Commit b07feb8746 (verifiers: Rename
verify module to pgp module) renamed the "verify" module to "pgp", but
the GRUB_MOD_INIT and GRUB_MOD_FINI macros were left as "verify", which
broke the emu target build; and file_filter_test still referred to the
now non-existent "verify" module. Fix both of these.
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add support for multiple, shared, early initrd images. These early
images will be loaded in the order declared, and all will be loaded
before the initrd image.
While many classes of data can be provided by early images, the
immediate use case would be for distributions to provide CPU
microcode to mitigate the Meltdown and Spectre vulnerabilities.
Xen has also support to load microcode updates provided as additional
modules by the bootloader.
There are two environment variables provided for declaring the early
images.
* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
images that are provided by the distribution or installed packages.
If undeclared, this will default to a set of common microcode image
names.
* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
images will be loaded after the stock images.
These separate configurations allow the distribution and user to
declare different image sets without clobbering each other.
This also makes a minor update to ensure that UUID partition labels
stay disabled when no initrd image is found, even if early images are
present.
This is basically a copy of a698240d "grub-mkconfig/10_linux: Support
multiple early initrd images" by Matthew S. Turnbull.
Signed-off-by: Peter Große <pegro@friiks.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
We should not try to copy any memory area which is outside of the original
fdt. If this extra memory is controlled by a hypervisor this might end
with a crash.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In order to enforce NX semantics on non-code pages, UEFI firmware
may require that all code is EFI_PAGE_SIZE (4k) aligned. A similar
change has recently been applied to edk2 to accomodate for the same
fact:
https://lists.01.org/pipermail/edk2-devel/2018-December/033708.html
This patch adapts grub to also implement the same alignment guarantees
and thus ensures we can boot even when strict permission checks are in
place.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Origin: other, https://lists.gnu.org/archive/html/grub-devel/2018-12/msg00055.html
Bug-Debian: https://bugs.debian.org/919012
Last-Update: 2019-01-12
Patch-Name: mkimage-arm64-efi-align-first-section-to-page.patch
For EFI images, we always have the following layout:
[PE header]
[padding]
[first section (which also is the entry point)]
Currently there are 2 places where we define how big header+padding are:
in the .vaddr_offset member of our target image definition struct as well
as in code in grub_install_generate_image().
Remove the latter, so that we only have a single place to modify if we
need to change the padding.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Origin: other, https://lists.gnu.org/archive/html/grub-devel/2018-12/msg00054.html
Bug-Debian: https://bugs.debian.org/919012
Last-Update: 2019-01-12
Patch-Name: mkimage-simplify-header-size-logic.patch
Add all usable memory regions to grub memory management and add the
needed mmap iterate code, which will be used by grub core (e.g.
grub-core/lib/relocator.c or grub-core/mmap/mmap.c).
As we are running in 32-bit mode don't add memory above 4GB.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1d2473a024a9e1f46a7caa75d5c8186ed2cdb6e1
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-init-memory-regions.patch
Initialize the needed Xen specific data. This is:
- the Xen start of day page containing the console and Xenstore ring
page PFN and event channel
- the grant table
- the shared info page
Write back the possibly modified memory map to the hypervisor in case
the guest is reading it from there again.
Set the RSDP address for the guest from the start_info page passed
as boot parameter.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4c9b4a7c92c9373315fd8b0f8f889275814bba41
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-setup-data.patch
Add the needed code to setup the hypercall page for calling into the
Xen hypervisor.
Import the XEN_HVM_DEBUGCONS_IOPORT define from Xen unstable into
include/xen/arch-x86/xen.h
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=da81e42a7ccb545513368ec7488cdf5019c1c2ba
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-setup-hypercall-page.patch
Add the hooks to current code needed for Xen PVH. They will be filled
with code later when the related functionality is being added.
loader/i386/linux.c needs to include machine/kernel.h now as it needs
to get GRUB_KERNEL_USE_RSDP_ADDR from there. This in turn requires to
add an empty kernel.h header for some i386 platforms (efi, coreboot,
ieee1275, xen) and for x86_64 efi.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: backport, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b3e4eb2d2e1875e6045e838962f769f2ce161dd
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-basic-hooks.patch
include/grub/offsets.h needs some defines for Xen PVH mode.
Add them. While at it line up the values in the surrounding lines to
start at the same column.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=53a92dea8b675afb3f46aed15c04528695d46d59
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-offsets.patch
grub_xen_ptr2mfn() returns the machine frame number for a given pointer
value. For Xen-PVH guests this is just the PFN. Add the PVH specific
variant.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3b8d09c7742a1890eadad6987852c82947ea5d4a
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-ptr2mfn.patch
Rearrange grub-core/kern/xen/init.c to prepare adding PVH mode support
to it. This includes putting some code under #ifdef GRUB_MACHINE_XEN
as it will not be used when running as PVH.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bec9edf53f4d0b629a52a7d1145f38f88df8dd1d
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-rearrange-init.patch
With Xen PVH mode adding a new machine type the machine related headers
need to be present for the build to succeed. Most of the headers just
need to include the related common i386 headers. Add those to the tree.
Note that xen_pvh/int.h needs to include pc/int_types.h instead of
pc/int.h in order to avoid the definition of grub_bios_interrupt().
xen_pvh/memory.h needs to include coreboot/memory.h (like some other
<machine>/memory.h do as well) as this contains just the needed stubs.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=408de833bbd1ccad39ad439eaf3cddd528b039b5
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-add-dummy-headers.patch
Some common code needs to be special cased for Xen PVH mode. This hits
mostly Xen PV mode specific areas.
Split include/grub/i386/pc/int_types.h off from
include/grub/i386/pc/int.h to support including this file later from
xen_pvh code without the grub_bios_interrupt definition.
Move definition of struct grub_e820_mmap_entry from
grub-core/mmap/i386/pc/mmap.c to include/grub/i386/memory.h in order
to make it usable from xen_pvh code.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fc9d47ead56365c3335bb42cf651008c9ac1f494
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-prepare-common-code.patch
Initialize the grant tab in a dedicated function. This will enable
using it for PVH guests, too.
Call the new function from grub_machine_init() as this will later
be common between Xen PV and Xen PVH mode.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=c84927272cea59084ad5b0705c55547e8c85b28d
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-refactor-grant-tab-init.patch
Xen PVH guests will have the RSDP at an arbitrary address. Support that
by passing the RSDP address via the boot parameters to Linux.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d170be42f12b0b2ab91d8d943d7b0bf563c906dd
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-rsdp-boot-params.patch
In order to support grub2 in Xen PVH environment some additional Xen
headers are needed as grub2 will be started in PVH mode requiring to
use several HVM hypercalls and structures.
Add the needed headers from Xen 4.10 being the first Xen version with
full (not only experimental) PVH guest support.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9118effd1b1fb67d82168b37cf6dd1142feced3b
Bug-Debian: https://bugs.debian.org/776450
Last-Update: 2019-01-07
Patch-Name: xen-pvh-add-headers.patch
Keep track of the previous version of /usr/share/grub/default/grub and
set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
can't figure this out for itself since we apply debconf-based
customisations on top of the template configuration file.
Closes: #812574
LP: #564853
We should not try to copy any memory area which is outside of the original
fdt. If this extra memory is controlled by a hypervisor this might end
with a crash.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Origin: other, https://lists.gnu.org/archive/html/grub-devel/2018-12/msg00042.html
Last-Update: 2018-12-21
Patch-Name: efi-fdt-do-not-copy-random-memory.patch
Describe the behaviour of GRUB when the TPM module is in use.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone has a use case before adding more complexity.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Pass all commands executed by GRUB to the verifiers layer. Most verifiers will
ignore this, but some (such as the TPM verifier) want to be able to measure and
log each command executed in order to ensure that the boot state is as expected.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Support platform i386/xen_pvh in configure.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Add xen_pvh support to grub-install.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Support mkimage for xen_pvh.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
In order to avoid using plain integers for the ELF notes use the
available Xen include instead.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
This solves the build failing with "Error: no symbol table and no
.moddeps section"
Also see:
- 6371e9c104
- https://savannah.gnu.org/bugs/?49012
Signed-off-by: Hans van Kranenburg <hans@knorrie.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Add the modifications to the build system needed to build a xen_pvh
grub.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Add all usable memory regions to grub memory management and add the
needed mmap iterate code, which will be used by grub core (e.g.
grub-core/lib/relocator.c or grub-core/mmap/mmap.c).
As we are running in 32-bit mode don't add memory above 4GB.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Initialize the needed Xen specific data. This is:
- the Xen start of day page containing the console and Xenstore ring
page PFN and event channel
- the grant table
- the shared info page
Write back the possibly modified memory map to the hypervisor in case
the guest is reading it from there again.
Set the RSDP address for the guest from the start_info page passed
as boot parameter.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Retrieve the memory map from the hypervisor and normalize it to contain
no overlapping entries and to be sorted by address.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Add the needed code to setup the hypercall page for calling into the
Xen hypervisor.
Import the XEN_HVM_DEBUGCONS_IOPORT define from Xen unstable into
include/xen/arch-x86/xen.h
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
