Since ARM platforms do not have a common memory map, add a helper
function that finds the lowest address region with the EFI_MEMORY_WB
attribute set in the UEFI memory map.
Required for the arm64 efi linux loader to restrict the initrd
location to where it will be accessible by the kernel at runtime.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bad144c60f664a83f5a7d3a014927bffaa2abbf1
Bug-Debian: https://bugs.debian.org/907596
Bug-Debian: https://bugs.debian.org/909420
Last-Update: 2018-12-06
Patch-Name: efi-add-grub_efi_get_ram_base-for-arm64.patch
Gbp-Pq: Name efi-add-grub_efi_get_ram_base-for-arm64.patch
<grub/machine/loader.h> (for machine arm/efi) and
<grub/machine/kernel.h> (for machine arm/coreboot) will not always
resolve (and will likely not be valid to) if pulled in when building
non-native commands, such as host tools or the "file" command.
So explicitly include them with their expanded pathnames.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: backport, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a244d9ebc7547f7ed373d9796a3bf186e7c035a1
Bug-Debian: https://bugs.debian.org/907596
Bug-Debian: https://bugs.debian.org/909420
Last-Update: 2018-12-06
Patch-Name: arm-linux-h-safe-for-non-native.patch
Gbp-Pq: Name arm-linux-h-safe-for-non-native.patch
The EFI page definitions and macros are generic and should not be confined
to arm64 headers - so move to efi/memory.h.
Also add EFI_PAGE_SIZE macro.
Update loader sources to reflect new header location.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=083c6e2455dcd4aafb6062d89fd6029dd3adddb6
Bug-Debian: https://bugs.debian.org/907596
Bug-Debian: https://bugs.debian.org/909420
Last-Update: 2018-12-06
Patch-Name: arm64-efi-move-EFI_PAGE-definitions.patch
Gbp-Pq: Name arm64-efi-move-EFI_PAGE-definitions.patch
With upcoming changes to EDK2, allocations of type EFI_LOADER_DATA may
not return regions with execute ability. Since modules are loaded onto
the heap, change the heap allocation type to GRUB_EFI_LOADER_CODE in
order to permit execution on systems with this feature enabled.
Closes: 50420
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f826330683675f0deb55b58fd229afd7d65fb053
Bug-Debian: https://bugs.debian.org/907596
Bug-Debian: https://bugs.debian.org/909420
Last-Update: 2018-12-06
Patch-Name: efi-change-heap-allocation-type.patch
Gbp-Pq: Name efi-change-heap-allocation-type.patch
There is nothing ARM64 (or even ARM) specific about the efi fdt helper
library, which is used for locating or overriding a firmware-provided
devicetree in a UEFI system - so move it to loader/efi for reuse.
Move the fdtload.h include file to grub/efi and update path to
efi/fdtload.h in source code referring to it.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8c9465fac901caac6802d6872a1374518b001517
Bug-Debian: https://bugs.debian.org/907596
Bug-Debian: https://bugs.debian.org/909420
Last-Update: 2018-12-06
Patch-Name: efi-move-fdt-helper-library.patch
Gbp-Pq: Name efi-move-fdt-helper-library.patch
Expose a new function, grub_efi_allocate_pages_real(), making it possible
to specify allocation type and memory type as supported by the UEFI
AllocatePages boot service.
Make grub_efi_allocate_pages() a consumer of the new function,
maintaining its old functionality.
Also delete some left-around #if 1/#else blocks in the affected
functions.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=dd5fde2df83c5c03b7ba04d2cc5b7be96de8da7b
Bug-Debian: https://bugs.debian.org/907596
Bug-Debian: https://bugs.debian.org/909420
Last-Update: 2018-12-06
Patch-Name: efi-refactor-grub_efi_allocate_pages.patch
Gbp-Pq: Name efi-refactor-grub_efi_allocate_pages.patch
These don't work with and aren't needed by dynamically-loaded
completions.
Bug-Debian: https://bugs.debian.org/912852
Forwarded: no
Last-Update: 2018-11-16
Patch-Name: bash-completion-drop-have-checks.patch
Gbp-Pq: Name bash-completion-drop-have-checks.patch
If / is on the root dataset in a ZFS pool, then ${bootfs} will be set to
"/" (whereas if it is on a non-root dataset, there will be no trailing
slash). Passing "root=ZFS=${rpool}/" will fail to boot, but
"root=ZFS=${rpool}" works fine, so strip the trailing slash.
Fixes: https://savannah.gnu.org/bugs/?52746
Tested-by: Fejes József <jozsef.fejes@gmail.com>
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Bug: https://savannah.gnu.org/bugs/?52746
Bug-Debian: https://bugs.debian.org/886178
Last-Update: 2018-10-29
Patch-Name: zfs-root-dataset.patch
Gbp-Pq: Name zfs-root-dataset.patch
The EFI Graphics Output Protocol can return a 64-bit
linear frame buffer address in some firmware/BIOS
implementations. We currently only store the lower
32-bits in the lfb_base. This will eventually be
passed to Linux kernel and the efifb driver will
incorrectly interpret the framebuffer address as
32-bit address.
The Linux kernel has already added support to handle
64-bit linear framebuffer address in the efifb driver
since quite some time now.
This patch adds the support for 64-bit linear frame
buffer address in GRUB to address the above mentioned
scenario.
Signed-off-by: Arindam Nath <arindam.nath@amd.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=886edba8770ccbc3def0af2a7d6b346d00d0af2f
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1785033
Last-Update: 2018-10-29
Patch-Name: add_ext_lfb_base_support.patch
Gbp-Pq: Name add_ext_lfb_base_support.patch
qemu 2.12 removed the -usbdevice option. Use a more modern spelling
instead, in line with other USB-related tests.
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Forwarded: https://lists.gnu.org/archive/html/grub-devel/2018-07/msg00114.html
Last-Update: 2018-07-30
Patch-Name: tests-fix-uhci-qemu-options.patch
Gbp-Pq: Name tests-fix-uhci-qemu-options.patch
SeaBIOS 1.11.0 added support for VGA emulation over a serial port, which
interferes with grub-shell. Turn it off.
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Forwarded: https://lists.gnu.org/archive/html/grub-devel/2018-07/msg00113.html
Last-Update: 2018-07-30
Patch-Name: tests-disable-sercon-in-seabios.patch
Gbp-Pq: Name tests-disable-sercon-in-seabios.patch
Description: do not overwrite sentinel byte in boot_params, breaks lockdown
grub currently copies the entire boot_params, which includes setting sentinel
byte to 0xff, which triggers sanitize_boot_params in the kernel which in
turn clears various boot_params variables, including the indication that
the booloader chain is verified and thus the kernel disables lockdown mode.
According to the information on the Fedora bug tracker, only the information
from byte 0x1f1 is necessary, so start copying from there instead.
Author: Luca Boccassi <bluca@debian.org>
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
Forwarded: no
Patch-Name: fix_lockdown.patch
Gbp-Pq: Name fix_lockdown.patch
If UEFI Secure Boot is enabled and kernel signature verification fails, do not
boot the kernel. Before this change, if kernel signature verification failed
then GRUB would fall back to calling ExitBootServices() and continuing the
boot.
Patch-Name: linuxefi_disable_sb_fallback.patch
Signed-off-by: Linn Crosetto <linn@hpe.com>
Gbp-Pq: Name linuxefi_disable_sb_fallback.patch
The multiboot2 is much more preferable than multiboot. Especiall
if booting under EFI where multiboot does not have the functionality
to pass ImageHandler.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: backport, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b4d709b6ee789cdaf3fa7a80fd90c721a16f48c2
Bug-Debian: https://bugs.debian.org/898947
Last-Update: 2018-06-16
Patch-Name: xen-multiboot2.patch
Gbp-Pq: Name xen-multiboot2.patch
pkg-config is apparently preferred over freetype-config these days (see
the BUGS section of freetype-config(1)). pkg-config support was added
to FreeType in version 2.1.5, which was released in 2003, so it should
comfortably be available everywhere by now.
We no longer need to explicitly substitute FREETYPE_CFLAGS and
FREETYPE_LIBS, since PKG_CHECK_MODULES does that automatically.
Fixes Debian bug #887721.
Reported-by: Hugh McMaster <hugh.mcmaster@outlook.com>
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Bug-Debian: https://bugs.debian.org/887721
Last-Update: 2018-02-11
Patch-Name: freetype-pkg-config.patch
Gbp-Pq: Name freetype-pkg-config.patch
Using FREETYPE_CFLAGS and FREETYPE_LIBS is more in line with the naming
scheme used by pkg-config macros.
Bug-Debian: https://bugs.debian.org/887721
Last-Update: 2018-02-11
Patch-Name: freetype-capitalise-variables.patch
Gbp-Pq: Name freetype-capitalise-variables.patch
On efi systems, make pmtimer based tsc calibration the default over the
pit. This prevents Grub from hanging on Intel SoC systems that power gate
the pit.
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=446794de8da4329ea532cbee4ca877bcafd0e534
Bug-Debian: https://bugs.debian.org/883193
Last-Update: 2017-12-01
Patch-Name: tsc_efi_default_to_pmtimer.patch
Gbp-Pq: Name tsc_efi_default_to_pmtimer.patch
On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
For a regular file, this means its contents are encrypted; for a
directory, this means the filenames in its directory entries are
encrypted; and for a symlink, this means its target is encrypted. Since
GRUB cannot decrypt encrypted contents or filenames, just issue an error
if it would need to do so. This is sufficient to allow unencrypted boot
files to co-exist with encrypted files elsewhere on the filesystem.
(Note that encrypted regular files and symlinks will not normally be
encountered outside an encrypted directory; however, it's possible via
hard links, so they still need to be handled.)
Tested by booting from an ext4 /boot partition on which I had run
'tune2fs -O encrypt'. I also verified that the expected error messages
are printed when trying to access encrypted directories, files, and
symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester
ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=734668238fcc0ef691a080839e04f33854fa133a
Bug-Debian: https://bugs.debian.org/840204
Last-Update: 2017-07-06
Patch-Name: ext4_feature_encrypt.patch
Gbp-Pq: Name ext4_feature_encrypt.patch
Code is currently ignoring errors from efibootmgr, giving users
clearly bogus output like:
Setting up grub-efi-amd64 (2.02~beta3-4) ...
Installing for x86_64-efi platform.
Could not delete variable: No space left on device
Could not prepare Boot variable: No space left on device
Installation finished. No error reported.
and then potentially unbootable systems. If efibootmgr fails,
grub-install should know that and report it!
Signed-off-by: Steve McIntyre <93sam@debian.org>
Bug-Debian: https://bugs.debian.org/853234
Forwarded: https://lists.gnu.org/archive/html/grub-devel/2017-01/msg00107.html
Patch-Name: grub-install-efibootmgr-check.patch
Gbp-Pq: Name grub-install-efibootmgr-check.patch
In the URI device path node, any name rahter than address can be used for
looking up the resources so that DNS service become needed to get answer of the
name's address. Unfortunately the DNS is not defined in any of the device path
nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL
to obtain it.
These two protcols are defined the sections of UEFI specification.
27.5 EFI IPv4 Configuration II Protocol
27.7 EFI IPv6 Configuration Protocol
include/grub/efi/api.h:
Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and
EFI_IP6_CONFIG_PROTOCOL.
grub-core/net/drivers/efi/efinet.c:
Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list
of DNS server address for IPv4 and IPv6 respectively. The address of DNS
servers is structured into DHCPACK packet and feed into the same DHCP packet
processing functions to ensure the network interface is setting up the same way
it used to be.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: efinet_set_dns_from_uefi_proto.patch
Gbp-Pq: Name efinet_set_dns_from_uefi_proto.patch
The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no
longer provided for HTTP Boot. Instead, we have to get the HTTP boot
information from the device path nodes defined in following UEFI Specification
sections.
9.3.5.12 IPv4 Device Path
9.3.5.13 IPv6 Device Path
9.3.5.23 Uniform Resource Identifiers (URI) Device Path
This patch basically does:
include/grub/efi/api.h:
Add new structure of Uniform Resource Identifiers (URI) Device Path
grub-core/net/drivers/efi/efinet.c:
Check if PXE Base Code is available, if not it will try to obtain the netboot
information from the device path where the image booted from. The DHCPACK
packet is recoverd from the information in device patch and feed into the same
DHCP packet processing functions to ensure the network interface is setting up
the same way it used to be.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: efinet_set_network_from_uefi_devpath.patch
Gbp-Pq: Name efinet_set_network_from_uefi_devpath.patch
The vendor class identifier with the string "HTTPClient" is used to denote the
packet as responding to HTTP boot request. In DHCP4 config, the filename for
HTTP boot is the URL of the boot file while for PXE boot it is the path to the
boot file. As a consequence, the next-server becomes obseleted because the HTTP
URL already contains the server address for the boot file. For DHCP6 config,
there's no difference definition in existing config as dhcp6.bootfile-url can
be used to specify URL for both HTTP and PXE boot file.
This patch adds processing for "HTTPClient" vendor class identifier in DHCPACK
packet by treating it as HTTP format, not as the PXE format.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: bootp_process_dhcpack_http_boot.patch
Gbp-Pq: Name bootp_process_dhcpack_http_boot.patch
When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is
cached in firmware buffer which can be obtained by PXE Base Code protocol. The
network interface can be setup through the parameters in that obtained packet.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: efinet_uefi_ipv6_pxe_support.patch
Gbp-Pq: Name efinet_uefi_ipv6_pxe_support.patch
Implement new net_bootp6 command for IPv6 network auto configuration via the
DHCPv6 protocol (RFC3315).
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>
Patch-Name: bootp_new_net_bootp6_command.patch
Gbp-Pq: Name bootp_new_net_bootp6_command.patch
Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses
to be recognized with brackets around them, which is required to specify a port
number
Patch-Name: net_read_bracketed_ipv6_addr.patch
Gbp-Pq: Name net_read_bracketed_ipv6_addr.patch
Would previously allow digits larger than the base and didn't check that
subtracting the difference from 0-9 to lowercase letters for characters
larger than 9 didn't result in a value lower than 9, which allowed the
parses: ` = 9, _ = 8, ^ = 7, ] = 6, \ = 5, and [ = 4
Patch-Name: misc-fix-invalid-char-strtol.patch
Gbp-Pq: Name misc-fix-invalid-char-strtol.patch
zfs-initramfs currently provides extraneous, undesired symlinks to
devices directly underneath /dev/ to satisfy zpool's historical output
of unqualified device names. By including this environment variable to
signal our intent to zpool, zfs-linux packages can drop the symlink
behavior when updating to its upstream or backported output behavior.
Bug: https://savannah.gnu.org/bugs/?43653
Bug-Debian: https://bugs.debian.org/824974
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1527727
Last-Update: 2016-11-01
Patch-Name: zpool_full_device_name.patch
Gbp-Pq: Name zpool_full_device_name.patch
When doing out-of-tree builds, abs_top_srcdir may well contain ".."
segments, and grub-syslinux2cfg canonicalises its --root argument. As a
result, the expansion of @abs_top_srcdir@ may not match what
grub-syslinux2cfg produces.
It's somewhat difficult to portably canonicalize a path in shell, and
autoconf/automake don't offer any support for this. But there's a much
simpler option: copy the test data to a temporary directory and make
substitutions in the expected output file based on that.
Forwarded: http://lists.gnu.org/archive/html/grub-devel/2016-09/msg00013.html
Last-Update: 2016-09-19
Patch-Name: syslinux-test-out-of-tree.patch
Gbp-Pq: Name syslinux-test-out-of-tree.patch
Add fallback boot entries for alternative installed init systems. Based
on patches from Michael Biebl and Didier Roche.
Bug-Debian: https://bugs.debian.org/757298
Bug-Debian: https://bugs.debian.org/773173
Forwarded: no
Last-Update: 2017-06-23
Patch-Name: mkconfig_other_inits.patch
Gbp-Pq: Name mkconfig_other_inits.patch
Add an extra option to grub-install "--force-extra-removable". On EFI
platforms, this will cause an extra copy of the grub-efi image to be
written to the appropriate removable media patch
/boot/efi/EFI/BOOT/BOOT$ARCH.EFI as well. This will help with broken
UEFI implementations where the firmware does not work when configured
with new boot paths.
Signed-off-by: Steve McIntyre <93sam@debian.org>
Bug-Debian: https://bugs.debian.org/767037https://bugs.debian.org/773092
Forwarded: Not yet
Last-Update: 2014-12-20
Patch-Name: grub-install-extra-removable.patch
Gbp-Pq: Name grub-install-extra-removable.patch
This is needed in case the Linux kernel is compiled with CONFIG_KERNEL_XZ or
CONFIG_KERNEL_LZO rather than CONFIG_KERNEL_GZ (gzio is already loaded by
grub.cfg today).
Signed-off-by: Ian Campbell <ijc@debian.org>
Bug-Debian: https://bugs.debian.org/755256
Forwarded: http://lists.gnu.org/archive/html/grub-devel/2014-11/msg00091.html
Last-Update: 2014-11-30
Patch-Name: insmod-xzio-and-lzopio-on-xen.patch
Gbp-Pq: Name insmod-xzio-and-lzopio-on-xen.patch
