicks <tyhicks@canonical.com> Wed, 05 Jul 2017 22:23:03 +0000 |
1395 | + |
1396 | +grub2 (2.02~beta3-4ubuntu5) artful; urgency=medium |
1397 | + |
1398 | + * debian/patches/linuxefi.patch: fix double-free caused by an extra |
1399 | + grub_free() call in this patch (which the previous upload didn't change). |
1400 | + * debian/patches/linuxefi_rework_non-sb_cases.patch, |
1401 | + debian/patches/linuxefi_non_sb_fallback.patch: refreshed. |
1402 | + |
1403 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 29 May 2017 16:28:41 -0400 |
1404 | + |
1405 | +grub2 (2.02~beta3-4ubuntu4) artful; urgency=medium |
1406 | + |
1407 | + * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream |
1408 | + SB patch set: |
1409 | + - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its |
1410 | + chainloader. |
1411 | + - linuxefi_fix_validation_race.patch: Fix a race in validating images. |
1412 | + - linuxefi_chainloader_path.patch: honor the starting path for grub, so |
1413 | + images do not need to be started from $root. |
1414 | + - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use |
1415 | + when Secure Boot is enabled. |
1416 | + - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all |
1417 | + loaders: don't load the commands when Secure Boot is enabled. |
1418 | + - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and |
1419 | + initrd commands to automatically hand-off to linuxefi/initrdefi; re- |
1420 | + enable the linux loader. |
1421 | + - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading |
1422 | + "special" PE images, such as Windows'. |
1423 | + - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is |
1424 | + disabled or shim validation is disabled so loading works as EFI binaries |
1425 | + when it is supposed to. |
1426 | + - Removed linuxefi_require_shim.patch; superseded by the above. |
1427 | + |
1428 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 11 May 2017 17:05:04 -0400 |
1429 | + |
1430 | +grub2 (2.02~beta3-4ubuntu3) artful; urgency=medium |
1431 | + |
1432 | + * debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
1433 | + - Make sure if we install shim; it should also be exported as the default |
1434 | + bootloader to install later to a removable path, if we do. |
1435 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
1436 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
1437 | + to install on a removable device, or explicitly telling grub *not* to |
1438 | + do it. |
1439 | + - Move installing fb$arch.efi to --no-extra-removable; as we don't want |
1440 | + fallback to be installed unless we're also installing to /EFI/BOOT. |
1441 | + (LP: #1684341) |
1442 | + |
1443 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 26 Apr 2017 21:08:22 -0400 |
1444 | + |
1445 | +grub2 (2.02~beta3-4ubuntu2) zesty; urgency=medium |
1446 | + |
1447 | + * debian/build-efi-images: provide a new grub EFI image which enforces that |
1448 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
1449 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
1450 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
1451 | + signed kernel. (LP: #1401532) |
1452 | + |
1453 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 30 Mar 2017 17:45:23 -0400 |
1454 | + |
1455 | +grub2 (2.02~beta3-4ubuntu1) zesty; urgency=medium |
1456 | + |
1457 | + * Merge with Debian; remaining changes: |
1458 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
1459 | + non-initrd boot config. (LP: #1640878) |
1460 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
1461 | + number of entries/clutter from other OSes in Petitboot (LP: #1447500) |
1462 | + |
1463 | + -- dann frazier <dannf@ubuntu.com> Thu, 09 Feb 2017 10:06:57 -0700 |
1464 | + |
1465 | grub2 (2.02~beta3-4) unstable; urgency=medium |
1466 | |
1467 | [ Colin Watson ] |
1468 | diff --git a/debian/control b/debian/control |
1469 | index 591394f..1819b2e 100644 |
1470 | --- a/debian/control |
1471 | +++ b/debian/control |
1472 | @@ -1,7 +1,8 @@ |
1473 | Source: grub2 |
1474 | Section: admin |
1475 | Priority: optional |
1476 | -Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> |
1477 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
1478 | +XSBC-Original-Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> |
1479 | Uploaders: Felix Zielcke <fzielcke@z-51.de>, Jordi Mallach <jordi@debian.org>, Colin Watson <cjwatson@debian.org>, Steve McIntyre <93sam@debian.org> |
1480 | Build-Depends: debhelper-compat (= 10), |
1481 | patchutils, |
1482 | @@ -19,15 +20,16 @@ Build-Depends: debhelper-compat (= 10), |
1483 | libdevmapper-dev [linux-any], |
1484 | libgeom-dev (>= 8.2+ds1-1~) [kfreebsd-any] | libgeom-dev (<< 8.2) [kfreebsd-any], |
1485 | libsdl1.2-dev [!hurd-any], |
1486 | - xorriso, |
1487 | - qemu-system [i386 kfreebsd-i386 kopensolaris-i386 any-amd64], |
1488 | + xorriso [!i386], |
1489 | + qemu-system [kfreebsd-i386 kopensolaris-i386 any-amd64], |
1490 | cpio [i386 kopensolaris-i386 amd64 x32], |
1491 | parted [!hurd-any], |
1492 | libfuse-dev (>= 2.8.4-1.4) [linux-any kfreebsd-any], |
1493 | fonts-dejavu-core, |
1494 | liblzma-dev, |
1495 | - dosfstools [any-i386 any-amd64 any-arm64], |
1496 | - mtools [any-i386 any-amd64 any-arm64], |
1497 | + liblzo2-dev, |
1498 | + dosfstools [any-amd64 any-arm64], |
1499 | + mtools [any-amd64 any-arm64], |
1500 | wamerican, |
1501 | libparted-dev [any-powerpc any-ppc64 any-ppc64el], |
1502 | pkg-config, |
1503 | @@ -37,8 +39,8 @@ Build-Depends: debhelper-compat (= 10), |
1504 | Build-Conflicts: autoconf2.13, libzfs-dev, libnvpair-dev |
1505 | Standards-Version: 3.9.6 |
1506 | Homepage: https://www.gnu.org/software/grub/ |
1507 | -Vcs-Git: https://salsa.debian.org/grub-team/grub.git |
1508 | -Vcs-Browser: https://salsa.debian.org/grub-team/grub |
1509 | +Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu |
1510 | +Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu |
1511 | Rules-Requires-Root: no |
1512 | |
1513 | Package: grub2 |
1514 | @@ -63,7 +65,7 @@ Description: GRand Unified Bootloader, version 2 (dummy package) |
1515 | Package: grub-efi |
1516 | Architecture: any-i386 any-amd64 any-arm64 any-ia64 any-arm |
1517 | Pre-Depends: ${misc:Pre-Depends} |
1518 | -Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (= ${binary:Version}) [any-amd64], grub-efi-arm64 (= ${binary:Version}) [any-arm64], grub-efi-ia64 (= ${binary:Version}) [any-ia64], grub-efi-arm (= ${binary:Version}) [any-arm] |
1519 | +Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (>= ${binary:Version}) [any-amd64], grub-efi-arm64 (>= ${binary:Version}) [any-arm64], grub-efi-ia64 (= ${binary:Version}) [any-ia64], grub-efi-arm (= ${binary:Version}) [any-arm] |
1520 | Multi-Arch: foreign |
1521 | Description: GRand Unified Bootloader, version 2 (dummy package) |
1522 | This is a dummy package that depends on the grub-efi-$ARCH package most likely |
1523 | @@ -71,6 +73,7 @@ Description: GRand Unified Bootloader, version 2 (dummy package) |
1524 | |
1525 | Package: grub-common |
1526 | Architecture: any |
1527 | +Built-Using: ${Built-Using} |
1528 | Depends: ${shlibs:Depends}, ${misc:Depends}, gettext-base, ${lsb-base-depends} |
1529 | Replaces: grub-pc (<< 2.00-4), grub-ieee1275 (<< 2.00-4), grub-efi (<< 1.99-1), grub-coreboot (<< 2.00-4), grub-linuxbios (<< 1.96+20080831-1), grub-efi-ia32 (<< 2.00-4), grub-efi-amd64 (<< 2.00-4), grub-efi-ia64 (<< 2.00-4), grub-yeeloong (<< 2.00-4), init-select |
1530 | Recommends: os-prober (>= 1.33) |
1531 | @@ -308,7 +311,7 @@ Description: GRand Unified Bootloader, version 2 (EFI-IA32 signing template) |
1532 | |
1533 | Package: grub-efi-amd64-bin |
1534 | Architecture: i386 kopensolaris-i386 any-amd64 |
1535 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}) |
1536 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (>= 2.02~beta2-9) |
1537 | Recommends: grub-efi-amd64-signed [amd64], efibootmgr [linux-any] |
1538 | Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi-amd64 (<< 1.99-1) |
1539 | Multi-Arch: foreign |
1540 | @@ -333,7 +336,7 @@ Description: GRand Unified Bootloader, version 2 (EFI-AMD64 modules) |
1541 | Package: grub-efi-amd64-dbg |
1542 | Section: debug |
1543 | Architecture: i386 kopensolaris-i386 any-amd64 |
1544 | -Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${binary:Version}), grub-common (= ${binary:Version}) |
1545 | +Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${binary:Version}) |
1546 | Multi-Arch: foreign |
1547 | Description: GRand Unified Bootloader, version 2 (EFI-AMD64 debug files) |
1548 | This package contains debugging files for grub-efi-amd64-bin. You only |
1549 | @@ -342,7 +345,7 @@ Description: GRand Unified Bootloader, version 2 (EFI-AMD64 debug files) |
1550 | Package: grub-efi-amd64 |
1551 | Architecture: i386 kopensolaris-i386 any-amd64 |
1552 | Pre-Depends: ${misc:Pre-Depends} |
1553 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-amd64-bin (= ${binary:Version}), ucf |
1554 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (>= 2.02~beta2-9), grub-efi-amd64-bin (= ${binary:Version}), ucf |
1555 | Replaces: grub, grub-legacy, grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-pc, grub-efi-ia32, grub-coreboot, grub-ieee1275 |
1556 | Conflicts: grub, grub-legacy, grub-efi-ia32, grub-pc, grub-coreboot, grub-ieee1275, grub-xen, elilo |
1557 | Multi-Arch: foreign |
1558 | @@ -469,7 +472,7 @@ Description: GRand Unified Bootloader, version 2 (ARM UEFI version) |
1559 | |
1560 | Package: grub-efi-arm64-bin |
1561 | Architecture: any-arm64 |
1562 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}) |
1563 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (>= 2.02~beta2-9) |
1564 | Recommends: grub-efi-arm64-signed [arm64], efibootmgr [linux-any] |
1565 | Multi-Arch: foreign |
1566 | XB-Efi-Vendor: ${efi:Vendor} |
1567 | @@ -492,7 +495,7 @@ Description: GRand Unified Bootloader, version 2 (ARM64 UEFI modules) |
1568 | Package: grub-efi-arm64-dbg |
1569 | Section: debug |
1570 | Architecture: any-arm64 |
1571 | -Depends: ${misc:Depends}, grub-efi-arm64-bin (= ${binary:Version}), grub-common (= ${binary:Version}) |
1572 | +Depends: ${misc:Depends}, grub-efi-arm64-bin (= ${binary:Version}) |
1573 | Multi-Arch: foreign |
1574 | Description: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files) |
1575 | This package contains debugging files for grub-efi-arm64-bin. You only |
1576 | @@ -501,7 +504,7 @@ Description: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files) |
1577 | Package: grub-efi-arm64 |
1578 | Architecture: any-arm64 |
1579 | Pre-Depends: ${misc:Pre-Depends} |
1580 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf |
1581 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (>= 2.02~beta2-9), grub-efi-arm64-bin (= ${binary:Version}), ucf |
1582 | Multi-Arch: foreign |
1583 | Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version) |
1584 | GRUB is a portable, powerful bootloader. This version of GRUB is based on a |
1585 | diff --git a/debian/dirs.in b/debian/dirs.in |
1586 | index e53f2b0..479afbc 100644 |
1587 | --- a/debian/dirs.in |
1588 | +++ b/debian/dirs.in |
1589 | @@ -1,3 +1,4 @@ |
1590 | usr/bin |
1591 | usr/sbin |
1592 | usr/share/grub |
1593 | +var/lib/grub/ucf |
1594 | diff --git a/debian/grub-check-signatures b/debian/grub-check-signatures |
1595 | new file mode 100755 |
1596 | index 0000000..3d41c3c |
1597 | --- /dev/null |
1598 | +++ b/debian/grub-check-signatures |
1599 | @@ -0,0 +1,129 @@ |
1600 | +#!/bin/sh |
1601 | + |
1602 | +set -e |
1603 | + |
1604 | +. /usr/share/debconf/confmodule |
1605 | + |
1606 | +# Check if we are on an EFI system |
1607 | +efivars=/sys/firmware/efi/efivars |
1608 | +secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c |
1609 | +moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23 |
1610 | +tmpdir=$(mktemp -d) |
1611 | + |
1612 | +on_secure_boot() { |
1613 | + # Validate any queued actions before we go try to do them. |
1614 | + local moksbstatert=0 |
1615 | + |
1616 | + if ! [ -d $efivars ]; then |
1617 | + return 1 |
1618 | + fi |
1619 | + |
1620 | + if ! [ -f $efivars/$secureboot_var ] \ |
1621 | + || [ "$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF }')" -ne 1 ] |
1622 | + then |
1623 | + return 1 |
1624 | + fi |
1625 | + |
1626 | + if [ -f /proc/sys/kernel/moksbstate_disabled ]; then |
1627 | + moksbstatert=$(cat /proc/sys/kernel/moksbstate_disabled 2>/dev/null || echo 0) |
1628 | + elif [ -f $efivars/$moksbstatert_var ]; then |
1629 | + # MokSBStateRT set to 1 means validation is disabled |
1630 | + moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \ |
1631 | + awk '{ print $NF; }') |
1632 | + fi |
1633 | + |
1634 | + if [ $moksbstatert -eq 1 ]; then |
1635 | + return 1 |
1636 | + fi |
1637 | + |
1638 | + return 0 |
1639 | +} |
1640 | + |
1641 | +# Retrieve the keys we do trust from PK, DB, KEK, and MokList. |
1642 | +extract_known_keys() { |
1643 | + # Make the Canonical CA cert available for validation too; in case |
1644 | + # MokListRT is empty due to a bug. |
1645 | + cp /usr/share/grub/canonical-uefi-ca.crt $tmpdir |
1646 | + |
1647 | + # Extract known UEFI certs from firmware variables |
1648 | + ( cd $tmpdir; \ |
1649 | + mokutil --export --db >/dev/null 2>/dev/null; \ |
1650 | + mokutil --export --mok >/dev/null 2>/dev/null; ) |
1651 | + find $tmpdir -name "*.der" -exec openssl x509 -inform der -in {} -outform pem -out {}.crt \; |
1652 | +} |
1653 | + |
1654 | +# Check if a given kernel image is signed |
1655 | +is_signed() { |
1656 | + tmp=$(mktemp) |
1657 | + sbattach --detach $tmp $1 >/dev/null 2>/dev/null # that's ugly... |
1658 | + test "$(wc -c < $tmp)" -ge 16 # Just _some_ minimum size |
1659 | + result=$? |
1660 | + if [ $result -eq 0 ]; then |
1661 | + sig_subject=$(openssl pkcs7 -inform der -in $tmp -print_certs | openssl x509 -noout -text | grep Subject: ) |
1662 | + fi |
1663 | + rm $tmp |
1664 | + if [ $result -eq 0 ]; then |
1665 | + for crtfile in $tmpdir/*.crt; do |
1666 | + sbverify --cert $crtfile $1 >/dev/null 2>/dev/null |
1667 | + result=$? |
1668 | + if [ $result -eq 0 ]; then |
1669 | + return $result; |
1670 | + fi |
1671 | + done |
1672 | + echo "$1 is signed, but using an unknown key:" >&2 |
1673 | + echo "$sig_subject" >&2 |
1674 | + else |
1675 | + echo "$1 is unsigned." >&2 |
1676 | + fi |
1677 | + return $result |
1678 | +} |
1679 | + |
1680 | +# Check that our current kernel and every newer one is signed |
1681 | +find_unsigned() { |
1682 | + uname_r="$(uname -r)" |
1683 | + for kernel in $(ls -1 /boot/vmlinuz-* | sort -V -r); do |
1684 | + # no kernels :( |
1685 | + if [ "$kernel" = "/boot/vmlinuz-*" ]; then |
1686 | + break |
1687 | + fi |
1688 | + this_uname_r="$(echo "$kernel" | sed -r 's#^/boot/vmlinuz-(.*)#\1#; s#\.efi\.signed$##')" |
1689 | + if dpkg --compare-versions "$this_uname_r" lt "$uname_r"; then |
1690 | + continue |
1691 | + fi |
1692 | + if [ -e "$kernel.efi.signed" ]; then |
1693 | + continue |
1694 | + fi |
1695 | + if ! is_signed $kernel; then |
1696 | + echo "$this_uname_r" |
1697 | + fi |
1698 | + done |
1699 | +} |
1700 | + |
1701 | +# Only reached from show_warning |
1702 | +error() { |
1703 | + echo "E: Your kernels are not signed with a key known to your firmware. This system will fail to boot in a Secure Boot environment." >&2 |
1704 | + exit 1 |
1705 | +} |
1706 | + |
1707 | +# Either shows a debconf note or prints an error with error() above if |
1708 | +# that fails |
1709 | +show_warning() { |
1710 | + # kernels should be an indented list of one version per line |
1711 | + escaped="$(printf "%s" "$unsigned" | sed "s#^# #" | debconf-escape -e )" |
1712 | + db_capb escape |
1713 | + db_settitle grub2/unsigned_kernels_title || error |
1714 | + db_fset grub2/unsigned_kernels seen 0 || error |
1715 | + db_subst grub2/unsigned_kernels unsigned_versions "$escaped" || error |
1716 | + db_input critical grub2/unsigned_kernels || error |
1717 | + db_go || error |
1718 | + error |
1719 | +} |
1720 | + |
1721 | +if on_secure_boot; then |
1722 | + extract_known_keys |
1723 | + unsigned="$(find_unsigned)" |
1724 | + if [ -n "$unsigned" ]; then |
1725 | + show_warning "$unsigned" |
1726 | + fi |
1727 | + rm -rf "$tmpdir" |
1728 | +fi |
1729 | diff --git a/debian/grub-common.dirs b/debian/grub-common.dirs |
1730 | index 3d70df4..832239c 100644 |
1731 | --- a/debian/grub-common.dirs |
1732 | +++ b/debian/grub-common.dirs |
1733 | @@ -1,2 +1,3 @@ |
1734 | usr/sbin |
1735 | var/lib/grub/ucf |
1736 | +var/lib/grub/esp |
1737 | diff --git a/debian/grub-common.install.in b/debian/grub-common.install.in |
1738 | index 420a61e..6c5c9f0 100644 |
1739 | --- a/debian/grub-common.install.in |
1740 | +++ b/debian/grub-common.install.in |
1741 | @@ -1,6 +1,9 @@ |
1742 | ../../debian/apport/source_grub2.py usr/share/apport/package-hooks/ |
1743 | ../../debian/grub.d etc |
1744 | ../../debian/init-select.cfg etc/default/grub.d |
1745 | +../../debian/grub-check-signatures usr/share/grub/ |
1746 | +../../debian/grub-multi-install usr/lib/grub/ |
1747 | +../../debian/canonical-uefi-ca.crt usr/share/grub/ |
1748 | |
1749 | etc/grub.d |
1750 | usr/bin/grub-editenv |
1751 | @@ -20,6 +23,7 @@ usr/bin/grub-mkstandalone |
1752 | usr/bin/grub-render-label |
1753 | usr/bin/grub-script-check |
1754 | usr/bin/grub-syslinux2cfg |
1755 | +usr/lib/systemd/system/grub-initrd-fallback.service lib/systemd/system |
1756 | usr/sbin/grub-macbless |
1757 | usr/sbin/grub-mkconfig |
1758 | usr/sbin/grub-mkdevicemap |
1759 | diff --git a/debian/grub-common.service b/debian/grub-common.service |
1760 | new file mode 100644 |
1761 | index 0000000..fcf5474 |
1762 | --- /dev/null |
1763 | +++ b/debian/grub-common.service |
1764 | @@ -0,0 +1,15 @@ |
1765 | +[Unit] |
1766 | +Description=Record successful boot for GRUB |
1767 | +After=sleep.target |
1768 | +ConditionPathExists=/boot/grub/grub.cfg |
1769 | + |
1770 | +[Service] |
1771 | +Type=oneshot |
1772 | +Restart=no |
1773 | +ExecStartPre=/bin/sh -c '[ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv; mkdir -p /boot/grub' |
1774 | +ExecStart=grub-editenv /boot/grub/grubenv unset recordfail |
1775 | +ExecStartPost=/bin/sh -c 'if grub-editenv /boot/grub/grubenv list | grep -q initrdless_boot_fallback_triggered=1; then echo "grub: GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered."; fi' |
1776 | +StandardOutput=kmsg |
1777 | + |
1778 | +[Install] |
1779 | +WantedBy=multi-user.target sleep.target |
1780 | diff --git a/debian/grub-common.templates b/debian/grub-common.templates |
1781 | new file mode 100644 |
1782 | index 0000000..c75e5d3 |
1783 | --- /dev/null |
1784 | +++ b/debian/grub-common.templates |
1785 | @@ -0,0 +1,53 @@ |
1786 | +Template: grub-efi/install_devices |
1787 | +Type: multiselect |
1788 | +Choices-C: ${RAW_CHOICES} |
1789 | +Choices: ${CHOICES} |
1790 | +_Description: GRUB EFI system partitions: |
1791 | + The grub-efi package is being upgraded. This menu allows you to select which |
1792 | + EFI system partions you'd like grub-install to be automatically run for, if any. |
1793 | + . |
1794 | + Running grub-install automatically is recommended in most situations, to |
1795 | + prevent the installed GRUB core image from getting out of sync with GRUB |
1796 | + modules or grub.cfg. |
1797 | + |
1798 | +Template: grub-efi/install_devices_disks_changed |
1799 | +Type: multiselect |
1800 | +Choices-C: ${RAW_CHOICES} |
1801 | +Choices: ${CHOICES} |
1802 | +_Description: GRUB install devices: |
1803 | + The GRUB boot loader was previously installed to a disk that is no longer |
1804 | + present, or whose unique identifier has changed for some reason. It is |
1805 | + important to make sure that the installed GRUB core image stays in sync |
1806 | + with GRUB modules and grub.cfg. Please check again to make sure that GRUB |
1807 | + is written to the appropriate boot devices. |
1808 | + |
1809 | +Template: grub-efi/partition_description |
1810 | +Type: text |
1811 | +_Description: ${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL} |
1812 | + |
1813 | +Template: grub-efi/install_devices_failed |
1814 | +Type: boolean |
1815 | +Default: false |
1816 | +#flag:translate!:3 |
1817 | +_Description: Writing GRUB to boot device failed - continue? |
1818 | + GRUB failed to install to the following devices: |
1819 | + . |
1820 | + ${FAILED_DEVICES} |
1821 | + . |
1822 | + Do you want to continue anyway? If you do, your computer may not start up |
1823 | + properly. |
1824 | + |
1825 | +Template: grub-efi/install_devices_empty |
1826 | +Type: boolean |
1827 | +Default: false |
1828 | +_Description: Continue without installing GRUB? |
1829 | + You chose not to install GRUB to any devices. If you continue, the boot |
1830 | + loader may not be properly configured, and when this computer next starts |
1831 | + up it will use whatever was previously configured. If there is an |
1832 | + earlier version of GRUB 2 in the EFI system partition, it may be unable to load |
1833 | + modules or handle the current configuration file. |
1834 | + . |
1835 | + If you are already using a different boot loader and want to carry on |
1836 | + doing so, or if this is a special environment where you do not need a boot |
1837 | + loader, then you should continue anyway. Otherwise, you should install |
1838 | + GRUB somewhere. |
1839 | diff --git a/debian/grub-efi-amd64-bin.maintscript.in b/debian/grub-efi-amd64-bin.maintscript.in |
1840 | new file mode 100644 |
1841 | index 0000000..39184d1 |
1842 | --- /dev/null |
1843 | +++ b/debian/grub-efi-amd64-bin.maintscript.in |
1844 | @@ -0,0 +1 @@ |
1845 | +symlink_to_dir /usr/share/doc/@PACKAGE@ grub-common 2.04-1ubuntu42~ |
1846 | diff --git a/debian/grub-efi-arm64-bin.maintscript.in b/debian/grub-efi-arm64-bin.maintscript.in |
1847 | new file mode 100644 |
1848 | index 0000000..39184d1 |
1849 | --- /dev/null |
1850 | +++ b/debian/grub-efi-arm64-bin.maintscript.in |
1851 | @@ -0,0 +1 @@ |
1852 | +symlink_to_dir /usr/share/doc/@PACKAGE@ grub-common 2.04-1ubuntu42~ |
1853 | diff --git a/debian/grub-multi-install b/debian/grub-multi-install |
1854 | new file mode 100755 |
1855 | index 0000000..bedc700 |
1856 | --- /dev/null |
1857 | +++ b/debian/grub-multi-install |
1858 | @@ -0,0 +1,417 @@ |
1859 | +#!/bin/bash |
1860 | +# |
1861 | +# Install to multiple ESPs |
1862 | + |
1863 | +set -e |
1864 | + |
1865 | +# Most of this is copy-paste from grub postinst, sigh. |
1866 | + |
1867 | +. /usr/share/debconf/confmodule |
1868 | + |
1869 | +# shamelessly stolen from ucf: |
1870 | +# |
1871 | +# Load our templates, just in case our template has |
1872 | +# not been loaded or the Debconf DB lost or corrupted |
1873 | +# since then. |
1874 | +db_x_loadtemplatefile "$(dpkg-query --control-path grub-common templates)" grub-common |
1875 | + |
1876 | +############################################################################### |
1877 | +# COPY FROM POSTINST |
1878 | +############################################################################### |
1879 | +# This only works on a Linux system with udev running. This is probably the |
1880 | +# vast majority of systems where we need any of this, though, and we fall |
1881 | +# back reasonably gracefully if we don't have it. |
1882 | +cached_available_ids= |
1883 | +available_ids() |
1884 | +{ |
1885 | + local id path |
1886 | + |
1887 | + if [ "$cached_available_ids" ]; then |
1888 | + echo "$cached_available_ids" |
1889 | + return |
1890 | + fi |
1891 | + |
1892 | + [ -d /dev/disk/by-id ] || return |
1893 | + cached_available_ids="$( |
1894 | + for path in /dev/disk/by-id/*; do |
1895 | + [ -e "$path" ] || continue |
1896 | + printf '%s %s\n' "$path" "$(readlink -f "$path")" |
1897 | + done | sort -k2 -s -u | cut -d' ' -f1 |
1898 | + )" |
1899 | + echo "$cached_available_ids" |
1900 | +} |
1901 | + |
1902 | +# Returns non-zero and no output if no mapping can be found. |
1903 | +device_to_id() |
1904 | +{ |
1905 | + local id |
1906 | + for id in $(available_ids); do |
1907 | + if [ "$(readlink -f "$id")" = "$(readlink -f "$1")" ]; then |
1908 | + echo "$id" |
1909 | + return 0 |
1910 | + fi |
1911 | + done |
1912 | + # Fall back to the plain device name if there's no by-id link for it. |
1913 | + if [ -e "$1" ]; then |
1914 | + echo "$1" |
1915 | + return 0 |
1916 | + fi |
1917 | + return 1 |
1918 | +} |
1919 | + |
1920 | +# for Linux |
1921 | +sysfs_size() |
1922 | +{ |
1923 | + local num_sectors sector_size size |
1924 | + # Try to find out the size without relying on a partitioning tool being |
1925 | + # installed. This isn't too hard on Linux 2.6 with sysfs, but we have to |
1926 | + # try a couple of variants on detection of the sector size. |
1927 | + if [ -e "$1/size" ]; then |
1928 | + num_sectors="$(cat "$1/size")" |
1929 | + sector_size=512 |
1930 | + if [ -e "$1/queue/logical_block_size" ]; then |
1931 | + sector_size="$(cat "$1/queue/logical_block_size")" |
1932 | + elif [ -e "$1/queue/hw_sector_size" ]; then |
1933 | + sector_size="$(cat "$1/queue/hw_sector_size")" |
1934 | + fi |
1935 | + size="$(expr "$num_sectors" \* "$sector_size" / 1000 / 1000)" |
1936 | + fi |
1937 | + [ "$size" ] || size='???' |
1938 | + echo "$size" |
1939 | +} |
1940 | + |
1941 | +# for kFreeBSD |
1942 | +camcontrol_size() |
1943 | +{ |
1944 | + local num_sectors sector_size size= |
1945 | + |
1946 | + if num_sectors="$(camcontrol readcap "$1" -q -s -N)"; then |
1947 | + sector_size="$(camcontrol readcap "$1" -q -b)" |
1948 | + size="$(expr "$num_sectors" \* "$sector_size" / 1000 / 1000)" |
1949 | + fi |
1950 | + |
1951 | + [ "$size" ] || size='???' |
1952 | + echo "$size" |
1953 | +} |
1954 | + |
1955 | +maybe_udevadm() |
1956 | +{ |
1957 | + if which udevadm >/dev/null 2>&1; then |
1958 | + udevadm "$@" || true |
1959 | + fi |
1960 | +} |
1961 | + |
1962 | +# Parse /proc/mounts and find out the mount for the given device. |
1963 | +# The device must be a real device in /dev, not a symlink to one. |
1964 | +get_mounted_device() |
1965 | +{ |
1966 | + mountpoint="$1" |
1967 | + cat /proc/mounts | while read -r line; do |
1968 | + set -f |
1969 | + set -- $line |
1970 | + set +f |
1971 | + if [ "$2" = "$mountpoint" ]; then |
1972 | + echo "$1" |
1973 | + break |
1974 | + fi |
1975 | + done |
1976 | +} |
1977 | + |
1978 | +############################################################################### |
1979 | +# New or modified helpers |
1980 | +############################################################################### |
1981 | + |
1982 | +# Fixed: Return nothing if the argument is empty |
1983 | +get_mountpoint() |
1984 | +{ |
1985 | + local relpath boot_mountpoint |
1986 | + |
1987 | + if [ -z "$1" ]; then |
1988 | + return |
1989 | + fi |
1990 | + |
1991 | + relpath="$(grub-mkrelpath "$1")" |
1992 | + boot_mountpoint="${1#$relpath}" |
1993 | + echo "${boot_mountpoint:-/}" |
1994 | +} |
1995 | + |
1996 | + |
1997 | +# Returns value in $RET, like a debconf command. |
1998 | +# |
1999 | +# Merged version of describe_disk and describe_partition, as disks can't be |
2000 | +# valid ESPs on their own, so we can't render them as an entry. |
2001 | +describe_efi_system_partition() |
2002 | +{ |
2003 | + local disk part id path sysfs_path diskbase partbase size |
2004 | + local disk_basename disk_size model |
2005 | + disk="$1" |
2006 | + part="$2" |
2007 | + id="$3" |
2008 | + path="$4" |
2009 | + |
2010 | + # BEGIN: Stolen from describe_disk |
2011 | + model= |
2012 | + case $(uname -s) in |
2013 | + Linux) |
2014 | + sysfs_path="$(maybe_udevadm info -n "$disk" -q path)" |
2015 | + if [ -z "$sysfs_path" ]; then |
2016 | + sysfs_path="/block/$(printf %s "${disk#/dev/}" | sed 's,/,!,g')" |
2017 | + fi |
2018 | + disk_size="$(sysfs_size "/sys$sysfs_path")" |
2019 | + |
2020 | + model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^ID_MODEL=//p')" |
2021 | + if [ -z "$model" ]; then |
2022 | + model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^DM_NAME=//p')" |
2023 | + if [ -z "$model" ]; then |
2024 | + model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^MD_NAME=//p')" |
2025 | + if [ -z "$model" ] && which dmsetup >/dev/null 2>&1; then |
2026 | + model="$(dmsetup info -c --noheadings -o name "$disk" 2>/dev/null || true)" |
2027 | + fi |
2028 | + fi |
2029 | + fi |
2030 | + ;; |
2031 | + GNU/kFreeBSD) |
2032 | + disk_basename=$(basename "$disk") |
2033 | + disk_size="$(camcontrol_size "$disk_basename")" |
2034 | + model="$(camcontrol inquiry "$disk_basename" | sed -ne "s/^pass0: <\([^>]*\)>.*/\1/p")" |
2035 | + ;; |
2036 | + esac |
2037 | + |
2038 | + [ "$model" ] || model='???' |
2039 | + |
2040 | + # END: Stolen from describe_disk |
2041 | + |
2042 | + sysfs_path="$(maybe_udevadm info -n "$part" -q path)" |
2043 | + if [ -z "$sysfs_path" ]; then |
2044 | + diskbase="${disk#/dev/}" |
2045 | + diskbase="$(printf %s "$diskbase" | sed 's,/,!,g')" |
2046 | + partbase="${part#/dev/}" |
2047 | + partbase="$(printf %s "$partbase" | sed 's,/,!,g')" |
2048 | + sysfs_path="/block/$diskbase/$partbase" |
2049 | + fi |
2050 | + size="$(sysfs_size "/sys$sysfs_path")" |
2051 | + |
2052 | + db_subst grub-efi/partition_description DEVICE "$part" |
2053 | + db_subst grub-efi/partition_description SIZE "$size" |
2054 | + db_subst grub-efi/partition_description PATH "$path" |
2055 | + db_subst grub-efi/partition_description DISK_MODEL "$model" |
2056 | + db_subst grub-efi/partition_description DISK_SIZE "$disk_size" |
2057 | + db_metaget grub-efi/partition_description description |
2058 | +} |
2059 | + |
2060 | + |
2061 | +# Parse /proc/mounts and find out the mount for the given device. |
2062 | +# The device must be a real device in /dev, not a symlink to one. |
2063 | +find_mount_point() |
2064 | +{ |
2065 | + real_device="$1" |
2066 | + cat /proc/mounts | while read -r line; do |
2067 | + set -f |
2068 | + set -- $line |
2069 | + set +f |
2070 | + if [ "$1" = "$real_device" -a "$3" = "vfat" ]; then |
2071 | + echo "$2" |
2072 | + break |
2073 | + fi |
2074 | + done |
2075 | +} |
2076 | + |
2077 | +# Return all devices that are a valid ESP |
2078 | +usable_efi_system_partitions() |
2079 | +{ |
2080 | + local last_partition path partition partition_id |
2081 | + local ID_PART_ENTRY_TYPE ID_PART_ENTRY_SCHEME |
2082 | + |
2083 | + last_partition= |
2084 | + ( |
2085 | + for partition in /dev/disk/by-id/*; do |
2086 | + eval "$(udevadm info -q property -n "$partition" | grep -E '^ID_PART_ENTRY_(TYPE|SCHEME)=')" |
2087 | + if [ -z "$ID_PART_ENTRY_TYPE" -o -z "$ID_PART_ENTRY_SCHEME" -o \ |
2088 | + \( "$ID_PART_ENTRY_SCHEME" != gpt -a "$ID_PART_ENTRY_SCHEME" != dos \) -o \ |
2089 | + \( "$ID_PART_ENTRY_SCHEME" = gpt -a "$ID_PART_ENTRY_TYPE" != c12a7328-f81f-11d2-ba4b-00a0c93ec93b \) -o \ |
2090 | + \( "$ID_PART_ENTRY_SCHEME" = dos -a "$ID_PART_ENTRY_TYPE" != 0xef \) ]; then |
2091 | + continue |
2092 | + fi |
2093 | + # unify the partition id |
2094 | + partition_id="$(device_to_id "$partition" || true)" |
2095 | + real_device="$(readlink -f "$partition")" |
2096 | + path="$(find_mount_point $real_device)" |
2097 | + echo "$path:$partition_id" |
2098 | + done |
2099 | + ) | sort -t: -k2 -u |
2100 | +} |
2101 | + |
2102 | +############################################################################### |
2103 | +# MAGIC SCRIPT |
2104 | +############################################################################### |
2105 | +FALLBACK_MOUNTPOINT=/var/lib/grub/esp |
2106 | + |
2107 | +# Initial install/upgrade from /boot/efi? |
2108 | +db_fget grub-efi/install_devices seen |
2109 | +seen="$RET" |
2110 | + |
2111 | +# Get configured value |
2112 | +question=grub-efi/install_devices |
2113 | +priority=high |
2114 | +db_get grub-efi/install_devices |
2115 | +valid=1 |
2116 | + |
2117 | +# We either migrate /boot/efi over, or we check if we have invalid devices |
2118 | +if [ -z "$RET" ] && [ "$seen" != "true" ]; then |
2119 | + echo "Trying to migrate /boot/efi into esp config" |
2120 | + esp="$(get_mounted_device /boot/efi)" |
2121 | + if [ "$esp" ]; then |
2122 | + esp="$(device_to_id "$esp")" |
2123 | + fi |
2124 | + if [ "$esp" ]; then |
2125 | + db_set grub-efi/install_devices "$esp" |
2126 | + db_fset grub-efi/install_devices seen true |
2127 | + RET="$esp" |
2128 | + fi |
2129 | +else |
2130 | + for device in $RET; do |
2131 | + if [ ! -e "${device%,}" ]; then |
2132 | + valid=0 |
2133 | + break |
2134 | + fi |
2135 | + done |
2136 | +fi |
2137 | + |
2138 | +# If /boot/efi points to a device that's not in the list, trigger the |
2139 | +# install_devices_disks_changed prompt below, but add the device behind |
2140 | +# /boot/efi to the defaults. |
2141 | +boot_efi_device=$(get_mounted_device /boot/efi || true) |
2142 | +if [ "$boot_efi_device" ]; then |
2143 | + for device in $RET; do |
2144 | + device="${device%,}" |
2145 | + real_device="$(readlink -f "$device" || true)" |
2146 | + if [ "$real_device" = "$boot_efi_device" ]; then |
2147 | + boot_efi_device="" |
2148 | + break |
2149 | + fi |
2150 | + done |
2151 | + |
2152 | + if [ "$boot_efi_device" ]; then |
2153 | + boot_efi_device="$(device_to_id "$boot_efi_device" || true)" |
2154 | + if [ "$RET" ]; then |
2155 | + RET="$RET, $boot_efi_device" |
2156 | + else |
2157 | + RET="$boot_efi_device" |
2158 | + fi |
2159 | + valid=0 |
2160 | + fi |
2161 | +fi |
2162 | + |
2163 | + |
2164 | +if [ "$valid" = 0 ]; then |
2165 | + question=grub-efi/install_devices_disks_changed |
2166 | + priority=critical |
2167 | + db_set "$question" "$RET" |
2168 | + db_fset "$question" seen false |
2169 | + db_fset grub-efi/install_devices_empty seen false |
2170 | +fi |
2171 | + |
2172 | +while :; do |
2173 | + ids= |
2174 | + descriptions= |
2175 | + partitions="$(usable_efi_system_partitions)" |
2176 | + |
2177 | + for partition_pair in $partitions; do |
2178 | + partition_id="${partition_pair#*:}" |
2179 | + device="${partition_id%%-part*}" |
2180 | + ids="${ids:+$ids, }$partition_id" |
2181 | + describe_efi_system_partition "$(readlink -f "$device")" "$(readlink -f "$partition_id")" "$partition_id" "$(get_mountpoint "${partition_pair%%:*}")" |
2182 | + RET="$(printf %s "$RET" | sed 's/,/\\,/g')" |
2183 | + descriptions="${descriptions:+$descriptions, }$RET" |
2184 | + done |
2185 | + |
2186 | + db_subst "$question" RAW_CHOICES "$ids" |
2187 | + db_subst "$question" CHOICES "$descriptions" |
2188 | + db_input "$priority" "$question" || true |
2189 | + db_go |
2190 | + db_get "$question" |
2191 | + |
2192 | + |
2193 | + # Run the installer |
2194 | + failed_devices= |
2195 | + for i in `echo $RET | sed -e 's/, / /g'` ; do |
2196 | + real_device="$(readlink -f "$i")" |
2197 | + mntpoint=$(find_mount_point $real_device) |
2198 | + if [ -z "$mntpoint" ]; then |
2199 | + mntpoint=$FALLBACK_MOUNTPOINT |
2200 | + mount $real_device $mntpoint |
2201 | + fi |
2202 | + echo "Installing grub to $mntpoint." >&2 |
2203 | + if _UBUNTU_ALTERNATIVE_ESPS="$RET" grub-install --efi-directory=$mntpoint "$@" ; then |
2204 | + # We just installed GRUB 2; then also generate grub.cfg. |
2205 | + touch /boot/grub/grub.cfg |
2206 | + else |
2207 | + failed_devices="$failed_devices $real_device" |
2208 | + fi |
2209 | + |
2210 | + if [ "$mntpoint" = "$FALLBACK_MOUNTPOINT" ]; then |
2211 | + umount $mntpoint |
2212 | + fi |
2213 | + done |
2214 | + |
2215 | + if [ "$question" != grub-efi/install_devices ] && [ "$RET" ]; then |
2216 | + # XXX cjwatson 2019-02-26: The description of |
2217 | + # grub-efi/install_devices_disks_changed ought to explain that |
2218 | + # selecting no devices will leave the configuration unchanged |
2219 | + # so that you'll be prompted again next time, but it's a bit |
2220 | + # close to the Debian 10 release to be introducing new |
2221 | + # translatable text. For now, it should be sufficient to |
2222 | + # avoid losing configuration data. |
2223 | + db_set grub-efi/install_devices "$RET" |
2224 | + db_fset grub-efi/install_devices seen true |
2225 | + fi |
2226 | + |
2227 | + if [ "$failed_devices" ]; then |
2228 | + db_subst grub-efi/install_devices_failed FAILED_DEVICES "$failed_devices" |
2229 | + db_fset grub-efi/install_devices_failed seen false |
2230 | + if db_input critical grub-efi/install_devices_failed; then |
2231 | + db_go |
2232 | + db_get grub-efi/install_devices_failed |
2233 | + if [ "$RET" = true ]; then |
2234 | + break |
2235 | + else |
2236 | + db_fset "$question" seen false |
2237 | + db_fset grub-efi/install_devices_failed seen false |
2238 | + continue |
2239 | + fi |
2240 | + else |
2241 | + exit 1 # noninteractive |
2242 | + fi |
2243 | + fi |
2244 | + |
2245 | + db_get "$question" |
2246 | + if [ -z "$RET" ]; then |
2247 | + # Reset the seen flag if the current answer is false, since |
2248 | + # otherwise we'll loop with no indication of why. |
2249 | + db_get grub-efi/install_devices_empty |
2250 | + if [ "$RET" = false ]; then |
2251 | + db_fset grub-efi/install_devices_empty seen false |
2252 | + fi |
2253 | + if db_input critical grub-efi/install_devices_empty; then |
2254 | + db_go |
2255 | + db_get grub-efi/install_devices_empty |
2256 | + if [ "$RET" = true ]; then |
2257 | + break |
2258 | + else |
2259 | + db_fset "$question" seen false |
2260 | + db_fset grub-efi/install_devices_empty seen false |
2261 | + fi |
2262 | + else |
2263 | + # if question was seen we are done |
2264 | + # Otherwise, abort |
2265 | + db_fget grub-efi/install_devices_empty seen |
2266 | + if [ "$RET" = true ]; then |
2267 | + break |
2268 | + else |
2269 | + exit 1 |
2270 | + fi |
2271 | + fi |
2272 | + else |
2273 | + break |
2274 | + fi |
2275 | +done |
2276 | diff --git a/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch b/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch |
2277 | new file mode 100644 |
2278 | index 0000000..ffdb808 |
2279 | --- /dev/null |
2280 | +++ b/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch |
2281 | @@ -0,0 +1,117 @@ |
2282 | +From: Julian Andres Klode <julian.klode@canonical.com> |
2283 | +Date: Thu, 2 Dec 2021 12:25:37 +0100 |
2284 | +Subject: ubuntu: Make the linux command in EFI grub always try EFI handover |
2285 | + |
2286 | +The previous implementation only boots via the EFI handover protocol when |
2287 | +secure boot is enabled. This means that disabling secure boot breaks some |
2288 | +features that depend on the kernel being booted via the EFI handover entry |
2289 | +point, such as retrieval of the TCG event log. |
2290 | + |
2291 | +Update the linux command to always attempt to defer to linuxefi in EFI grub |
2292 | +builds, regardless of whether secure boot is enabled or not. This also allows |
2293 | +a fallback to the non-EFI handover path on kernels that don't support it, but |
2294 | +only if secure boot is disabled. |
2295 | +--- |
2296 | + grub-core/loader/i386/efi/linux.c | 14 +++++++----- |
2297 | + grub-core/loader/i386/linux.c | 47 ++++++++++++++++++++++----------------- |
2298 | + 2 files changed, 35 insertions(+), 26 deletions(-) |
2299 | + |
2300 | +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c |
2301 | +index 6b6aef8..6ab9975 100644 |
2302 | +--- a/grub-core/loader/i386/efi/linux.c |
2303 | ++++ b/grub-core/loader/i386/efi/linux.c |
2304 | +@@ -27,6 +27,7 @@ |
2305 | + #include <grub/lib/cmdline.h> |
2306 | + #include <grub/efi/efi.h> |
2307 | + #include <grub/efi/linux.h> |
2308 | ++#include <grub/efi/sb.h> |
2309 | + |
2310 | + GRUB_MOD_LICENSE ("GPLv3+"); |
2311 | + |
2312 | +@@ -195,12 +196,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
2313 | + goto fail; |
2314 | + } |
2315 | + |
2316 | +- rc = grub_linuxefi_secure_validate (kernel, filelen); |
2317 | +- if (rc < 0) |
2318 | ++ if (grub_efi_get_secureboot() == GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
2319 | + { |
2320 | +- grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), |
2321 | +- argv[0]); |
2322 | +- goto fail; |
2323 | ++ rc = grub_linuxefi_secure_validate (kernel, filelen); |
2324 | ++ if (rc < 0) |
2325 | ++ { |
2326 | ++ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), |
2327 | ++ argv[0]); |
2328 | ++ goto fail; |
2329 | ++ } |
2330 | + } |
2331 | + |
2332 | + params = grub_efi_allocate_pages_max (0x3fffffff, |
2333 | +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c |
2334 | +index 912ebb6..0bb47b0 100644 |
2335 | +--- a/grub-core/loader/i386/linux.c |
2336 | ++++ b/grub-core/loader/i386/linux.c |
2337 | +@@ -664,35 +664,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
2338 | + |
2339 | + #ifdef GRUB_MACHINE_EFI |
2340 | + using_linuxefi = 0; |
2341 | +- if (grub_efi_get_secureboot() == GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
2342 | +- { |
2343 | +- /* linuxefi requires a successful signature check and then hand over |
2344 | +- to the kernel without calling ExitBootServices. */ |
2345 | +- grub_dl_t mod; |
2346 | +- grub_command_t linuxefi_cmd; |
2347 | + |
2348 | +- grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); |
2349 | ++ grub_dl_t mod; |
2350 | ++ grub_command_t linuxefi_cmd; |
2351 | ++ |
2352 | ++ grub_dprintf ("linux", "Trying linuxefi\n"); |
2353 | + |
2354 | +- mod = grub_dl_load ("linuxefi"); |
2355 | +- if (mod) |
2356 | ++ mod = grub_dl_load ("linuxefi"); |
2357 | ++ if (mod) |
2358 | ++ { |
2359 | ++ grub_dl_ref (mod); |
2360 | ++ linuxefi_cmd = grub_command_find ("linuxefi"); |
2361 | ++ initrdefi_cmd = grub_command_find ("initrdefi"); |
2362 | ++ if (linuxefi_cmd && initrdefi_cmd) |
2363 | + { |
2364 | +- grub_dl_ref (mod); |
2365 | +- linuxefi_cmd = grub_command_find ("linuxefi"); |
2366 | +- initrdefi_cmd = grub_command_find ("initrdefi"); |
2367 | +- if (linuxefi_cmd && initrdefi_cmd) |
2368 | ++ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); |
2369 | ++ if (grub_errno == GRUB_ERR_NONE) |
2370 | ++ { |
2371 | ++ grub_dprintf ("linux", "Handing off to linuxefi\n"); |
2372 | ++ using_linuxefi = 1; |
2373 | ++ return GRUB_ERR_NONE; |
2374 | ++ } |
2375 | ++ else if (grub_efi_get_secureboot() == GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
2376 | + { |
2377 | +- (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); |
2378 | +- if (grub_errno == GRUB_ERR_NONE) |
2379 | +- { |
2380 | +- grub_dprintf ("linux", "Handing off to linuxefi\n"); |
2381 | +- using_linuxefi = 1; |
2382 | +- return GRUB_ERR_NONE; |
2383 | +- } |
2384 | +- grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); |
2385 | ++ grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno); |
2386 | + goto fail; |
2387 | + } |
2388 | + } |
2389 | + } |
2390 | ++ |
2391 | ++ if (grub_efi_get_secureboot() == GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
2392 | ++ { |
2393 | ++ grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n"); |
2394 | ++ goto fail; |
2395 | ++ } |
2396 | + #endif |
2397 | + |
2398 | + if (argc == 0) |
2399 | diff --git a/debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch b/debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch |
2400 | new file mode 100644 |
2401 | index 0000000..276706f |
2402 | --- /dev/null |
2403 | +++ b/debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch |
2404 | @@ -0,0 +1,47 @@ |
2405 | +From: Mauricio Faria de Oliveira <mfo@canonical.com> |
2406 | +Date: Fri, 20 Aug 2021 10:15:06 -0300 |
2407 | +Subject: Call hwmatch only on the grub-pc platform |
2408 | + |
2409 | +Call hwmatch only on i386/pc as it is only available there. |
2410 | +This avoids "error: can't find command `hwmatch'." on e.g., x86_64/efi. |
2411 | + |
2412 | +The equivalent behavior is linux_gfx_mode=keep because grub is special: |
2413 | +the `if hwmatch` clause is true on that error and `$match = 0` is true |
2414 | +too, as it is undefined (confirmed in grub shell.) A quick fix for now. |
2415 | + |
2416 | +Before and After: |
2417 | + |
2418 | + grub> hwmatch |
2419 | + error: can't find command `hwmatch'. |
2420 | + |
2421 | + grub> echo $grub_platform |
2422 | + efi |
2423 | + |
2424 | + grub> echo $linux_gfx_mode |
2425 | + keep |
2426 | + |
2427 | +Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com> |
2428 | + |
2429 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1840560 |
2430 | +Bug-Debian: https://bugs.debian.org/990836 |
2431 | +Forwarded: no |
2432 | +Last-Update: 2020-08-20 |
2433 | +--- |
2434 | + util/grub.d/10_linux.in | 4 +++- |
2435 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
2436 | + |
2437 | +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in |
2438 | +index 8f2cf82..6668b21 100644 |
2439 | +--- a/util/grub.d/10_linux.in |
2440 | ++++ b/util/grub.d/10_linux.in |
2441 | +@@ -378,7 +378,9 @@ else |
2442 | + cat << EOF |
2443 | + if [ "\${recordfail}" != 1 ]; then |
2444 | + if [ -e \${prefix}/gfxblacklist.txt ]; then |
2445 | +- if hwmatch \${prefix}/gfxblacklist.txt 3; then |
2446 | ++ if [ \${grub_platform} != pc ]; then |
2447 | ++ set linux_gfx_mode=keep |
2448 | ++ elif hwmatch \${prefix}/gfxblacklist.txt 3; then |
2449 | + if [ \${match} = 0 ]; then |
2450 | + set linux_gfx_mode=keep |
2451 | + else |
2452 | diff --git a/debian/patches/cherrypick-efi-grub_efi_close_protocol.patch b/debian/patches/cherrypick-efi-grub_efi_close_protocol.patch |
2453 | new file mode 100644 |
2454 | index 0000000..898dcc5 |
2455 | --- /dev/null |
2456 | +++ b/debian/patches/cherrypick-efi-grub_efi_close_protocol.patch |
2457 | @@ -0,0 +1,79 @@ |
2458 | +From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
2459 | +Date: Mon, 29 Nov 2021 16:00:29 +0100 |
2460 | +Subject: efi: library function grub_efi_close_protocol() |
2461 | + |
2462 | +Create a library function for CloseProtocol() and use it for the SNP |
2463 | +driver. |
2464 | + |
2465 | +Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
2466 | + |
2467 | +Origin: upstream |
2468 | +--- |
2469 | + grub-core/kern/efi/efi.c | 12 ++++++++++++ |
2470 | + grub-core/net/drivers/efi/efinet.c | 8 ++------ |
2471 | + include/grub/efi/efi.h | 3 +++ |
2472 | + 3 files changed, 17 insertions(+), 6 deletions(-) |
2473 | + |
2474 | +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c |
2475 | +index a3cae1e..69c283d 100644 |
2476 | +--- a/grub-core/kern/efi/efi.c |
2477 | ++++ b/grub-core/kern/efi/efi.c |
2478 | +@@ -117,6 +117,18 @@ grub_efi_open_protocol (grub_efi_handle_t handle, |
2479 | + return interface; |
2480 | + } |
2481 | + |
2482 | ++grub_efi_status_t |
2483 | ++grub_efi_close_protocol (grub_efi_handle_t handle, grub_efi_guid_t *protocol) |
2484 | ++{ |
2485 | ++ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; |
2486 | ++ grub_efi_status_t status; |
2487 | ++ |
2488 | ++ status = efi_call_4 (b->close_protocol, handle, protocol, |
2489 | ++ grub_efi_image_handle, NULL); |
2490 | ++ |
2491 | ++ return status; |
2492 | ++} |
2493 | ++ |
2494 | + int |
2495 | + grub_efi_set_text_mode (int on) |
2496 | + { |
2497 | +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c |
2498 | +index 9273bb7..a5d0539 100644 |
2499 | +--- a/grub-core/net/drivers/efi/efinet.c |
2500 | ++++ b/grub-core/net/drivers/efi/efinet.c |
2501 | +@@ -160,9 +160,7 @@ open_card (struct grub_net_card *dev) |
2502 | + |
2503 | + if (dev->efi_net != NULL) |
2504 | + { |
2505 | +- efi_call_4 (grub_efi_system_table->boot_services->close_protocol, |
2506 | +- dev->efi_handle, &net_io_guid, |
2507 | +- grub_efi_image_handle, NULL); |
2508 | ++ grub_efi_close_protocol (dev->efi_handle, &net_io_guid); |
2509 | + dev->efi_net = NULL; |
2510 | + } |
2511 | + /* |
2512 | +@@ -224,9 +222,7 @@ close_card (struct grub_net_card *dev) |
2513 | + { |
2514 | + efi_call_1 (dev->efi_net->shutdown, dev->efi_net); |
2515 | + efi_call_1 (dev->efi_net->stop, dev->efi_net); |
2516 | +- efi_call_4 (grub_efi_system_table->boot_services->close_protocol, |
2517 | +- dev->efi_handle, &net_io_guid, |
2518 | +- grub_efi_image_handle, 0); |
2519 | ++ grub_efi_close_protocol (dev->efi_handle, &net_io_guid); |
2520 | + } |
2521 | + |
2522 | + static struct grub_net_card_driver efidriver = |
2523 | +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h |
2524 | +index 08f6ee0..58ac621 100644 |
2525 | +--- a/include/grub/efi/efi.h |
2526 | ++++ b/include/grub/efi/efi.h |
2527 | +@@ -35,6 +35,9 @@ EXPORT_FUNC(grub_efi_locate_handle) (grub_efi_locate_search_type_t search_type, |
2528 | + void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle, |
2529 | + grub_efi_guid_t *protocol, |
2530 | + grub_efi_uint32_t attributes); |
2531 | ++grub_efi_status_t |
2532 | ++EXPORT_FUNC(grub_efi_close_protocol) (grub_efi_handle_t handle, |
2533 | ++ grub_efi_guid_t *protocol); |
2534 | + int EXPORT_FUNC(grub_efi_set_text_mode) (int on); |
2535 | + void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds); |
2536 | + void * |
2537 | diff --git a/debian/patches/cherrypick-efinet-correct-closing-snp-protocol.patch b/debian/patches/cherrypick-efinet-correct-closing-snp-protocol.patch |
2538 | new file mode 100644 |
2539 | index 0000000..c5e8bdf |
2540 | --- /dev/null |
2541 | +++ b/debian/patches/cherrypick-efinet-correct-closing-snp-protocol.patch |
2542 | @@ -0,0 +1,106 @@ |
2543 | +From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
2544 | +Date: Mon, 29 Nov 2021 16:00:28 +0100 |
2545 | +Subject: efinet: correct closing of SNP protocol |
2546 | + |
2547 | +In the context of the implementation of the EFI_LOAD_FILE2_PROTOCOL for |
2548 | +the initial ramdisk it was observed that opening the SNP protocol failed. |
2549 | +https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00020.html |
2550 | +This is due to an incorrect call to CloseProtocol(). |
2551 | + |
2552 | +The first parameter of CloseProtocol() is the handle, not the interface. |
2553 | + |
2554 | +We call OpenProtocol() with ControllerHandle = NULL. Hence we must also |
2555 | +call CloseProtcol with ControllerHandel = NULL. |
2556 | + |
2557 | +Each call of OpenProtocol() for the same network card handle is expected to |
2558 | +return the same interface pointer. If we want to close the protocol which |
2559 | +we opened non-exclusively when searching for a card, we have to do this |
2560 | +before opening the protocol exclusively. |
2561 | + |
2562 | +As there is no guarantee that we successfully open the protocol add checks |
2563 | +in the transmit and receive functions. |
2564 | + |
2565 | +Reported-by: Andreas Schwab <schwab@linux-m68k.org> |
2566 | +Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
2567 | + |
2568 | +Origin: upstream |
2569 | +--- |
2570 | + grub-core/net/drivers/efi/efinet.c | 31 ++++++++++++++++++++++--------- |
2571 | + 1 file changed, 22 insertions(+), 9 deletions(-) |
2572 | + |
2573 | +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c |
2574 | +index f189209..9273bb7 100644 |
2575 | +--- a/grub-core/net/drivers/efi/efinet.c |
2576 | ++++ b/grub-core/net/drivers/efi/efinet.c |
2577 | +@@ -43,6 +43,9 @@ send_card_buffer (struct grub_net_card *dev, |
2578 | + grub_uint64_t limit_time = grub_get_time_ms () + 4000; |
2579 | + void *txbuf; |
2580 | + |
2581 | ++ if (net == NULL) |
2582 | ++ return grub_error (GRUB_ERR_IO, |
2583 | ++ N_("network protocol not available, can't send packet")); |
2584 | + if (dev->txbusy) |
2585 | + while (1) |
2586 | + { |
2587 | +@@ -105,6 +108,9 @@ get_card_packet (struct grub_net_card *dev) |
2588 | + struct grub_net_buff *nb; |
2589 | + int i; |
2590 | + |
2591 | ++ if (net == NULL) |
2592 | ++ return NULL; |
2593 | ++ |
2594 | + for (i = 0; i < 2; i++) |
2595 | + { |
2596 | + if (!dev->rcvbuf) |
2597 | +@@ -152,12 +158,20 @@ open_card (struct grub_net_card *dev) |
2598 | + { |
2599 | + grub_efi_simple_network_t *net; |
2600 | + |
2601 | +- /* Try to reopen SNP exlusively to close any active MNP protocol instance |
2602 | +- that may compete for packet polling |
2603 | ++ if (dev->efi_net != NULL) |
2604 | ++ { |
2605 | ++ efi_call_4 (grub_efi_system_table->boot_services->close_protocol, |
2606 | ++ dev->efi_handle, &net_io_guid, |
2607 | ++ grub_efi_image_handle, NULL); |
2608 | ++ dev->efi_net = NULL; |
2609 | ++ } |
2610 | ++ /* |
2611 | ++ * Try to reopen SNP exlusively to close any active MNP protocol instance |
2612 | ++ * that may compete for packet polling |
2613 | + */ |
2614 | + net = grub_efi_open_protocol (dev->efi_handle, &net_io_guid, |
2615 | + GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); |
2616 | +- if (net) |
2617 | ++ if (net != NULL) |
2618 | + { |
2619 | + if (net->mode->state == GRUB_EFI_NETWORK_STOPPED |
2620 | + && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) |
2621 | +@@ -196,13 +210,12 @@ open_card (struct grub_net_card *dev) |
2622 | + efi_call_6 (net->receive_filters, net, filters, 0, 0, 0, NULL); |
2623 | + } |
2624 | + |
2625 | +- efi_call_4 (grub_efi_system_table->boot_services->close_protocol, |
2626 | +- dev->efi_net, &net_io_guid, |
2627 | +- grub_efi_image_handle, dev->efi_handle); |
2628 | + dev->efi_net = net; |
2629 | ++ } else { |
2630 | ++ return grub_error (GRUB_ERR_NET_NO_CARD, "%s: can't open protocol", |
2631 | ++ dev->name); |
2632 | + } |
2633 | + |
2634 | +- /* If it failed we just try to run as best as we can */ |
2635 | + return GRUB_ERR_NONE; |
2636 | + } |
2637 | + |
2638 | +@@ -212,8 +225,8 @@ close_card (struct grub_net_card *dev) |
2639 | + efi_call_1 (dev->efi_net->shutdown, dev->efi_net); |
2640 | + efi_call_1 (dev->efi_net->stop, dev->efi_net); |
2641 | + efi_call_4 (grub_efi_system_table->boot_services->close_protocol, |
2642 | +- dev->efi_net, &net_io_guid, |
2643 | +- grub_efi_image_handle, dev->efi_handle); |
2644 | ++ dev->efi_handle, &net_io_guid, |
2645 | ++ grub_efi_image_handle, 0); |
2646 | + } |
2647 | + |
2648 | + static struct grub_net_card_driver efidriver = |
2649 | diff --git a/debian/patches/efi-variable-storage-minimise-writes.patch b/debian/patches/efi-variable-storage-minimise-writes.patch |
2650 | index 9a39021..4d3d134 100644 |
2651 | --- a/debian/patches/efi-variable-storage-minimise-writes.patch |
2652 | +++ b/debian/patches/efi-variable-storage-minimise-writes.patch |
2653 | @@ -871,10 +871,10 @@ index 135ba48..134b862 100644 |
2654 | grub_install_register_efi (grub_device_t efidir_grub_dev, |
2655 | const char *efifile_path, |
2656 | diff --git a/util/grub-install.c b/util/grub-install.c |
2657 | -index 58f1453..05b6952 100644 |
2658 | +index 3f40163..d482fdc 100644 |
2659 | --- a/util/grub-install.c |
2660 | +++ b/util/grub-install.c |
2661 | -@@ -2086,7 +2086,7 @@ main (int argc, char *argv[]) |
2662 | +@@ -2111,7 +2111,7 @@ main (int argc, char *argv[]) |
2663 | "\\System\\Library\\CoreServices", |
2664 | efi_distributor); |
2665 | if (ret) |
2666 | @@ -883,7 +883,7 @@ index 58f1453..05b6952 100644 |
2667 | strerror (ret)); |
2668 | } |
2669 | |
2670 | -@@ -2203,7 +2203,7 @@ main (int argc, char *argv[]) |
2671 | +@@ -2231,7 +2231,7 @@ main (int argc, char *argv[]) |
2672 | ret = grub_install_register_efi (efidir_grub_dev, |
2673 | efifile_path, efi_distributor); |
2674 | if (ret) |
2675 | diff --git a/debian/patches/fix-lockdown.patch b/debian/patches/fix-lockdown.patch |
2676 | deleted file mode 100644 |
2677 | index 25cfca6..0000000 |
2678 | --- a/debian/patches/fix-lockdown.patch |
2679 | +++ /dev/null |
2680 | @@ -1,44 +0,0 @@ |
2681 | -From: Luca Boccassi <bluca@debian.org> |
2682 | -Date: Tue, 15 May 2018 11:36:46 +0100 |
2683 | -Subject: Do not overwrite sentinel byte in boot_params, breaks lockdown |
2684 | - |
2685 | -grub currently copies the entire boot_params, which includes setting |
2686 | -sentinel byte to 0xff, which triggers sanitize_boot_params in the kernel |
2687 | -which in turn clears various boot_params variables, including the |
2688 | -indication that the bootloader chain is verified and thus the kernel |
2689 | -disables lockdown mode. According to the information on the Fedora bug |
2690 | -tracker, only the information from byte 0x1f1 is necessary, so start |
2691 | -copying from there instead. |
2692 | - |
2693 | -Author: Luca Boccassi <bluca@debian.org> |
2694 | -Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360 |
2695 | -Forwarded: no |
2696 | - |
2697 | -Patch-Name: fix-lockdown.patch |
2698 | ---- |
2699 | - grub-core/loader/i386/efi/linux.c | 5 ++++- |
2700 | - 1 file changed, 4 insertions(+), 1 deletion(-) |
2701 | - |
2702 | -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c |
2703 | -index 45b68c0..532e4e5 100644 |
2704 | ---- a/grub-core/loader/i386/efi/linux.c |
2705 | -+++ b/grub-core/loader/i386/efi/linux.c |
2706 | -@@ -29,6 +29,7 @@ |
2707 | - #include <grub/linux.h> |
2708 | - #include <grub/efi/efi.h> |
2709 | - #include <grub/efi/sb.h> |
2710 | -+#include <stddef.h> |
2711 | - |
2712 | - GRUB_MOD_LICENSE ("GPLv3+"); |
2713 | - |
2714 | -@@ -336,7 +337,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
2715 | - lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; |
2716 | - } |
2717 | - |
2718 | -- grub_memcpy (params, &lh, 2 * 512); |
2719 | -+ /* do not overwrite below boot_params->hdr to avoid setting the sentinel byte */ |
2720 | -+ start = offsetof (struct linux_kernel_params, setup_sects); |
2721 | -+ grub_memcpy ((grub_uint8_t *)params + start, (grub_uint8_t *)&lh + start, 2 * 512 - start); |
2722 | - |
2723 | - params->type_of_loader = 0x21; |
2724 | - |
2725 | diff --git a/debian/patches/gfxpayload-dynamic.patch b/debian/patches/gfxpayload-dynamic.patch |
2726 | index 4ebbdc8..0148257 100644 |
2727 | --- a/debian/patches/gfxpayload-dynamic.patch |
2728 | +++ b/debian/patches/gfxpayload-dynamic.patch |
2729 | @@ -43,7 +43,7 @@ index c42e4c7..947fd52 100644 |
2730 | |
2731 | AC_SUBST([FONT_SOURCE]) |
2732 | diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def |
2733 | -index e5b3d27..2ff2668 100644 |
2734 | +index 715d137..10f839b 100644 |
2735 | --- a/grub-core/Makefile.core.def |
2736 | +++ b/grub-core/Makefile.core.def |
2737 | @@ -964,6 +964,14 @@ module = { |
2738 | diff --git a/debian/patches/grub-install-pvxen-paths.patch b/debian/patches/grub-install-pvxen-paths.patch |
2739 | index 91b8da7..0171c6a 100644 |
2740 | --- a/debian/patches/grub-install-pvxen-paths.patch |
2741 | +++ b/debian/patches/grub-install-pvxen-paths.patch |
2742 | @@ -24,10 +24,10 @@ Patch-Name: grub-install-pvxen-paths.patch |
2743 | 1 file changed, 22 insertions(+), 2 deletions(-) |
2744 | |
2745 | diff --git a/util/grub-install.c b/util/grub-install.c |
2746 | -index d02bd48..2304cc5 100644 |
2747 | +index 4af831f..65277ea 100644 |
2748 | --- a/util/grub-install.c |
2749 | +++ b/util/grub-install.c |
2750 | -@@ -2085,6 +2085,28 @@ main (int argc, char *argv[]) |
2751 | +@@ -2088,6 +2088,28 @@ main (int argc, char *argv[]) |
2752 | } |
2753 | break; |
2754 | |
2755 | @@ -56,7 +56,7 @@ index d02bd48..2304cc5 100644 |
2756 | case GRUB_INSTALL_PLATFORM_MIPSEL_LOONGSON: |
2757 | case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: |
2758 | case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: |
2759 | -@@ -2094,8 +2116,6 @@ main (int argc, char *argv[]) |
2760 | +@@ -2097,8 +2119,6 @@ main (int argc, char *argv[]) |
2761 | case GRUB_INSTALL_PLATFORM_MIPSEL_ARC: |
2762 | case GRUB_INSTALL_PLATFORM_ARM_UBOOT: |
2763 | case GRUB_INSTALL_PLATFORM_I386_QEMU: |
2764 | diff --git a/debian/patches/grub-install-removable-shim.patch b/debian/patches/grub-install-removable-shim.patch |
2765 | deleted file mode 100644 |
2766 | index 337d32d..0000000 |
2767 | --- a/debian/patches/grub-install-removable-shim.patch |
2768 | +++ /dev/null |
2769 | @@ -1,194 +0,0 @@ |
2770 | -From: Steve McIntyre <93sam@debian.org> |
2771 | -Date: Fri, 14 Jun 2019 16:37:11 +0100 |
2772 | -Subject: Deal with --force-extra-removable with signed shim too |
2773 | - |
2774 | -In this case, we need both the signed shim as /EFI/BOOT/BOOTXXX.EFI |
2775 | -and signed Grub as /EFI/BOOT/grubXXX.efi. |
2776 | - |
2777 | -Also install the BOOTXXX.CSV into /EFI/debian, and FBXXX.EFI into |
2778 | -/EFI/BOOT/ so that it can work when needed (*iff* we're updating the |
2779 | -NVRAM). |
2780 | - |
2781 | -[cjwatson: Refactored also_install_removable somewhat for brevity and so |
2782 | -that we're using consistent case-insensitive logic.] |
2783 | - |
2784 | -Bug-Debian: https://bugs.debian.org/930531 |
2785 | -Last-Update: 2021-09-24 |
2786 | - |
2787 | -Patch-Name: grub-install-removable-shim.patch |
2788 | ---- |
2789 | - util/grub-install.c | 83 ++++++++++++++++++++++++++++++++++++++++++----------- |
2790 | - 1 file changed, 66 insertions(+), 17 deletions(-) |
2791 | - |
2792 | -diff --git a/util/grub-install.c b/util/grub-install.c |
2793 | -index 05b6952..43fc27c 100644 |
2794 | ---- a/util/grub-install.c |
2795 | -+++ b/util/grub-install.c |
2796 | -@@ -891,17 +891,13 @@ check_component_exists(const char *dir, |
2797 | - static void |
2798 | - also_install_removable(const char *src, |
2799 | - const char *base_efidir, |
2800 | -- const char *efi_suffix_upper) |
2801 | -+ const char *efi_file, |
2802 | -+ int is_needed) |
2803 | - { |
2804 | -- char *efi_file = NULL; |
2805 | - char *dst = NULL; |
2806 | - char *cur = NULL; |
2807 | - char *found = NULL; |
2808 | - |
2809 | -- if (!efi_suffix_upper) |
2810 | -- grub_util_error ("%s", _("efi_suffix_upper not set")); |
2811 | -- efi_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); |
2812 | -- |
2813 | - /* We need to install in $base_efidir/EFI/BOOT/$efi_file, but we |
2814 | - * need to cope with case-insensitive stuff here. Build the path one |
2815 | - * component at a time, checking for existing matches each time. */ |
2816 | -@@ -935,10 +931,9 @@ also_install_removable(const char *src, |
2817 | - cur = xstrdup (dst); |
2818 | - free (dst); |
2819 | - free (found); |
2820 | -- grub_install_copy_file (src, cur, 1); |
2821 | -+ grub_install_copy_file (src, cur, is_needed); |
2822 | - |
2823 | - free (cur); |
2824 | -- free (efi_file); |
2825 | - } |
2826 | - |
2827 | - int |
2828 | -@@ -2103,11 +2098,14 @@ main (int argc, char *argv[]) |
2829 | - case GRUB_INSTALL_PLATFORM_IA64_EFI: |
2830 | - { |
2831 | - char *dst = grub_util_path_concat (2, efidir, efi_file); |
2832 | -+ char *removable_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); |
2833 | -+ |
2834 | - if (uefi_secure_boot) |
2835 | - { |
2836 | - char *shim_signed = NULL; |
2837 | - char *mok_signed = NULL, *mok_file = NULL; |
2838 | - char *fb_signed = NULL, *fb_file = NULL; |
2839 | -+ char *csv_file = NULL; |
2840 | - char *config_dst; |
2841 | - FILE *config_dst_f; |
2842 | - |
2843 | -@@ -2116,11 +2114,15 @@ main (int argc, char *argv[]) |
2844 | - mok_file = xasprintf ("mm%s.efi", efi_suffix); |
2845 | - fb_signed = xasprintf ("fb%s.efi.signed", efi_suffix); |
2846 | - fb_file = xasprintf ("fb%s.efi", efi_suffix); |
2847 | -+ csv_file = xasprintf ("BOOT%s.CSV", efi_suffix_upper); |
2848 | -+ |
2849 | -+ /* If we have a signed shim binary, install that and all |
2850 | -+ its helpers in the normal vendor path */ |
2851 | - |
2852 | - if (grub_util_is_regular (shim_signed)) |
2853 | - { |
2854 | - char *chained_base, *chained_dst; |
2855 | -- char *mok_src, *mok_dst, *fb_src, *fb_dst; |
2856 | -+ char *mok_src, *mok_dst, *fb_src, *fb_dst, *csv_src, *csv_dst; |
2857 | - if (!removable) |
2858 | - { |
2859 | - free (efi_file); |
2860 | -@@ -2132,8 +2134,6 @@ main (int argc, char *argv[]) |
2861 | - chained_base = xasprintf ("grub%s.efi", efi_suffix); |
2862 | - chained_dst = grub_util_path_concat (2, efidir, chained_base); |
2863 | - grub_install_copy_file (efi_signed, chained_dst, 1); |
2864 | -- free (chained_dst); |
2865 | -- free (chained_base); |
2866 | - |
2867 | - /* Not critical, so not an error if they are not present (as it |
2868 | - won't be for older releases); but if we have them, make |
2869 | -@@ -2144,8 +2144,6 @@ main (int argc, char *argv[]) |
2870 | - mok_file); |
2871 | - grub_install_copy_file (mok_src, |
2872 | - mok_dst, 0); |
2873 | -- free (mok_src); |
2874 | -- free (mok_dst); |
2875 | - |
2876 | - fb_src = grub_util_path_concat (2, "/usr/lib/shim/", |
2877 | - fb_signed); |
2878 | -@@ -2153,30 +2151,81 @@ main (int argc, char *argv[]) |
2879 | - fb_file); |
2880 | - grub_install_copy_file (fb_src, |
2881 | - fb_dst, 0); |
2882 | -+ |
2883 | -+ csv_src = grub_util_path_concat (2, "/usr/lib/shim/", |
2884 | -+ csv_file); |
2885 | -+ csv_dst = grub_util_path_concat (2, efidir, |
2886 | -+ csv_file); |
2887 | -+ grub_install_copy_file (csv_src, |
2888 | -+ csv_dst, 0); |
2889 | -+ |
2890 | -+ /* Install binaries into .../EFI/BOOT too: |
2891 | -+ the shim binary |
2892 | -+ the grub binary |
2893 | -+ the shim fallback binary (not fatal on failure) */ |
2894 | -+ if (force_extra_removable) |
2895 | -+ { |
2896 | -+ grub_util_info ("Secure boot: installing shim and image into rm path"); |
2897 | -+ also_install_removable (shim_signed, base_efidir, removable_file, 1); |
2898 | -+ |
2899 | -+ also_install_removable (efi_signed, base_efidir, chained_base, 1); |
2900 | -+ |
2901 | -+ /* If we're updating the NVRAM, add fallback too - it |
2902 | -+ will re-update the NVRAM later if things break */ |
2903 | -+ if (update_nvram) |
2904 | -+ also_install_removable (fb_src, base_efidir, fb_file, 0); |
2905 | -+ } |
2906 | -+ |
2907 | -+ free (chained_dst); |
2908 | -+ free (chained_base); |
2909 | -+ free (mok_src); |
2910 | -+ free (mok_dst); |
2911 | - free (fb_src); |
2912 | - free (fb_dst); |
2913 | -+ free (csv_src); |
2914 | -+ free (csv_dst); |
2915 | - } |
2916 | - else |
2917 | -- grub_install_copy_file (efi_signed, dst, 1); |
2918 | -+ { |
2919 | -+ /* Tried to install for secure boot, but no signed |
2920 | -+ shim found. Fall back to just installing the signed |
2921 | -+ grub binary */ |
2922 | -+ grub_util_info ("Secure boot (no shim): installing signed grub binary"); |
2923 | -+ grub_install_copy_file (efi_signed, dst, 1); |
2924 | -+ if (force_extra_removable) |
2925 | -+ { |
2926 | -+ grub_util_info ("Secure boot (no shim): installing signed grub binary into rm path"); |
2927 | -+ also_install_removable (efi_signed, base_efidir, removable_file, 1); |
2928 | -+ } |
2929 | -+ } |
2930 | - |
2931 | -+ /* In either case, install our grub.cfg */ |
2932 | - config_dst = grub_util_path_concat (2, efidir, "grub.cfg"); |
2933 | - grub_install_copy_file (load_cfg, config_dst, 1); |
2934 | - config_dst_f = grub_util_fopen (config_dst, "ab"); |
2935 | - fprintf (config_dst_f, "configfile $prefix/grub.cfg\n"); |
2936 | - fclose (config_dst_f); |
2937 | - free (config_dst); |
2938 | -- if (force_extra_removable) |
2939 | -- also_install_removable(efi_signed, base_efidir, efi_suffix_upper); |
2940 | -+ |
2941 | -+ free (csv_file); |
2942 | -+ free (fb_file); |
2943 | -+ free (fb_signed); |
2944 | -+ free (mok_file); |
2945 | -+ free (mok_signed); |
2946 | -+ free (shim_signed); |
2947 | - } |
2948 | - else |
2949 | - { |
2950 | -+ /* No secure boot - just install our newly-generated image */ |
2951 | -+ grub_util_info ("No Secure Boot: installing core image"); |
2952 | - grub_install_copy_file (imgfile, dst, 1); |
2953 | - if (force_extra_removable) |
2954 | -- also_install_removable(imgfile, base_efidir, efi_suffix_upper); |
2955 | -+ also_install_removable (imgfile, base_efidir, removable_file, 1); |
2956 | - } |
2957 | - |
2958 | - grub_set_install_backup_ponr (); |
2959 | - |
2960 | -+ free (removable_file); |
2961 | - free (dst); |
2962 | - } |
2963 | - if (!removable && update_nvram) |
2964 | diff --git a/debian/patches/install-efi-adjust-distributor.patch b/debian/patches/install-efi-adjust-distributor.patch |
2965 | index 7f1e9c8..4804919 100644 |
2966 | --- a/debian/patches/install-efi-adjust-distributor.patch |
2967 | +++ b/debian/patches/install-efi-adjust-distributor.patch |
2968 | @@ -17,7 +17,7 @@ Patch-Name: install-efi-adjust-distributor.patch |
2969 | 1 file changed, 4 insertions(+) |
2970 | |
2971 | diff --git a/util/grub-install.c b/util/grub-install.c |
2972 | -index f49c78d..48c8c03 100644 |
2973 | +index 5ddd028..3a06718 100644 |
2974 | --- a/util/grub-install.c |
2975 | +++ b/util/grub-install.c |
2976 | @@ -1123,6 +1123,10 @@ main (int argc, char *argv[]) |
2977 | diff --git a/debian/patches/install-powerpc-machtypes.patch b/debian/patches/install-powerpc-machtypes.patch |
2978 | index 0a976d0..6681371 100644 |
2979 | --- a/debian/patches/install-powerpc-machtypes.patch |
2980 | +++ b/debian/patches/install-powerpc-machtypes.patch |
2981 | @@ -195,7 +195,7 @@ index 7df3191..135ba48 100644 |
2982 | grub_install_register_efi (grub_device_t efidir_grub_dev, |
2983 | const char *efifile_path, |
2984 | diff --git a/util/grub-install.c b/util/grub-install.c |
2985 | -index 48c8c03..d02bd48 100644 |
2986 | +index 3a06718..4af831f 100644 |
2987 | --- a/util/grub-install.c |
2988 | +++ b/util/grub-install.c |
2989 | @@ -1187,7 +1187,18 @@ main (int argc, char *argv[]) |
2990 | diff --git a/debian/patches/linuxefi.patch b/debian/patches/linuxefi.patch |
2991 | deleted file mode 100644 |
2992 | index 6c656e7..0000000 |
2993 | --- a/debian/patches/linuxefi.patch |
2994 | +++ /dev/null |
2995 | @@ -1,551 +0,0 @@ |
2996 | -From: Matthew Garrett <mjg@redhat.com> |
2997 | -Date: Mon, 13 Jan 2014 12:13:15 +0000 |
2998 | -Subject: Add "linuxefi" loader which avoids ExitBootServices |
2999 | - |
3000 | -Origin: vendor, http://pkgs.fedoraproject.org/cgit/grub2.git/tree/grub2-linuxefi.patch |
3001 | -Author: Colin Watson <cjwatson@ubuntu.com> |
3002 | -Author: Steve Langasek <steve.langasek@canonical.com> |
3003 | -Author: Linn Crosetto <linn@hpe.com> |
3004 | -Forwarded: no |
3005 | -Last-Update: 2021-09-24 |
3006 | - |
3007 | -Patch-Name: linuxefi.patch |
3008 | ---- |
3009 | - grub-core/Makefile.core.def | 7 + |
3010 | - grub-core/kern/efi/mm.c | 32 ++++ |
3011 | - grub-core/loader/i386/efi/linux.c | 383 ++++++++++++++++++++++++++++++++++++++ |
3012 | - grub-core/loader/i386/linux.c | 41 ++++ |
3013 | - include/grub/efi/efi.h | 3 + |
3014 | - 5 files changed, 466 insertions(+) |
3015 | - create mode 100644 grub-core/loader/i386/efi/linux.c |
3016 | - |
3017 | -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def |
3018 | -index 8022e1c..e5b3d27 100644 |
3019 | ---- a/grub-core/Makefile.core.def |
3020 | -+++ b/grub-core/Makefile.core.def |
3021 | -@@ -1874,6 +1874,13 @@ module = { |
3022 | - enable = x86_64_efi; |
3023 | - }; |
3024 | - |
3025 | -+module = { |
3026 | -+ name = linuxefi; |
3027 | -+ efi = loader/i386/efi/linux.c; |
3028 | -+ enable = i386_efi; |
3029 | -+ enable = x86_64_efi; |
3030 | -+}; |
3031 | -+ |
3032 | - module = { |
3033 | - name = chain; |
3034 | - efi = loader/efi/chainloader.c; |
3035 | -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c |
3036 | -index 9838fb2..f6aef0e 100644 |
3037 | ---- a/grub-core/kern/efi/mm.c |
3038 | -+++ b/grub-core/kern/efi/mm.c |
3039 | -@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, |
3040 | - } |
3041 | - } |
3042 | - |
3043 | -+/* Allocate pages below a specified address */ |
3044 | -+void * |
3045 | -+grub_efi_allocate_pages_max (grub_efi_physical_address_t max, |
3046 | -+ grub_efi_uintn_t pages) |
3047 | -+{ |
3048 | -+ grub_efi_status_t status; |
3049 | -+ grub_efi_boot_services_t *b; |
3050 | -+ grub_efi_physical_address_t address = max; |
3051 | -+ |
3052 | -+ if (max > 0xffffffff) |
3053 | -+ return 0; |
3054 | -+ |
3055 | -+ b = grub_efi_system_table->boot_services; |
3056 | -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); |
3057 | -+ |
3058 | -+ if (status != GRUB_EFI_SUCCESS) |
3059 | -+ return 0; |
3060 | -+ |
3061 | -+ if (address == 0) |
3062 | -+ { |
3063 | -+ /* Uggh, the address 0 was allocated... This is too annoying, |
3064 | -+ so reallocate another one. */ |
3065 | -+ address = max; |
3066 | -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); |
3067 | -+ grub_efi_free_pages (0, pages); |
3068 | -+ if (status != GRUB_EFI_SUCCESS) |
3069 | -+ return 0; |
3070 | -+ } |
3071 | -+ |
3072 | -+ return (void *) ((grub_addr_t) address); |
3073 | -+} |
3074 | -+ |
3075 | - /* Allocate pages. Return the pointer to the first of allocated pages. */ |
3076 | - void * |
3077 | - grub_efi_allocate_pages_real (grub_efi_physical_address_t address, |
3078 | -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c |
3079 | -new file mode 100644 |
3080 | -index 0000000..45b68c0 |
3081 | ---- /dev/null |
3082 | -+++ b/grub-core/loader/i386/efi/linux.c |
3083 | -@@ -0,0 +1,383 @@ |
3084 | -+/* |
3085 | -+ * GRUB -- GRand Unified Bootloader |
3086 | -+ * Copyright (C) 2012 Free Software Foundation, Inc. |
3087 | -+ * |
3088 | -+ * GRUB is free software: you can redistribute it and/or modify |
3089 | -+ * it under the terms of the GNU General Public License as published by |
3090 | -+ * the Free Software Foundation, either version 3 of the License, or |
3091 | -+ * (at your option) any later version. |
3092 | -+ * |
3093 | -+ * GRUB is distributed in the hope that it will be useful, |
3094 | -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
3095 | -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3096 | -+ * GNU General Public License for more details. |
3097 | -+ * |
3098 | -+ * You should have received a copy of the GNU General Public License |
3099 | -+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>. |
3100 | -+ */ |
3101 | -+ |
3102 | -+#include <grub/loader.h> |
3103 | -+#include <grub/file.h> |
3104 | -+#include <grub/err.h> |
3105 | -+#include <grub/misc.h> |
3106 | -+#include <grub/types.h> |
3107 | -+#include <grub/mm.h> |
3108 | -+#include <grub/cpu/linux.h> |
3109 | -+#include <grub/command.h> |
3110 | -+#include <grub/i18n.h> |
3111 | -+#include <grub/lib/cmdline.h> |
3112 | -+#include <grub/linux.h> |
3113 | -+#include <grub/efi/efi.h> |
3114 | -+#include <grub/efi/sb.h> |
3115 | -+ |
3116 | -+GRUB_MOD_LICENSE ("GPLv3+"); |
3117 | -+ |
3118 | -+static grub_dl_t my_mod; |
3119 | -+static int loaded; |
3120 | -+static void *kernel_mem; |
3121 | -+static grub_uint64_t kernel_size; |
3122 | -+static grub_uint8_t *initrd_mem; |
3123 | -+static grub_uint32_t handover_offset; |
3124 | -+struct linux_kernel_params *params; |
3125 | -+static char *linux_cmdline; |
3126 | -+ |
3127 | -+#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) |
3128 | -+ |
3129 | -+#define SHIM_LOCK_GUID \ |
3130 | -+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } |
3131 | -+ |
3132 | -+struct grub_efi_shim_lock |
3133 | -+{ |
3134 | -+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); |
3135 | -+}; |
3136 | -+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; |
3137 | -+ |
3138 | -+static grub_efi_boolean_t |
3139 | -+grub_linuxefi_secure_validate (void *data, grub_uint32_t size) |
3140 | -+{ |
3141 | -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; |
3142 | -+ grub_efi_shim_lock_t *shim_lock; |
3143 | -+ grub_efi_status_t status; |
3144 | -+ |
3145 | -+ if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
3146 | -+ { |
3147 | -+ grub_dprintf ("linuxefi", "secure boot not enabled, not validating"); |
3148 | -+ return 1; |
3149 | -+ } |
3150 | -+ |
3151 | -+ grub_dprintf ("linuxefi", "Locating shim protocol\n"); |
3152 | -+ shim_lock = grub_efi_locate_protocol(&guid, NULL); |
3153 | -+ |
3154 | -+ if (!shim_lock) |
3155 | -+ { |
3156 | -+ grub_dprintf ("linuxefi", "shim not available\n"); |
3157 | -+ return 0; |
3158 | -+ } |
3159 | -+ |
3160 | -+ grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n"); |
3161 | -+ status = shim_lock->verify(data, size); |
3162 | -+ if (status == GRUB_EFI_SUCCESS) |
3163 | -+ { |
3164 | -+ grub_dprintf ("linuxefi", "Kernel signature verification passed\n"); |
3165 | -+ return 1; |
3166 | -+ } |
3167 | -+ |
3168 | -+ grub_dprintf ("linuxefi", "Kernel signature verification failed (0x%lx)\n", |
3169 | -+ (unsigned long) status); |
3170 | -+ return 0; |
3171 | -+} |
3172 | -+ |
3173 | -+typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *); |
3174 | -+ |
3175 | -+static grub_err_t |
3176 | -+grub_linuxefi_boot (void) |
3177 | -+{ |
3178 | -+ handover_func hf; |
3179 | -+ int offset = 0; |
3180 | -+ |
3181 | -+#ifdef __x86_64__ |
3182 | -+ offset = 512; |
3183 | -+#endif |
3184 | -+ |
3185 | -+ hf = (handover_func)((char *)kernel_mem + handover_offset + offset); |
3186 | -+ |
3187 | -+ asm volatile ("cli"); |
3188 | -+ |
3189 | -+ hf (grub_efi_image_handle, grub_efi_system_table, params); |
3190 | -+ |
3191 | -+ /* Not reached */ |
3192 | -+ return GRUB_ERR_NONE; |
3193 | -+} |
3194 | -+ |
3195 | -+static grub_err_t |
3196 | -+grub_linuxefi_unload (void) |
3197 | -+{ |
3198 | -+ grub_dl_unref (my_mod); |
3199 | -+ loaded = 0; |
3200 | -+ if (initrd_mem) |
3201 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(params->ramdisk_size)); |
3202 | -+ if (linux_cmdline) |
3203 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)linux_cmdline, BYTES_TO_PAGES(params->cmdline_size + 1)); |
3204 | -+ if (kernel_mem) |
3205 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); |
3206 | -+ if (params) |
3207 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)params, BYTES_TO_PAGES(16384)); |
3208 | -+ return GRUB_ERR_NONE; |
3209 | -+} |
3210 | -+ |
3211 | -+static grub_err_t |
3212 | -+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), |
3213 | -+ int argc, char *argv[]) |
3214 | -+{ |
3215 | -+ grub_size_t size = 0; |
3216 | -+ struct grub_linux_initrd_context initrd_ctx; |
3217 | -+ |
3218 | -+ if (argc == 0) |
3219 | -+ { |
3220 | -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); |
3221 | -+ goto fail; |
3222 | -+ } |
3223 | -+ |
3224 | -+ if (!loaded) |
3225 | -+ { |
3226 | -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); |
3227 | -+ goto fail; |
3228 | -+ } |
3229 | -+ |
3230 | -+ if (grub_initrd_init (argc, argv, &initrd_ctx)) |
3231 | -+ goto fail; |
3232 | -+ |
3233 | -+ size = grub_get_initrd_size (&initrd_ctx); |
3234 | -+ |
3235 | -+ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); |
3236 | -+ |
3237 | -+ if (!initrd_mem) |
3238 | -+ { |
3239 | -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); |
3240 | -+ goto fail; |
3241 | -+ } |
3242 | -+ |
3243 | -+ grub_dprintf ("linuxefi", "initrd_mem = %lx\n", (unsigned long) initrd_mem); |
3244 | -+ |
3245 | -+ params->ramdisk_size = size; |
3246 | -+ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; |
3247 | -+ |
3248 | -+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem)) |
3249 | -+ goto fail; |
3250 | -+ |
3251 | -+ params->ramdisk_size = size; |
3252 | -+ |
3253 | -+ fail: |
3254 | -+ grub_initrd_close (&initrd_ctx); |
3255 | -+ |
3256 | -+ if (initrd_mem && grub_errno) |
3257 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(size)); |
3258 | -+ |
3259 | -+ return grub_errno; |
3260 | -+} |
3261 | -+ |
3262 | -+static grub_err_t |
3263 | -+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
3264 | -+ int argc, char *argv[]) |
3265 | -+{ |
3266 | -+ grub_file_t file = 0; |
3267 | -+ struct linux_i386_kernel_header lh; |
3268 | -+ grub_ssize_t len, start, filelen; |
3269 | -+ void *kernel; |
3270 | -+ |
3271 | -+ grub_dl_ref (my_mod); |
3272 | -+ |
3273 | -+ if (argc == 0) |
3274 | -+ { |
3275 | -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); |
3276 | -+ goto fail; |
3277 | -+ } |
3278 | -+ |
3279 | -+ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); |
3280 | -+ if (! file) |
3281 | -+ goto fail; |
3282 | -+ |
3283 | -+ filelen = grub_file_size (file); |
3284 | -+ |
3285 | -+ kernel = grub_malloc(filelen); |
3286 | -+ |
3287 | -+ if (!kernel) |
3288 | -+ { |
3289 | -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); |
3290 | -+ goto fail; |
3291 | -+ } |
3292 | -+ |
3293 | -+ if (grub_file_read (file, kernel, filelen) != filelen) |
3294 | -+ { |
3295 | -+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); |
3296 | -+ goto fail; |
3297 | -+ } |
3298 | -+ |
3299 | -+ if (! grub_linuxefi_secure_validate (kernel, filelen)) |
3300 | -+ { |
3301 | -+ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); |
3302 | -+ grub_free (kernel); |
3303 | -+ goto fail; |
3304 | -+ } |
3305 | -+ |
3306 | -+ grub_file_seek (file, 0); |
3307 | -+ |
3308 | -+ grub_free(kernel); |
3309 | -+ |
3310 | -+ params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); |
3311 | -+ |
3312 | -+ if (! params) |
3313 | -+ { |
3314 | -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); |
3315 | -+ goto fail; |
3316 | -+ } |
3317 | -+ |
3318 | -+ grub_dprintf ("linuxefi", "params = %lx\n", (unsigned long) params); |
3319 | -+ |
3320 | -+ grub_memset (params, 0, 16384); |
3321 | -+ |
3322 | -+ if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) |
3323 | -+ { |
3324 | -+ if (!grub_errno) |
3325 | -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), |
3326 | -+ argv[0]); |
3327 | -+ goto fail; |
3328 | -+ } |
3329 | -+ |
3330 | -+ if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) |
3331 | -+ { |
3332 | -+ grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); |
3333 | -+ goto fail; |
3334 | -+ } |
3335 | -+ |
3336 | -+ if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) |
3337 | -+ { |
3338 | -+ grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); |
3339 | -+ goto fail; |
3340 | -+ } |
3341 | -+ |
3342 | -+ if (lh.version < grub_cpu_to_le16 (0x020b)) |
3343 | -+ { |
3344 | -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); |
3345 | -+ goto fail; |
3346 | -+ } |
3347 | -+ |
3348 | -+ if (!lh.handover_offset) |
3349 | -+ { |
3350 | -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); |
3351 | -+ goto fail; |
3352 | -+ } |
3353 | -+ |
3354 | -+ linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, |
3355 | -+ BYTES_TO_PAGES(lh.cmdline_size + 1)); |
3356 | -+ |
3357 | -+ if (!linux_cmdline) |
3358 | -+ { |
3359 | -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); |
3360 | -+ goto fail; |
3361 | -+ } |
3362 | -+ |
3363 | -+ grub_dprintf ("linuxefi", "linux_cmdline = %lx\n", |
3364 | -+ (unsigned long) linux_cmdline); |
3365 | -+ |
3366 | -+ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); |
3367 | -+ { |
3368 | -+ grub_err_t err; |
3369 | -+ err = grub_create_loader_cmdline (argc, argv, |
3370 | -+ linux_cmdline |
3371 | -+ + sizeof (LINUX_IMAGE) - 1, |
3372 | -+ lh.cmdline_size |
3373 | -+ - (sizeof (LINUX_IMAGE) - 1), |
3374 | -+ GRUB_VERIFY_KERNEL_CMDLINE); |
3375 | -+ if (err) |
3376 | -+ goto fail; |
3377 | -+ } |
3378 | -+ |
3379 | -+ lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; |
3380 | -+ |
3381 | -+ handover_offset = lh.handover_offset; |
3382 | -+ |
3383 | -+ start = (lh.setup_sects + 1) * 512; |
3384 | -+ len = grub_file_size(file) - start; |
3385 | -+ |
3386 | -+ kernel_mem = grub_efi_allocate_fixed(lh.pref_address, |
3387 | -+ BYTES_TO_PAGES(lh.init_size)); |
3388 | -+ |
3389 | -+ if (!kernel_mem) |
3390 | -+ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, |
3391 | -+ BYTES_TO_PAGES(lh.init_size)); |
3392 | -+ |
3393 | -+ if (!kernel_mem) |
3394 | -+ { |
3395 | -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); |
3396 | -+ goto fail; |
3397 | -+ } |
3398 | -+ grub_errno = GRUB_ERR_NONE; |
3399 | -+ |
3400 | -+ grub_dprintf ("linuxefi", "kernel_mem = %lx\n", (unsigned long) kernel_mem); |
3401 | -+ |
3402 | -+ if (grub_file_seek (file, start) == (grub_off_t) -1) |
3403 | -+ { |
3404 | -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), |
3405 | -+ argv[0]); |
3406 | -+ goto fail; |
3407 | -+ } |
3408 | -+ |
3409 | -+ if (grub_file_read (file, kernel_mem, len) != len && !grub_errno) |
3410 | -+ { |
3411 | -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), |
3412 | -+ argv[0]); |
3413 | -+ } |
3414 | -+ |
3415 | -+ if (grub_errno == GRUB_ERR_NONE) |
3416 | -+ { |
3417 | -+ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); |
3418 | -+ loaded = 1; |
3419 | -+ lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; |
3420 | -+ } |
3421 | -+ |
3422 | -+ grub_memcpy (params, &lh, 2 * 512); |
3423 | -+ |
3424 | -+ params->type_of_loader = 0x21; |
3425 | -+ |
3426 | -+ fail: |
3427 | -+ |
3428 | -+ if (file) |
3429 | -+ grub_file_close (file); |
3430 | -+ |
3431 | -+ if (grub_errno != GRUB_ERR_NONE) |
3432 | -+ { |
3433 | -+ grub_dl_unref (my_mod); |
3434 | -+ loaded = 0; |
3435 | -+ } |
3436 | -+ |
3437 | -+ if (linux_cmdline && !loaded) |
3438 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)linux_cmdline, BYTES_TO_PAGES(lh.cmdline_size + 1)); |
3439 | -+ |
3440 | -+ if (kernel_mem && !loaded) |
3441 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); |
3442 | -+ |
3443 | -+ if (params && !loaded) |
3444 | -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)params, BYTES_TO_PAGES(16384)); |
3445 | -+ |
3446 | -+ return grub_errno; |
3447 | -+} |
3448 | -+ |
3449 | -+static grub_command_t cmd_linux, cmd_initrd; |
3450 | -+ |
3451 | -+GRUB_MOD_INIT(linuxefi) |
3452 | -+{ |
3453 | -+ cmd_linux = |
3454 | -+ grub_register_command ("linuxefi", grub_cmd_linux, |
3455 | -+ 0, N_("Load Linux.")); |
3456 | -+ cmd_initrd = |
3457 | -+ grub_register_command ("initrdefi", grub_cmd_initrd, |
3458 | -+ 0, N_("Load initrd.")); |
3459 | -+ my_mod = mod; |
3460 | -+} |
3461 | -+ |
3462 | -+GRUB_MOD_FINI(linuxefi) |
3463 | -+{ |
3464 | -+ grub_unregister_command (cmd_linux); |
3465 | -+ grub_unregister_command (cmd_initrd); |
3466 | -+} |
3467 | -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c |
3468 | -index 9f74a96..be37a16 100644 |
3469 | ---- a/grub-core/loader/i386/linux.c |
3470 | -+++ b/grub-core/loader/i386/linux.c |
3471 | -@@ -78,6 +78,8 @@ static grub_size_t maximal_cmdline_size; |
3472 | - static struct linux_kernel_params linux_params; |
3473 | - static char *linux_cmdline; |
3474 | - #ifdef GRUB_MACHINE_EFI |
3475 | -+static int using_linuxefi; |
3476 | -+static grub_command_t initrdefi_cmd; |
3477 | - static grub_efi_uintn_t efi_mmap_size; |
3478 | - #else |
3479 | - static const grub_size_t efi_mmap_size = 0; |
3480 | -@@ -659,6 +661,39 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
3481 | - |
3482 | - grub_dl_ref (my_mod); |
3483 | - |
3484 | -+#ifdef GRUB_MACHINE_EFI |
3485 | -+ using_linuxefi = 0; |
3486 | -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
3487 | -+ { |
3488 | -+ /* linuxefi requires a successful signature check and then hand over |
3489 | -+ to the kernel without calling ExitBootServices. */ |
3490 | -+ grub_dl_t mod; |
3491 | -+ grub_command_t linuxefi_cmd; |
3492 | -+ |
3493 | -+ grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); |
3494 | -+ |
3495 | -+ mod = grub_dl_load ("linuxefi"); |
3496 | -+ if (mod) |
3497 | -+ { |
3498 | -+ grub_dl_ref (mod); |
3499 | -+ linuxefi_cmd = grub_command_find ("linuxefi"); |
3500 | -+ initrdefi_cmd = grub_command_find ("initrdefi"); |
3501 | -+ if (linuxefi_cmd && initrdefi_cmd) |
3502 | -+ { |
3503 | -+ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); |
3504 | -+ if (grub_errno == GRUB_ERR_NONE) |
3505 | -+ { |
3506 | -+ grub_dprintf ("linux", "Handing off to linuxefi\n"); |
3507 | -+ using_linuxefi = 1; |
3508 | -+ return GRUB_ERR_NONE; |
3509 | -+ } |
3510 | -+ grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); |
3511 | -+ goto fail; |
3512 | -+ } |
3513 | -+ } |
3514 | -+ } |
3515 | -+#endif |
3516 | -+ |
3517 | - if (argc == 0) |
3518 | - { |
3519 | - grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); |
3520 | -@@ -1042,6 +1077,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), |
3521 | - grub_err_t err; |
3522 | - struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 }; |
3523 | - |
3524 | -+#ifdef GRUB_MACHINE_EFI |
3525 | -+ /* If we're using linuxefi, just forward to initrdefi. */ |
3526 | -+ if (using_linuxefi && initrdefi_cmd) |
3527 | -+ return (initrdefi_cmd->func) (initrdefi_cmd, argc, argv); |
3528 | -+#endif |
3529 | -+ |
3530 | - if (argc == 0) |
3531 | - { |
3532 | - grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); |
3533 | -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h |
3534 | -index 83d958f..08f6ee0 100644 |
3535 | ---- a/include/grub/efi/efi.h |
3536 | -+++ b/include/grub/efi/efi.h |
3537 | -@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, |
3538 | - grub_efi_uintn_t pages); |
3539 | - void * |
3540 | - EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); |
3541 | -+void * |
3542 | -+EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, |
3543 | -+ grub_efi_uintn_t pages); |
3544 | - void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, |
3545 | - grub_efi_uintn_t pages); |
3546 | - grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); |
3547 | diff --git a/debian/patches/no-insmod-on-sb.patch b/debian/patches/no-insmod-on-sb.patch |
3548 | new file mode 100644 |
3549 | index 0000000..4b1856d |
3550 | --- /dev/null |
3551 | +++ b/debian/patches/no-insmod-on-sb.patch |
3552 | @@ -0,0 +1,45 @@ |
3553 | +From: Matthew Garrett <mjg@redhat.com> |
3554 | +Date: Mon, 13 Jan 2014 12:13:09 +0000 |
3555 | +Subject: Don't permit loading modules on UEFI secure boot |
3556 | + |
3557 | +Author: Colin Watson <cjwatson@ubuntu.com> |
3558 | +Origin: vendor, http://pkgs.fedoraproject.org/cgit/grub2.git/tree/grub-2.00-no-insmod-on-sb.patch |
3559 | +Forwarded: no |
3560 | +Last-Update: 2013-12-25 |
3561 | + |
3562 | +Patch-Name: no-insmod-on-sb.patch |
3563 | +--- |
3564 | + grub-core/kern/dl.c | 13 +++++++++++++ |
3565 | + 1 file changed, 13 insertions(+) |
3566 | + |
3567 | +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c |
3568 | +index 48f8a79..51a800a 100644 |
3569 | +--- a/grub-core/kern/dl.c |
3570 | ++++ b/grub-core/kern/dl.c |
3571 | +@@ -38,6 +38,10 @@ |
3572 | + #define GRUB_MODULES_MACHINE_READONLY |
3573 | + #endif |
3574 | + |
3575 | ++#ifdef GRUB_MACHINE_EFI |
3576 | ++#include <grub/efi/efi.h> |
3577 | ++#endif |
3578 | ++ |
3579 | + |
3580 | |
3581 | + |
3582 | + #pragma GCC diagnostic ignored "-Wcast-align" |
3583 | +@@ -695,6 +699,15 @@ grub_dl_load_file (const char *filename) |
3584 | + void *core = 0; |
3585 | + grub_dl_t mod = 0; |
3586 | + |
3587 | ++#ifdef GRUB_MACHINE_EFI |
3588 | ++ if (grub_efi_get_secureboot() == GRUB_EFI_SECUREBOOT_MODE_ENABLED) |
3589 | ++ { |
3590 | ++ grub_error (GRUB_ERR_ACCESS_DENIED, |
3591 | ++ "Secure Boot forbids loading module from %s", filename); |
3592 | ++ return 0; |
3593 | ++ } |
3594 | ++#endif |
3595 | ++ |
3596 | + grub_boot_time ("Loading module %s", filename); |
3597 | + |
3598 | + file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); |
3599 | diff --git a/debian/patches/pc-verifiers-module.patch b/debian/patches/pc-verifiers-module.patch |
3600 | index 22a8e7e..089e9e9 100644 |
3601 | --- a/debian/patches/pc-verifiers-module.patch |
3602 | +++ b/debian/patches/pc-verifiers-module.patch |
3603 | @@ -52,7 +52,7 @@ index ee88e44..b6872d2 100644 |
3604 | KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h |
3605 | KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h |
3606 | diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def |
3607 | -index 2ff2668..da32698 100644 |
3608 | +index 10f839b..f953817 100644 |
3609 | --- a/grub-core/Makefile.core.def |
3610 | +++ b/grub-core/Makefile.core.def |
3611 | @@ -141,7 +141,7 @@ kernel = { |
3612 | diff --git a/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch b/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch |
3613 | new file mode 100644 |
3614 | index 0000000..3baf3e6 |
3615 | --- /dev/null |
3616 | +++ b/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch |
3617 | @@ -0,0 +1,23 @@ |
3618 | +From: Peter Jones <pjones@redhat.com> |
3619 | +Date: Mon, 26 Jun 2017 12:44:59 -0400 |
3620 | +Subject: don't use int for efi status |
3621 | + |
3622 | +(cherry picked from commit eee6d2db7e3a392b8fe134fa75a7e28c9ae8cda5) |
3623 | +Patch-Name: rhboot-f34-dont-use-int-for-efi-status.patch |
3624 | +--- |
3625 | + grub-core/kern/efi/efi.c | 2 +- |
3626 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
3627 | + |
3628 | +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c |
3629 | +index 05d8237..ae9885e 100644 |
3630 | +--- a/grub-core/kern/efi/efi.c |
3631 | ++++ b/grub-core/kern/efi/efi.c |
3632 | +@@ -167,7 +167,7 @@ grub_reboot (void) |
3633 | + void |
3634 | + grub_exit (int retval) |
3635 | + { |
3636 | +- int rc = GRUB_EFI_LOAD_ERROR; |
3637 | ++ grub_efi_status_t rc = GRUB_EFI_LOAD_ERROR; |
3638 | + |
3639 | + if (retval == 0) |
3640 | + rc = GRUB_EFI_SUCCESS; |
3641 | diff --git a/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch b/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
3642 | new file mode 100644 |
3643 | index 0000000..b96a03b |
3644 | --- /dev/null |
3645 | +++ b/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
3646 | @@ -0,0 +1,26 @@ |
3647 | +From: Peter Jones <pjones@redhat.com> |
3648 | +Date: Mon, 30 Jul 2018 14:06:42 -0400 |
3649 | +Subject: efinet: also use the firmware acceleration for http |
3650 | + |
3651 | +Signed-off-by: Peter Jones <pjones@redhat.com> |
3652 | + |
3653 | +Patch-Name: rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
3654 | +--- |
3655 | + grub-core/net/efi/net.c | 4 +++- |
3656 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
3657 | + |
3658 | +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c |
3659 | +index 9b7a218..b2fe4db 100644 |
3660 | +--- a/grub-core/net/efi/net.c |
3661 | ++++ b/grub-core/net/efi/net.c |
3662 | +@@ -1336,7 +1336,9 @@ grub_efi_net_boot_from_https (void) |
3663 | + && (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) |
3664 | + { |
3665 | + grub_efi_uri_device_path_t *uri_dp = (grub_efi_uri_device_path_t *) dp; |
3666 | +- return (grub_strncmp ((const char*)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0) ? 1 : 0; |
3667 | ++ grub_dprintf ("efinet", "url:%s\n", (const char *)uri_dp->uri); |
3668 | ++ return (grub_strncmp ((const char *)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0 || |
3669 | ++ grub_strncmp ((const char *)uri_dp->uri, "http://", sizeof ("http://") - 1) == 0); |
3670 | + } |
3671 | + |
3672 | + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) |
3673 | diff --git a/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch b/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch |
3674 | new file mode 100644 |
3675 | index 0000000..32fa22d |
3676 | --- /dev/null |
3677 | +++ b/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch |
3678 | @@ -0,0 +1,268 @@ |
3679 | +From: Peter Jones <pjones@redhat.com> |
3680 | +Date: Wed, 26 Feb 2014 21:49:12 -0500 |
3681 | +Subject: Make "exit" take a return code. |
3682 | + |
3683 | +This adds "exit" with a return code. With this patch, any "exit" |
3684 | +command /may/ include a return code, and on platforms that support |
3685 | +returning with an exit status, we will do so. By default we return the |
3686 | +same exit status we did before this patch. |
3687 | + |
3688 | +Signed-off-by: Peter Jones <pjones@redhat.com> |
3689 | +(cherry picked from commit ccce3d69ae3eacc7bdc70217304586bd7e74fe1e) |
3690 | +Patch-Name: rhboot-f34-make-exit-take-a-return-code.patch |
3691 | +--- |
3692 | + grub-core/commands/minicmd.c | 20 ++++++++++++++++---- |
3693 | + grub-core/kern/efi/efi.c | 9 +++++++-- |
3694 | + grub-core/kern/emu/main.c | 2 +- |
3695 | + grub-core/kern/emu/misc.c | 5 +++-- |
3696 | + grub-core/kern/i386/coreboot/init.c | 2 +- |
3697 | + grub-core/kern/i386/qemu/init.c | 2 +- |
3698 | + grub-core/kern/ieee1275/init.c | 2 +- |
3699 | + grub-core/kern/mips/arc/init.c | 2 +- |
3700 | + grub-core/kern/mips/loongson/init.c | 2 +- |
3701 | + grub-core/kern/mips/qemu_mips/init.c | 2 +- |
3702 | + grub-core/kern/misc.c | 11 ++++++++++- |
3703 | + grub-core/kern/uboot/init.c | 6 +++--- |
3704 | + grub-core/kern/xen/init.c | 2 +- |
3705 | + include/grub/misc.h | 2 +- |
3706 | + 14 files changed, 48 insertions(+), 21 deletions(-) |
3707 | + |
3708 | +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c |
3709 | +index fa49893..2bd3ac7 100644 |
3710 | +--- a/grub-core/commands/minicmd.c |
3711 | ++++ b/grub-core/commands/minicmd.c |
3712 | +@@ -182,12 +182,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), |
3713 | + } |
3714 | + |
3715 | + /* exit */ |
3716 | +-static grub_err_t __attribute__ ((noreturn)) |
3717 | ++static grub_err_t |
3718 | + grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)), |
3719 | +- int argc __attribute__ ((unused)), |
3720 | +- char *argv[] __attribute__ ((unused))) |
3721 | ++ int argc, char *argv[]) |
3722 | + { |
3723 | +- grub_exit (); |
3724 | ++ int retval = -1; |
3725 | ++ unsigned long n; |
3726 | ++ |
3727 | ++ if (argc < 0 || argc > 1) |
3728 | ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); |
3729 | ++ |
3730 | ++ if (argc == 1) |
3731 | ++ { |
3732 | ++ n = grub_strtoul (argv[0], 0, 10); |
3733 | ++ if (n != ~0UL) |
3734 | ++ retval = n; |
3735 | ++ } |
3736 | ++ |
3737 | ++ grub_exit (retval); |
3738 | + /* Not reached. */ |
3739 | + } |
3740 | + |
3741 | +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c |
3742 | +index 8cff7be..05d8237 100644 |
3743 | +--- a/grub-core/kern/efi/efi.c |
3744 | ++++ b/grub-core/kern/efi/efi.c |
3745 | +@@ -165,11 +165,16 @@ grub_reboot (void) |
3746 | + } |
3747 | + |
3748 | + void |
3749 | +-grub_exit (void) |
3750 | ++grub_exit (int retval) |
3751 | + { |
3752 | ++ int rc = GRUB_EFI_LOAD_ERROR; |
3753 | ++ |
3754 | ++ if (retval == 0) |
3755 | ++ rc = GRUB_EFI_SUCCESS; |
3756 | ++ |
3757 | + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); |
3758 | + efi_call_4 (grub_efi_system_table->boot_services->exit, |
3759 | +- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0); |
3760 | ++ grub_efi_image_handle, rc, 0, 0); |
3761 | + for (;;) ; |
3762 | + } |
3763 | + |
3764 | +diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c |
3765 | +index 425bb96..55ea5a1 100644 |
3766 | +--- a/grub-core/kern/emu/main.c |
3767 | ++++ b/grub-core/kern/emu/main.c |
3768 | +@@ -67,7 +67,7 @@ grub_reboot (void) |
3769 | + } |
3770 | + |
3771 | + void |
3772 | +-grub_exit (void) |
3773 | ++grub_exit (int retval __attribute__((unused))) |
3774 | + { |
3775 | + grub_reboot (); |
3776 | + } |
3777 | +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c |
3778 | +index dfd8a8e..0ff13bc 100644 |
3779 | +--- a/grub-core/kern/emu/misc.c |
3780 | ++++ b/grub-core/kern/emu/misc.c |
3781 | +@@ -151,9 +151,10 @@ xasprintf (const char *fmt, ...) |
3782 | + |
3783 | + #if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL) |
3784 | + void |
3785 | +-grub_exit (void) |
3786 | ++__attribute__ ((noreturn)) |
3787 | ++grub_exit (int rc) |
3788 | + { |
3789 | +- exit (1); |
3790 | ++ exit (rc < 0 ? 1 : rc); |
3791 | + } |
3792 | + #endif |
3793 | + |
3794 | +diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c |
3795 | +index 3314f02..36f9134 100644 |
3796 | +--- a/grub-core/kern/i386/coreboot/init.c |
3797 | ++++ b/grub-core/kern/i386/coreboot/init.c |
3798 | +@@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; |
3799 | + extern grub_uint8_t _edata[]; |
3800 | + |
3801 | + void __attribute__ ((noreturn)) |
3802 | +-grub_exit (void) |
3803 | ++grub_exit (int rc __attribute__((unused))) |
3804 | + { |
3805 | + /* We can't use grub_fatal() in this function. This would create an infinite |
3806 | + loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ |
3807 | +diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c |
3808 | +index 271b6fb..9fafe98 100644 |
3809 | +--- a/grub-core/kern/i386/qemu/init.c |
3810 | ++++ b/grub-core/kern/i386/qemu/init.c |
3811 | +@@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; |
3812 | + extern grub_uint8_t _edata[]; |
3813 | + |
3814 | + void __attribute__ ((noreturn)) |
3815 | +-grub_exit (void) |
3816 | ++grub_exit (int rc __attribute__((unused))) |
3817 | + { |
3818 | + /* We can't use grub_fatal() in this function. This would create an infinite |
3819 | + loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ |
3820 | +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c |
3821 | +index 8b089b4..085a6a3 100644 |
3822 | +--- a/grub-core/kern/ieee1275/init.c |
3823 | ++++ b/grub-core/kern/ieee1275/init.c |
3824 | +@@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack; |
3825 | + #endif |
3826 | + |
3827 | + void |
3828 | +-grub_exit (void) |
3829 | ++grub_exit (int rc __attribute__((unused))) |
3830 | + { |
3831 | + grub_ieee1275_exit (); |
3832 | + } |
3833 | +diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c |
3834 | +index 2ed3ff3..5c40c34 100644 |
3835 | +--- a/grub-core/kern/mips/arc/init.c |
3836 | ++++ b/grub-core/kern/mips/arc/init.c |
3837 | +@@ -276,7 +276,7 @@ grub_halt (void) |
3838 | + } |
3839 | + |
3840 | + void |
3841 | +-grub_exit (void) |
3842 | ++grub_exit (int rc __attribute__((unused))) |
3843 | + { |
3844 | + GRUB_ARC_FIRMWARE_VECTOR->exit (); |
3845 | + |
3846 | +diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c |
3847 | +index 7b96531..dff598c 100644 |
3848 | +--- a/grub-core/kern/mips/loongson/init.c |
3849 | ++++ b/grub-core/kern/mips/loongson/init.c |
3850 | +@@ -304,7 +304,7 @@ grub_halt (void) |
3851 | + } |
3852 | + |
3853 | + void |
3854 | +-grub_exit (void) |
3855 | ++grub_exit (int rc __attribute__((unused))) |
3856 | + { |
3857 | + grub_halt (); |
3858 | + } |
3859 | +diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c |
3860 | +index be88b77..8b6c55f 100644 |
3861 | +--- a/grub-core/kern/mips/qemu_mips/init.c |
3862 | ++++ b/grub-core/kern/mips/qemu_mips/init.c |
3863 | +@@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) |
3864 | + } |
3865 | + |
3866 | + void |
3867 | +-grub_exit (void) |
3868 | ++grub_exit (int rc __attribute__((unused))) |
3869 | + { |
3870 | + grub_halt (); |
3871 | + } |
3872 | +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c |
3873 | +index 3af336e..63b586d 100644 |
3874 | +--- a/grub-core/kern/misc.c |
3875 | ++++ b/grub-core/kern/misc.c |
3876 | +@@ -1209,9 +1209,18 @@ grub_abort (void) |
3877 | + grub_getkey (); |
3878 | + } |
3879 | + |
3880 | +- grub_exit (); |
3881 | ++ grub_exit (1); |
3882 | + } |
3883 | + |
3884 | ++#if defined (__clang__) && !defined (GRUB_UTIL) |
3885 | ++/* clang emits references to abort(). */ |
3886 | ++void __attribute__ ((noreturn)) |
3887 | ++abort (void) |
3888 | ++{ |
3889 | ++ grub_abort (); |
3890 | ++} |
3891 | ++#endif |
3892 | ++ |
3893 | + void |
3894 | + grub_fatal (const char *fmt, ...) |
3895 | + { |
3896 | +diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c |
3897 | +index 3e33864..be2a5be 100644 |
3898 | +--- a/grub-core/kern/uboot/init.c |
3899 | ++++ b/grub-core/kern/uboot/init.c |
3900 | +@@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; |
3901 | + static unsigned long timer_start; |
3902 | + |
3903 | + void |
3904 | +-grub_exit (void) |
3905 | ++grub_exit (int rc) |
3906 | + { |
3907 | +- grub_uboot_return (0); |
3908 | ++ grub_uboot_return (rc < 0 ? 1 : rc); |
3909 | + } |
3910 | + |
3911 | + static grub_uint64_t |
3912 | +@@ -78,7 +78,7 @@ grub_machine_init (void) |
3913 | + if (!ver) |
3914 | + { |
3915 | + /* Don't even have a console to log errors to... */ |
3916 | +- grub_exit (); |
3917 | ++ grub_exit (-1); |
3918 | + } |
3919 | + else if (ver > API_SIG_VERSION) |
3920 | + { |
3921 | +diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c |
3922 | +index 782ca72..708b060 100644 |
3923 | +--- a/grub-core/kern/xen/init.c |
3924 | ++++ b/grub-core/kern/xen/init.c |
3925 | +@@ -584,7 +584,7 @@ grub_machine_init (void) |
3926 | + } |
3927 | + |
3928 | + void |
3929 | +-grub_exit (void) |
3930 | ++grub_exit (int rc __attribute__((unused))) |
3931 | + { |
3932 | + struct sched_shutdown arg; |
3933 | + |
3934 | +diff --git a/include/grub/misc.h b/include/grub/misc.h |
3935 | +index 7d2b551..fd18e63 100644 |
3936 | +--- a/include/grub/misc.h |
3937 | ++++ b/include/grub/misc.h |
3938 | +@@ -353,7 +353,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, |
3939 | + char *EXPORT_FUNC(grub_xasprintf) (const char *fmt, ...) |
3940 | + __attribute__ ((format (GNU_PRINTF, 1, 2))) WARN_UNUSED_RESULT; |
3941 | + char *EXPORT_FUNC(grub_xvasprintf) (const char *fmt, va_list args) WARN_UNUSED_RESULT; |
3942 | +-void EXPORT_FUNC(grub_exit) (void) __attribute__ ((noreturn)); |
3943 | ++void EXPORT_FUNC(grub_exit) (int rc) __attribute__ ((noreturn)); |
3944 | + grub_uint64_t EXPORT_FUNC(grub_divmod64) (grub_uint64_t n, |
3945 | + grub_uint64_t d, |
3946 | + grub_uint64_t *r); |
3947 | diff --git a/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch b/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
3948 | new file mode 100644 |
3949 | index 0000000..6154ced |
3950 | --- /dev/null |
3951 | +++ b/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
3952 | @@ -0,0 +1,213 @@ |
3953 | +From: Peter Jones <pjones@redhat.com> |
3954 | +Date: Tue, 7 Nov 2017 17:12:17 -0500 |
3955 | +Subject: Make pmtimer tsc calibration not take 51 seconds to fail. |
3956 | + |
3957 | +On my laptop running at 2.4GHz, if I run a VM where tsc calibration |
3958 | +using pmtimer will fail presuming a broken pmtimer, it takes ~51 seconds |
3959 | +to do so (as measured with the stopwatch on my phone), with a tsc delta |
3960 | +of 0x1cd1c85300, or around 125 billion cycles. |
3961 | + |
3962 | +If instead of trying to wait for 5-200ms to show up on the pmtimer, we try |
3963 | +to wait for 5-200us, it decides it's broken in ~0x2626aa0 TSCs, aka ~2.4 |
3964 | +million cycles, or more or less instantly. |
3965 | + |
3966 | +Additionally, this reading the pmtimer was returning 0xffffffff anyway, |
3967 | +and that's obviously an invalid return. I've added a check for that and |
3968 | +0 so we don't bother waiting for the test if what we're seeing is dead |
3969 | +pins with no response at all. |
3970 | + |
3971 | +If "debug" is includes "pmtimer", you will see one of the following |
3972 | +three outcomes. If pmtimer gives all 0 or all 1 bits, you will see: |
3973 | + |
3974 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 1 |
3975 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 2 |
3976 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 3 |
3977 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 4 |
3978 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 5 |
3979 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 6 |
3980 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 7 |
3981 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 8 |
3982 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 9 |
3983 | +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 10 |
3984 | +kern/i386/tsc_pmtimer.c:78: timer is broken; giving up. |
3985 | + |
3986 | +This outcome was tested using qemu+kvm with UEFI (OVMF) firmware and |
3987 | +these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX |
3988 | + |
3989 | +If pmtimer gives any other bit patterns but is not actually marching |
3990 | +forward fast enough to use for clock calibration, you will see: |
3991 | + |
3992 | +kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) |
3993 | +kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 |
3994 | + |
3995 | +This outcome was tested using grub compiled with GRUB_PMTIMER_IGNORE_BAD_READS |
3996 | +defined (so as not to trip the bad read test) using qemu+kvm with UEFI |
3997 | +(OVMF) firmware, and these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX |
3998 | + |
3999 | +If pmtimer actually works, you'll see something like: |
4000 | + |
4001 | +kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) |
4002 | +kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 |
4003 | + |
4004 | +This outcome was tested using qemu+kvm with UEFI (OVMF) firmware, and |
4005 | +these options: -machine pc-i440fx-2.4 -cpu Broadwell-noTSX |
4006 | + |
4007 | +I've also tested this outcome on a real Intel Xeon E3-1275v3 on an Intel |
4008 | +Server Board S1200V3RPS using the SDV.RP.B8 "Release" build here: |
4009 | +https://firmware.intel.com/sites/default/files/UEFIDevKit_S1200RP_vB8.zip |
4010 | + |
4011 | +Signed-off-by: Peter Jones <pjones@redhat.com> |
4012 | +(cherry picked from commit cf0448d61e00acb548f8f22d57ba6e4f3b37f394) |
4013 | + |
4014 | +Patch-Name: rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
4015 | +--- |
4016 | + grub-core/kern/i386/tsc_pmtimer.c | 109 +++++++++++++++++++++++++++++++------- |
4017 | + 1 file changed, 89 insertions(+), 20 deletions(-) |
4018 | + |
4019 | +diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c |
4020 | +index c9c3616..ca15c3a 100644 |
4021 | +--- a/grub-core/kern/i386/tsc_pmtimer.c |
4022 | ++++ b/grub-core/kern/i386/tsc_pmtimer.c |
4023 | +@@ -28,40 +28,101 @@ |
4024 | + #include <grub/acpi.h> |
4025 | + #include <grub/cpu/io.h> |
4026 | + |
4027 | ++/* |
4028 | ++ * Define GRUB_PMTIMER_IGNORE_BAD_READS if you're trying to test a timer that's |
4029 | ++ * present but doesn't keep time well. |
4030 | ++ */ |
4031 | ++// #define GRUB_PMTIMER_IGNORE_BAD_READS |
4032 | ++ |
4033 | + grub_uint64_t |
4034 | + grub_pmtimer_wait_count_tsc (grub_port_t pmtimer, |
4035 | + grub_uint16_t num_pm_ticks) |
4036 | + { |
4037 | + grub_uint32_t start; |
4038 | +- grub_uint32_t last; |
4039 | +- grub_uint32_t cur, end; |
4040 | ++ grub_uint64_t cur, end; |
4041 | + grub_uint64_t start_tsc; |
4042 | + grub_uint64_t end_tsc; |
4043 | +- int num_iter = 0; |
4044 | ++ unsigned int num_iter = 0; |
4045 | ++#ifndef GRUB_PMTIMER_IGNORE_BAD_READS |
4046 | ++ int bad_reads = 0; |
4047 | ++#endif |
4048 | + |
4049 | +- start = grub_inl (pmtimer) & 0xffffff; |
4050 | +- last = start; |
4051 | ++ /* |
4052 | ++ * Some timers are 24-bit and some are 32-bit, but it doesn't make much |
4053 | ++ * difference to us. Caring which one we have isn't really worth it since |
4054 | ++ * the low-order digits will give us enough data to calibrate TSC. So just |
4055 | ++ * mask the top-order byte off. |
4056 | ++ */ |
4057 | ++ cur = start = grub_inl (pmtimer) & 0xffffffUL; |
4058 | + end = start + num_pm_ticks; |
4059 | + start_tsc = grub_get_tsc (); |
4060 | + while (1) |
4061 | + { |
4062 | +- cur = grub_inl (pmtimer) & 0xffffff; |
4063 | +- if (cur < last) |
4064 | +- cur |= 0x1000000; |
4065 | +- num_iter++; |
4066 | ++ cur &= 0xffffffffff000000ULL; |
4067 | ++ cur |= grub_inl (pmtimer) & 0xffffffUL; |
4068 | ++ |
4069 | ++ end_tsc = grub_get_tsc(); |
4070 | ++ |
4071 | ++#ifndef GRUB_PMTIMER_IGNORE_BAD_READS |
4072 | ++ /* |
4073 | ++ * If we get 10 reads in a row that are obviously dead pins, there's no |
4074 | ++ * reason to do this thousands of times. |
4075 | ++ */ |
4076 | ++ if (cur == 0xffffffUL || cur == 0) |
4077 | ++ { |
4078 | ++ bad_reads++; |
4079 | ++ grub_dprintf ("pmtimer", |
4080 | ++ "pmtimer: 0x%"PRIxGRUB_UINT64_T" bad_reads: %d\n", |
4081 | ++ cur, bad_reads); |
4082 | ++ grub_dprintf ("pmtimer", "timer is broken; giving up.\n"); |
4083 | ++ |
4084 | ++ if (bad_reads == 10) |
4085 | ++ return 0; |
4086 | ++ } |
4087 | ++#endif |
4088 | ++ |
4089 | ++ if (cur < start) |
4090 | ++ cur += 0x1000000; |
4091 | ++ |
4092 | + if (cur >= end) |
4093 | + { |
4094 | +- end_tsc = grub_get_tsc (); |
4095 | ++ grub_dprintf ("pmtimer", "pmtimer delta is 0x%"PRIxGRUB_UINT64_T"\n", |
4096 | ++ cur - start); |
4097 | ++ grub_dprintf ("pmtimer", "tsc delta is 0x%"PRIxGRUB_UINT64_T"\n", |
4098 | ++ end_tsc - start_tsc); |
4099 | + return end_tsc - start_tsc; |
4100 | + } |
4101 | +- /* Check for broken PM timer. |
4102 | +- 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) |
4103 | +- if after this time we still don't have 1 ms on pmtimer, then |
4104 | +- pmtimer is broken. |
4105 | ++ |
4106 | ++ /* |
4107 | ++ * Check for broken PM timer. 1ms at 10GHz should be 1E+7 TSCs; at |
4108 | ++ * 250MHz it should be 2.5E6. So if after 4E+7 TSCs on a 10GHz machine, |
4109 | ++ * we should have seen pmtimer show 4ms of change (i.e. cur =~ |
4110 | ++ * start+14320); on a 250MHz machine that should be 16ms (start+57280). |
4111 | ++ * If after this a time we still don't have 1ms on pmtimer, then pmtimer |
4112 | ++ * is broken. |
4113 | ++ * |
4114 | ++ * Likewise, if our code is perfectly efficient and introduces no delays |
4115 | ++ * whatsoever, on a 10GHz system we should see a TSC delta of 3580 in |
4116 | ++ * ~3580 iterations. On a 250MHz machine that should be ~900 iterations. |
4117 | ++ * |
4118 | ++ * With those factors in mind, there are two limits here. There's a hard |
4119 | ++ * limit here at 8x our desired pm timer delta, picked as an arbitrarily |
4120 | ++ * large value that's still not a lot of time to humans, because if we |
4121 | ++ * get that far this is either an implausibly fast machine or the pmtimer |
4122 | ++ * is not running. And there's another limit on 4x our 10GHz tsc delta |
4123 | ++ * without seeing cur converge on our target value. |
4124 | + */ |
4125 | +- if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) { |
4126 | +- return 0; |
4127 | +- } |
4128 | ++ if ((++num_iter > (grub_uint32_t)num_pm_ticks << 3UL) || |
4129 | ++ end_tsc - start_tsc > 40000000) |
4130 | ++ { |
4131 | ++ grub_dprintf ("pmtimer", |
4132 | ++ "pmtimer delta is 0x%"PRIxGRUB_UINT64_T" (%u iterations)\n", |
4133 | ++ cur - start, num_iter); |
4134 | ++ grub_dprintf ("pmtimer", |
4135 | ++ "tsc delta is implausible: 0x%"PRIxGRUB_UINT64_T"\n", |
4136 | ++ end_tsc - start_tsc); |
4137 | ++ return 0; |
4138 | ++ } |
4139 | + } |
4140 | + } |
4141 | + |
4142 | +@@ -74,12 +135,20 @@ grub_tsc_calibrate_from_pmtimer (void) |
4143 | + |
4144 | + fadt = grub_acpi_find_fadt (); |
4145 | + if (!fadt) |
4146 | +- return 0; |
4147 | ++ { |
4148 | ++ grub_dprintf ("pmtimer", "No FADT found; not using pmtimer.\n"); |
4149 | ++ return 0; |
4150 | ++ } |
4151 | + pmtimer = fadt->pmtimer; |
4152 | + if (!pmtimer) |
4153 | +- return 0; |
4154 | ++ { |
4155 | ++ grub_dprintf ("pmtimer", "FADT does not specify pmtimer; skipping.\n"); |
4156 | ++ return 0; |
4157 | ++ } |
4158 | + |
4159 | +- /* It's 3.579545 MHz clock. Wait 1 ms. */ |
4160 | ++ /* |
4161 | ++ * It's 3.579545 MHz clock. Wait 1 ms. |
4162 | ++ */ |
4163 | + tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580); |
4164 | + if (tsc_diff == 0) |
4165 | + return 0; |
4166 | diff --git a/debian/patches/series b/debian/patches/series |
4167 | index acc1c68..1602b13 100644 |
4168 | --- a/debian/patches/series |
4169 | +++ b/debian/patches/series |
4170 | @@ -14,12 +14,13 @@ install-efi-fallback.patch |
4171 | mkconfig-ubuntu-recovery.patch |
4172 | install-locale-langpack.patch |
4173 | mkconfig-nonexistent-loopback.patch |
4174 | +no-insmod-on-sb.patch |
4175 | default-grub-d.patch |
4176 | blacklist-1440x900x32.patch |
4177 | mkconfig-ubuntu-distributor.patch |
4178 | -linuxefi.patch |
4179 | +ubuntu-linuxefi.patch |
4180 | mkconfig-signed-kernel.patch |
4181 | -install-signed.patch |
4182 | +ubuntu-install-signed.patch |
4183 | wubi-no-windows.patch |
4184 | maybe-quiet.patch |
4185 | install-efi-adjust-distributor.patch |
4186 | @@ -35,7 +36,7 @@ ieee1275-clear-reset.patch |
4187 | ppc64el-disable-vsx.patch |
4188 | grub-install-pvxen-paths.patch |
4189 | insmod-xzio-and-lzopio-on-xen.patch |
4190 | -grub-install-extra-removable.patch |
4191 | +ubuntu-grub-install-extra-removable.patch |
4192 | mkconfig-other-inits.patch |
4193 | zpool-full-device-name.patch |
4194 | net-read-bracketed-ipv6-addr.patch |
4195 | @@ -44,13 +45,11 @@ efinet-uefi-ipv6-pxe-support.patch |
4196 | bootp-process-dhcpack-http-boot.patch |
4197 | efinet-set-network-from-uefi-devpath.patch |
4198 | efinet-set-dns-from-uefi-proto.patch |
4199 | -fix-lockdown.patch |
4200 | skip-grub_cmd_set_date.patch |
4201 | bash-completion-drop-have-checks.patch |
4202 | at_keyboard-module-init.patch |
4203 | uefi-secure-boot-cryptomount.patch |
4204 | efi-variable-storage-minimise-writes.patch |
4205 | -grub-install-removable-shim.patch |
4206 | dejavu-font-path.patch |
4207 | xen-no-xsm-policy-in-non-xsm-options.patch |
4208 | pc-verifiers-module.patch |
4209 | @@ -60,3 +59,46 @@ tpm-unknown-error-non-fatal.patch |
4210 | xfs-fix-v4-superblock.patch |
4211 | tests-ahci-update-qemu-device-name.patch |
4212 | minilzo-2.10.patch |
4213 | +zstd-require-8-byte-buffer.patch |
4214 | +ubuntu-zfs-enhance-support.patch |
4215 | +ubuntu-zfs-gfxpayload-keep-default.patch |
4216 | +ubuntu-zfs-mkconfig-ubuntu-recovery.patch |
4217 | +ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
4218 | +ubuntu-zfs-mkconfig-signed-kernel.patch |
4219 | +ubuntu-zfs-maybe-quiet.patch |
4220 | +ubuntu-zfs-quick-boot.patch |
4221 | +ubuntu-zfs-gfxpayload-dynamic.patch |
4222 | +ubuntu-zfs-vt-handoff.patch |
4223 | +ubuntu-zfs-mkconfig-recovery-title.patch |
4224 | +ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
4225 | +ubuntu-support-initrd-less-boot.patch |
4226 | +ubuntu-shorter-version-info.patch |
4227 | +ubuntu-add-initrd-less-boot-fallback.patch |
4228 | +ubuntu-mkconfig-leave-breadcrumbs.patch |
4229 | +ubuntu-fix-lzma-decompressor-objcopy.patch |
4230 | +ubuntu-temp-keep-auto-nvram.patch |
4231 | +ubuntu-add-devicetree-command-support.patch |
4232 | +ubuntu-boot-from-multipath-dependent-symlink.patch |
4233 | +ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch |
4234 | +ubuntu-efi-allow-loopmount-chainload.patch |
4235 | +0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch |
4236 | +ubuntu-resilient-boot-ignore-alternative-esps.patch |
4237 | +ubuntu-resilient-boot-boot-order.patch |
4238 | +ubuntu-speed-zsys-history.patch |
4239 | +ubuntu-flavour-order.patch |
4240 | +ubuntu-dont-verify-loopback-images.patch |
4241 | +ubuntu-recovery-dis_ucode_ldr.patch |
4242 | +ubuntu-linuxefi-arm64.patch |
4243 | +ubuntu-linuxefi-arm64-set-base-addr.patch |
4244 | +ubuntu-add-initrd-less-boot-messages.patch |
4245 | +ubuntu-fix-reproducible-squashfs-test.patch |
4246 | +rhboot-f34-make-exit-take-a-return-code.patch |
4247 | +rhboot-f34-dont-use-int-for-efi-status.patch |
4248 | +rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
4249 | +suse-grub.texi-add-net_bootp6-document.patch |
4250 | +suse-add-support-for-UEFI-network-protocols.patch |
4251 | +suse-AUDIT-0-http-boot-tracker-bug.patch |
4252 | +rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
4253 | +0241-Call-hwmatch-only-on-the-grub-pc-platform.patch |
4254 | +cherrypick-efinet-correct-closing-snp-protocol.patch |
4255 | +cherrypick-efi-grub_efi_close_protocol.patch |
4256 | diff --git a/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch b/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch |
4257 | new file mode 100644 |
4258 | index 0000000..7647113 |
4259 | --- /dev/null |
4260 | +++ b/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch |
4261 | @@ -0,0 +1,68 @@ |
4262 | +From: Sebastian Krahmer <krahmer@suse.com> |
4263 | +Date: Tue, 28 Nov 2017 17:24:38 +0800 |
4264 | +Subject: AUDIT-0: http boot tracker bug |
4265 | + |
4266 | +Fixing a memory leak in case of error, and a integer overflow, leading to a |
4267 | +heap overflow due to overly large chunk sizes. |
4268 | + |
4269 | +We need to check against some maximum value, otherwise values like 0xffffffff |
4270 | +will eventually lead in the allocation functions to small sized buffers, since |
4271 | +the len is rounded up to the next reasonable alignment. The following memcpy |
4272 | +will then smash the heap, leading to RCE. |
4273 | + |
4274 | +This is no big issue for pure http boot, since its going to execute an |
4275 | +untrusted kernel anyway, but it will break trusted boot scenarios, where only |
4276 | +signed code is allowed to be executed. |
4277 | + |
4278 | +Signed-off-by: Michael Chang <mchang@suse.com> |
4279 | + |
4280 | +Origin: SUSE |
4281 | +UEFI HTTP and related network protocol support (FATE#320130) |
4282 | +Patch420: 0001-add-support-for-UEFI-network-protocols.patch |
4283 | +Patch421: 0002-AUDIT-0-http-boot-tracker-bug.patch |
4284 | + |
4285 | +Patch-Name: suse-AUDIT-0-http-boot-tracker-bug.patch |
4286 | +--- |
4287 | + grub-core/net/efi/net.c | 4 +++- |
4288 | + grub-core/net/http.c | 5 ++++- |
4289 | + 2 files changed, 7 insertions(+), 2 deletions(-) |
4290 | + |
4291 | +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c |
4292 | +index 3154c55..9b7a218 100644 |
4293 | +--- a/grub-core/net/efi/net.c |
4294 | ++++ b/grub-core/net/efi/net.c |
4295 | +@@ -654,8 +654,10 @@ grub_efihttp_chunk_read (grub_file_t file, char *buf, |
4296 | + |
4297 | + rd = efi_net_interface (read, file, chunk, sz); |
4298 | + |
4299 | +- if (rd <= 0) |
4300 | ++ if (rd <= 0) { |
4301 | ++ grub_free (chunk); |
4302 | + return rd; |
4303 | ++ } |
4304 | + |
4305 | + if (buf) |
4306 | + { |
4307 | +diff --git a/grub-core/net/http.c b/grub-core/net/http.c |
4308 | +index 3fe155f..bf83866 100644 |
4309 | +--- a/grub-core/net/http.c |
4310 | ++++ b/grub-core/net/http.c |
4311 | +@@ -31,7 +31,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); |
4312 | + |
4313 | + enum |
4314 | + { |
4315 | +- HTTP_PORT = 80 |
4316 | ++ HTTP_PORT = 80, |
4317 | ++ HTTP_MAX_CHUNK_SIZE = 0x80000000 |
4318 | + }; |
4319 | + |
4320 | + |
4321 | +@@ -78,6 +79,8 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) |
4322 | + if (data->in_chunk_len == 2) |
4323 | + { |
4324 | + data->chunk_rem = grub_strtoul (ptr, 0, 16); |
4325 | ++ if (data->chunk_rem > HTTP_MAX_CHUNK_SIZE) |
4326 | ++ return GRUB_ERR_NET_PACKET_TOO_BIG; |
4327 | + grub_errno = GRUB_ERR_NONE; |
4328 | + if (data->chunk_rem == 0) |
4329 | + { |
4330 | diff --git a/debian/patches/suse-add-support-for-UEFI-network-protocols.patch b/debian/patches/suse-add-support-for-UEFI-network-protocols.patch |
4331 | new file mode 100644 |
4332 | index 0000000..9724f73 |
4333 | --- /dev/null |
4334 | +++ b/debian/patches/suse-add-support-for-UEFI-network-protocols.patch |
4335 | @@ -0,0 +1,4941 @@ |
4336 | +From: Michael Chang <mchang@suse.com> |
4337 | +Date: Wed, 22 Feb 2017 14:27:50 +0800 |
4338 | +Subject: Support UEFI networking protocols |
4339 | + |
4340 | +References: fate#320130, bsc#1015589, bsc#1076132 |
4341 | +Patch-Mainline: no |
4342 | + |
4343 | +V1: |
4344 | + * Add preliminary support of UEFI networking protocols |
4345 | + * Support UEFI HTTPS Boot |
4346 | + |
4347 | +V2: |
4348 | + * Workaround http data access in firmware |
4349 | + * Fix DNS device path parsing for efinet device |
4350 | + * Relaxed UEFI Protocol requirement |
4351 | + * Support Intel OPA (Omni-Path Architecture) PXE Boot |
4352 | + |
4353 | +V3: |
4354 | + * Fix bufio in calculating address of next_buf |
4355 | + * Check HTTP respond code |
4356 | + * Use HEAD request method to test before GET |
4357 | + * Finish HTTP transaction in one go |
4358 | + * Fix bsc#1076132 |
4359 | + |
4360 | +V4: |
4361 | + * Add fs_ prefix with upstream commit |
4362 | + ad4bfeec5 Change fs functions to add fs_ prefix |
4363 | + |
4364 | +V5: |
4365 | + * Use overflow checking primitives where the arithmetic expression for |
4366 | + buffer allocations may include unvalidated data |
4367 | + * Use grub_calloc for overflow check and return NULL when it would |
4368 | + occur. |
4369 | + |
4370 | +V6: |
4371 | + * Don't force grub_print_error if no best route found as boot process |
4372 | + could be interrupted by logged error. The default interface will be |
4373 | + used as fallback in this case |
4374 | +--- |
4375 | + grub-core/Makefile.core.def | 6 + |
4376 | + grub-core/io/bufio.c | 2 +- |
4377 | + grub-core/kern/efi/efi.c | 96 ++- |
4378 | + grub-core/net/drivers/efi/efinet.c | 27 + |
4379 | + grub-core/net/efi/dhcp.c | 399 ++++++++++ |
4380 | + grub-core/net/efi/http.c | 424 +++++++++++ |
4381 | + grub-core/net/efi/ip4_config.c | 409 ++++++++++ |
4382 | + grub-core/net/efi/ip6_config.c | 430 +++++++++++ |
4383 | + grub-core/net/efi/net.c | 1440 ++++++++++++++++++++++++++++++++++++ |
4384 | + grub-core/net/efi/pxe.c | 424 +++++++++++ |
4385 | + grub-core/net/net.c | 74 ++ |
4386 | + include/grub/efi/api.h | 181 ++++- |
4387 | + include/grub/efi/dhcp.h | 343 +++++++++ |
4388 | + include/grub/efi/http.h | 215 ++++++ |
4389 | + include/grub/net/efi.h | 144 ++++ |
4390 | + 15 files changed, 4577 insertions(+), 37 deletions(-) |
4391 | + create mode 100644 grub-core/net/efi/dhcp.c |
4392 | + create mode 100644 grub-core/net/efi/http.c |
4393 | + create mode 100644 grub-core/net/efi/ip4_config.c |
4394 | + create mode 100644 grub-core/net/efi/ip6_config.c |
4395 | + create mode 100644 grub-core/net/efi/net.c |
4396 | + create mode 100644 grub-core/net/efi/pxe.c |
4397 | + create mode 100644 include/grub/efi/dhcp.h |
4398 | + create mode 100644 include/grub/efi/http.h |
4399 | + create mode 100644 include/grub/net/efi.h |
4400 | + |
4401 | +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def |
4402 | +index 98cda49..a47c403 100644 |
4403 | +--- a/grub-core/Makefile.core.def |
4404 | ++++ b/grub-core/Makefile.core.def |
4405 | +@@ -2322,6 +2322,12 @@ module = { |
4406 | + common = net/ethernet.c; |
4407 | + common = net/arp.c; |
4408 | + common = net/netbuff.c; |
4409 | ++ efi = net/efi/net.c; |
4410 | ++ efi = net/efi/http.c; |
4411 | ++ efi = net/efi/pxe.c; |
4412 | ++ efi = net/efi/ip4_config.c; |
4413 | ++ efi = net/efi/ip6_config.c; |
4414 | ++ efi = net/efi/dhcp.c; |
4415 | + }; |
4416 | + |
4417 | + module = { |
4418 | +diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c |
4419 | +index a458c3a..1637731 100644 |
4420 | +--- a/grub-core/io/bufio.c |
4421 | ++++ b/grub-core/io/bufio.c |
4422 | +@@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char *buf, grub_size_t len) |
4423 | + return res; |
4424 | + |
4425 | + /* Need to read some more. */ |
4426 | +- next_buf = (file->offset + res + len - 1) & ~((grub_off_t) bufio->block_size - 1); |
4427 | ++ next_buf = (grub_divmod64 (file->offset + res + len - 1, bufio->block_size, NULL)) * bufio->block_size; |
4428 | + /* Now read between file->offset + res and bufio->buffer_at. */ |
4429 | + if (file->offset + res < next_buf) |
4430 | + { |
4431 | +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c |
4432 | +index ae9885e..a3cae1e 100644 |
4433 | +--- a/grub-core/kern/efi/efi.c |
4434 | ++++ b/grub-core/kern/efi/efi.c |
4435 | +@@ -755,7 +755,7 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) |
4436 | + { |
4437 | + grub_efi_ipv4_device_path_t *ipv4 |
4438 | + = (grub_efi_ipv4_device_path_t *) dp; |
4439 | +- grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x)", |
4440 | ++ grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x", |
4441 | + (unsigned) ipv4->local_ip_address[0], |
4442 | + (unsigned) ipv4->local_ip_address[1], |
4443 | + (unsigned) ipv4->local_ip_address[2], |
4444 | +@@ -768,33 +768,60 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) |
4445 | + (unsigned) ipv4->remote_port, |
4446 | + (unsigned) ipv4->protocol, |
4447 | + (unsigned) ipv4->static_ip_address); |
4448 | ++ if (len == sizeof (*ipv4)) |
4449 | ++ { |
4450 | ++ grub_printf (",%u.%u.%u.%u,%u.%u.%u.%u", |
4451 | ++ (unsigned) ipv4->gateway_ip_address[0], |
4452 | ++ (unsigned) ipv4->gateway_ip_address[1], |
4453 | ++ (unsigned) ipv4->gateway_ip_address[2], |
4454 | ++ (unsigned) ipv4->gateway_ip_address[3], |
4455 | ++ (unsigned) ipv4->subnet_mask[0], |
4456 | ++ (unsigned) ipv4->subnet_mask[1], |
4457 | ++ (unsigned) ipv4->subnet_mask[2], |
4458 | ++ (unsigned) ipv4->subnet_mask[3]); |
4459 | ++ } |
4460 | ++ grub_printf (")"); |
4461 | + } |
4462 | + break; |
4463 | + case GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE: |
4464 | + { |
4465 | + grub_efi_ipv6_device_path_t *ipv6 |
4466 | + = (grub_efi_ipv6_device_path_t *) dp; |
4467 | +- grub_printf ("/IPv6(%x:%x:%x:%x:%x:%x:%x:%x,%x:%x:%x:%x:%x:%x:%x:%x,%u,%u,%x,%x)", |
4468 | +- (unsigned) ipv6->local_ip_address[0], |
4469 | +- (unsigned) ipv6->local_ip_address[1], |
4470 | +- (unsigned) ipv6->local_ip_address[2], |
4471 | +- (unsigned) ipv6->local_ip_address[3], |
4472 | +- (unsigned) ipv6->local_ip_address[4], |
4473 | +- (unsigned) ipv6->local_ip_address[5], |
4474 | +- (unsigned) ipv6->local_ip_address[6], |
4475 | +- (unsigned) ipv6->local_ip_address[7], |
4476 | +- (unsigned) ipv6->remote_ip_address[0], |
4477 | +- (unsigned) ipv6->remote_ip_address[1], |
4478 | +- (unsigned) ipv6->remote_ip_address[2], |
4479 | +- (unsigned) ipv6->remote_ip_address[3], |
4480 | +- (unsigned) ipv6->remote_ip_address[4], |
4481 | +- (unsigned) ipv6->remote_ip_address[5], |
4482 | +- (unsigned) ipv6->remote_ip_address[6], |
4483 | +- (unsigned) ipv6->remote_ip_address[7], |
4484 | ++ grub_printf ("/IPv6(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%u,%u,%x,%x", |
4485 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[0]), |
4486 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[1]), |
4487 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[2]), |
4488 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[3]), |
4489 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[4]), |
4490 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[5]), |
4491 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[6]), |
4492 | ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[7]), |
4493 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[0]), |
4494 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[1]), |
4495 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[2]), |
4496 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[3]), |
4497 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[4]), |
4498 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[5]), |
4499 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[6]), |
4500 | ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[7]), |
4501 | + (unsigned) ipv6->local_port, |
4502 | + (unsigned) ipv6->remote_port, |
4503 | + (unsigned) ipv6->protocol, |
4504 | + (unsigned) ipv6->static_ip_address); |
4505 | ++ if (len == sizeof (*ipv6)) |
4506 | ++ { |
4507 | ++ grub_printf (",%u,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", |
4508 | ++ (unsigned) ipv6->prefix_length, |
4509 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[0]), |
4510 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[1]), |
4511 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[2]), |
4512 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[3]), |
4513 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[4]), |
4514 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[5]), |
4515 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[6]), |
4516 | ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[7])); |
4517 | ++ } |
4518 | ++ grub_printf (")"); |
4519 | + } |
4520 | + break; |
4521 | + case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE: |
4522 | +@@ -834,6 +861,39 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) |
4523 | + dump_vendor_path ("Messaging", |
4524 | + (grub_efi_vendor_device_path_t *) dp); |
4525 | + break; |
4526 | ++ case GRUB_EFI_URI_DEVICE_PATH_SUBTYPE: |
4527 | ++ { |
4528 | ++ grub_efi_uri_device_path_t *uri |
4529 | ++ = (grub_efi_uri_device_path_t *) dp; |
4530 | ++ grub_printf ("/URI(%s)", uri->uri); |
4531 | ++ } |
4532 | ++ break; |
4533 | ++ case GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE: |
4534 | ++ { |
4535 | ++ grub_efi_dns_device_path_t *dns |
4536 | ++ = (grub_efi_dns_device_path_t *) dp; |
4537 | ++ if (dns->is_ipv6) |
4538 | ++ { |
4539 | ++ grub_printf ("/DNS(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x)", |
4540 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0]) >> 16), |
4541 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0])), |
4542 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1]) >> 16), |
4543 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1])), |
4544 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2]) >> 16), |
4545 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2])), |
4546 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]) >> 16), |
4547 | ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]))); |
4548 | ++ } |
4549 | ++ else |
4550 | ++ { |
4551 | ++ grub_printf ("/DNS(%d.%d.%d.%d)", |
4552 | ++ dns->dns_server_ip[0].v4.addr[0], |
4553 | ++ dns->dns_server_ip[0].v4.addr[1], |
4554 | ++ dns->dns_server_ip[0].v4.addr[2], |
4555 | ++ dns->dns_server_ip[0].v4.addr[3]); |
4556 | ++ } |
4557 | ++ } |
4558 | ++ break; |
4559 | + default: |
4560 | + grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); |
4561 | + break; |
4562 | +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c |
4563 | +index 82a28fb..f189209 100644 |
4564 | +--- a/grub-core/net/drivers/efi/efinet.c |
4565 | ++++ b/grub-core/net/drivers/efi/efinet.c |
4566 | +@@ -24,6 +24,7 @@ |
4567 | + #include <grub/efi/efi.h> |
4568 | + #include <grub/i18n.h> |
4569 | + #include <grub/net/netbuff.h> |
4570 | ++#include <grub/env.h> |
4571 | + |
4572 | + GRUB_MOD_LICENSE ("GPLv3+"); |
4573 | + |
4574 | +@@ -481,6 +482,17 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u |
4575 | + |
4576 | + ldp = grub_efi_find_last_device_path (ddp); |
4577 | + |
4578 | ++ /* Skip the DNS Device */ |
4579 | ++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE |
4580 | ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE) |
4581 | ++ { |
4582 | ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; |
4583 | ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; |
4584 | ++ ldp->length = sizeof (*ldp); |
4585 | ++ |
4586 | ++ ldp = grub_efi_find_last_device_path (ddp); |
4587 | ++ } |
4588 | ++ |
4589 | + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE |
4590 | + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE |
4591 | + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) |
4592 | +@@ -744,6 +756,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, |
4593 | + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE |
4594 | + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE |
4595 | + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE |
4596 | ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE |
4597 | + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) |
4598 | + continue; |
4599 | + dup_dp = grub_efi_duplicate_device_path (dp); |
4600 | +@@ -758,6 +771,15 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, |
4601 | + dup_ldp->length = sizeof (*dup_ldp); |
4602 | + } |
4603 | + |
4604 | ++ dup_ldp = grub_efi_find_last_device_path (dup_dp); |
4605 | ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (dup_ldp) == GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE) |
4606 | ++ { |
4607 | ++ dup_ldp = grub_efi_find_last_device_path (dup_dp); |
4608 | ++ dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; |
4609 | ++ dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; |
4610 | ++ dup_ldp->length = sizeof (*dup_ldp); |
4611 | ++ } |
4612 | ++ |
4613 | + dup_ldp = grub_efi_find_last_device_path (dup_dp); |
4614 | + dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; |
4615 | + dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; |
4616 | +@@ -816,6 +838,9 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, |
4617 | + |
4618 | + GRUB_MOD_INIT(efinet) |
4619 | + { |
4620 | ++ if (grub_efi_net_config) |
4621 | ++ return; |
4622 | ++ |
4623 | + grub_efinet_findcards (); |
4624 | + grub_efi_net_config = grub_efi_net_config_real; |
4625 | + } |
4626 | +@@ -827,5 +852,7 @@ GRUB_MOD_FINI(efinet) |
4627 | + FOR_NET_CARDS_SAFE (card, next) |
4628 | + if (card->driver == &efidriver) |
4629 | + grub_net_card_unregister (card); |
4630 | ++ |
4631 | ++ grub_efi_net_config = NULL; |
4632 | + } |
4633 | + |
4634 | +diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c |
4635 | +new file mode 100644 |
4636 | +index 0000000..4001c04 |
4637 | +--- /dev/null |
4638 | ++++ b/grub-core/net/efi/dhcp.c |
4639 | +@@ -0,0 +1,399 @@ |
4640 | ++#include <grub/mm.h> |
4641 | ++#include <grub/command.h> |
4642 | ++#include <grub/efi/api.h> |
4643 | ++#include <grub/efi/efi.h> |
4644 | ++#include <grub/misc.h> |
4645 | ++#include <grub/net/efi.h> |
4646 | ++#include <grub/charset.h> |
4647 | ++ |
4648 | ++#ifdef GRUB_EFI_NET_DEBUG |
4649 | ++static void |
4650 | ++dhcp4_mode_print (grub_efi_dhcp4_mode_data_t *mode) |
4651 | ++{ |
4652 | ++ switch (mode->state) |
4653 | ++ { |
4654 | ++ case GRUB_EFI_DHCP4_STOPPED: |
4655 | ++ grub_printf ("STATE: STOPPED\n"); |
4656 | ++ break; |
4657 | ++ case GRUB_EFI_DHCP4_INIT: |
4658 | ++ grub_printf ("STATE: INIT\n"); |
4659 | ++ break; |
4660 | ++ case GRUB_EFI_DHCP4_SELECTING: |
4661 | ++ grub_printf ("STATE: SELECTING\n"); |
4662 | ++ break; |
4663 | ++ case GRUB_EFI_DHCP4_REQUESTING: |
4664 | ++ grub_printf ("STATE: REQUESTING\n"); |
4665 | ++ break; |
4666 | ++ case GRUB_EFI_DHCP4_BOUND: |
4667 | ++ grub_printf ("STATE: BOUND\n"); |
4668 | ++ break; |
4669 | ++ case GRUB_EFI_DHCP4_RENEWING: |
4670 | ++ grub_printf ("STATE: RENEWING\n"); |
4671 | ++ break; |
4672 | ++ case GRUB_EFI_DHCP4_REBINDING: |
4673 | ++ grub_printf ("STATE: REBINDING\n"); |
4674 | ++ break; |
4675 | ++ case GRUB_EFI_DHCP4_INIT_REBOOT: |
4676 | ++ grub_printf ("STATE: INIT_REBOOT\n"); |
4677 | ++ break; |
4678 | ++ case GRUB_EFI_DHCP4_REBOOTING: |
4679 | ++ grub_printf ("STATE: REBOOTING\n"); |
4680 | ++ break; |
4681 | ++ default: |
4682 | ++ grub_printf ("STATE: UNKNOWN\n"); |
4683 | ++ break; |
4684 | ++ } |
4685 | ++ |
4686 | ++ grub_printf ("CLIENT_ADDRESS: %u.%u.%u.%u\n", |
4687 | ++ mode->client_address[0], |
4688 | ++ mode->client_address[1], |
4689 | ++ mode->client_address[2], |
4690 | ++ mode->client_address[3]); |
4691 | ++ grub_printf ("SERVER_ADDRESS: %u.%u.%u.%u\n", |
4692 | ++ mode->server_address[0], |
4693 | ++ mode->server_address[1], |
4694 | ++ mode->server_address[2], |
4695 | ++ mode->server_address[3]); |
4696 | ++ grub_printf ("SUBNET_MASK: %u.%u.%u.%u\n", |
4697 | ++ mode->subnet_mask[0], |
4698 | ++ mode->subnet_mask[1], |
4699 | ++ mode->subnet_mask[2], |
4700 | ++ mode->subnet_mask[3]); |
4701 | ++ grub_printf ("ROUTER_ADDRESS: %u.%u.%u.%u\n", |
4702 | ++ mode->router_address[0], |
4703 | ++ mode->router_address[1], |
4704 | ++ mode->router_address[2], |
4705 | ++ mode->router_address[3]); |
4706 | ++} |
4707 | ++#endif |
4708 | ++ |
4709 | ++static grub_efi_ipv4_address_t * |
4710 | ++grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packet_t *reply_packet) |
4711 | ++{ |
4712 | ++ grub_efi_dhcp4_packet_option_t **option_list; |
4713 | ++ grub_efi_status_t status; |
4714 | ++ grub_efi_uint32_t option_count = 0; |
4715 | ++ grub_efi_uint32_t i; |
4716 | ++ |
4717 | ++ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, NULL); |
4718 | ++ |
4719 | ++ if (status != GRUB_EFI_BUFFER_TOO_SMALL) |
4720 | ++ return NULL; |
4721 | ++ |
4722 | ++ option_list = grub_calloc (option_count, sizeof(*option_list)); |
4723 | ++ if (!option_list) |
4724 | ++ return NULL; |
4725 | ++ |
4726 | ++ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, option_list); |
4727 | ++ if (status != GRUB_EFI_SUCCESS) |
4728 | ++ { |
4729 | ++ grub_free (option_list); |
4730 | ++ return NULL; |
4731 | ++ } |
4732 | ++ |
4733 | ++ for (i = 0; i < option_count; ++i) |
4734 | ++ { |
4735 | ++ if (option_list[i]->op_code == 6) |
4736 | ++ { |
4737 | ++ grub_efi_ipv4_address_t *dns_address; |
4738 | ++ |
4739 | ++ if (((option_list[i]->length & 0x3) != 0) || (option_list[i]->length == 0)) |
4740 | ++ continue; |
4741 | ++ |
4742 | ++ /* We only contact primary dns */ |
4743 | ++ dns_address = grub_malloc (sizeof (*dns_address)); |
4744 | ++ if (!dns_address) |
4745 | ++ { |
4746 | ++ grub_free (option_list); |
4747 | ++ return NULL; |
4748 | ++ } |
4749 | ++ grub_memcpy (dns_address, option_list[i]->data, sizeof (dns_address)); |
4750 | ++ grub_free (option_list); |
4751 | ++ return dns_address; |
4752 | ++ } |
4753 | ++ } |
4754 | ++ |
4755 | ++ grub_free (option_list); |
4756 | ++ return NULL; |
4757 | ++} |
4758 | ++ |
4759 | ++#if 0 |
4760 | ++/* Somehow this doesn't work ... */ |
4761 | ++static grub_err_t |
4762 | ++grub_cmd_efi_bootp (struct grub_command *cmd __attribute__ ((unused)), |
4763 | ++ int argc __attribute__ ((unused)), |
4764 | ++ char **args __attribute__ ((unused))) |
4765 | ++{ |
4766 | ++ struct grub_efi_net_device *dev; |
4767 | ++ for (dev = net_devices; dev; dev = dev->next) |
4768 | ++ { |
4769 | ++ grub_efi_pxe_t *pxe = dev->ip4_pxe; |
4770 | ++ grub_efi_pxe_mode_t *mode = pxe->mode; |
4771 | ++ grub_efi_status_t status; |
4772 | ++ |
4773 | ++ if (!mode->started) |
4774 | ++ { |
4775 | ++ status = efi_call_2 (pxe->start, pxe, 0); |
4776 | ++ |
4777 | ++ if (status != GRUB_EFI_SUCCESS) |
4778 | ++ grub_printf ("Couldn't start PXE\n"); |
4779 | ++ } |
4780 | ++ |
4781 | ++ status = efi_call_2 (pxe->dhcp, pxe, 0); |
4782 | ++ if (status != GRUB_EFI_SUCCESS) |
4783 | ++ { |
4784 | ++ grub_printf ("dhcp4 configure failed, %d\n", (int)status); |
4785 | ++ continue; |
4786 | ++ } |
4787 | ++ |
4788 | ++ dev->prefer_ip6 = 0; |
4789 | ++ } |
4790 | ++ |
4791 | ++ return GRUB_ERR_NONE; |
4792 | ++} |
4793 | ++#endif |
4794 | ++ |
4795 | ++static grub_err_t |
4796 | ++grub_cmd_efi_bootp (struct grub_command *cmd __attribute__ ((unused)), |
4797 | ++ int argc, |
4798 | ++ char **args) |
4799 | ++{ |
4800 | ++ struct grub_efi_net_device *netdev; |
4801 | ++ |
4802 | ++ for (netdev = net_devices; netdev; netdev = netdev->next) |
4803 | ++ { |
4804 | ++ grub_efi_status_t status; |
4805 | ++ grub_efi_dhcp4_mode_data_t mode; |
4806 | ++ grub_efi_dhcp4_config_data_t config; |
4807 | ++ grub_efi_dhcp4_packet_option_t *options; |
4808 | ++ grub_efi_ipv4_address_t *dns_address; |
4809 | ++ grub_efi_net_ip_manual_address_t net_ip; |
4810 | ++ grub_efi_net_ip_address_t ip_addr; |
4811 | ++ grub_efi_net_interface_t *inf = NULL; |
4812 | ++ |
4813 | ++ if (argc > 0 && grub_strcmp (netdev->card_name, args[0]) != 0) |
4814 | ++ continue; |
4815 | ++ |
4816 | ++ grub_memset (&config, 0, sizeof(config)); |
4817 | ++ |
4818 | ++ config.option_count = 1; |
4819 | ++ options = grub_malloc (sizeof(*options) + 2); |
4820 | ++ /* Parameter request list */ |
4821 | ++ options->op_code = 55; |
4822 | ++ options->length = 3; |
4823 | ++ /* subnet mask */ |
4824 | ++ options->data[0] = 1; |
4825 | ++ /* router */ |
4826 | ++ options->data[1] = 3; |
4827 | ++ /* DNS */ |
4828 | ++ options->data[2] = 6; |
4829 | ++ config.option_list = &options; |
4830 | ++ |
4831 | ++ /* FIXME: What if the dhcp has bounded */ |
4832 | ++ status = efi_call_2 (netdev->dhcp4->configure, netdev->dhcp4, &config); |
4833 | ++ grub_free (options); |
4834 | ++ if (status != GRUB_EFI_SUCCESS) |
4835 | ++ { |
4836 | ++ grub_printf ("dhcp4 configure failed, %d\n", (int)status); |
4837 | ++ continue; |
4838 | ++ } |
4839 | ++ |
4840 | ++ status = efi_call_2 (netdev->dhcp4->start, netdev->dhcp4, NULL); |
4841 | ++ if (status != GRUB_EFI_SUCCESS) |
4842 | ++ { |
4843 | ++ grub_printf ("dhcp4 start failed, %d\n", (int)status); |
4844 | ++ continue; |
4845 | ++ } |
4846 | ++ |
4847 | ++ status = efi_call_2 (netdev->dhcp4->get_mode_data, netdev->dhcp4, &mode); |
4848 | ++ if (status != GRUB_EFI_SUCCESS) |
4849 | ++ { |
4850 | ++ grub_printf ("dhcp4 get mode failed, %d\n", (int)status); |
4851 | ++ continue; |
4852 | ++ } |
4853 | ++ |
4854 | ++#ifdef GRUB_EFI_NET_DEBUG |
4855 | ++ dhcp4_mode_print (&mode); |
4856 | ++#endif |
4857 | ++ |
4858 | ++ for (inf = netdev->net_interfaces; inf; inf = inf->next) |
4859 | ++ if (inf->prefer_ip6 == 0) |
4860 | ++ break; |
4861 | ++ |
4862 | ++ grub_memcpy (net_ip.ip4.address, mode.client_address, sizeof (net_ip.ip4.address)); |
4863 | ++ grub_memcpy (net_ip.ip4.subnet_mask, mode.subnet_mask, sizeof (net_ip.ip4.subnet_mask)); |
4864 | ++ |
4865 | ++ if (!inf) |
4866 | ++ { |
4867 | ++ char *name = grub_xasprintf ("%s:dhcp", netdev->card_name); |
4868 | ++ |
4869 | ++ net_ip.is_ip6 = 0; |
4870 | ++ inf = grub_efi_net_create_interface (netdev, |
4871 | ++ name, |
4872 | ++ &net_ip, |
4873 | ++ 1); |
4874 | ++ grub_free (name); |
4875 | ++ } |
4876 | ++ else |
4877 | ++ { |
4878 | ++ efi_net_interface_set_address (inf, &net_ip, 1); |
4879 | ++ } |
4880 | ++ |
4881 | ++ grub_memcpy (ip_addr.ip4, mode.router_address, sizeof (ip_addr.ip4)); |
4882 | ++ efi_net_interface_set_gateway (inf, &ip_addr); |
4883 | ++ |
4884 | ++ dns_address = grub_efi_dhcp4_parse_dns (netdev->dhcp4, mode.reply_packet); |
4885 | ++ if (dns_address) |
4886 | ++ efi_net_interface_set_dns (inf, (grub_efi_net_ip_address_t *)&dns_address); |
4887 | ++ |
4888 | ++ } |
4889 | ++ |
4890 | ++ return GRUB_ERR_NONE; |
4891 | ++} |
4892 | ++ |
4893 | ++ |
4894 | ++static grub_err_t |
4895 | ++grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)), |
4896 | ++ int argc, |
4897 | ++ char **args) |
4898 | ++{ |
4899 | ++ struct grub_efi_net_device *dev; |
4900 | ++ grub_efi_uint32_t ia_id; |
4901 | ++ |
4902 | ++ for (dev = net_devices, ia_id = 0; dev; dev = dev->next, ia_id++) |
4903 | ++ { |
4904 | ++ grub_efi_dhcp6_config_data_t config; |
4905 | ++ grub_efi_dhcp6_packet_option_t *option_list[1]; |
4906 | ++ grub_efi_dhcp6_packet_option_t *opt; |
4907 | ++ grub_efi_status_t status; |
4908 | ++ grub_efi_dhcp6_mode_data_t mode; |
4909 | ++ grub_efi_dhcp6_retransmission_t retrans; |
4910 | ++ grub_efi_net_ip_manual_address_t net_ip; |
4911 | ++ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; |
4912 | ++ grub_efi_net_interface_t *inf = NULL; |
4913 | ++ |
4914 | ++ if (argc > 0 && grub_strcmp (dev->card_name, args[0]) != 0) |
4915 | ++ continue; |
4916 | ++ |
4917 | ++ opt = grub_malloc (sizeof(*opt) + 2 * sizeof (grub_efi_uint16_t)); |
4918 | ++ |
4919 | ++#define GRUB_EFI_DHCP6_OPT_ORO 6 |
4920 | ++ |
4921 | ++ opt->op_code = grub_cpu_to_be16_compile_time (GRUB_EFI_DHCP6_OPT_ORO); |
4922 | ++ opt->op_len = grub_cpu_to_be16_compile_time (2 * sizeof (grub_efi_uint16_t)); |
4923 | ++ |
4924 | ++#define GRUB_EFI_DHCP6_OPT_BOOT_FILE_URL 59 |
4925 | ++#define GRUB_EFI_DHCP6_OPT_DNS_SERVERS 23 |
4926 | ++ |
4927 | ++ grub_set_unaligned16 (opt->data, grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_BOOT_FILE_URL)); |
4928 | ++ grub_set_unaligned16 (opt->data + 1 * sizeof (grub_efi_uint16_t), |
4929 | ++ grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_DNS_SERVERS)); |
4930 | ++ |
4931 | ++ option_list[0] = opt; |
4932 | ++ retrans.irt = 4; |
4933 | ++ retrans.mrc = 4; |
4934 | ++ retrans.mrt = 32; |
4935 | ++ retrans.mrd = 60; |
4936 | ++ |
4937 | ++ config.dhcp6_callback = NULL; |
4938 | ++ config.callback_context = NULL; |
4939 | ++ config.option_count = 1; |
4940 | ++ config.option_list = option_list; |
4941 | ++ config.ia_descriptor.ia_id = ia_id; |
4942 | ++ config.ia_descriptor.type = GRUB_EFI_DHCP6_IA_TYPE_NA; |
4943 | ++ config.ia_info_event = NULL; |
4944 | ++ config.reconfigure_accept = 0; |
4945 | ++ config.rapid_commit = 0; |
4946 | ++ config.solicit_retransmission = &retrans; |
4947 | ++ |
4948 | ++ status = efi_call_2 (dev->dhcp6->configure, dev->dhcp6, &config); |
4949 | ++ grub_free (opt); |
4950 | ++ if (status != GRUB_EFI_SUCCESS) |
4951 | ++ { |
4952 | ++ grub_printf ("dhcp6 configure failed, %d\n", (int)status); |
4953 | ++ continue; |
4954 | ++ } |
4955 | ++ status = efi_call_1 (dev->dhcp6->start, dev->dhcp6); |
4956 | ++ if (status != GRUB_EFI_SUCCESS) |
4957 | ++ { |
4958 | ++ grub_printf ("dhcp6 start failed, %d\n", (int)status); |
4959 | ++ continue; |
4960 | ++ } |
4961 | ++ |
4962 | ++ status = efi_call_3 (dev->dhcp6->get_mode_data, dev->dhcp6, &mode, NULL); |
4963 | ++ if (status != GRUB_EFI_SUCCESS) |
4964 | ++ { |
4965 | ++ grub_printf ("dhcp4 get mode failed, %d\n", (int)status); |
4966 | ++ continue; |
4967 | ++ } |
4968 | ++ |
4969 | ++ for (inf = dev->net_interfaces; inf; inf = inf->next) |
4970 | ++ if (inf->prefer_ip6 == 1) |
4971 | ++ break; |
4972 | ++ |
4973 | ++ grub_memcpy (net_ip.ip6.address, mode.ia->ia_address[0].ip_address, sizeof (net_ip.ip6.address)); |
4974 | ++ net_ip.ip6.prefix_length = 64; |
4975 | ++ net_ip.ip6.is_anycast = 0; |
4976 | ++ net_ip.is_ip6 = 1; |
4977 | ++ |
4978 | ++ if (!inf) |
4979 | ++ { |
4980 | ++ char *name = grub_xasprintf ("%s:dhcp", dev->card_name); |
4981 | ++ |
4982 | ++ inf = grub_efi_net_create_interface (dev, |
4983 | ++ name, |
4984 | ++ &net_ip, |
4985 | ++ 1); |
4986 | ++ grub_free (name); |
4987 | ++ } |
4988 | ++ else |
4989 | ++ { |
4990 | ++ efi_net_interface_set_address (inf, &net_ip, 1); |
4991 | ++ } |
4992 | ++ |
4993 | ++ { |
4994 | ++ grub_efi_uint32_t count = 0; |
4995 | ++ grub_efi_dhcp6_packet_option_t **options = NULL; |
4996 | ++ grub_efi_uint32_t i; |
4997 | ++ |
4998 | ++ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, NULL); |
4999 | ++ |
5000 | ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) |