Commit 84ab2112 authored by Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra
Browse files

Import Debian changes 2.04-18parrot1

grub2 (2.04-18parrot1) rolling; urgency=medium
.
  * Import new Debian release.
.
grub2 (2.04-18) unstable; urgency=medium
.
  [ Steve McIntyre ]
  * Enable the shim_lock and tpm modules for i386-efi too. Ensure that
    tpm is included in our EFI images.
  * List the modules we include the EFI images - make it easier to
    debug things.
  * Add debug to display what's going on with verifiers
.
  [ Colin Watson ]
  * util/mkimage: Some fixes to PE binaries section size calculation
    (closes: #987103).
parent 4186bcda
Pipeline #3334 failed with stages
# see git-dpm(1) from git-dpm package
3d246c561a2c6aa18b78eae69e5100a2347dc7aa
3d246c561a2c6aa18b78eae69e5100a2347dc7aa
0eae44daa60c3f0ce8fdb349ba71b869a6738efd
0eae44daa60c3f0ce8fdb349ba71b869a6738efd
578bb115fbd47e1c464696f1f8d6183e5443975d
578bb115fbd47e1c464696f1f8d6183e5443975d
grub2_2.04.orig.tar.xz
......
......@@ -150,12 +150,6 @@ case $platform in
cpuid
linuxefi
play
"
;;
esac
case $platform in
x86_64-efi)
CD_MODULES="$CD_MODULES
tpm
"
;;
......@@ -197,6 +191,7 @@ NET_MODULES="$CD_MODULES
"
# CD boot image
echo "Including modules $CD_MODULES in $outdir/gcd$efi_name.efi"
"$grub_mkimage" -O "$platform" -o "$outdir/gcd$efi_name.efi" \
-d "$grub_core" \
-c "$workdir/grub-bootstrap.cfg" -m "$workdir/memdisk.fat" \
......@@ -205,12 +200,14 @@ NET_MODULES="$CD_MODULES
$CD_MODULES
# Normal disk boot image
echo "Including modules $GRUB_MODULES in $outdir/grub$efi_name.efi"
"$grub_mkimage" -O "$platform" -o "$outdir/grub$efi_name.efi" \
-d "$grub_core" -p "/EFI/$efi_vendor" \
--sbat "$sbat_csv" \
$GRUB_MODULES
# Normal network boot image
echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name.efi"
"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name.efi" \
-d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \
-m "$workdir/memdisk-netboot.fat" \
......@@ -221,6 +218,7 @@ NET_MODULES="$CD_MODULES
# Special network boot image for d-i to use. Just the same as the
# normal network boot image, but with a different value baked in for
# the prefix setting
echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name-installer.efi"
"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \
-d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \
-m "$workdir/memdisk-netboot.fat" \
......
grub2 (2.04-18parrot1) rolling; urgency=medium
* Import new Debian release.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 17 Jun 2021 15:51:26 +0200
grub2 (2.04-18) unstable; urgency=medium
[ Steve McIntyre ]
* Enable the shim_lock and tpm modules for i386-efi too. Ensure that
tpm is included in our EFI images.
* List the modules we include the EFI images - make it easier to
debug things.
* Add debug to display what's going on with verifiers
[ Colin Watson ]
* util/mkimage: Some fixes to PE binaries section size calculation
(closes: #987103).
-- Colin Watson <cjwatson@debian.org> Sun, 25 Apr 2021 16:20:17 +0100
grub2 (2.04-17parrot1) rolling; urgency=medium
* Import new Debian release.
......
......@@ -37,3 +37,4 @@ Last-Update: 2019-03-20
submenu_indentation="$grub_tab"
From bb6fe7f81818b8d102ca92b174d79aebb62469a0 Mon Sep 17 00:00:00 2001
From: Steve McIntyre <93sam@debian.org>
Date: Sat, 17 Apr 2021 22:05:47 +0100
Subject: Add debug to display what's going on with verifiers
Patch-Name: debug_verifiers.patch
---
grub-core/kern/verifiers.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/kern/verifiers.c b/grub-core/kern/verifiers.c
index 58dbe152a..ff984c8d8 100644
--- a/grub-core/kern/verifiers.c
+++ b/grub-core/kern/verifiers.c
@@ -100,11 +100,13 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
FOR_LIST_ELEMENTS(ver, grub_file_verifiers)
{
enum grub_verify_flags flags = 0;
+ grub_dprintf ("verify", "trying verifier %s\n", ver->name);
err = ver->init (io, type, &context, &flags);
if (err)
goto fail_noclose;
if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
{
+ grub_dprintf ("verify", "verifier %s said GRUB_VERIFY_FLAGS_DEFER_AUTH\n", ver->name);
defer = 1;
continue;
}
From 3d04d38e67bb78127a6ec4329634441c4bf4194c Mon Sep 17 00:00:00 2001
From: Steve McIntyre <93sam@debian.org>
Date: Sat, 17 Apr 2021 22:04:38 +0100
Subject: Enable shim_lock and tpm modules for all efi platforms, not just
x86_64_efi
Patch-Name: enable_shim_lock_i386_efi.patch
---
grub-core/Makefile.core.def | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 43b3da725..b9d2912a0 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -948,7 +948,7 @@ module = {
module = {
name = shim_lock;
common = commands/efi/shim_lock.c;
- enable = x86_64_efi;
+ enable = efi;
};
module = {
@@ -2488,7 +2488,7 @@ module = {
name = tpm;
common = commands/tpm.c;
efi = commands/efi/tpm.c;
- enable = x86_64_efi;
+ enable = efi;
};
module = {
From 0eae44daa60c3f0ce8fdb349ba71b869a6738efd Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 16 Apr 2021 21:37:23 +0200
Subject: util/mkimage: Some fixes to PE binaries section size calculation
Commit f60ba9e5945 (util/mkimage: Refactor section setup to use a helper)
added a helper function to setup PE sections, but it caused regressions
in some arches where the natural alignment lead to wrong section sizes.
This patch fixes a few things that were caused the section sizes to be
calculated wrongly. These fixes are:
* Only align the virtual memory addresses but not the raw data offsets.
* Use aligned sizes for virtual memory sizes but not for raw data sizes.
* Always align the sizes to set the virtual memory sizes.
These seems to not cause problems for x64 and aa64 EFI platforms but was
a problem for ia64. Because the size of the ".data" and "mods" sections
were wrong and didn't have the correct content. Which lead to GRUB not
being able to load any built-in module.
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Bug-Debian: https://bugs.debian.org/987103
Patch-Name: mkimage-fix-section-sizes.patch
---
util/mkimage.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/util/mkimage.c b/util/mkimage.c
index b354ec1d9..9c01723ef 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -841,7 +841,7 @@ init_pe_section(const struct grub_install_image_target_desc *image_target,
section->raw_data_offset = grub_host_to_target32 (*rda);
section->raw_data_size = grub_host_to_target32 (rsz);
- (*rda) = ALIGN_UP (*rda + rsz, GRUB_PE32_FILE_ALIGNMENT);
+ (*rda) = *rda + rsz;
section->characteristics = grub_host_to_target32 (characteristics);
@@ -1296,7 +1296,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
char *pe_img, *pe_sbat, *header;
struct grub_pe32_section_table *section;
size_t n_sections = 4;
- size_t scn_size;
+ size_t scn_size, raw_size;
grub_uint32_t vma, raw_data;
size_t pe_size, header_size;
struct grub_pe32_coff_header *c;
@@ -1397,7 +1397,8 @@ grub_install_generate_image (const char *dir, const char *prefix,
GRUB_PE32_SCN_MEM_EXECUTE |
GRUB_PE32_SCN_MEM_READ);
- scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT);
+ raw_size = layout.kernel_size - layout.exec_size;
+ scn_size = ALIGN_UP (raw_size, GRUB_PE32_FILE_ALIGNMENT);
/* ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT) is done earlier. */
PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + sbat_size +
ALIGN_UP (total_module_size,
@@ -1405,15 +1406,16 @@ grub_install_generate_image (const char *dir, const char *prefix,
section = init_pe_section (image_target, section, ".data",
&vma, scn_size, image_target->section_align,
- &raw_data, scn_size,
+ &raw_data, raw_size,
GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
GRUB_PE32_SCN_MEM_READ |
GRUB_PE32_SCN_MEM_WRITE);
- scn_size = pe_size - layout.reloc_size - sbat_size - raw_data;
+ raw_size = pe_size - layout.reloc_size - sbat_size - raw_data;
+ scn_size = ALIGN_UP (raw_size, GRUB_PE32_FILE_ALIGNMENT);
section = init_pe_section (image_target, section, "mods",
&vma, scn_size, image_target->section_align,
- &raw_data, scn_size,
+ &raw_data, raw_size,
GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
GRUB_PE32_SCN_MEM_READ |
GRUB_PE32_SCN_MEM_WRITE);
@@ -1423,21 +1425,22 @@ grub_install_generate_image (const char *dir, const char *prefix,
pe_sbat = pe_img + raw_data;
grub_util_load_image (sbat_path, pe_sbat);
+ scn_size = ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT);
section = init_pe_section (image_target, section, ".sbat",
- &vma, sbat_size,
+ &vma, scn_size,
image_target->section_align,
&raw_data, sbat_size,
GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
GRUB_PE32_SCN_MEM_READ);
}
- scn_size = layout.reloc_size;
+ scn_size = ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT);
PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma);
PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size);
memcpy (pe_img + raw_data, layout.reloc_section, scn_size);
init_pe_section (image_target, section, ".reloc",
&vma, scn_size, image_target->section_align,
- &raw_data, scn_size,
+ &raw_data, layout.reloc_size,
GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
GRUB_PE32_SCN_MEM_DISCARDABLE |
GRUB_PE32_SCN_MEM_READ);
......@@ -214,3 +214,7 @@ grub-install-inverted-nls-test.patch
2021-02-security/112-gfxmenu-gui-Check-printf-format-in-the-gui_progress_bar-and-gui_label.patch
2021-02-security/113-kern-mm-Fix-grub_debug_calloc-compilation-error.patch
pc-verifiers-module.patch
enable_shim_lock_i386_efi.patch
debug_verifiers.patch
mkimage-fix-section-sizes.patch
add-failsafe-boot-options.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment