libreboot-mirrors/grub
0
0
Fork 0
mirror of https://codeberg.org/libreboot/grub.git synced 2025-07-07 01:12:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: libreboot-mirrors:master
Branches Tags
libreboot-mirrors:master
libreboot-mirrors:grub-2.12
libreboot-mirrors:grub-2.12-rc1
libreboot-mirrors:grub-2.06
libreboot-mirrors:grub-2.06-rc1a
libreboot-mirrors:grub-2.06-rc1
libreboot-mirrors:grub-2.04
libreboot-mirrors:grub-2.04-rc1
libreboot-mirrors:grub-2.02
libreboot-mirrors:2.02
libreboot-mirrors:grub-2.02-rc2
libreboot-mirrors:2.02-rc2
libreboot-mirrors:grub-2.02-rc1
libreboot-mirrors:2.02-rc1
libreboot-mirrors:grub-2.02-beta3
libreboot-mirrors:2.02-beta3
libreboot-mirrors:grub-2.02-beta2
libreboot-mirrors:grub-2.02-beta1
libreboot-mirrors:2.00
libreboot-mirrors:1.99
libreboot-mirrors:1.98
libreboot-mirrors:0.6.96
..
compare: libreboot-mirrors:grub-2.06-rc1
Branches Tags
libreboot-mirrors:master
libreboot-mirrors:grub-2.12
libreboot-mirrors:grub-2.12-rc1
libreboot-mirrors:grub-2.06
libreboot-mirrors:grub-2.06-rc1a
libreboot-mirrors:grub-2.06-rc1
libreboot-mirrors:grub-2.04
libreboot-mirrors:grub-2.04-rc1
libreboot-mirrors:grub-2.02
libreboot-mirrors:2.02
libreboot-mirrors:grub-2.02-rc2
libreboot-mirrors:2.02-rc2
libreboot-mirrors:grub-2.02-rc1
libreboot-mirrors:2.02-rc1
libreboot-mirrors:grub-2.02-beta3
libreboot-mirrors:2.02-beta3
libreboot-mirrors:grub-2.02-beta2
libreboot-mirrors:grub-2.02-beta1
libreboot-mirrors:2.00
libreboot-mirrors:1.99
libreboot-mirrors:1.98
libreboot-mirrors:0.6.96

No commits in common. "master" and "grub-2.06-rc1" have entirely different histories.
master ... grub-2.06-

794 changed files with 63561 additions and 48385 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.gitignore vendored
View file

@ -16,7 +16,6 @@
*.o
*.pf2
*.pp
*.pyc
*.trs
*~
.deps-core/
@ -104,7 +103,6 @@ widthspec.bin
/docs/version-dev.texi
/docs/version.texi
/ehci_test
/erofs_test
/example_grub_script_test
/example_scripted_test
/example_unit_test
@ -141,12 +139,10 @@ widthspec.bin
/grub-core/kernel.img.bin
/grub-core/lib/gnulib
/grub-core/lib/libgcrypt-grub
/grub-core/lib/libtasn1-grub
/grub-core/modinfo.sh
/grub-core/rs_decoder.h
/grub-core/symlist.c
/grub-core/symlist.h
/grub-core/tests/asn1/tests
/grub-core/trigtables.c
/grub-core/unidata.c
/grub-editenv
@ -171,8 +167,6 @@ widthspec.bin
/grub-ofpathname.exe
/grub-probe
/grub-probe.exe
/grub-protect
/grub-protect.exe
/grub-reboot
/grub-render-label
/grub-render-label.exe
@ -236,8 +230,6 @@ widthspec.bin
/lib/libgcrypt-grub
/libgrub_a_init.c
/lzocompress_test
/luks1_test
/luks2_test
/m4/
/minixfs_test
/missing

55487
ChangeLog-2015 Normal file
View file

File diff suppressed because it is too large Load diff

103
INSTALL
View file

@ -4,10 +4,6 @@ This is the GRUB. Welcome.
This file contains instructions for compiling and installing the GRUB.
Where this document refers to packages names, they are named according to the
Debian 11 package repositories. These packages can be found by searching
https://packages.debian.org/.
The Requirements
================
@ -16,15 +12,14 @@ you don't have any of them, please obtain and install them before
configuring the GRUB.
* GCC 5.1.0 or later
Experimental support for clang 8.0.0 or later (results in much bigger binaries)
Experimental support for clang 3.8.0 or later (results in much bigger binaries)
for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
* GNU Make
* GNU Bison 2.3 or later
* GNU gettext
* GNU gettext 0.17 or later
* GNU binutils 2.9.1.0.23 or later
* Flex 2.5.35 or later
* pkg-config
* GNU patch
* Other standard GNU/Unix tools
* a libc with large file support (e.g. glibc 2.1 or later)
@ -36,74 +31,24 @@ For optional grub-emu features, you need:
* SDL (recommended)
* libpciaccess (optional)
* libusb (optional)
To build GRUB's graphical terminal (gfxterm), you need:
* FreeType 2.1.5 or later
* GNU Unifont
To build grub-mkfont the unicode fonts are required (xfonts-unifont package
on Debian).
If you use a development snapshot or want to hack on GRUB you may
need the following.
* Python 3 (NOTE: python 2.6 should still work, but it's not tested)
* Autoconf 2.64 or later
* Automake 1.14 or later
Your distro may package cross-compiling toolchains such as the following
incomplete list on Debian: gcc-aarch64-linux-gnu, gcc-arm-linux-gnueabihf,
gcc-mips-linux-gnu, gcc-mipsel-linux-gnu, gcc-powerpc64-linux-gnu,
gcc-riscv64-linux-gnu, gcc-sparc64-linux-gnu, mingw-w64 and mingw-w64-tools.
More cross compiling toolchains can be found at the following trusted sites:
* https://mirrors.kernel.org/pub/tools/crosstool/
* https://toolchains.bootlin.com/
* Python 2.6 or later
* Autoconf 2.63 or later
* Automake 1.11 or later
Prerequisites for make-check:
* qemu, specifically the binary "qemu-system-ARCH" where ARCH is the
architecture GRUB has been built for; the "qemu-system" package on Debian
will install all needed qemu architectures
* OVMF, for EFI platforms (packages ovmf, ovmf-ia32, qemu-efi-arm, and
qemu-efi-aarch64)
* OpenBIOS, for ieee1275 platforms (packages openbios-ppc and openbios-sparc)
* qemu, specifically the binary 'qemu-system-i386'
* xorriso 1.2.9 or later, for grub-mkrescue and grub-shell
* wamerican, for grub-fs-tester
* mtools, FAT tools for EFI platforms
* xfonts-unifont, for the functional tests
* swtpm-tools and tpm2-tools, for TPM2 key protector tests
* If running a Linux kernel the following modules must be loaded:
- fuse, loop
- btrfs, erofs, ext4, f2fs, fat, hfs, hfsplus, jfs, mac-roman, minix, nilfs2,
reiserfs, udf, xfs
- On newer kernels, the exfat kernel modules may be used instead of the
exfat FUSE filesystem
* The following are Debian named packages required mostly for the full
suite of filesystem testing (but some are needed by other tests as well):
- btrfs-progs, dosfstools, e2fsprogs, erofs-utils, exfatprogs, exfat-fuse,
f2fs-tools, genromfs, hfsprogs, jfsutils, nilfs-tools, ntfs-3g,
reiserfsprogs, squashfs-tools, reiserfsprogs, udftools, xfsprogs, zfs-fuse
- exfat-fuse, if not using the exfat kernel module
- gzip, lzop, xz-utils
- attr, cpio, g++, gawk, parted, recode, tar, util-linux
Note that `make check' will run and many tests may complete successfully
with only a subset of these prerequisites. However, some tests may be
skipped or fail due to missing prerequisites.
To build the documentation you'll need:
* texinfo, for the info and html documentation
* texlive, for building the dvi and pdf documentation (optional)
To use the gdb_grub GDB script you'll need:
* readelf (binutils package)
* objdump (binutils package)
* GNU Debugger > 7, built with python support (gdb package)
* Python >= 3.5 (python3 package)
Configuring the GRUB
====================
@ -141,8 +86,9 @@ The simplest way to compile this package is:
3. Type `./bootstrap'.
The autogen.sh (called by bootstrap) uses python. By default autodetect
it, but it can be overridden by setting the PYTHON variable.
* autogen.sh (called by bootstrap) uses python. By default the
invocation is "python", but it can be overridden by setting the
variable $PYTHON.
4. Type `./configure' to configure the package for your system.
If you're using `csh' on an old version of System V, you might
@ -155,16 +101,12 @@ The simplest way to compile this package is:
6. Type `make' to compile the package.
7. Optionally, type `make check' to run any self-tests that come with
the package. Note that many of the tests require root privileges in
order to run.
the package.
8. Type `make install' to install the programs and any data files and
documentation.
9. Type `make html' or `make pdf' to generate the html or pdf
documentation. Note, these are not built by default.
10. You can remove the program binaries and object files from the
9. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
@ -200,9 +142,8 @@ For this example the configure line might look like (more details below)
(some options are optional and included here for completeness but some rarely
used options are omitted):
./configure --build=sparc64-freebsd --host=x86_64-linux-gnu \
--target=arm-linux-gnueabihf --with-platform=efi \
BUILD_CC=gcc BUILD_PKG_CONFIG=pkg-config \
./configure --host=x86_64-linux-gnu --target=arm-linux-gnueabihf \
--with-platform=efi BUILD_CC=gcc BUILD_PKG_CONFIG=pkg-config \
HOST_CC=x86_64-linux-gnu-gcc HOST_CFLAGS='-g -O2' \
PKG_CONFIG=x86_64-linux-gnu-pkg-config TARGET_CC=arm-linux-gnueabihf-gcc \
TARGET_CFLAGS='-Os -march=armv8.3-a' TARGET_CCASFLAGS='-march=armv8.3-a' \
@ -210,10 +151,6 @@ used options are omitted):
TARGET_STRIP=arm-linux-gnueabihf-strip TARGET_NM=arm-linux-gnueabihf-nm \
TARGET_RANLIB=arm-linux-gnueabihf-ranlib LEX=flex
Note, that the autoconf 2.65 manual states that when using the --host argument
to configure, the --build argument should be specified as well. Not sending
--build, enters a compatibility mode that will be removed in the future.
Normally, for building a GRUB on amd64 with tools to run on amd64 to
generate images to run on ARM, using your Linux distribution's
packaged cross compiler, the following would suffice:
@ -225,14 +162,13 @@ version look at prerequisites. All tools not mentioned in this section under
corresponding platform are not needed for the platform in question.
- For build
1. --build= to autoconf name of build.
2. BUILD_CC= to gcc able to compile for build. This is used, for
1. BUILD_CC= to gcc able to compile for build. This is used, for
example, to compile build-gentrigtables which is then run to
generate sin and cos tables.
3. BUILD_CFLAGS= for C options for build.
4. BUILD_CPPFLAGS= for C preprocessor options for build.
5. BUILD_LDFLAGS= for linker options for build.
6. BUILD_PKG_CONFIG= for pkg-config for build (optional).
2. BUILD_CFLAGS= for C options for build.
3. BUILD_CPPFLAGS= for C preprocessor options for build.
4. BUILD_LDFLAGS= for linker options for build.
5. BUILD_PKG_CONFIG= for pkg-config for build (optional).
- For host
1. --host= to autoconf name of host.
@ -269,6 +205,7 @@ corresponding platform are not needed for the platform in question.
- Additionally for emu, for host and target.
1. SDL is looked for in standard linker directories (-lSDL) (optional)
2. libpciaccess is looked for in standard linker directories (-lpciaccess) (optional)
3. libusb is looked for in standard linker directories (-lusb) (optional)
- Platform-agnostic tools and data.
1. make is the tool you execute after ./configure.

35
MAINTAINERS
View file

@ -1,35 +0,0 @@
List of current GRUB maintainers and some basic information about the project
=============================================================================
Here is the list of current GRUB maintainers:
- Daniel Kiper <daniel.kiper@oracle.com> and <dkiper@net-space.pl>,
- Alex Burmashev <alexander.burmashev@oracle.com>,
- Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>.
The maintainers drive and overlook the GRUB development.
If you found a security vulnerability in the GRUB please check the SECURITY
file to get more information how to properly report this kind of bugs to
the maintainers.
The GRUB development happens on the grub-devel mailing list [1]. The latest
GRUB source code is available at Savannah git repository [2].
Users can ask for help on the help-grub mailing list [3].
List of past GRUB maintainers and people who strongly contributed to the project
================================================================================
Here is the list, sorted alphabetically, of past GRUB maintainers and people who
strongly contributed to the project:
- Andrei Borzenkov,
- Bryan Ford,
- Erich Stefan Boleyn,
- Gordon Matzigkeit,
- Yoshinori K. Okuji.
[1] https://lists.gnu.org/mailman/listinfo/grub-devel
[2] https://git.savannah.gnu.org/gitweb/?p=grub.git&view=view+git+repository
[3] https://lists.gnu.org/mailman/listinfo/help-grub

17
Makefile.am
View file

@ -24,15 +24,6 @@ CCASFLAGS_PROGRAM += $(CCASFLAGS_GNULIB)
include $(srcdir)/Makefile.util.am
check_SCRIPTS = $(check_SCRIPTS_native) $(check_SCRIPTS_nonnative)
check_PROGRAMS = $(check_PROGRAMS_native) $(check_PROGRAMS_nonnative)
TESTS = $(check_SCRIPTS) $(check_PROGRAMS)
check-native:
$(MAKE) TESTS="$(check_PROGRAMS_native) $(check_SCRIPTS_native)" check
check-nonnative:
$(MAKE) TESTS="$(check_PROGRAMS_nonnative) $(check_SCRIPTS_nonnative)" check
# XXX Use Automake's LEX & YACC support
grub_script.tab.h: $(top_srcdir)/grub-core/script/parser.y
$(YACC) -d -p grub_script_yy -b grub_script $(top_srcdir)/grub-core/script/parser.y
@ -52,7 +43,7 @@ libgrub.pp: config-util.h grub_script.tab.h grub_script.yy.h $(libgrubmods_a_SOU
CLEANFILES += libgrub.pp
libgrub_a_init.lst: libgrub.pp
cat $< | grep '^@MARKER@' | sed 's/@MARKER@\(.*\)@/\1/g' | sort -u > $@ || (rm -f $@; exit 1)
cat $< | grep '@MARKER@' | sed 's/@MARKER@\(.*\)@/\1/g' | sort -u > $@ || (rm -f $@; exit 1)
CLEANFILES += libgrub_a_init.lst
libgrub_a_init.c: libgrub_a_init.lst $(top_srcdir)/geninit.sh
@ -60,13 +51,13 @@ libgrub_a_init.c: libgrub_a_init.lst $(top_srcdir)/geninit.sh
CLEANFILES += libgrub_a_init.c
# For grub-fstest
grub_fstest.pp: config-util.h $(grub_fstest_SOURCES)
grub_fstest.pp: $(grub_fstest_SOURCES)
$(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(grub_fstest_CPPFLAGS) $(CPPFLAGS) \
-D'GRUB_MOD_INIT(x)=@MARKER@x@' $^ > $@ || (rm -f $@; exit 1)
CLEANFILES += grub_fstest.pp
grub_fstest_init.lst: libgrub.pp grub_fstest.pp
cat $^ | grep '^@MARKER@' | sed 's/@MARKER@\(.*\)@/\1/g' | sort -u > $@ || (rm -f $@; exit 1)
cat $^ | grep '@MARKER@' | sed 's/@MARKER@\(.*\)@/\1/g' | sort -u > $@ || (rm -f $@; exit 1)
CLEANFILES += grub_fstest_init.lst
grub_fstest_init.c: grub_fstest_init.lst $(top_srcdir)/geninit.sh
@ -482,6 +473,8 @@ ChangeLog: FORCE
touch $@; \
fi
EXTRA_DIST += ChangeLog ChangeLog-2015
syslinux_test: $(top_builddir)/config.status tests/syslinux/ubuntu10.04_grub.cfg
# Mimic simplify_filename from grub-core/lib/syslinux_parse.c, so that we

253
Makefile.util.def
View file

@ -40,7 +40,6 @@ library = {
common = grub-core/disk/luks.c;
common = grub-core/disk/luks2.c;
common = grub-core/disk/geli.c;
common = grub-core/disk/key_protector.c;
common = grub-core/disk/cryptodisk.c;
common = grub-core/disk/AFSplitter.c;
common = grub-core/lib/pbkdf2.c;
@ -56,7 +55,7 @@ library = {
library = {
name = libgrubmods.a;
cflags = '-fno-builtin -Wno-undef -Wno-unused-but-set-variable';
cflags = '-fno-builtin -Wno-undef';
cppflags = '-I$(srcdir)/grub-core/lib/minilzo -I$(srcdir)/grub-core/lib/xzembed -I$(srcdir)/grub-core/lib/zstd -DMINILZO_HAVE_CONFIG_H';
common_nodist = grub_script.tab.c;
@ -99,7 +98,6 @@ library = {
common = grub-core/fs/cpio_be.c;
common = grub-core/fs/odc.c;
common = grub-core/fs/newc.c;
common = grub-core/fs/erofs.c;
common = grub-core/fs/ext2.c;
common = grub-core/fs/fat.c;
common = grub-core/fs/exfat.c;
@ -165,7 +163,6 @@ library = {
common = grub-core/kern/ia64/dl_helper.c;
common = grub-core/kern/arm/dl_helper.c;
common = grub-core/kern/arm64/dl_helper.c;
common = grub-core/kern/loongarch64/dl_helper.c;
common = grub-core/lib/minilzo/minilzo.c;
common = grub-core/lib/xzembed/xz_dec_bcj.c;
common = grub-core/lib/xzembed/xz_dec_lzma2.c;
@ -208,32 +205,6 @@ program = {
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
program = {
name = grub-protect;
mansection = 1;
common = grub-core/kern/emu/argp_common.c;
common = grub-core/osdep/init.c;
common = grub-core/lib/tss2/buffer.c;
common = grub-core/lib/tss2/tss2_mu.c;
common = grub-core/lib/tss2/tpm2_cmd.c;
common = grub-core/commands/tpm2_key_protector/args.c;
common = grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c;
common = util/grub-protect.c;
common = util/probe.c;
cflags = '-I$(srcdir)/grub-core/lib/tss2 -I$(srcdir)/grub-core/commands/tpm2_key_protector';
ldadd = libgrubmods.a;
ldadd = libgrubgcry.a;
ldadd = libgrubkern.a;
ldadd = grub-core/lib/gnulib/libgnu.a;
ldadd = '$(LIBTASN1)';
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
condition = COND_GRUB_PROTECT;
};
program = {
name = grub-mkrelpath;
mansection = 1;
@ -338,13 +309,11 @@ program = {
common = grub-core/disk/host.c;
common = grub-core/osdep/init.c;
cflags = '$(FUSE_CFLAGS)';
ldadd = libgrubmods.a;
ldadd = libgrubgcry.a;
ldadd = libgrubkern.a;
ldadd = grub-core/lib/gnulib/libgnu.a;
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM) $(FUSE_LIBS)';
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM) -lfuse';
condition = COND_GRUB_MOUNT;
};
@ -539,12 +508,6 @@ script = {
condition = COND_HOST_LINUX;
};
script = {
name = '25_bli';
common = util/grub.d/25_bli.in;
installdir = grubconf;
};
script = {
name = '30_os-prober';
common = util/grub.d/30_os-prober.in;
@ -778,12 +741,6 @@ script = {
installdir = noinst;
};
script = {
name = grub-shell-luks-tester;
common = tests/util/grub-shell-luks-tester.in;
installdir = noinst;
};
script = {
name = grub-fs-tester;
common = tests/util/grub-fs-tester.in;
@ -792,512 +749,470 @@ script = {
};
script = {
testcase = native;
name = erofs_test;
common = tests/erofs_test.in;
};
script = {
testcase = native;
testcase;
name = ext234_test;
common = tests/ext234_test.in;
};
script = {
testcase = native;
testcase;
name = squashfs_test;
common = tests/squashfs_test.in;
};
script = {
testcase = native;
testcase;
name = iso9660_test;
common = tests/iso9660_test.in;
};
script = {
testcase = native;
testcase;
name = hfsplus_test;
common = tests/hfsplus_test.in;
};
script = {
testcase = native;
testcase;
name = ntfs_test;
common = tests/ntfs_test.in;
};
script = {
testcase = native;
testcase;
name = reiserfs_test;
common = tests/reiserfs_test.in;
};
script = {
testcase = native;
testcase;
name = fat_test;
common = tests/fat_test.in;
};
script = {
testcase = native;
testcase;
name = minixfs_test;
common = tests/minixfs_test.in;
};
script = {
testcase = native;
testcase;
name = xfs_test;
common = tests/xfs_test.in;
};
script = {
testcase = native;
testcase;
name = f2fs_test;
common = tests/f2fs_test.in;
};
script = {
testcase = native;
testcase;
name = nilfs2_test;
common = tests/nilfs2_test.in;
};
script = {
testcase = native;
testcase;
name = romfs_test;
common = tests/romfs_test.in;
};
script = {
testcase = native;
testcase;
name = exfat_test;
common = tests/exfat_test.in;
};
script = {
testcase = native;
testcase;
name = tar_test;
common = tests/tar_test.in;
};
script = {
testcase = native;
testcase;
name = udf_test;
common = tests/udf_test.in;
};
script = {
testcase = native;
testcase;
name = hfs_test;
common = tests/hfs_test.in;
};
script = {
testcase = native;
testcase;
name = jfs_test;
common = tests/jfs_test.in;
};
script = {
testcase = native;
testcase;
name = btrfs_test;
common = tests/btrfs_test.in;
};
script = {
testcase = native;
testcase;
name = zfs_test;
common = tests/zfs_test.in;
};
script = {
testcase = native;
testcase;
name = cpio_test;
common = tests/cpio_test.in;
};
script = {
testcase = native;
testcase;
name = example_scripted_test;
common = tests/example_scripted_test.in;
};
script = {
testcase = native;
testcase;
name = gettext_strings_test;
common = tests/gettext_strings_test.in;
extra_dist = po/exclude.pot;
};
script = {
testcase = nonnative;
testcase;
name = pata_test;
common = tests/pata_test.in;
};
script = {
testcase = nonnative;
testcase;
name = ahci_test;
common = tests/ahci_test.in;
};
script = {
testcase = nonnative;
testcase;
name = uhci_test;
common = tests/uhci_test.in;
};
script = {
testcase = nonnative;
testcase;
name = ohci_test;
common = tests/ohci_test.in;
};
script = {
testcase = nonnative;
testcase;
name = ehci_test;
common = tests/ehci_test.in;
};
script = {
testcase = nonnative;
testcase;
name = example_grub_script_test;
common = tests/example_grub_script_test.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_eval;
common = tests/grub_script_eval.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_test;
common = tests/grub_script_test.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_echo1;
common = tests/grub_script_echo1.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_leading_whitespace;
common = tests/grub_script_leading_whitespace.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_echo_keywords;
common = tests/grub_script_echo_keywords.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_vars1;
common = tests/grub_script_vars1.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_for1;
common = tests/grub_script_for1.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_while1;
common = tests/grub_script_while1.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_if;
common = tests/grub_script_if.in;
};
script = {
testcase = native;
testcase;
name = grub_script_blanklines;
common = tests/grub_script_blanklines.in;
};
script = {
testcase = native;
testcase;
name = grub_script_final_semicolon;
common = tests/grub_script_final_semicolon.in;
};
script = {
testcase = native;
testcase;
name = grub_script_dollar;
common = tests/grub_script_dollar.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_comments;
common = tests/grub_script_comments.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_functions;
common = tests/grub_script_functions.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_break;
common = tests/grub_script_break.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_continue;
common = tests/grub_script_continue.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_shift;
common = tests/grub_script_shift.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_blockarg;
common = tests/grub_script_blockarg.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_setparams;
common = tests/grub_script_setparams.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_return;
common = tests/grub_script_return.in;
};
script = {
testcase = nonnative;
name = grub_cmd_cryptomount;
common = tests/grub_cmd_cryptomount.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_regexp;
common = tests/grub_cmd_regexp.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_date;
common = tests/grub_cmd_date.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_set_date;
common = tests/grub_cmd_set_date.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_sleep;
common = tests/grub_cmd_sleep.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_expansion;
common = tests/grub_script_expansion.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_not;
common = tests/grub_script_not.in;
};
script = {
testcase = native;
testcase;
name = grub_script_no_commands;
common = tests/grub_script_no_commands.in;
};
script = {
testcase = nonnative;
testcase;
name = partmap_test;
common = tests/partmap_test.in;
};
script = {
testcase = nonnative;
testcase;
name = hddboot_test;
common = tests/hddboot_test.in;
};
script = {
testcase = nonnative;
testcase;
name = fddboot_test;
common = tests/fddboot_test.in;
};
script = {
testcase = nonnative;
testcase;
name = cdboot_test;
common = tests/cdboot_test.in;
};
script = {
testcase = nonnative;
testcase;
name = netboot_test;
common = tests/netboot_test.in;
};
script = {
testcase = nonnative;
name = serial_test;
common = tests/serial_test.in;
};
script = {
testcase = nonnative;
testcase;
name = pseries_test;
common = tests/pseries_test.in;
};
script = {
testcase = nonnative;
testcase;
name = core_compress_test;
common = tests/core_compress_test.in;
};
script = {
testcase = nonnative;
testcase;
name = xzcompress_test;
common = tests/xzcompress_test.in;
};
script = {
testcase = nonnative;
testcase;
name = gzcompress_test;
common = tests/gzcompress_test.in;
};
script = {
testcase = nonnative;
testcase;
name = lzocompress_test;
common = tests/lzocompress_test.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_echo;
common = tests/grub_cmd_echo.in;
};
script = {
testcase = nonnative;
testcase;
name = help_test;
common = tests/help_test.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_gettext;
common = tests/grub_script_gettext.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_escape_comma;
common = tests/grub_script_escape_comma.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_script_strcmp;
common = tests/grub_script_strcmp.in;
};
script = {
testcase = nonnative;
testcase;
name = test_sha512sum;
common = tests/test_sha512sum.in;
};
script = {
testcase = nonnative;
testcase;
name = test_unset;
common = tests/test_unset.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_func_test;
common = tests/grub_func_test.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_tr;
common = tests/grub_cmd_tr.in;
};
script = {
testcase = nonnative;
testcase;
name = file_filter_test;
common = tests/file_filter_test.in;
};
script = {
testcase = nonnative;
testcase;
name = grub_cmd_test;
common = tests/grub_cmd_test.in;
};
script = {
testcase = native;
testcase;
name = syslinux_test;
common = tests/syslinux_test.in;
};
script = {
testcase = native;
name = luks1_test;
common = tests/luks1_test.in;
};
script = {
testcase = native;
name = luks2_test;
common = tests/luks2_test.in;
};
script = {
testcase = native;
name = asn1_test;
common = tests/asn1_test.in;
};
script = {
testcase = native;
name = tpm2_key_protector_test;
common = tests/tpm2_key_protector_test.in;
};
program = {
testcase = native;
testcase;
name = example_unit_test;
common = tests/example_unit_test.c;
common = tests/lib/unit_test.c;
@ -1312,7 +1227,7 @@ program = {
};
program = {
testcase = native;
testcase;
name = printf_test;
common = tests/printf_unit_test.c;
common = tests/lib/unit_test.c;
@ -1327,7 +1242,7 @@ program = {
};
program = {
testcase = native;
testcase;
name = date_test;
common = tests/date_unit_test.c;
common = tests/lib/unit_test.c;
@ -1342,7 +1257,7 @@ program = {
};
program = {
testcase = native;
testcase;
name = priority_queue_unit_test;
common = tests/priority_queue_unit_test.cc;
common = tests/lib/unit_test.c;
@ -1359,7 +1274,7 @@ program = {
};
program = {
testcase = native;
testcase;
name = cmp_test;
common = tests/cmp_unit_test.c;
common = tests/lib/unit_test.c;

34
NEWS
View file

@ -1,37 +1,3 @@
New in 2.12:
* GCC 13 support.
* clang 14 support.
* binutils 2.38 support.
* Unification of EFI Linux kernel loader across architectures.
* Transition to EFI Linux kernel stub loader for x86 architecture.
* Initial support for Boot Loader Interface.
* Support for dynamic GRUB runtime memory addition using firmware calls.
* PCI and MMIO UARTs support.
* SDL2 support.
* LoongArch support.
* TPM driver fixes.
* Many filesystems fixes.
* Many CVE and Coverity fixes.
* Debugging support improvements.
* Tests improvements.
* Documentation improvements.
* ...and tons of other fixes and cleanups...
New in 2.06:
* GCC 10 support.
* clang 10 support.
* SBAT support.
* LUKS2 support.
* Drop small MBR gap support.
* Xen Security Modules (XSM/FLASK) support.
* The lockdown mechanism similar to the Linux kernel one.
* Disable the os-prober by default.
* Many backports of GRUB distros specific patches.
* BootHole and BootHole2 fixes.
* ...and tons of other fixes and cleanups...
New in 2.04:
* GCC 8 and 9 support.

6
README
View file

@ -7,12 +7,6 @@ See the file NEWS for a description of recent changes to GRUB 2.
See the file INSTALL for instructions on how to build and install the
GRUB 2 data and program files.
See the file MAINTAINERS for information about the GRUB maintainers, etc.
If you found a security vulnerability in the GRUB please check the SECURITY
file to get more information how to properly report this kind of bugs to
the maintainers.
Please visit the official web page of GRUB 2, for more information.
The URL is <http://www.gnu.org/software/grub/grub.html>.

60
SECURITY
View file

@ -1,60 +0,0 @@
Security Policy
===============
To report a vulnerability see "Reporting a Vulnerability" below.
Security Incident Policy
========================
Security bug reports are treated with special attention and are handled
differently from normal bugs. In particular, security sensitive bugs are not
handled in public but in private. Information about the bug and access to it
is restricted to people in the security group, the individual engineers that
work on fixing it, and any other person who needs to be involved for organisational
reasons. The process is handled by the security team, which decides on the people
involved in order to fix the issue. It is also guaranteed that the person reporting
the issue has visibility into the process of fixing it. Any security issue gets
prioritized according to its security rating. The issue is opened up to the public
in coordination with the release schedule and the reporter.
Disclosure Policy
=================
Everyone involved in the handling of a security issue - including the reporter -
is required to adhere to the following policy. Any information related to
a security issue must be treated as confidential and only shared with trusted
partners if necessary, for example to coordinate a release or manage exposure
of clients to the issue. No information must be disclosed to the public before
the embargo ends. The embargo time is agreed upon by all involved parties. It
should be as short as possible without putting any users at risk.
Supported Versions
==================
Only the most recent version of the GRUB is supported.
Reporting a Vulnerability
=========================
The security report should be encrypted with the PGP keys and sent to ALL email
addresses listed below. Every vulnerability report will be assessed within
72 hours of receiving it. If the outcome of the assessment is that the report
describes a security issue, the report will be transferred into an issue on the
internal vulnerability project for further processing. The reporter is updated
on each step of the process.
While there's currently no bug bounty program we appreciate every report.
* Contact: Daniel Kiper <daniel.kiper@oracle.com> and
Daniel Kiper <dkiper@net-space.pl>
* PGP Key Fingerprint: BE5C 2320 9ACD DACE B20D B0A2 8C81 89F1 988C 2166
* Contact: Alex Burmashev <alexander.burmashev@oracle.com>
* PGP Key Fingerprint: 50A4 EC06 EF7E B84D 67E0 3BB6 2AE2 C87E 28EF 2E6E
* Contact: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
* PGP Key Fingerprint: E53D 497F 3FA4 2AD8 C9B4 D1E8 35A9 3B74 E82E 4209

2
acinclude.m4
View file

@ -430,7 +430,7 @@ link_nopie_needed=no]
AC_MSG_CHECKING([whether linker needs disabling of PIE to work])
AC_LANG_CONFTEST([AC_LANG_SOURCE([[]])])
[if eval "$ac_compile -Wl,-r -nostdlib -Werror -o conftest.o" 2> /dev/null; then]
[if eval "$ac_compile -Wl,-r,-d -nostdlib -Werror -o conftest.o" 2> /dev/null; then]
AC_MSG_RESULT([no])
[# Should we clear up other files as well, having called `AC_LANG_CONFTEST'?
rm -f conftest.o

50
autogen.sh
View file

@ -7,21 +7,8 @@ if [ ! -e grub-core/lib/gnulib/stdlib.in.h ]; then
exit 1
fi
# Detect python
if [ -z "$PYTHON" ]; then
for i in python3 python3.10 python; do
if command -v "$i" > /dev/null 2>&1; then
PYTHON="$i"
echo "Using $PYTHON..."
break
fi
done
if [ -z "$PYTHON" ]; then
echo "python not found." >&2
exit 1
fi
fi
# Set ${PYTHON} to plain 'python' if not set already
: ${PYTHON:=python}
export LC_COLLATE=C
unset LC_ALL
@ -51,39 +38,6 @@ for x in mpi-asm-defs.h mpih-add1.c mpih-sub1.c mpih-mul1.c mpih-mul2.c mpih-mul
cp grub-core/lib/libgcrypt-grub/mpi/generic/"$x" grub-core/lib/libgcrypt-grub/mpi/"$x"
done
echo "Importing libtasn1..."
if [ -d grub-core/lib/libtasn1-grub ]; then
rm -rf grub-core/lib/libtasn1-grub
fi
mkdir -p grub-core/lib/libtasn1-grub/lib
cp grub-core/lib/libtasn1/lib/*.[ch] grub-core/lib/libtasn1-grub/lib
cp grub-core/lib/libtasn1/libtasn1.h grub-core/lib/libtasn1-grub/
if [ -d grub-core/tests/asn1/tests ]; then
rm -rf grub-core/tests/asn1/tests
fi
mkdir grub-core/tests/asn1/tests
cp grub-core/lib/libtasn1/tests/*.[ch] grub-core/tests/asn1/tests
for patch in \
0001-libtasn1-disable-code-not-needed-in-grub.patch \
0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch \
0003-libtasn1-replace-strcat-with-_asn1_str_cat.patch \
0004-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch \
0005-libtasn1-Use-grub_divmod64-for-division.patch \
0006-libtasn1-fix-the-potential-buffer-overrun.patch \
0007-asn1_test-include-asn1_test.h-only.patch \
0008-asn1_test-rename-the-main-functions-to-the-test-name.patch \
0009-asn1_test-return-either-0-or-1-to-reflect-the-result.patch \
0010-asn1_test-remove-verbose-and-the-unnecessary-printf.patch \
0011-asn1_test-print-the-error-messages-with-grub_printf.patch \
0012-asn1_test-use-the-grub-specific-functions-and-types.patch \
0013-asn1_test-enable-the-testcase-only-when-GRUB_LONG_MA.patch ; do
patch -p1 -i grub-core/lib/libtasn1-patches/$patch
done
echo "Generating Automake input..."
# Automake doesn't like including files from a path outside the project.

313
bootstrap
View file

@ -1,10 +1,10 @@
#! /bin/sh
# Print a version string.
scriptversion=2022-01-26.05; # UTC
scriptversion=2019-01-04.17; # UTC
# Bootstrap this package from checked-out sources.
# Copyright (C) 2003-2022 Free Software Foundation, Inc.
# Copyright (C) 2003-2019 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -47,7 +47,7 @@ PERL="${PERL-perl}"
me=$0
default_gnulib_url=https://git.savannah.gnu.org/git/gnulib.git
default_gnulib_url=git://git.sv.gnu.org/gnulib
usage() {
cat <<EOF
@ -71,9 +71,7 @@ Options:
--no-git do not use git to update gnulib. Requires that
--gnulib-srcdir point to a correct gnulib snapshot
--skip-po do not download po files
EOF
bootstrap_print_option_usage_hook
cat <<EOF
If the file $me.conf exists in the same directory as this script, its
contents are read as shell variables to configure the bootstrap.
@ -115,12 +113,6 @@ Running without arguments will suffice in most cases.
EOF
}
copyright_year=`echo "$scriptversion" | sed -e 's/[^0-9].*//'`
copyright="Copyright (C) ${copyright_year} Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law."
# warnf_ FORMAT-STRING ARG1...
warnf_ ()
{
@ -162,18 +154,6 @@ gnulib_files=
: ${AUTOPOINT=autopoint}
: ${AUTORECONF=autoreconf}
# A function to be called for each unrecognized option. Returns 0 if
# the option in $1 has been processed by the function. Returns 1 if
# the option has not been processed by the function. Override it via
# your own definition in bootstrap.conf
bootstrap_option_hook() { return 1; }
# A function to be called in order to print the --help information
# corresponding to user-defined command-line options.
bootstrap_print_option_usage_hook() { :; }
# A function to be called right after gnulib-tool is run.
# Override it via your own definition in bootstrap.conf.
bootstrap_post_import_hook() { :; }
@ -186,11 +166,11 @@ bootstrap_epilogue() { :; }
# specified directory. Fill in the first %s with the destination
# directory and the second with the domain name.
po_download_command_format=\
"wget --mirror --level=1 -nd -nv -A.po -P '%s' \
"wget --mirror --level=1 -nd -q -A.po -P '%s' \
https://translationproject.org/latest/%s/"
# Prefer a non-empty tarname (4th argument of AC_INIT if given), else
# fall back to the package name (1st argument with munging).
# fall back to the package name (1st argument with munging)
extract_package_name='
/^AC_INIT(\[*/{
s///
@ -207,11 +187,8 @@ extract_package_name='
p
}
'
package=$(${AUTOCONF:-autoconf} --trace AC_INIT:\$4 configure.ac 2>/dev/null)
if test -z "$package"; then
package=$(sed -n "$extract_package_name" configure.ac) \
|| die 'cannot find package name in configure.ac'
fi
gnulib_name=lib$package
build_aux=build-aux
@ -313,6 +290,62 @@ find_tool ()
eval "export $find_tool_envvar"
}
# Override the default configuration, if necessary.
# Make sure that bootstrap.conf is sourced from the current directory
# if we were invoked as "sh bootstrap".
case "$0" in
*/*) test -r "$0.conf" && . "$0.conf" ;;
*) test -r "$0.conf" && . ./"$0.conf" ;;
esac
if test "$vc_ignore" = auto; then
vc_ignore=
test -d .git && vc_ignore=.gitignore
test -d CVS && vc_ignore="$vc_ignore .cvsignore"
fi
if test x"$gnulib_modules$gnulib_files$gnulib_extra_files" = x; then
use_gnulib=false
else
use_gnulib=true
fi
# Translate configuration into internal form.
# Parse options.
for option
do
case $option in
--help)
usage
exit;;
--gnulib-srcdir=*)
GNULIB_SRCDIR=${option#--gnulib-srcdir=};;
--skip-po)
SKIP_PO=t;;
--force)
checkout_only_file=;;
--copy)
copy=true;;
--bootstrap-sync)
bootstrap_sync=true;;
--no-bootstrap-sync)
bootstrap_sync=false;;
--no-git)
use_git=false;;
*)
die "$option: unknown option";;
esac
done
$use_git || test -d "$GNULIB_SRCDIR" \
|| die "Error: --no-git requires --gnulib-srcdir"
if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then
die "Bootstrapping from a non-checked-out distribution is risky."
fi
# Strip blank and comment lines to leave significant entries.
gitignore_entries() {
sed '/^#/d; /^$/d' "$@"
@ -354,137 +387,6 @@ insert_vc_ignore() {
insert_if_absent "$vc_ignore_file" "$pattern"
}
symlink_to_dir()
{
src=$1/$2
dst=${3-$2}
test -f "$src" && {
# If the destination directory doesn't exist, create it.
# This is required at least for "lib/uniwidth/cjk.h".
dst_dir=$(dirname "$dst")
if ! test -d "$dst_dir"; then
mkdir -p "$dst_dir"
# If we've just created a directory like lib/uniwidth,
# tell version control system(s) it's ignorable.
# FIXME: for now, this does only one level
parent=$(dirname "$dst_dir")
for dot_ig in x $vc_ignore; do
test $dot_ig = x && continue
ig=$parent/$dot_ig
insert_vc_ignore $ig "${dst_dir##*/}"
done
fi
if $copy; then
{
test ! -h "$dst" || {
echo "$me: rm -f $dst" &&
rm -f "$dst"
}
} &&
test -f "$dst" &&
cmp -s "$src" "$dst" || {
echo "$me: cp -fp $src $dst" &&
cp -fp "$src" "$dst"
}
else
# Leave any existing symlink alone, if it already points to the source,
# so that broken build tools that care about symlink times
# aren't confused into doing unnecessary builds. Conversely, if the
# existing symlink's timestamp is older than the source, make it afresh,
# so that broken tools aren't confused into skipping needed builds. See
# <https://lists.gnu.org/r/bug-gnulib/2011-05/msg00326.html>.
test -h "$dst" &&
src_ls=$(ls -diL "$src" 2>/dev/null) && set $src_ls && src_i=$1 &&
dst_ls=$(ls -diL "$dst" 2>/dev/null) && set $dst_ls && dst_i=$1 &&
test "$src_i" = "$dst_i" &&
both_ls=$(ls -dt "$src" "$dst") &&
test "X$both_ls" = "X$dst$nl$src" || {
dot_dots=
case $src in
/*) ;;
*)
case /$dst/ in
*//* | */../* | */./* | /*/*/*/*/*/)
die "invalid symlink calculation: $src -> $dst";;
/*/*/*/*/) dot_dots=../../../;;
/*/*/*/) dot_dots=../../;;
/*/*/) dot_dots=../;;
esac;;
esac
echo "$me: ln -fs $dot_dots$src $dst" &&
ln -fs "$dot_dots$src" "$dst"
}
fi
}
}
# Override the default configuration, if necessary.
# Make sure that bootstrap.conf is sourced from the current directory
# if we were invoked as "sh bootstrap".
case "$0" in
*/*) test -r "$0.conf" && . "$0.conf" ;;
*) test -r "$0.conf" && . ./"$0.conf" ;;
esac
if test "$vc_ignore" = auto; then
vc_ignore=
test -d .git && vc_ignore=.gitignore
test -d CVS && vc_ignore="$vc_ignore .cvsignore"
fi
if test x"$gnulib_modules$gnulib_files$gnulib_extra_files" = x; then
use_gnulib=false
else
use_gnulib=true
fi
# Translate configuration into internal form.
# Parse options.
for option
do
case $option in
--help)
usage
exit;;
--version)
set -e
echo "bootstrap $scriptversion"
echo "$copyright"
exit 0
;;
--gnulib-srcdir=*)
GNULIB_SRCDIR=${option#--gnulib-srcdir=};;
--skip-po)
SKIP_PO=t;;
--force)
checkout_only_file=;;
--copy)
copy=true;;
--bootstrap-sync)
bootstrap_sync=true;;
--no-bootstrap-sync)
bootstrap_sync=false;;
--no-git)
use_git=false;;
*)
bootstrap_option_hook $option || die "$option: unknown option";;
esac
done
$use_git || test -d "$GNULIB_SRCDIR" \
|| die "Error: --no-git requires --gnulib-srcdir"
if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then
die "Bootstrapping from a non-checked-out distribution is risky."
fi
# Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac.
found_aux_dir=no
grep '^[ ]*AC_CONFIG_AUX_DIR(\['"$build_aux"'\])' configure.ac \
@ -763,25 +665,9 @@ if $use_gnulib; then
shallow=
if test -z "$GNULIB_REVISION"; then
git clone -h 2>&1 | grep -- --depth > /dev/null && shallow='--depth 2'
fi
git clone $shallow ${GNULIB_URL:-$default_gnulib_url} "$gnulib_path" \
|| cleanup_gnulib
else
git fetch -h 2>&1 | grep -- --depth > /dev/null && shallow='--depth 2'
mkdir -p "$gnulib_path"
# Only want a shallow checkout of $GNULIB_REVISION, but git does not
# support cloning by commit hash. So attempt a shallow fetch by commit
# hash to minimize the amount of data downloaded and changes needed to
# be processed, which can drastically reduce download and processing
# time for checkout. If the fetch by commit fails, a shallow fetch can
# not be performed because we do not know what the depth of the commit
# is without fetching all commits. So fallback to fetching all commits.
git -C "$gnulib_path" init
git -C "$gnulib_path" remote add origin ${GNULIB_URL:-$default_gnulib_url}
git -C "$gnulib_path" fetch $shallow origin "$GNULIB_REVISION" \
|| git -C "$gnulib_path" fetch origin \
|| cleanup_gnulib
git -C "$gnulib_path" reset --hard FETCH_HEAD
fi
trap - 1 2 13 15
fi
@ -898,6 +784,75 @@ case $SKIP_PO in
fi;;
esac
symlink_to_dir()
{
src=$1/$2
dst=${3-$2}
test -f "$src" && {
# If the destination directory doesn't exist, create it.
# This is required at least for "lib/uniwidth/cjk.h".
dst_dir=$(dirname "$dst")
if ! test -d "$dst_dir"; then
mkdir -p "$dst_dir"
# If we've just created a directory like lib/uniwidth,
# tell version control system(s) it's ignorable.
# FIXME: for now, this does only one level
parent=$(dirname "$dst_dir")
for dot_ig in x $vc_ignore; do
test $dot_ig = x && continue
ig=$parent/$dot_ig
insert_vc_ignore $ig "${dst_dir##*/}"
done
fi
if $copy; then
{
test ! -h "$dst" || {
echo "$me: rm -f $dst" &&
rm -f "$dst"
}
} &&
test -f "$dst" &&
cmp -s "$src" "$dst" || {
echo "$me: cp -fp $src $dst" &&
cp -fp "$src" "$dst"
}
else
# Leave any existing symlink alone, if it already points to the source,
# so that broken build tools that care about symlink times
# aren't confused into doing unnecessary builds. Conversely, if the
# existing symlink's timestamp is older than the source, make it afresh,
# so that broken tools aren't confused into skipping needed builds. See
# <https://lists.gnu.org/r/bug-gnulib/2011-05/msg00326.html>.
test -h "$dst" &&
src_ls=$(ls -diL "$src" 2>/dev/null) && set $src_ls && src_i=$1 &&
dst_ls=$(ls -diL "$dst" 2>/dev/null) && set $dst_ls && dst_i=$1 &&
test "$src_i" = "$dst_i" &&
both_ls=$(ls -dt "$src" "$dst") &&
test "X$both_ls" = "X$dst$nl$src" || {
dot_dots=
case $src in
/*) ;;
*)
case /$dst/ in
*//* | */../* | */./* | /*/*/*/*/*/)
die "invalid symlink calculation: $src -> $dst";;
/*/*/*/*/) dot_dots=../../../;;
/*/*/*/) dot_dots=../../;;
/*/*/) dot_dots=../;;
esac;;
esac
echo "$me: ln -fs $dot_dots$src $dst" &&
ln -fs "$dot_dots$src" "$dst"
}
fi
}
}
version_controlled_file() {
parent=$1
file=$2
@ -1015,7 +970,7 @@ bootstrap_post_import_hook \
# Uninitialized submodules are listed with an initial dash.
if $use_git && git submodule | grep '^-' >/dev/null; then
die "some git submodules are not initialized. " \
"Run 'git submodule update --init' and bootstrap again."
"Run 'git submodule init' and bootstrap again."
fi
# Remove any dangling symlink matching "*.m4" or "*.[ch]" in some
@ -1109,7 +1064,7 @@ bootstrap_epilogue
echo "$0: done. Now you can run './configure'."
# Local Variables:
# Local variables:
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"

27
bootstrap.conf
View file

@ -1,6 +1,6 @@
# Bootstrap configuration.
# Copyright (C) 2006-2022 Free Software Foundation, Inc.
# Copyright (C) 2006-2019 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -16,10 +16,11 @@
# along with this program. If not, see <https://www.gnu.org/licenses/>.
GNULIB_REVISION=9f48fb992a3d7e96610c4ce8be969cff2d61a01b
GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263
# gnulib modules used by this package.
# mbswidth is used by fix-width.diff's changes to argp rather than directly.
# mbswidth is used by gnulib-fix-width.diff's changes to argp rather than
# directly.
gnulib_modules="
argp
base64
@ -34,7 +35,6 @@ gnulib_modules="
realloc-gnu
regex
save-cwd
stdbool
"
gnulib_tool_option_extras="\
@ -66,11 +66,10 @@ SKIP_PO=t
# Build prerequisites
buildreq="\
autoconf 2.64
automake 1.14
gettext -
autoconf 2.63
automake 1.11
gettext 0.18.3
git 1.5.5
patch -
tar -
"
@ -80,19 +79,11 @@ cp -a INSTALL INSTALL.grub
bootstrap_post_import_hook () {
set -e
# Instead of patching our gnulib and therefore maintaining a fork, submit
# changes to gnulib and update the hash above when they've merged. Do not
# add new patches here.
for patchname in fix-width \
fix-regcomp-resource-leak \
fix-regexec-resource-leak \
fix-gcc-15-compile \
fix-unused-value; do
for patchname in fix-base64 fix-null-deref fix-null-state-deref fix-regcomp-uninit-token \
fix-regexec-null-deref fix-uninit-structure fix-unused-value fix-width no-abort; do
patch -d grub-core/lib/gnulib -p2 \
< "grub-core/lib/gnulib-patches/$patchname.patch"
done
for patchname in \
0001-Support-POTFILES-shell \
0002-Handle-gettext_printf-shell-function \

40
conf/Makefile.common
View file

@ -20,9 +20,6 @@ endif
if COND_powerpc_ieee1275
CFLAGS_PLATFORM += -mcpu=powerpc
endif
if COND_HAVE_PCI
CFLAGS_PLATFORM += -DGRUB_HAS_PCI
endif
# Other options
@ -42,16 +39,9 @@ LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC)
CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1
CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
STRIPFLAGS_KERNEL = -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx
if !COND_emu
if COND_HAVE_ASM_USCORE
LDFLAGS_KERNEL += -Wl,--defsym=_malloc=_grub_malloc -Wl,--defsym=_free=_grub_free
else
LDFLAGS_KERNEL += -Wl,--defsym=malloc=grub_malloc -Wl,--defsym=free=grub_free
endif
endif
CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r
LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
@ -75,7 +65,7 @@ grubconfdir = $(sysconfdir)/grub.d
platformdir = $(pkglibdir)/$(target_cpu)-$(platform)
starfielddir = $(pkgdatadir)/themes/starfield
CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion -Wno-error=attributes
CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion
CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib
CFLAGS_POSIX = -fno-builtin
@ -111,29 +101,27 @@ MOD_FILES =
MODULE_FILES =
MARKER_FILES =
KERNEL_HEADER_FILES =
EXTRA_DEPS =
bin_SCRIPTS =
bin_PROGRAMS =
check_SCRIPTS_native =
check_SCRIPTS_nonnative =
check_PROGRAMS_native =
check_PROGRAMS_nonnative =
dist_grubconf_DATA =
dist_noinst_DATA =
grubconf_SCRIPTS =
man_MANS =
noinst_DATA =
pkgdata_DATA =
bin_SCRIPTS =
sbin_SCRIPTS =
bin_PROGRAMS =
platform_DATA =
sbin_PROGRAMS =
check_SCRIPTS =
dist_grubconf_DATA =
check_PROGRAMS =
noinst_SCRIPTS =
noinst_PROGRAMS =
grubconf_SCRIPTS =
noinst_LIBRARIES =
pkgdata_DATA =
platform_DATA =
dist_noinst_DATA =
platform_SCRIPTS =
platform_PROGRAMS =
sbin_SCRIPTS =
sbin_PROGRAMS =
TESTS =
EXTRA_DIST =
CLEANFILES =
BUILT_SOURCES =

15
conf/Makefile.extra-dist
View file

@ -28,20 +28,21 @@ EXTRA_DIST += grub-core/gensymlist.sh
EXTRA_DIST += grub-core/genemuinit.sh
EXTRA_DIST += grub-core/genemuinitheader.sh
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-resource-leak.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-gcc-15-compile.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-base64.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
EXTRA_DIST += grub-core/lib/libgcrypt
EXTRA_DIST += grub-core/lib/libgcrypt-grub/mpi/generic
EXTRA_DIST += $(shell find $(top_srcdir)/include -name '*.h')
EXTRA_DIST += $(shell find $(top_srcdir)/grub-core/lib -name '*.h')
EXTRA_DIST += grub-core/efiemu/runtime/config.h
EXTRA_DIST += grub-core/tests/asn1/asn1_test.h
EXTRA_DIST += $(shell find $(top_srcdir)/grub-core/tests/asn1/tests -name '*.h')
EXTRA_DIST += $(shell find $(top_srcdir)/grub-core/commands/tpm2_key_protector -name '*.h')
EXTRA_DIST += grub-core/lib/LzmaDec.c

4
conf/i386-cygwin-img-ld.sc
View file

@ -14,8 +14,6 @@ SECTIONS
{
__data_start__ = . ;
*(.data)
/* Do not discard this section. */
. = . ;
__data_end__ = . ;
__rdata_start__ = . ;
*(.rdata)
@ -36,8 +34,6 @@ SECTIONS
.edata :
{
*(.edata)
/* Do not discard this section. */
. = . ;
end = . ;
_end = . ;
__end = . ;

88
config.h.in
View file

@ -9,10 +9,6 @@
#define GCRYPT_NO_DEPRECATED 1
#define HAVE_MEMMOVE 1
#if @MM_DEBUG@
#define MM_DEBUG @MM_DEBUG@
#endif
/* Define to 1 to enable disk cache statistics. */
#define DISK_CACHE_STATS @DISK_CACHE_STATS@
#define BOOT_TIME_STATS @BOOT_TIME_STATS@
@ -35,12 +31,12 @@
# else
# define BUILD_WORDS_BIGENDIAN 0
# endif
# else /* !defined __APPLE__ */
#else
#define BUILD_WORDS_BIGENDIAN @BUILD_WORDS_BIGENDIAN@
# endif /* !defined __APPLE__ */
#endif
#elif defined (GRUB_UTIL) || !defined (GRUB_MACHINE)
#include <config-util.h>
#else /* !defined GRUB_UTIL && defined GRUB_MACHINE */
#else
#define HAVE_FONT_SOURCE @HAVE_FONT_SOURCE@
/* Define if C symbols get an underscore after compilation. */
#define HAVE_ASM_USCORE @HAVE_ASM_USCORE@
@ -64,86 +60,8 @@
#define GRUB_TARGET_CPU "@GRUB_TARGET_CPU@"
#define GRUB_PLATFORM "@GRUB_PLATFORM@"
# define GRUB_STACK_PROTECTOR_INIT @GRUB_STACK_PROTECTOR_INIT@
#define RE_ENABLE_I18N 1
#define _GNU_SOURCE 1
# ifndef _GL_INLINE_HEADER_BEGIN
/*
* gnulib gets configured against the host, not the target, and the rest of
* our buildsystem works around that. This is difficult to avoid as gnulib's
* detection requires a more capable system than our target. Instead, we
* reach in and set values appropriately - intentionally setting more than the
* bare minimum. If, when updating gnulib, something breaks, there's probably
* a change needed here or in grub-core/Makefile.core.def.
*/
# define SIZE_MAX ((size_t) -1)
# define _GL_ATTRIBUTE_ALLOC_SIZE(args) \
__attribute__ ((__alloc_size__ args))
# define _GL_ATTRIBUTE_ALWAYS_INLINE __attribute__ ((__always_inline__))
# define _GL_ATTRIBUTE_ARTIFICIAL __attribute__ ((__artificial__))
# define _GL_ATTRIBUTE_COLD __attribute__ ((cold))
# define _GL_ATTRIBUTE_CONST __attribute__ ((const))
# define _GL_ATTRIBUTE_DEALLOC(f, i) __attribute ((__malloc__ (f, i)))
# define _GL_ATTRIBUTE_DEALLOC_FREE _GL_ATTRIBUTE_DEALLOC (free, 1)
# define _GL_ATTRIBUTE_DEPRECATED __attribute__ ((__deprecated__))
# define _GL_ATTRIBUTE_ERROR(msg) __attribute__ ((__error__ (msg)))
# define _GL_ATTRIBUTE_EXTERNALLY_VISIBLE \
__attribute__ ((externally_visible))
# define _GL_ATTRIBUTE_FORMAT(spec) __attribute__ ((__format__ spec))
# define _GL_ATTRIBUTE_LEAF __attribute__ ((__leaf__))
# define _GL_ATTRIBUTE_MALLOC __attribute__ ((malloc))
# define _GL_ATTRIBUTE_MAYBE_UNUSED _GL_ATTRIBUTE_UNUSED
# define _GL_ATTRIBUTE_MAY_ALIAS __attribute__ ((__may_alias__))
# define _GL_ATTRIBUTE_NODISCARD __attribute__ ((__warn_unused_result__))
# define _GL_ATTRIBUTE_NOINLINE __attribute__ ((__noinline__))
# define _GL_ATTRIBUTE_NONNULL(args) __attribute__ ((__nonnull__ args))
# define _GL_ATTRIBUTE_NONSTRING __attribute__ ((__nonstring__))
# define _GL_ATTRIBUTE_PACKED __attribute__ ((__packed__))
# define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__))
# define _GL_ATTRIBUTE_RETURNS_NONNULL \
__attribute__ ((__returns_nonnull__))
# define _GL_ATTRIBUTE_SENTINEL(pos) __attribute__ ((__sentinel__ pos))
# define _GL_ATTRIBUTE_UNUSED __attribute__ ((__unused__))
# define _GL_ATTRIBUTE_WARNING(msg) __attribute__ ((__warning__ (msg)))
# define _GL_CMP(n1, n2) (((n1) > (n2)) - ((n1) < (n2)))
# define _GL_GNUC_PREREQ GNUC_PREREQ
# define _GL_INLINE inline
# define _GL_UNUSED_LABEL _GL_ATTRIBUTE_UNUSED
/* We can't use __has_attribute for these because gcc-5.1 is too old for
* that. Everything above is present in that version, though. */
# if __GNUC__ >= 7
# define _GL_ATTRIBUTE_FALLTHROUGH __attribute__ ((fallthrough))
# else
# define _GL_ATTRIBUTE_FALLTHROUGH /* empty */
# endif
# ifndef ASM_FILE
typedef __INT_FAST32_TYPE__ int_fast32_t;
typedef __UINT_FAST32_TYPE__ uint_fast32_t;
# endif
/* Ensure ialloc nests static/non-static inline properly. */
# define IALLOC_INLINE static inline
/*
* gnulib uses these for blocking out warnings they can't/won't fix. gnulib
* also makes the decision about whether to provide a declaration for
* reallocarray() at compile-time, so this is a convenient place to override -
* it's used by the ialloc module, which is used by base64.
*/
# define _GL_INLINE_HEADER_BEGIN _Pragma ("GCC diagnostic push") \
void * \
reallocarray (void *ptr, unsigned int nmemb, unsigned int size);
# define _GL_INLINE_HEADER_END _Pragma ("GCC diagnostic pop")
# endif /* !_GL_INLINE_HEADER_BEGIN */
/* gnulib doesn't build cleanly with older compilers. */
# if __GNUC__ < 11
_Pragma ("GCC diagnostic ignored \"-Wtype-limits\"")
# endif
#endif

430
configure.ac
View file

@ -34,18 +34,13 @@ dnl "TARGET_" (such as TARGET_CC, TARGET_CFLAGS, etc.) are used for
dnl the target type. See INSTALL for full list of variables and
dnl description of the relationships between them.
AC_INIT([GRUB],[2.13],[bug-grub@gnu.org])
AC_INIT([GRUB],[2.06~rc1],[bug-grub@gnu.org])
AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"],
[n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],
[ERROR_PLATFORM_NOT_SUPPORT_SSP=yes])
AC_CONFIG_AUX_DIR([build-aux])
# We don't want -g -O2 by default in CFLAGS
: ${CFLAGS=""}
AC_USE_SYSTEM_EXTENSIONS
AC_CONFIG_AUX_DIR([build-aux])
# Checks for build, host and target systems.
AC_CANONICAL_BUILD
AC_CANONICAL_HOST
@ -54,9 +49,9 @@ AC_CANONICAL_TARGET
program_prefix="${save_program_prefix}"
AM_INIT_AUTOMAKE([1.11])
AC_PREREQ(2.64)
AC_PREREQ(2.63)
AC_CONFIG_SRCDIR([include/grub/dl.h])
AC_CONFIG_HEADERS([config-util.h])
AC_CONFIG_HEADER([config-util.h])
# Explicitly check for pkg-config early on, since otherwise conditional
# calls are problematic.
@ -76,7 +71,6 @@ grub_TRANSFORM([grub-mkpasswd-pbkdf2])
grub_TRANSFORM([grub-mkrelpath])
grub_TRANSFORM([grub-mkrescue])
grub_TRANSFORM([grub-probe])
grub_TRANSFORM([grub-protect])
grub_TRANSFORM([grub-reboot])
grub_TRANSFORM([grub-script-check])
grub_TRANSFORM([grub-set-default])
@ -84,11 +78,6 @@ grub_TRANSFORM([grub-sparc64-setup])
grub_TRANSFORM([grub-render-label])
grub_TRANSFORM([grub-file])
# Allow HOST_CC to override CC.
if test "x$HOST_CC" != x; then
CC=$HOST_CC
fi
# Optimization flag. Allow user to override.
if test "x$TARGET_CFLAGS" = x; then
TARGET_CFLAGS=-Os
@ -96,9 +85,9 @@ fi
# Enable support for "restrict" keyword and other
# features from gnu99 C language standard.
BUILD_CFLAGS="-std=gnu99 -fno-common $BUILD_CFLAGS"
HOST_CFLAGS="-std=gnu99 -fno-common $HOST_CFLAGS"
TARGET_CFLAGS="-std=gnu99 -fno-common $TARGET_CFLAGS"
BUILD_CFLAGS="-std=gnu99 $BUILD_CFLAGS"
HOST_CFLAGS="-std=gnu99 $HOST_CFLAGS"
TARGET_CFLAGS="-std=gnu99 $TARGET_CFLAGS"
# Default HOST_CPPFLAGS
HOST_CPPFLAGS="$HOST_CPPFLAGS -Wall -W"
@ -118,11 +107,18 @@ case "$target_cpu" in
target_cpu=mips
machine_CPPFLAGS="$machine_CPPFLAGS -DGRUB_CPU_MIPS=1"
;;
arm*) target_cpu=arm ;;
aarch64*) target_cpu=arm64 ;;
loongarch64) target_cpu=loongarch64 ;;
riscv32*) target_cpu=riscv32 ;;
riscv64*) target_cpu=riscv64 ;;
arm*)
target_cpu=arm
;;
aarch64*)
target_cpu=arm64
;;
riscv32*)
target_cpu=riscv32
;;
riscv64*)
target_cpu=riscv64
;;
esac
# Specify the platform (such as firmware).
@ -146,7 +142,6 @@ if test "x$with_platform" = x; then
ia64-*) platform=efi ;;
arm-*) platform=uboot ;;
arm64-*) platform=efi ;;
loongarch64-*) platform=efi;;
riscv32-*) platform=efi ;;
riscv64-*) platform=efi ;;
*)
@ -197,7 +192,6 @@ case "$target_cpu"-"$platform" in
arm-coreboot) ;;
arm-efi) ;;
arm64-efi) ;;
loongarch64-efi) ;;
riscv32-efi) ;;
riscv64-efi) ;;
*-emu) ;;
@ -339,7 +333,7 @@ fi
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PROG_AWK
AC_PROG_LEX([noyywrap])
AC_PROG_LEX
AC_PROG_YACC
AC_PROG_MAKE_SET
AC_PROG_MKDIR_P
@ -375,15 +369,11 @@ test "x$GCC" = xyes || AC_MSG_ERROR([GCC is required])
AC_CHECK_PROG(HAVE_CXX, $CXX, yes, no)
AC_GNU_SOURCE
AM_GNU_GETTEXT([external])
AM_GNU_GETTEXT_VERSION([0.18.3])
AC_SYS_LARGEFILE
PLATFORMS_PCI=" $(PYTHONPATH="${srcdir}" $PYTHON -c 'import gentpl; print(" ".join(gentpl.GROUPS[["pci"]]))') "
if test x"${PLATFORMS_PCI##* ${target_cpu}_${platform} *}" = x ; then
have_pci=y
fi
# Identify characteristics of the host architecture.
unset ac_cv_c_bigendian
@ -429,12 +419,12 @@ else
fi
# Check for functions and headers.
AC_CHECK_FUNCS(posix_memalign memalign getextmntent atexit)
AC_CHECK_FUNCS(posix_memalign memalign getextmntent)
AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
# glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation
# warning which causes compilation failure later with -Werror. So use -Werror here
# as well to force proper sys/sysmacros.h detection. Used in include/grub/osdep/major.h.
# as well to force proper sys/sysmacros.h detection.
SAVED_CFLAGS="$CFLAGS"
CFLAGS="$HOST_CFLAGS -Werror"
AC_HEADER_MAJOR
@ -803,24 +793,11 @@ if test "x$target_cpu" = xmips || test "x$target_cpu" = xmipsel ; then
if test "x$grub_cv_cc_mflush_func" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -mflush-func=grub_red_herring"
fi
AC_CACHE_CHECK([whether -mno-gpopt works], [grub_cv_cc_mno_gpopt], [
CFLAGS="$TARGET_CFLAGS -mno-gpopt -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_cc_mno_gpopt=yes],
[grub_cv_cc_mno_gpopt=no])
])
if test "x$grub_cv_cc_mno_gpopt" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -mno-gpopt"
fi
fi
# Force no alignment to save space on i386.
if test "x$target_cpu" = xi386; then
TARGET_CFLAGS="$TARGET_CFLAGS -falign-functions=1"
AC_CACHE_CHECK([whether -falign-loops works], [grub_cv_cc_falign_loop], [
CFLAGS="$TARGET_CFLAGS -falign-loops=1 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
@ -828,19 +805,17 @@ if test "x$target_cpu" = xi386; then
[grub_cv_cc_falign_loop=no])
])
if test "x$grub_cv_cc_falign_loop" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -falign-loops=1"
fi
AC_CACHE_CHECK([whether -falign-jumps works], [grub_cv_cc_falign_jumps], [
CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -Werror"
AC_CACHE_CHECK([whether -malign-loops works], [grub_cv_cc_malign_loop], [
CFLAGS="$TARGET_CFLAGS -malign-loops=1 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_cc_falign_jumps=yes],
[grub_cv_cc_falign_jumps=no])
[grub_cv_cc_malign_loop=yes],
[grub_cv_cc_malign_loop=no])
])
if test "x$grub_cv_cc_falign_jumps" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1"
if test "x$grub_cv_cc_falign_loop" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1"
elif test "x$grub_cv_cc_malign_loop" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -malign-jumps=1 -malign-loops=1 -malign-functions=1"
fi
fi
@ -861,83 +836,6 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p
TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow"
fi
if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ); then
AC_CACHE_CHECK([whether -Wa,-mx86-used-note works], [grub_cv_cc_mx86_used_note], [
CFLAGS="$TARGET_CFLAGS -Wa,-mx86-used-note=no -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_cc_mx86_used_note=yes],
[grub_cv_cc_mx86_used_note=no])
])
if test "x$grub_cv_cc_mx86_used_note" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -Wa,-mx86-used-note=no"
TARGET_CCASFLAGS="$TARGET_CCASFLAGS -Wa,-mx86-used-note=no"
fi
fi
if test "x$target_cpu" = xloongarch64; then
AC_CACHE_CHECK([whether _mno_explicit_relocs works], [grub_cv_cc_mno_explicit_relocs], [
CFLAGS="$TARGET_CFLAGS -mno-explicit-relocs -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_cc_mno_explicit_relocs=yes],
[grub_cv_cc_mno_explicit_relocs=no])
])
if test "x$grub_cv_cc_mno_explicit_relocs" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -mno-explicit-relocs -fno-plt"
TARGET_CCASFLAGS="$TARGET_CCASFLAGS -mno-explicit-relocs -fno-plt"
fi
AC_CACHE_CHECK([for no-relax options], grub_cv_target_cc_mno_relax, [
grub_cv_target_cc_mno_relax=no
for cand in "-mno-relax" "-Wa,-mno-relax"; do
if test x"$grub_cv_target_cc_mno_relax" != xno ; then
break
fi
CFLAGS="$TARGET_CFLAGS $cand -Werror"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
asm (".globl start; start:");
void __main (void);
void __main (void) {}
int main (void);
]], [[]])], [grub_cv_target_cc_mno_relax="$cand"], [])
done
])
CFLAGS="$TARGET_CFLAGS"
if test x"$grub_cv_target_cc_mno_relax" != xno ; then
TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mno_relax"
TARGET_CCASFLAGS="$TARGET_CCASFLAGS $grub_cv_target_cc_mno_relax"
fi
TARGET_CFLAGS="$TARGET_CFLAGS -Wa,-mla-global-with-abs"
TARGET_CCASFLAGS="$TARGET_CCASFLAGS -Wa,-mla-global-with-abs"
fi
if test "x$target_cpu" = xriscv64 || test "x$target_cpu" = xriscv32; then
AC_CACHE_CHECK([for no-relax options], grub_cv_target_cc_mno_relax, [
grub_cv_target_cc_mno_relax=no
for cand in "-mno-relax" "-Wa,-mno-relax"; do
if test x"$grub_cv_target_cc_mno_relax" != xno ; then
break
fi
CFLAGS="$TARGET_CFLAGS $cand -Werror"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
asm (".globl start; start:");
void __main (void);
void __main (void) {}
int main (void);
]], [[]])], [grub_cv_target_cc_mno_relax="$cand"], [])
done
])
CFLAGS="$TARGET_CFLAGS"
if test x"$grub_cv_target_cc_mno_relax" != xno ; then
TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mno_relax"
TARGET_CCASFLAGS="$TARGET_CCASFLAGS $grub_cv_target_cc_mno_relax"
fi
fi
# GRUB doesn't use float or doubles at all. Yet some toolchains may decide
# that floats are a good fit to run instead of what's written in the code.
# Given that floating point unit is disabled (if present to begin with)
@ -954,19 +852,11 @@ if test x"$platform" != xemu ; then
CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], [])
# ISA spec version 20191213 factored out extensions Zicsr and Zifencei
CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], [])
fi
if test "x$target_cpu" = xriscv64; then
CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], [])
# ISA spec version 20191213 factored out extensions Zicsr and Zifencei
CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], [])
fi
if test "x$target_cpu" = xia64; then
CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror"
@ -1057,19 +947,6 @@ if test x"$target_cpu" = xsparc64 ; then
TARGET_LDFLAGS="$TARGET_LDFLAGS $grub_cv_target_cc_mno_relax"
fi
# The backtrace module relies on frame pointers and the default optimization
# level, -Os, omits them. Make sure they are enabled.
AC_CACHE_CHECK([whether -fno-omit-frame-pointer works], [grub_cv_cc_fno_omit_frame_pointer], [
CFLAGS="$TARGET_CFLAGS -fno-omit-frame-pointer"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_cc_fno_omit_frame_pointer=yes],
[grub_cv_cc_fno_omit_frame_pointer=no])
])
if test "x$grub_cv_cc_fno_omit_frame_pointer" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -fno-omit-frame-pointer"
fi
# By default, GCC 4.4 generates .eh_frame sections containing unwind
# information in some cases where it previously did not. GRUB doesn't need
# these and they just use up vital space. Restore the old compiler
@ -1225,9 +1102,9 @@ if test x$grub_cv_target_cc_link_format = x-arch,i386 || test x$grub_cv_target_c
elif test x$grub_cv_target_cc_link_format = x-mi386pe || test x$grub_cv_target_cc_link_format = x-mi386pep ; then
TARGET_APPLE_LINKER=0
TARGET_LDFLAGS_OLDMAGIC="-Wl,-N"
TARGET_IMG_LDSCRIPT='$(top_srcdir)'"/conf/i386-cygwin-img-ld.sc"
TARGET_IMG_LDSCRIPT='$(top_srcdir)'"/${grub_coredir}/conf/i386-cygwin-img-ld.sc"
TARGET_IMG_LDFLAGS="-Wl,-T${TARGET_IMG_LDSCRIPT}"
TARGET_IMG_LDFLAGS_AC="-Wl,-T${srcdir}/conf/i386-cygwin-img-ld.sc"
TARGET_IMG_LDFLAGS_AC="-Wl,-T${srcdir}/${grub_coredir}/conf/i386-cygwin-img-ld.sc"
TARGET_IMG_BASE_LDOPT="-Wl,-Ttext"
TARGET_IMG_CFLAGS=
else
@ -1449,12 +1326,7 @@ if test "x$enable_stack_protector" = xno; then
TARGET_CFLAGS="$TARGET_CFLAGS -fno-stack-protector"
fi
elif test "x$platform" != xefi; then
if test "$ERROR_PLATFORM_NOT_SUPPORT_SSP" = "yes"; then
AC_MSG_ERROR([--enable-stack-protector is only supported on EFI platforms])
else
AC_MSG_WARN([--enable-stack-protector is only supported on EFI platforms])
fi
enable_stack_protector=no
elif test "x$ssp_global_possible" != xyes; then
AC_MSG_ERROR([--enable-stack-protector is not supported (compiler doesn't support -mstack-protector-guard=global)])
else
@ -1475,28 +1347,6 @@ else
AC_MSG_ERROR([invalid value $enable_stack_protector for --enable-stack-protector])
fi
TARGET_CPPFLAGS="$TARGET_CPPFLAGS -DGRUB_STACK_PROTECTOR=1"
if test -n "$SOURCE_DATE_EPOCH"; then
GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2$(printf "%x" "$SOURCE_DATE_EPOCH" | sed 's/.*\(........\)$/\1/')"
elif test -r /dev/urandom; then
# Generate the 8 byte stack protector canary at build time if /dev/urandom
# is able to be read. The first byte should be NUL to filter out string
# buffer overflow attacks.
GRUB_STACK_PROTECTOR_INIT="$($PYTHON -c 'import codecs; rf=open("/dev/urandom", "rb"); print("0x00"+codecs.encode(rf.read(7), "hex").decode("ascii"))')"
else
# Some hosts may not have a urandom, e.g. Windows, so use statically
# generated random bytes
GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2f193b25c"
fi
if test x"$target_m32" = x1 ; then
# Make sure that the canary default value is 24-bits by only using the
# lower 3 bytes on 32 bit systems. This allows the upper byte to be NUL
# to filter out string buffer overflow attacks.
GRUB_STACK_PROTECTOR_INIT="0x00$(echo "$GRUB_STACK_PROTECTOR_INIT" | sed 's/.*\(......\)$/\1/')"
fi
AC_SUBST([GRUB_STACK_PROTECTOR_INIT])
fi
CFLAGS="$TARGET_CFLAGS"
@ -1543,11 +1393,27 @@ fi
# Set them to their new values for the tests below.
CC="$TARGET_CC"
if test x"$platform" = xemu ; then
CFLAGS="$TARGET_CFLAGS -Wno-error"
elif test "x$TARGET_APPLE_LINKER" = x1 ; then
CFLAGS="$TARGET_CFLAGS -nostdlib -static -Wno-error"
else
CFLAGS="$TARGET_CFLAGS -nostdlib -Wno-error"
fi
CPPFLAGS="$TARGET_CPPFLAGS"
grub_ASM_USCORE
if test "x$TARGET_APPLE_LINKER" = x0 && test x"$platform" != xemu; then
if test x$grub_cv_asm_uscore = xyes; then
DEFSYM="-Wl,--defsym,_abort=_main -Wl,--defsym,__main=_main"
else
DEFSYM="-Wl,--defsym,abort=main -Wl,--defsym,_main=main -Wl,--defsym,__main=main"
fi
CFLAGS="$TARGET_CFLAGS -nostdlib $DEFSYM"
fi
# Check for libgcc symbols
if test x"$platform" = xemu; then
CFLAGS="$TARGET_CFLAGS -Wno-error"
AC_CHECK_FUNCS(__udivsi3 __umodsi3 __divsi3 __modsi3 __divdi3 __moddi3 __udivdi3 __umoddi3 __ctzdi2 __ctzsi2 __clzdi2 __aeabi_uidiv __aeabi_uidivmod __aeabi_idiv __aeabi_idivmod __aeabi_ulcmp __muldi3 __aeabi_lmul __aeabi_memcpy __aeabi_memcpy4 __aeabi_memcpy8 __aeabi_memclr __aeabi_memclr4 __aeabi_memclr8 __aeabi_memset __aeabi_lasr __aeabi_llsl __aeabi_llsr _restgpr_14_x __ucmpdi2 __ashldi3 __ashrdi3 __lshrdi3 __bswapsi2 __bswapdi2 __bzero __register_frame_info __deregister_frame_info ___chkstk_ms __chkstk_ms)
fi
@ -1558,8 +1424,7 @@ CFLAGS="$TARGET_CFLAGS -nostdlib"
fi
LIBS=""
# Defined in acinclude.m4.
grub_ASM_USCORE
# Defined in aclocal.m4.
grub_PROG_TARGET_CC
if test "x$TARGET_APPLE_LINKER" != x1 ; then
grub_PROG_OBJCOPY_ABSOLUTE
@ -1628,12 +1493,9 @@ AC_ARG_ENABLE([mm-debug],
AS_HELP_STRING([--enable-mm-debug],
[include memory manager debugging]))
if test x$enable_mm_debug = xyes; then
MM_DEBUG=1
else
MM_DEBUG=0
AC_DEFINE([MM_DEBUG], [1],
[Define to 1 if you enable memory manager debugging.])
fi
AC_SUBST([MM_DEBUG])
AM_CONDITIONAL([COND_MM_DEBUG], [test x$MM_DEBUG = x1])
AC_ARG_ENABLE([cache-stats],
AS_HELP_STRING([--enable-cache-stats],
@ -1657,10 +1519,6 @@ else
fi
AC_SUBST([BOOT_TIME_STATS])
AC_ARG_ENABLE([grub-emu-sdl2],
[AS_HELP_STRING([--enable-grub-emu-sdl2],
[build and install the `grub-emu' debugging utility with SDL2 support (default=guessed)])])
AC_ARG_ENABLE([grub-emu-sdl],
[AS_HELP_STRING([--enable-grub-emu-sdl],
[build and install the `grub-emu' debugging utility with SDL support (default=guessed)])])
@ -1670,28 +1528,6 @@ AC_ARG_ENABLE([grub-emu-pci],
[build and install the `grub-emu' debugging utility with PCI support (potentially dangerous) (default=no)])])
if test "$platform" = emu; then
if test x"$enable_grub_emu_sdl2" = xno ; then
grub_emu_sdl2_excuse="explicitly disabled"
fi
[if [ x"$grub_emu_sdl2_excuse" = x ]; then
# Check for libSDL libraries.]
PKG_CHECK_MODULES([SDL2], [sdl2], [
AC_DEFINE([HAVE_SDL2], [1], [Define to 1 if you have SDL2 library.])
AC_SUBST(HAVE_SDL2)],
[grub_emu_sdl2_excuse="libSDL2 libraries are required to build \`grub-emu' with SDL2 support"])
[fi]
if test x"$enable_grub_emu_sdl2" = xyes && test x"$grub_emu_sdl2_excuse" != x ; then
AC_MSG_ERROR([SDL2 support for grub-emu was explicitly requested but can't be compiled ($grub_emu_sdl2_excuse)])
fi
if test x"$grub_emu_sdl2_excuse" = x ; then
enable_grub_emu_sdl2=yes
else
enable_grub_emu_sdl2=no
fi
if test x"$enable_grub_emu_sdl2" = xyes ; then
grub_emu_sdl_excuse="disabled by sdl2"
fi
if test x"$enable_grub_emu_sdl" = xno ; then
grub_emu_sdl_excuse="explicitly disabled"
@ -1709,7 +1545,7 @@ AC_CHECK_LIB([SDL], [SDL_Init], [LIBSDL="-lSDL"],
[grub_emu_sdl_excuse=["libSDL header file is required to build \`grub-emu' with SDL support"]])
[fi]
if test x"$enable_grub_emu_sdl" = xyes && test x"$grub_emu_sdl_excuse" != x ; then
if test x"enable_grub_emu_sdl" = xyes && test x"$grub_emu_sdl_excuse" != x ; then
AC_MSG_ERROR([SDL support for grub-emu was explicitly requested but can't be compiled ($grub_emu_sdl_excuse)])
fi
if test x"$grub_emu_sdl_excuse" = x ; then
@ -1737,17 +1573,16 @@ AC_CHECK_LIB([SDL], [SDL_Init], [LIBSDL="-lSDL"],
if test x"$grub_emu_pci_excuse" = x ; then
enable_grub_emu_pci=yes
else
enable_grub_emu_pci=no
fi
AC_SUBST([enable_grub_emu_sdl2])
AC_SUBST([enable_grub_emu_sdl])
AC_SUBST([enable_grub_emu_pci])
else
# Ignore --enable-emu-* if platform is not emu
enable_grub_emu_sdl2=no
enable_grub_emu_sdl=no
enable_grub_emu_pci=no
fi
@ -1775,9 +1610,6 @@ if test x"$grub_mkfont_excuse" = x ; then
CPPFLAGS="$SAVED_CPPFLAGS"
LIBS="$SAVED_LIBS"
], [grub_mkfont_excuse=["need freetype2 library"]])
if test x"$grub_mkfont_excuse" = x && test x"$host_kernel" = xnetbsd ; then
FREETYPE_LIBS="$FREETYPE_LIBS -Wl,-R,/usr/pkg/lib" ;
fi
fi
if test x"$enable_grub_mkfont" = xyes && test x"$grub_mkfont_excuse" != x ; then
@ -1799,7 +1631,7 @@ CC="$BUILD_CC"
CPP="$BUILD_CPP"
CFLAGS="$BUILD_CFLAGS"
CPPFLAGS="$BUILD_CPPFLAGS"
LDFLAGS="$BUILD_LDFLAGS"
LDFLAGS="$BUILD_LDFAGS"
unset ac_cv_c_bigendian
unset ac_cv_header_ft2build_h
@ -1832,11 +1664,6 @@ if test x"$grub_build_mkfont_excuse" = x ; then
LIBS="$SAVED_LIBS"
CPPFLAGS="$SAVED_CPPFLAGS_2"
], [grub_build_mkfont_excuse=["need freetype2 library"]])
if test x"$grub_build_mkfont_excuse" = x ; then
case x"$build_os" in
xnetbsd*) BUILD_FREETYPE_LIBS="$BUILD_FREETYPE_LIBS -Wl,-R,/usr/pkg/lib" ;;
esac
fi
PKG_CONFIG="$SAVED_PKG_CONFIG"
fi
@ -1863,6 +1690,8 @@ CPPFLAGS="$SAVED_CPPFLAGS"
LDFLAGS="$SAVED_LDFLAGS"
DJVU_FONT_SOURCE=
starfield_excuse=
AC_ARG_ENABLE([grub-themes],
@ -1876,15 +1705,9 @@ if test x"$starfield_excuse" = x && test x"$enable_build_grub_mkfont" = xno ; th
starfield_excuse="No build-time grub-mkfont"
fi
AC_ARG_WITH([dejavufont],
AS_HELP_STRING([--with-dejavufont=FILE],
[set the DejeVu source [[guessed]]]))
if test "x$with_dejavufont" = x; then
# search in well-known directories
if test x"$starfield_excuse" = x; then
for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do
for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/pkg/share/fonts/X11/TTF /usr/local/share/fonts/dejavu /usr/X11R6/lib/X11/fonts/TTF /usr/share/fonts/dejavu-sans-fonts /usr/share/fonts/truetype/dejavu; do
for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype; do
if test -f "$dir/DejaVuSans.$ext"; then
DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext"
break 2
@ -1896,9 +1719,6 @@ if test "x$with_dejavufont" = x; then
starfield_excuse="No DejaVu found"
fi
fi
else
DJVU_FONT_SOURCE="$with_dejavufont"
fi
if test x"$enable_grub_themes" = xyes && test x"$starfield_excuse" != x; then
AC_MSG_ERROR([themes were explicitly requested but requirements are not satisfied ($starfield_excuse)])
@ -1906,14 +1726,10 @@ fi
AC_SUBST([DJVU_FONT_SOURCE])
AC_ARG_WITH([unifont],
AS_HELP_STRING([--with-unifont=FILE],
[set the unifont source [[guessed]]]))
FONT_SOURCE=
if test "x$with_unifont" = x; then
# search in well-known directories
for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz otf otf.gz; do
for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/unifont /usr/share/fonts/uni /usr/share/fonts/truetype/unifont /usr/share/fonts/misc /usr/pkg/share/fonts/X11/misc /usr/local/share/fonts/gnu-unifont /usr/local/share/fonts/unifont; do
for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do
for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/unifont /usr/share/fonts/uni /usr/share/fonts/truetype/unifont /usr/share/fonts/misc; do
if test -f "$dir/unifont.$ext"; then
md5="$(md5sum "$dir/unifont.$ext"|awk '{ print $1; }')"
# PCF and BDF from version 6.3 isn't hanled properly by libfreetype.
@ -1925,9 +1741,6 @@ if test "x$with_unifont" = x; then
fi
done
done
else
FONT_SOURCE="$with_unifont"
fi
if test x"$enable_build_grub_mkfont" = xno ; then
FONT_SOURCE=
@ -1956,11 +1769,17 @@ if test x"$enable_grub_mount" = xno ; then
fi
if test x"$grub_mount_excuse" = x ; then
PKG_CHECK_MODULES([FUSE], [fuse3], [FUSE_CFLAGS="$FUSE_CFLAGS -DFUSE_USE_VERSION=32"], [
PKG_CHECK_MODULES([FUSE], [fuse], [FUSE_CFLAGS="$FUSE_CFLAGS -DFUSE_USE_VERSION=26"], [
grub_mount_excuse="need fuse or fuse3 libraries"
])
])
AC_CHECK_LIB([fuse], [fuse_main_real], [],
[grub_mount_excuse="need FUSE library"])
fi
if test x"$grub_mount_excuse" = x ; then
# Check for fuse headers.
SAVED_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -DFUSE_USE_VERSION=26"
AC_CHECK_HEADERS([fuse/fuse.h], [],
[grub_mount_excuse=["need FUSE headers"]])
CPPFLAGS="$SAVED_CPPFLAGS"
fi
if test x"$enable_grub_mount" = xyes && test x"$grub_mount_excuse" != x ; then
@ -2064,19 +1883,8 @@ fi
if test x"$libzfs_excuse" = x ; then
AC_CHECK_LIB([nvpair], [nvlist_lookup_string],
[have_normal_nvpair=yes],
[have_normal_nvpair=no])
if test x"$have_normal_nvpair" = xno ; then
AC_CHECK_LIB([nvpair], [opensolaris_nvlist_lookup_string],
[have_prefixed_nvpair=yes],
[have_prefixed_nvpair=no])
if test x"$have_prefixed_nvpair" = xyes ; then
AC_DEFINE([GRUB_UTIL_NVPAIR_IS_PREFIXED], [1],
[Define to 1 if libnvpair symbols are prefixed with opensolaris_.])
else
libzfs_excuse="need nvpair library"
fi
fi
[],
[libzfs_excuse="need nvpair library"])
fi
if test x"$enable_libzfs" = xyes && test x"$libzfs_excuse" != x ; then
@ -2086,37 +1894,16 @@ fi
if test x"$libzfs_excuse" = x ; then
# We need both libzfs and libnvpair for a successful build.
LIBZFS="-lzfs"
AC_DEFINE([HAVE_LIBZFS], [1],
[Define to 1 if you have the ZFS library.])
LIBNVPAIR="-lnvpair"
AC_DEFINE([USE_LIBZFS], [1],
[Define to 1 if ZFS library should be used.])
AC_DEFINE([HAVE_LIBNVPAIR], [1],
[Define to 1 if you have the NVPAIR library.])
fi
AC_SUBST([LIBZFS])
AC_SUBST([LIBNVPAIR])
AC_ARG_ENABLE([grub-protect],
[AS_HELP_STRING([--enable-grub-protect],
[build and install the `grub-protect' utility (default=guessed)])])
if test x"$enable_grub_protect" = xno ; then
grub_protect_excuse="explicitly disabled"
fi
LIBTASN1=
if test x"$grub_protect_excuse" = x ; then
AC_CHECK_LIB([tasn1], [asn1_write_value], [LIBTASN1="-ltasn1"], [grub_protect_excuse="need libtasn1 library"])
fi
AC_SUBST([LIBTASN1])
if test x"$enable_grub_protect" = xyes && test x"$grub_protect_excuse" != x ; then
AC_MSG_ERROR([grub-protect was explicitly requested but can't be compiled ($grub_protect_excuse)])
fi
if test x"$grub_protect_excuse" = x ; then
enable_grub_protect=yes
else
enable_grub_protect=no
fi
AC_SUBST([enable_grub_protect])
LIBS=""
AC_SUBST([FONT_SOURCE])
@ -2135,10 +1922,6 @@ AC_ARG_ENABLE([werror],
if test x"$enable_werror" != xno ; then
TARGET_CFLAGS="$TARGET_CFLAGS -Werror"
HOST_CFLAGS="$HOST_CFLAGS -Werror"
if test "x$grub_cv_cc_target_clang" = xyes; then
TARGET_CFLAGS="$TARGET_CFLAGS -Wno-error=vla"
HOST_CFLAGS="$HOST_CFLAGS -Wno-error=vla"
fi
fi
TARGET_CPP="$TARGET_CC -E"
@ -2186,38 +1969,36 @@ AC_SUBST(BUILD_LIBM)
AM_CONDITIONAL([COND_real_platform], [test x$platform != xnone])
AM_CONDITIONAL([COND_emu], [test x$platform = xemu])
AM_CONDITIONAL([COND_i386_pc], [test x$target_cpu = xi386 -a x$platform = xpc])
AM_CONDITIONAL([COND_i386_efi], [test x$target_cpu = xi386 -a x$platform = xefi])
AM_CONDITIONAL([COND_ia64_efi], [test x$target_cpu = xia64 -a x$platform = xefi])
AM_CONDITIONAL([COND_i386_qemu], [test x$target_cpu = xi386 -a x$platform = xqemu])
AM_CONDITIONAL([COND_i386_ieee1275], [test x$target_cpu = xi386 -a x$platform = xieee1275])
AM_CONDITIONAL([COND_i386_coreboot], [test x$target_cpu = xi386 -a x$platform = xcoreboot])
AM_CONDITIONAL([COND_i386_multiboot], [test x$target_cpu = xi386 -a x$platform = xmultiboot])
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
AM_CONDITIONAL([COND_i386_xen], [test x$target_cpu = xi386 -a x$platform = xxen])
AM_CONDITIONAL([COND_i386_xen_pvh], [test x$target_cpu = xi386 -a x$platform = xxen_pvh])
AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen])
AM_CONDITIONAL([COND_mips_loongson], [test x$target_cpu = xmipsel -a x$platform = xloongson])
AM_CONDITIONAL([COND_mips_qemu_mips], [test "(" x$target_cpu = xmips -o x$target_cpu = xmipsel ")" -a x$platform = xqemu_mips])
AM_CONDITIONAL([COND_mips_arc], [test "(" x$target_cpu = xmips -o x$target_cpu = xmipsel ")" -a x$platform = xarc])
AM_CONDITIONAL([COND_sparc64_ieee1275], [test x$target_cpu = xsparc64 -a x$platform = xieee1275])
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
AM_CONDITIONAL([COND_powerpc_ieee1275], [test x$target_cpu = xpowerpc -a x$platform = xieee1275])
AM_CONDITIONAL([COND_mips], [test x$target_cpu = xmips -o x$target_cpu = xmipsel])
AM_CONDITIONAL([COND_mipsel], [test x$target_cpu = xmipsel])
AM_CONDITIONAL([COND_mipseb], [test x$target_cpu = xmips])
AM_CONDITIONAL([COND_arm], [test x$target_cpu = xarm ])
AM_CONDITIONAL([COND_arm_uboot], [test x$target_cpu = xarm -a x$platform = xuboot])
AM_CONDITIONAL([COND_arm_coreboot], [test x$target_cpu = xarm -a x$platform = xcoreboot])
AM_CONDITIONAL([COND_arm_efi], [test x$target_cpu = xarm -a x$platform = xefi])
AM_CONDITIONAL([COND_arm64], [test x$target_cpu = xarm64 ])
AM_CONDITIONAL([COND_arm64_efi], [test x$target_cpu = xarm64 -a x$platform = xefi])
AM_CONDITIONAL([COND_ia64_efi], [test x$target_cpu = xia64 -a x$platform = xefi])
AM_CONDITIONAL([COND_i386_pc], [test x$target_cpu = xi386 -a x$platform = xpc])
AM_CONDITIONAL([COND_i386_efi], [test x$target_cpu = xi386 -a x$platform = xefi])
AM_CONDITIONAL([COND_i386_qemu], [test x$target_cpu = xi386 -a x$platform = xqemu])
AM_CONDITIONAL([COND_i386_ieee1275], [test x$target_cpu = xi386 -a x$platform = xieee1275])
AM_CONDITIONAL([COND_i386_coreboot], [test x$target_cpu = xi386 -a x$platform = xcoreboot])
AM_CONDITIONAL([COND_i386_multiboot], [test x$target_cpu = xi386 -a x$platform = xmultiboot])
AM_CONDITIONAL([COND_i386_xen], [test x$target_cpu = xi386 -a x$platform = xxen])
AM_CONDITIONAL([COND_i386_xen_pvh], [test x$target_cpu = xi386 -a x$platform = xxen_pvh])
AM_CONDITIONAL([COND_loongarch64], [test x$target_cpu = xloongarch64])
AM_CONDITIONAL([COND_loongarch64_efi], [test x$target_cpu = xloongarch64 -a x$platform = xefi])
AM_CONDITIONAL([COND_mips], [test x$target_cpu = xmips -o x$target_cpu = xmipsel])
AM_CONDITIONAL([COND_mips_arc], [test "(" x$target_cpu = xmips -o x$target_cpu = xmipsel ")" -a x$platform = xarc])
AM_CONDITIONAL([COND_mips_loongson], [test x$target_cpu = xmipsel -a x$platform = xloongson])
AM_CONDITIONAL([COND_mips_qemu_mips], [test "(" x$target_cpu = xmips -o x$target_cpu = xmipsel ")" -a x$platform = xqemu_mips])
AM_CONDITIONAL([COND_mipsel], [test x$target_cpu = xmipsel])
AM_CONDITIONAL([COND_mipseb], [test x$target_cpu = xmips])
AM_CONDITIONAL([COND_powerpc_ieee1275], [test x$target_cpu = xpowerpc -a x$platform = xieee1275])
AM_CONDITIONAL([COND_riscv32], [test x$target_cpu = xriscv32 ])
AM_CONDITIONAL([COND_riscv64], [test x$target_cpu = xriscv64 ])
AM_CONDITIONAL([COND_riscv32_efi], [test x$target_cpu = xriscv32 -a x$platform = xefi])
AM_CONDITIONAL([COND_riscv64_efi], [test x$target_cpu = xriscv64 -a x$platform = xefi])
AM_CONDITIONAL([COND_sparc64_ieee1275], [test x$target_cpu = xsparc64 -a x$platform = xieee1275])
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen])
AM_CONDITIONAL([COND_HOST_HURD], [test x$host_kernel = xhurd])
AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux])
@ -2228,12 +2009,10 @@ AM_CONDITIONAL([COND_HOST_XNU], [test x$host_kernel = xxnu])
AM_CONDITIONAL([COND_HOST_ILLUMOS], [test x$host_kernel = xillumos])
AM_CONDITIONAL([COND_MAN_PAGES], [test x$cross_compiling = xno -a x$HELP2MAN != x])
AM_CONDITIONAL([COND_GRUB_EMU_SDL2], [test x$enable_grub_emu_sdl2 = xyes])
AM_CONDITIONAL([COND_GRUB_EMU_SDL], [test x$enable_grub_emu_sdl = xyes])
AM_CONDITIONAL([COND_GRUB_EMU_PCI], [test x$enable_grub_emu_pci = xyes])
AM_CONDITIONAL([COND_GRUB_MKFONT], [test x$enable_grub_mkfont = xyes])
AM_CONDITIONAL([COND_GRUB_MOUNT], [test x$enable_grub_mount = xyes])
AM_CONDITIONAL([COND_GRUB_PROTECT], [test x$enable_grub_protect = xyes])
AM_CONDITIONAL([COND_HAVE_FONT_SOURCE], [test x$FONT_SOURCE != x])
if test x$FONT_SOURCE != x ; then
HAVE_FONT_SOURCE=1
@ -2251,7 +2030,6 @@ AM_CONDITIONAL([COND_HAVE_CXX], [test x$HAVE_CXX = xyes])
AM_CONDITIONAL([COND_HAVE_ASM_USCORE], [test x$HAVE_ASM_USCORE = x1])
AM_CONDITIONAL([COND_STARFIELD], [test "x$starfield_excuse" = x])
AM_CONDITIONAL([COND_HAVE_EXEC], [test "x$have_exec" = xy])
AM_CONDITIONAL([COND_HAVE_PCI], [test "x$have_pci" = xy])
test "x$prefix" = xNONE && prefix="$ac_default_prefix"
test "x$exec_prefix" = xNONE && exec_prefix="${prefix}"
@ -2308,11 +2086,6 @@ echo "*******************************************************"
echo GRUB2 will be compiled with following components:
echo Platform: "$target_cpu"-"$platform"
if [ x"$platform" = xemu ]; then
if [ x"$grub_emu_sdl2_excuse" = x ]; then
echo SDL2 support for grub-emu: Yes
else
echo SDL2 support for grub-emu: No "($grub_emu_sdl2_excuse)"
fi
if [ x"$grub_emu_sdl_excuse" = x ]; then
echo SDL support for grub-emu: Yes
else
@ -2361,11 +2134,6 @@ echo grub-mount: Yes
else
echo grub-mount: No "($grub_mount_excuse)"
fi
if [ x"$grub_protect_excuse" = x ]; then
echo grub-protect: Yes
else
echo grub-protect: No "($grub_protect_excuse)"
fi
if [ x"$starfield_excuse" = x ]; then
echo starfield theme: Yes
echo With DejaVuSans font from $DJVU_FONT_SOURCE

323
docs/grub-dev.texi
View file

@ -77,9 +77,7 @@ This edition documents version @value{VERSION}.
* Coding style::
* Finding your way around::
* Contributing Changes::
* Setting up and running test suite::
* Updating External Code::
* Debugging::
* Porting::
* Error Handling::
* Stack and heap size::
@ -97,8 +95,8 @@ This edition documents version @value{VERSION}.
@node Getting the source code
@chapter Getting the source code
GRUB is maintained using the @uref{https://git-scm.com/book/en/v2,
GIT revision control system}. To fetch:
GRUB is maintained using the @uref{GIT revision
control system}. To fetch:
@example
git clone git://git.sv.gnu.org/grub.git
@ -347,8 +345,8 @@ manual and try GRUB 2 out to see what you think is missing from there.
Here are additional pointers:
@itemize
@item @uref{https://savannah.gnu.org/task/?group=grub, GRUB's Task Tracker}
@item @uref{https://savannah.gnu.org/bugs/?group=grub, GRUB's Bug Tracker}
@item @url{https://savannah.gnu.org/task/?group=grub GRUB's Task Tracker}
@item @url{https://savannah.gnu.org/bugs/?group=grub GRUB's Bug Tracker}
@end itemize
If you intended to make changes to GRUB Legacy (<=0.97) those are not accepted
@ -462,7 +460,7 @@ and the FSF clerks have dealt with your copyright assignment.
@section When you are approved for write access to project's files
As you might know, GRUB is hosted on
@uref{https://savannah.gnu.org/projects/grub, Savannah}, thus the membership
@url{https://savannah.gnu.org/projects/grub Savannah}, thus the membership
is managed by Savannah. This means that, if you want to be a member of this
project:
@ -485,17 +483,6 @@ If your intention is to just get started, please do not submit a inclusion
request. Instead, please subscribe to the mailing list, and communicate first
(e.g. sending a patch, asking a question, commenting on another message...).
@node Setting up and running test suite
@chapter Setting up and running test suite
GRUB is basically a tiny operating system with read support for many file
systems and which has been ported to a variety of architectures. As such, its
test suite has quite a few dependencies required to fully run the suite.
These dependencies are currently documented in the
@uref{https://git.savannah.gnu.org/cgit/grub.git/tree/INSTALL, INSTALL}
file in the source repository. Once installed, the test suite can be started
by running the @command{make check} command from the GRUB build directory.
@node Updating External Code
@chapter Updating external code
@ -506,7 +493,6 @@ to update it.
* Gnulib::
* jsmn::
* minilzo::
* libtasn1::
@end menu
@node Gnulib
@ -589,276 +575,14 @@ To upgrade to a new version of the miniLZO library, download the release
tarball and copy the files into the target directory:
@example
curl -L -O https://www.oberhumer.com/opensource/lzo/download/minilzo-2.10.tar.gz
tar -zxf minilzo-2.10.tar.gz
rm minilzo-2.10/testmini.c
curl -L -O http://www.oberhumer.com/opensource/lzo/download/minilzo-2.08.tar.gz
tar -zxf minilzo-2.08.tar.gz
rm minilzo-2.08/testmini.c
rm -r grub-core/lib/minilzo/*
cp minilzo-2.10/*.[hc] grub-core/lib/minilzo
rm -r minilzo-2.10*
cp minilzo-2.08/*.[hc] grub-core/lib/minilzo
rm -r minilzo-2.08*
@end example
@node libtasn1
@section libtasn1
libtasn1 is a library providing Abstract Syntax Notation One (ASN.1, as
specified by the X.680 ITU-T recommendation) parsing and structures management,
and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding
functions.
To upgrade to a new version of the libtasn1 library, download the release
tarball and copy the files into the target directory:
@example
curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz
tar xvzf libtasn1-4.19.0.tar.gz
rm -rf grub-core/lib/libtasn1
mkdir -p grub-core/lib/libtasn1/lib
mkdir -p grub-core/lib/libtasn1/tests
cp libtasn1-4.19.0/@{README.md,COPYING@} grub-core/lib/libtasn1
cp libtasn1-4.19.0/lib/@{coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h@} grub-core/lib/libtasn1/lib
cp libtasn1-4.19.0/lib/includes/libtasn1.h grub-core/lib/libtasn1
cp libtasn1-4.19.0/tests/@{CVE-2018-1000654-1_asn1_tab.h,CVE-2018-1000654-2_asn1_tab.h,CVE-2018-1000654.c,object-id-decoding.c,object-id-encoding.c,octet-string.c,reproducers.c,Test_overflow.c,Test_simple.c,Test_strings.c@} grub-core/lib/libtasn1/tests
rm -rf libtasn1-4.19.0*
@end example
After upgrading the library, it may be necessary to apply the patches in
@file{grub-core/lib/libtasn1-patches/} to adjust the code to be compatible with
GRUB. These patches were needed to use the current version of libtasn1. The
existing patches may not apply cleanly, apply at all, or even be needed for a
newer version of the library, and other patches may be needed due to changes in
the newer version. If existing patches need to be refreshed to apply cleanly,
please include updated patches as part of the a patch set sent to the list.
If new patches are needed or existing patches are not needed, also please send
additions or removals as part of any patch set upgrading libtasn1.
@node Debugging
@chapter Debugging
GRUB2 can be difficult to debug because it runs on the bare-metal and thus
does not have the debugging facilities normally provided by an operating
system. This chapter aims to provide useful information on some ways to
debug GRUB2 for some architectures. It by no means intends to be exhaustive.
The focus will be one x86_64 and i386 architectures. Luckily for some issues
virtual machines have made the ability to debug GRUB2 much easier, and this
chapter will focus debugging via the QEMU virtual machine. We will not be
going over debugging of the userland tools (eg. grub-install), there are
many tutorials on debugging programs in userland.
You will need GDB and the QEMU binaries for your system, on Debian these
can be installed with the @samp{gdb} and @samp{qemu-system-x86} packages.
Also it is assumed that you have already successfully compiled GRUB2 from
source for the target specified in the section below and have some
familiarity with GDB. When GRUB2 is built it will create many different
binaries. The ones of concern will be in the @file{grub-core}
directory of the GRUB2 build dir. To aide in debugging we will want the
debugging symbols generated during the build because these symbols are not
kept in the binaries which get installed to the boot location. The build
process outputs two sets of binaries, one without symbols which gets executed
at boot, and another set of ELF images with debugging symbols. The built
images with debugging symbols will have a @file{.image} suffix, and the ones
without a @file{.img} suffix. Similarly, loadable modules with debugging
symbols will have a @file{.module} suffix, and ones without a @file{.mod}
suffix. In the case of the kernel the binary with symbols is named
@file{kernel.exec}.
In the following sections, information will be provided on debugging on
various targets using @command{gdb} and the @samp{gdb_grub} GDB script.
@menu
* i386-pc::
* x86_64-efi::
@end menu
@node i386-pc
@section i386-pc
The i386-pc target is a good place to start when first debugging GRUB2
because in some respects it's easier than EFI platforms. The reason being
that the initial load address is always known in advance. To start
debugging GRUB2 first QEMU must be started in GDB stub mode. The following
command is a simple illustration:
@example
qemu-system-i386 -drive file=disk.img,format=raw \
-device virtio-scsi-pci,id=scsi0 -S -s
@end example
This will start a QEMU instance booting from @file{disk.img}. It will pause
at start waiting for a GDB instance to attach to it. You should change
@file{disk.img} to something more appropriate. A block device can be used,
but you may need to run QEMU as a privileged user.
To connect to this QEMU instance with GDB, the @code{target remote} GDB
command must be used. We also need to load a binary image, preferably with
symbols. This can be done using the GDB command @code{file kernel.exec}, if
GDB is started from the @file{grub-core} directory in the GRUB2 build
directory. GRUB2 developers have made this more simple by including a GDB
script which does much of the setup. This file is at @file{grub-core/gdb_grub}
in the build directory and is also installed via @command{make install}.
When using a pre-built GRUB, the distribution may have a package which installs
this GDB script along with debug symbol binaries, such as Debian's
@samp{grub-pc-dbg} package. The GDB script is intended to be used
like so, assuming that @samp{/path/to/script} is the path to the directory
containing the gdb_grub script and debug symbol files:
@example
cd $(dirname /path/to/script/gdb_grub)
gdb -x gdb_grub
@end example
Once GDB has been started with the @file{gdb_grub} script it will
automatically connect to the QEMU instance. You can then do things you
normally would in GDB like set a break point on @var{grub_main}.
Setting breakpoints in modules is trickier since they haven't been loaded
yet and are loaded at addresses determined at runtime. The module could be
loaded to different addresses in different QEMU instances. The debug symbols
in the modules @file{.module} binary, thus are always wrong, and GDB needs
to be told where to load the symbols to. But this must happen at runtime
after GRUB2 has determined where the module will get loaded. Luckily the
@file{gdb_grub} script takes care of this with the @command{runtime_load_module}
command, which configures GDB to watch for GRUB2 module loading and when
it does add the module symbols with the appropriate offset.
@node x86_64-efi
@section x86_64-efi
Using GDB to debug GRUB2 for the x86_64-efi target has some similarities with
the i386-pc target. Please read and familiarize yourself with the @ref{i386-pc}
section when reading this one. Extra care must be used to run QEMU such that it
boots a UEFI firmware. This usually involves either using the @samp{-bios}
option with a UEFI firmware blob (eg. @file{OVMF.fd}) or loading the firmware
via pflash. This document will not go further into how to do this as there are
ample resource on the web.
Like all EFI implementations, on x86_64-efi the (U)EFI firmware that loads
the GRUB2 EFI application determines at runtime where the application will
be loaded. This means that we do not know where to tell GDB to load the
symbols for the GRUB2 core until the (U)EFI firmware determines it. There are
two good ways of figuring this out when running in QEMU: use a @ref{OVMF debug log,
debug build of OVMF} and check the debug log, or have GRUB2 say where it is
loaded. Neither of these are ideal because they both generally give the
information after GRUB2 is already running, which makes debugging early boot
infeasible. Technically, the first method does give the load address before
GRUB2 is run, but without debugging the EFI firmware with symbols, the author
currently does not know how to cause the OVMF firmware to pause at that point
to use the load address before GRUB2 is run.
Even after getting the application load address, the loading of core symbols
is complicated by the fact that the debugging symbols for the kernel are in
an ELF binary named @file{kernel.exec} while what is in memory are sections
for the PE32+ EFI binary. When @command{grub-mkimage} creates the PE32+
binary it condenses several segments from the ELF kernel binary into one
.data section in the PE32+ binary. This must be taken into account to
properly load the other non-text sections. Otherwise, GDB will work as
expected when breaking on functions, but, for instance, global variables
will point to the wrong address in memory and thus give incorrect values
(which can be difficult to debug).
Calculating the correct offsets for sections is taken care of automatically
when loading the kernel symbols via the user-defined GDB command
@command{dynamic_load_kernel_exec_symbols}, which takes one argument, the
address where the text section is loaded as determined by one of the methods
above. Alternatively, the command @command{dynamic_load_symbols} with the text
section address as an agrument can be called to load the kernel symbols and set
up loading the module symbols as they are loaded at runtime.
In the author's experience, when debugging with QEMU and OVMF, to have
debugging symbols loaded at the start of GRUB2 execution the GRUB2 EFI
application must be run via QEMU at least once prior in order to get the
load address. Two methods for obtaining the load address are described in
two subsections below. Generally speaking, the load address does not change
between QEMU runs. There are exceptions to this, namely that different
GRUB2 EFI applications can be run at different addresses. Also, it has been
observed that after running the EFI application for the first time, the
second run will sometimes have a different load address, but subsequent
runs of the same EFI application will have the same load address as the
second run. And it's a near certainty that if the GRUB EFI binary has changed,
eg. been recompiled, the load address will also be different.
This ability to predict what the load address will be allows one to assume
the load address on subsequent runs and thus load the symbols before GRUB2
starts. The following command illustrates this, assuming that QEMU is
running and waiting for a debugger connection and the current working
directory is where @file{gdb_grub} resides:
@example
gdb -x gdb_grub -ex 'dynamic_load_symbols @var{address of .text section}'
@end example
If you load the symbols in this manner and, after continuing execution, do
not see output showing the module symbols loading, then it is very likely
that the load address was incorrect.
Another thing to be aware of is how the loading of the GRUB image by the
firmware affects previously set software breakpoints. On x86 platforms,
software breakpoints are implemented by GDB by writing a special processor
instruction at the location of the desired breakpoint. This special instruction
when executed will stop the program execution and hand control to the
debugger, GDB. GDB will first save the instruction bytes that are
overwritten at the breakpoint and will put them back when the breakpoint
is hit. If GRUB is being run for the first time in QEMU, the firmware will
be loading the GRUB image into memory where every byte is already set to 0.
This means that if a breakpoint is set before GRUB is loaded, GDB will save
the 0-byte(s) where the the special instruction will go. Then when the firmware
loads the GRUB image and because it is unaware of the debugger, it will
write the GRUB image to memory, overwriting anything that was there previously ---
notably in this case the instruction that implements the software breakpoint.
This will be confusing for the person using GDB because GDB will show the
breakpoint as set, but the brekapoint will never be hit. Furthermore, GDB
then becomes confused, such that even deleting an recreating the breakpoint
will not create usable breakpoints. The @file{gdb_grub} script takes care of
this by saving the breakpoints just before they are overwritten, and then
restores them at the start of GRUB execution. So breakpoints for GRUB can be
set before GRUB is loaded, but be mindful of this effect if you are confused
as to why breakpoints are not getting hit.
Also note, that hardware breakpoints do not suffer this problem. They are
implemented by having the breakpoint address in special debug registers on
the CPU. So they can always be set freely without regard to whether GRUB has
been loaded or not. The reason that hardware breakpoints aren't always used
is because there are a limited number of them, usually around 4 on various
CPUs, and specifically exactly 4 for x86 CPUs. The @file{gdb_grub} script goes
out of its way to avoid using hardware breakpoints internally and uses them as
briefly as possible when needed, thus allowing the user to have a maximal
number at their disposal.
@menu
* OVMF debug log::
* Using the gdbinfo command::
@end menu
@node OVMF debug log
@subsection OVMF debug log
In order to get the GRUB2 load address from OVMF, first, a debug build
of OVMF must be obtained (@uref{https://github.com/retrage/edk2-nightly/raw/master/bin/DEBUGX64_OVMF.fd,
here is one} which is not officially recommended). OVMF will output debug
messages to a special serial device, which we must add to QEMU. The following
QEMU command will run the debug OVMF and write the debug messages to a
file named @file{debug.log}. It is assumed that @file{disk.img} is a disk
image or block device that is set up to boot GRUB2 EFI.
@example
qemu-system-x86_64 -bios /path/to/debug/OVMF.fd \
-drive file=disk.img,format=raw \
-device virtio-scsi-pci,id=scsi0 \
-debugcon file:debug.log -global isa-debugcon.iobase=0x402
@end example
If GRUB2 was started by the (U)EFI firmware, then in the @file{debug.log}
file one of the last lines should be a log message like:
@samp{Loading driver at 0x00006AEE000 EntryPoint=0x00006AEE756}. This
means that the GRUB2 EFI application was loaded at @samp{0x00006AEE000} and
its .text section is at @samp{0x00006AEE756}.
@node Using the gdbinfo command
@subsection Using the gdbinfo command
On EFI platforms the command @command{gdbinfo} will output a string that
is to be run in a GDB session running with the @file{gdb_grub} GDB script.
@node Porting
@chapter Porting
@ -1036,7 +760,7 @@ void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They
won't be used for now.
You will need to create directory include/$cpu/$platform and a file
include/$cpu/types.h. The latter following this template:
include/$cpu/types.h. The later folowing this template:
@example
#ifndef GRUB_TYPES_CPU_HEADER
@ -1082,7 +806,7 @@ If it works next stage is to have heap, console and timer.
To have the heap working you need to determine which regions are suitable for
heap usage, allocate them from firmware and map (if applicable). Then call
grub_mm_init_region (void *start, grub_size_t s) for every of this region.
grub_mm_init_region (vois *start, grub_size_t s) for every of this region.
As a shortcut for early port you can allocate right after _end or have
a big static array for heap. If you do you'll probably need to come back to
this later. As for output console you should distinguish between an array of
@ -1096,7 +820,7 @@ Of video is loongson (kern/mips/loongson/init.c). Note that terminfo has
to be inited in 2 stages: one before (to get at least rudimentary console
as early as possible) and another after the heap (to get full-featured console).
For the input there are string of keys, terminfo and direct hardware. For string
of keys look at i386-pc (same files), for terminfo ieee1275 (same files) and for
of keys look at i386-pc (same files), for termino ieee1275 (same files) and for
hardware loongson (kern/mips/loongson/init.c and term/at_keyboard.c).
For the timer you'll need to call grub_install_get_time_ms (...) with as sole
@ -1310,23 +1034,20 @@ On emu stack and heap are just normal host OS stack and heap. Stack is typically
On i386-pc, i386-coreboot, i386-qemu and i386-multiboot the stack is 60KiB.
All available space between 1MiB and 4GiB marks is part of heap.
On *-xen stack is 4MiB. If compiled for x86-64 with GCC 4.4 or later addressable
space is unlimited. When compiled for x86-64 with older GCC version addressable
space is limited to 2GiB. When compiling for i386 addressable space is limited
to 4GiB. All addressable pages except the ones for stack, GRUB binary, special
On *-xen stack is 4MiB. If compiled for x86-64 with GCC 4.4 or later adressable
space is unlimited. When compiled for x86-64 with older GCC version adressable
space is limited to 2GiB. When compiling for i386 adressable space is limited
to 4GiB. All adressable pages except the ones for stack, GRUB binary, special
pages and page table are in the heap.
On *-efi GRUB uses same stack as EFI. If compiled for x86-64 with GCC 4.4 or
later addressable space is unlimited. When compiled for x86-64 with older GCC
version addressable space is limited to 2GiB. For all other platforms addressable
later adressable space is unlimited. When compiled for x86-64 with older GCC
version adressable space is limited to 2GiB. For all other platforms adressable
space is limited to 4GiB. GRUB allocates pages from EFI for its heap, at most
1.6 GiB.
On i386-ieee1275 and powerpc-ieee1275 GRUB uses same stack as IEEE1275.
On i386-ieee1275 and powerpc-ieee1275, GRUB will allocate 32MiB for its heap on
startup. It may allocate more at runtime, as long as at least 128MiB remain free
in OpenFirmware.
It allocates at most 32MiB for its heap.
On sparc64-ieee1275 stack is 256KiB and heap is 2MiB.
@ -1354,7 +1075,7 @@ In short:
@item i386-qemu @tab 60 KiB @tab < 4 GiB
@item *-efi @tab ? @tab < 1.6 GiB
@item i386-ieee1275 @tab ? @tab < 32 MiB
@item powerpc-ieee1275 @tab ? @tab available memory - 128MiB
@item powerpc-ieee1275 @tab ? @tab < 32 MiB
@item sparc64-ieee1275 @tab 256KiB @tab 2 MiB
@item arm-uboot @tab 256KiB @tab 2 MiB
@item mips(el)-qemu_mips @tab 2MiB @tab 253 MiB
@ -2315,7 +2036,7 @@ functions (defined in @file{gfxmenu/gui_util.c}) that are particularly useful:
@item @code{grub_gui_find_by_id (root, id, callback, userdata)}:
This function recursively traverses the component tree rooted at @var{root}, and
This function ecursively traverses the component tree rooted at @var{root}, and
for every component that has an ID equal to @var{id}, calls the function pointed
to by @var{callback} with the matching component and the void pointer @var{userdata}
as arguments. The callback function can do whatever is desired to use the

4064
docs/grub.texi
View file

File diff suppressed because it is too large Load diff

4
docs/man/grub-protect.h2m
View file

@ -1,4 +0,0 @@
[NAME]
grub-protect \- protect a disk key with a key protector
[DESCRIPTION]
grub-protect helps to protect a disk encryption key with a specified key protector.

29
gentpl.py
View file

@ -32,7 +32,7 @@ GRUB_PLATFORMS = [ "emu", "i386_pc", "i386_efi", "i386_qemu", "i386_coreboot",
"mips_loongson", "sparc64_ieee1275",
"powerpc_ieee1275", "mips_arc", "ia64_efi",
"mips_qemu_mips", "arm_uboot", "arm_efi", "arm64_efi",
"arm_coreboot", "loongarch64_efi", "riscv32_efi", "riscv64_efi" ]
"arm_coreboot", "riscv32_efi", "riscv64_efi" ]
GROUPS = {}
@ -47,13 +47,12 @@ GROUPS["sparc64"] = [ "sparc64_ieee1275" ]
GROUPS["powerpc"] = [ "powerpc_ieee1275" ]
GROUPS["arm"] = [ "arm_uboot", "arm_efi", "arm_coreboot" ]
GROUPS["arm64"] = [ "arm64_efi" ]
GROUPS["loongarch64"] = [ "loongarch64_efi" ]
GROUPS["riscv32"] = [ "riscv32_efi" ]
GROUPS["riscv64"] = [ "riscv64_efi" ]
# Groups based on firmware
GROUPS["efi"] = [ "i386_efi", "x86_64_efi", "ia64_efi", "arm_efi", "arm64_efi",
"loongarch64_efi", "riscv32_efi", "riscv64_efi" ]
"riscv32_efi", "riscv64_efi" ]
GROUPS["ieee1275"] = [ "i386_ieee1275", "sparc64_ieee1275", "powerpc_ieee1275" ]
GROUPS["uboot"] = [ "arm_uboot" ]
GROUPS["xen"] = [ "i386_xen", "x86_64_xen" ]
@ -80,7 +79,7 @@ GROUPS["terminfomodule"] = GRUB_PLATFORMS[:];
for i in GROUPS["terminfoinkernel"]: GROUPS["terminfomodule"].remove(i)
# Flattened Device Trees (FDT)
GROUPS["fdt"] = [ "arm64_efi", "arm_uboot", "arm_efi", "loongarch64_efi", "riscv32_efi", "riscv64_efi" ]
GROUPS["fdt"] = [ "arm64_efi", "arm_uboot", "arm_efi", "riscv32_efi", "riscv64_efi" ]
# Needs software helpers for division
# Must match GRUB_DIVISION_IN_SOFTWARE in misc.h
@ -569,7 +568,6 @@ def foreach_platform_value(defn, platform, suffix, closure):
for group in RMAP[platform]:
for value in defn.find_all(group + suffix):
r.append(closure(value))
r.sort()
return ''.join(r)
def platform_conditional(platform, closure):
@ -631,10 +629,7 @@ def platform_values(defn, platform, suffix):
def extra_dist(defn):
return foreach_value(defn, "extra_dist", lambda value: value + " ")
def extra_dep(defn):
return foreach_value(defn, "depends", lambda value: value + " ")
def platform_sources(defn, p): return platform_values(defn, p, "_head") + platform_values(defn, p, "")
def platform_sources(defn, p): return platform_values(defn, p, "")
def platform_nodist_sources(defn, p): return platform_values(defn, p, "_nodist")
def platform_startup(defn, p): return platform_specific_values(defn, p, "_startup", "startup")
@ -660,7 +655,7 @@ def first_time(defn, snippet):
def is_platform_independent(defn):
if 'enable' in defn:
return False
for suffix in [ "", "_head", "_nodist" ]:
for suffix in [ "", "_nodist" ]:
template = platform_values(defn, GRUB_PLATFORMS[0], suffix)
for platform in GRUB_PLATFORMS[1:]:
if template != platform_values(defn, platform, suffix):
@ -702,14 +697,10 @@ def module(defn, platform):
gvar_add("MOD_FILES", name + ".mod")
gvar_add("MARKER_FILES", name + ".marker")
gvar_add("CLEANFILES", name + ".marker")
for dep in defn.find_all("depends"):
gvar_add("EXTRA_DEPS", "depends " + name + " " + dep + ":")
output("""
""" + name + """.marker: $(""" + cname(defn) + """_SOURCES) $(nodist_""" + cname(defn) + """_SOURCES)
$(TARGET_CPP) -DGRUB_LST_GENERATOR $(CPPFLAGS_MARKER) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(""" + cname(defn) + """_CPPFLAGS) $(CPPFLAGS) $^ > $@.new || (rm -f $@; exit 1)
grep 'MARKER' $@.new | grep -v '^#' > $@; rm -f $@.new
grep 'MARKER' $@.new > $@; rm -f $@.new
""")
def kernel(defn, platform):
@ -775,7 +766,7 @@ def image(defn, platform):
if test x$(TARGET_APPLE_LINKER) = x1; then \
$(MACHO2IMG) $< $@; \
else \
$(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx -R .interp $< $@; \
$(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; \
fi
""")
@ -826,7 +817,8 @@ def program(defn, platform, test=False):
set_canonical_name_suffix("")
if 'testcase' in defn:
gvar_add("check_PROGRAMS_" + defn['testcase'], name)
gvar_add("check_PROGRAMS", name)
gvar_add("TESTS", name)
else:
var_add(installdir(defn) + "_PROGRAMS", name)
if 'mansection' in defn:
@ -867,7 +859,8 @@ def script(defn, platform):
name = defn['name']
if 'testcase' in defn:
gvar_add("check_SCRIPTS_" + defn['testcase'], name)
gvar_add("check_SCRIPTS", name)
gvar_add ("TESTS", name)
else:
var_add(installdir(defn) + "_SCRIPTS", name)
if 'mansection' in defn:

22
grub-core/Makefile.am
View file

@ -90,7 +90,6 @@ endif
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/key_protector.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
@ -154,7 +153,6 @@ endif
if COND_i386_ieee1275
KERNEL_HEADER_FILES += $(top_builddir)/include/grub/machine/kernel.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/ieee1275/ieee1275.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/ieee1275/alloc.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/terminfo.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lib/arg.h
@ -242,7 +240,6 @@ endif
if COND_powerpc_ieee1275
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/ieee1275/ieee1275.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/ieee1275/alloc.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/terminfo.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lib/arg.h
@ -291,12 +288,6 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h
endif
if COND_loongarch64_efi
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h
endif
if COND_riscv32_efi
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
@ -316,13 +307,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/net.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostdisk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostfile.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/exec.h
if COND_GRUB_EMU_SDL
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sdl.h
endif
if COND_GRUB_EMU_SDL2
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sdl.h
endif
if COND_GRUB_EMU_PCI
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/libpciaccess.h
endif
@ -455,11 +442,8 @@ crypto.lst: $(srcdir)/lib/libgcrypt-grub/cipher/crypto.lst
platform_DATA += crypto.lst
CLEANFILES += crypto.lst
extra_deps.lst:
@echo $(EXTRA_DEPS) | sed "s/\s*:\s*/\n/g" > $@
syminfo.lst: gensyminfo.sh kernel_syms.lst extra_deps.lst $(MODULE_FILES)
cat kernel_syms.lst extra_deps.lst > $@.new
syminfo.lst: gensyminfo.sh kernel_syms.lst $(MODULE_FILES)
cat kernel_syms.lst > $@.new
for m in $(MODULE_FILES); do \
sh $< $$m >> $@.new || exit 1; \
done
@ -469,7 +453,7 @@ syminfo.lst: gensyminfo.sh kernel_syms.lst extra_deps.lst $(MODULE_FILES)
moddep.lst: syminfo.lst genmoddep.awk video.lst
cat $< | sort | $(AWK) -f $(srcdir)/genmoddep.awk > $@ || (rm -f $@; exit 1)
platform_DATA += moddep.lst
CLEANFILES += config.log syminfo.lst moddep.lst extra_deps.lst
CLEANFILES += config.log syminfo.lst moddep.lst
$(MOD_FILES): %.mod : genmod.sh moddep.lst %.module$(EXEEXT) build-grub-module-verifier$(BUILD_EXEEXT)
TARGET_OBJ2ELF=@TARGET_OBJ2ELF@ sh $^ $@

195
grub-core/Makefile.core.def
View file

@ -20,8 +20,8 @@ transform_data = {
transform_data = {
installdir = platform;
name = gdb_helper.py;
common = gdb_helper.py.in;
name = gmodule.pl;
common = gmodule.pl.in;
};
transform_data = {
@ -49,36 +49,26 @@ kernel = {
nostrip = emu;
emu_ldflags = '-Wl,-r';
i386_efi_cflags = '-fshort-wchar';
i386_efi_ldflags = '-Wl,-r';
emu_ldflags = '-Wl,-r,-d';
i386_efi_ldflags = '-Wl,-r,-d';
i386_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
x86_64_efi_cflags = '-fshort-wchar';
x86_64_efi_ldflags = '-Wl,-r';
x86_64_efi_ldflags = '-Wl,-r,-d';
x86_64_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
ia64_efi_cflags = '-fshort-wchar -fno-builtin -fpic -minline-int-divide-max-throughput';
ia64_efi_ldflags = '-Wl,-r';
ia64_efi_cflags = '-fno-builtin -fpic -minline-int-divide-max-throughput';
ia64_efi_ldflags = '-Wl,-r,-d';
ia64_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
arm_efi_cflags = '-fshort-wchar';
arm_efi_ldflags = '-Wl,-r';
arm_efi_ldflags = '-Wl,-r,-d';
arm_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
arm64_efi_cflags = '-fshort-wchar';
arm64_efi_ldflags = '-Wl,-r';
arm64_efi_ldflags = '-Wl,-r,-d';
arm64_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version -R .eh_frame';
loongarch64_efi_cflags = '-fshort-wchar';
loongarch64_efi_ldflags = '-Wl,-r';
loongarch64_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version -R .eh_frame';
riscv32_efi_cflags = '-fshort-wchar';
riscv32_efi_ldflags = '-Wl,-r';
riscv32_efi_ldflags = '-Wl,-r,-d';
riscv32_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version -R .eh_frame';
riscv64_efi_cflags = '-fshort-wchar';
riscv64_efi_ldflags = '-Wl,-r';
riscv64_efi_ldflags = '-Wl,-r,-d';
riscv64_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version -R .eh_frame';
i386_pc_ldflags = '$(TARGET_IMG_LDFLAGS)';
@ -108,9 +98,9 @@ kernel = {
i386_qemu_cppflags = '-DGRUB_BOOT_MACHINE_LINK_ADDR=$(GRUB_BOOT_MACHINE_LINK_ADDR)';
emu_cflags = '$(CFLAGS_GNULIB)';
emu_cppflags = '$(CPPFLAGS_GNULIB)';
arm_uboot_ldflags = '-Wl,-r';
arm_uboot_ldflags = '-Wl,-r,-d';
arm_uboot_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
arm_coreboot_ldflags = '-Wl,-r';
arm_coreboot_ldflags = '-Wl,-r,-d';
arm_coreboot_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
i386_pc_startup = kern/i386/pc/startup.S;
@ -130,7 +120,6 @@ kernel = {
arm_coreboot_startup = kern/arm/startup.S;
arm_efi_startup = kern/arm/efi/startup.S;
arm64_efi_startup = kern/arm64/efi/startup.S;
loongarch64_efi_startup = kern/loongarch64/efi/startup.S;
riscv32_efi_startup = kern/riscv/efi/startup.S;
riscv64_efi_startup = kern/riscv/efi/startup.S;
@ -211,7 +200,6 @@ kernel = {
efi = disk/efi/efidisk.c;
efi = kern/efi/efi.c;
efi = kern/efi/debug.c;
efi = kern/efi/init.c;
efi = kern/efi/mm.c;
efi = term/efi/console.c;
@ -237,6 +225,7 @@ kernel = {
x86_64 = kern/x86_64/dl.c;
x86_64_xen = kern/x86_64/dl.c;
x86_64_efi = kern/x86_64/efi/callwrap.S;
x86_64_efi = kern/i386/efi/init.c;
x86_64_efi = bus/pci.c;
@ -269,9 +258,6 @@ kernel = {
arm64_efi = kern/arm64/efi/init.c;
arm64_efi = kern/efi/fdt.c;
loongarch64_efi = kern/loongarch64/efi/init.c;
loongarch64_efi = kern/efi/fdt.c;
riscv32_efi = kern/riscv/efi/init.c;
riscv32_efi = kern/efi/fdt.c;
@ -350,11 +336,6 @@ kernel = {
arm64 = kern/arm64/dl.c;
arm64 = kern/arm64/dl_helper.c;
loongarch64 = kern/loongarch64/cache.c;
loongarch64 = kern/loongarch64/cache_flush.S;
loongarch64 = kern/loongarch64/dl.c;
loongarch64 = kern/loongarch64/dl_helper.c;
riscv32 = kern/riscv/cache.c;
riscv32 = kern/riscv/cache_flush.S;
riscv32 = kern/riscv/dl.c;
@ -418,7 +399,7 @@ program = {
ldadd = 'kernel.exec$(EXEEXT)';
ldadd = '$(MODULE_FILES)';
ldadd = 'lib/gnulib/libgnu.a $(LIBINTL) $(LIBUTIL) $(LIBSDL) $(SDL2_LIBS) $(LIBUSB) $(LIBPCIACCESS) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
ldadd = 'lib/gnulib/libgnu.a $(LIBINTL) $(LIBUTIL) $(LIBSDL) $(LIBUSB) $(LIBPCIACCESS) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
enable = emu;
};
@ -430,7 +411,7 @@ program = {
emu_nodist = symlist.c;
ldadd = 'kernel.exec$(EXEEXT)';
ldadd = 'lib/gnulib/libgnu.a $(LIBINTL) $(LIBUTIL) $(LIBSDL) $(SDL2_LIBS) $(LIBUSB) $(LIBPCIACCESS) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
ldadd = 'lib/gnulib/libgnu.a $(LIBINTL) $(LIBUTIL) $(LIBSDL) $(LIBUSB) $(LIBPCIACCESS) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
enable = emu;
};
@ -536,7 +517,7 @@ image = {
image = {
name = xz_decompress;
mips_head = boot/mips/startup_raw.S;
mips = boot/mips/startup_raw.S;
common = boot/decompressor/minilib.c;
common = boot/decompressor/xz.c;
common = lib/xzembed/xz_dec_bcj.c;
@ -554,7 +535,7 @@ image = {
image = {
name = none_decompress;
mips_head = boot/mips/startup_raw.S;
mips = boot/mips/startup_raw.S;
common = boot/decompressor/none.c;
cppflags = '-DGRUB_EMBED_DECOMPRESSOR=1';
@ -714,16 +695,12 @@ module = {
name = cmostest;
common = commands/i386/cmostest.c;
enable = cmos;
enable = i386_efi;
enable = x86_64_efi;
};
module = {
name = cmosdump;
common = commands/i386/cmosdump.c;
enable = cmos;
enable = i386_efi;
enable = x86_64_efi;
};
module = {
@ -766,9 +743,6 @@ module = {
name = regexp;
common = commands/regexp.c;
common = commands/wildcard.c;
common = lib/gnulib/malloc/dynarray_finalize.c;
common = lib/gnulib/malloc/dynarray_emplace_enlarge.c;
common = lib/gnulib/malloc/dynarray_resize.c;
common = lib/gnulib/regex.c;
cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB)';
@ -834,12 +808,6 @@ module = {
enable = efi;
};
module = {
name = efitextmode;
efi = commands/efi/efitextmode.c;
enable = efi;
};
module = {
name = blocklist;
common = commands/blocklist.c;
@ -859,7 +827,6 @@ module = {
enable = arm64_efi;
enable = arm_uboot;
enable = arm_coreboot;
enable = loongarch64_efi;
enable = riscv32_efi;
enable = riscv64_efi;
};
@ -1151,13 +1118,6 @@ module = {
enable = powerpc_ieee1275;
};
module = {
name = tpm;
common = commands/tpm.c;
ieee1275 = commands/ieee1275/ibmvtpm.c;
enable = powerpc_ieee1275;
};
module = {
name = terminal;
common = commands/terminal.c;
@ -1209,11 +1169,6 @@ module = {
common = disk/cryptodisk.c;
};
module = {
name = plainmount;
common = disk/plainmount.c;
};
module = {
name = json;
common = lib/json/json.c;
@ -1282,11 +1237,6 @@ module = {
common = disk/raid6_recover.c;
};
module = {
name = key_protector;
common = disk/key_protector.c;
};
module = {
name = scsi;
common = disk/scsi.c;
@ -1447,11 +1397,6 @@ module = {
common = fs/odc.c;
};
module = {
name = erofs;
common = fs/erofs.c;
};
module = {
name = ext2;
common = fs/ext2.c;
@ -1606,7 +1551,6 @@ module = {
common = fs/zfs/zfs_lz4.c;
common = fs/zfs/zfs_sha256.c;
common = fs/zfs/zfs_fletcher.c;
cppflags = '-I$(srcdir)/lib/posix_wrap -I$(srcdir)/lib/zstd';
};
module = {
@ -1764,7 +1708,6 @@ module = {
extra_dist = lib/arm/setjmp.S;
extra_dist = lib/arm64/setjmp.S;
extra_dist = lib/riscv/setjmp.S;
extra_dist = lib/loongarch64/setjmp.S;
};
module = {
@ -1863,17 +1806,14 @@ module = {
sparc64_ieee1275 = loader/sparc64/ieee1275/linux.c;
ia64_efi = loader/ia64/efi/linux.c;
arm_coreboot = loader/arm/linux.c;
arm_efi = loader/efi/linux.c;
arm_efi = loader/arm64/linux.c;
arm_uboot = loader/arm/linux.c;
arm64 = loader/efi/linux.c;
loongarch64 = loader/efi/linux.c;
riscv32 = loader/efi/linux.c;
riscv64 = loader/efi/linux.c;
i386_efi = loader/efi/linux.c;
x86_64_efi = loader/efi/linux.c;
emu = loader/emu/linux.c;
arm64 = loader/arm64/linux.c;
riscv32 = loader/riscv/linux.c;
riscv64 = loader/riscv/linux.c;
common = loader/linux.c;
common = lib/cmdline.c;
enable = noemu;
};
module = {
@ -1965,7 +1905,6 @@ module = {
enable = ia64_efi;
enable = arm_efi;
enable = arm64_efi;
enable = loongarch64_efi;
enable = riscv32_efi;
enable = riscv64_efi;
enable = mips;
@ -2008,7 +1947,7 @@ module = {
extra_dist = script/yylex.l;
extra_dist = script/parser.y;
cflags = '$(CFLAGS_POSIX) -Wno-redundant-decls -Wno-unused-but-set-variable';
cflags = '$(CFLAGS_POSIX) -Wno-redundant-decls';
cppflags = '$(CPPFLAGS_POSIX)';
};
@ -2094,11 +2033,9 @@ module = {
name = serial;
common = term/serial.c;
x86 = term/ns8250.c;
x86 = term/ns8250-spcr.c;
ieee1275 = term/ieee1275/serial.c;
mips_arc = term/arc/serial.c;
efi = term/efi/serial.c;
x86 = term/pci/serial.c;
enable = terminfomodule;
enable = ieee1275;
@ -2253,10 +2190,6 @@ module = {
common = tests/videotest_checksum.c;
};
/*
* These tests fail depending on the version of unifont. As we don't distribute
* our own unifont it fails for most users. Disable them so that they don't mask
* real failures. They can be reinstated once we solve unifont problem.
module = {
name = gfxterm_menu;
common = tests/gfxterm_menu.c;
@ -2266,7 +2199,6 @@ module = {
name = cmdline_cat_test;
common = tests/cmdline_cat_test.c;
};
*/
module = {
name = bitmap;
@ -2345,14 +2277,6 @@ module = {
condition = COND_GRUB_EMU_SDL;
};
module = {
name = sdl;
emu = video/emu/sdl.c;
enable = emu;
condition = COND_GRUB_EMU_SDL2;
cflags = '$(SDL2_CFLAGS)';
};
module = {
name = datehook;
common = hook/datehook.c;
@ -2572,34 +2496,6 @@ module = {
enable = efi;
};
module = {
name = tss2;
common = lib/tss2/buffer.c;
common = lib/tss2/tss2_mu.c;
common = lib/tss2/tpm2_cmd.c;
common = lib/tss2/tss2.c;
efi = lib/efi/tcg2.c;
emu = lib/tss2/tcg2_emu.c;
powerpc_ieee1275 = lib/ieee1275/tcg2.c;
enable = efi;
enable = emu;
enable = powerpc_ieee1275;
cppflags = '-I$(srcdir)/lib/tss2';
};
module = {
name = tpm2_key_protector;
common = commands/tpm2_key_protector/args.c;
common = commands/tpm2_key_protector/module.c;
common = commands/tpm2_key_protector/tpm2key.c;
common = commands/tpm2_key_protector/tpm2key_asn1_tab.c;
/* The plaform support of tpm2_key_protector depends on the tcg2 implementation in tss2. */
enable = efi;
enable = emu;
enable = powerpc_ieee1275;
cppflags = '-I$(srcdir)/lib/tss2 -I$(srcdir)/lib/libtasn1-grub';
};
module = {
name = tr;
common = commands/tr.c;
@ -2631,46 +2527,3 @@ module = {
common = commands/i386/wrmsr.c;
enable = x86;
};
module = {
name = memtools;
common = commands/memtools.c;
condition = COND_MM_DEBUG;
};
module = {
name = bli;
efi = commands/bli.c;
enable = efi;
depends = part_gpt;
};
module = {
name = asn1;
common = lib/libtasn1-grub/lib/decoding.c;
common = lib/libtasn1-grub/lib/coding.c;
common = lib/libtasn1-grub/lib/element.c;
common = lib/libtasn1-grub/lib/structure.c;
common = lib/libtasn1-grub/lib/parser_aux.c;
common = lib/libtasn1-grub/lib/gstr.c;
common = lib/libtasn1-grub/lib/errors.c;
common = lib/libtasn1_wrap/wrap.c;
cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
/* -Wno-type-limits comes from configure.ac of libtasn1 */
cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1-grub -I$(srcdir)/lib/libtasn1-grub/lib -Wno-type-limits';
};
module = {
name = asn1_test;
common = tests/asn1/tests/CVE-2018-1000654.c;
common = tests/asn1/tests/object-id-decoding.c;
common = tests/asn1/tests/object-id-encoding.c;
common = tests/asn1/tests/octet-string.c;
common = tests/asn1/tests/reproducers.c;
common = tests/asn1/tests/Test_overflow.c;
common = tests/asn1/tests/Test_simple.c;
common = tests/asn1/tests/Test_strings.c;
common = tests/asn1/asn1_test.c;
cflags = '-Wno-uninitialized';
cppflags = '-I$(srcdir)/lib/libtasn1-grub -I$(srcdir)/tests/asn1/';
};

5
grub-core/bus/cs5536.c
View file

@ -331,9 +331,8 @@ grub_cs5536_init_geode (grub_pci_device_t dev)
{
volatile grub_uint32_t *oc;
oc = grub_absolute_pointer (grub_pci_device_map_range (dev, 0x05022000,
GRUB_CS5536_USB_OPTION_REGS_SIZE));
oc = grub_pci_device_map_range (dev, 0x05022000,
GRUB_CS5536_USB_OPTION_REGS_SIZE);
oc[GRUB_CS5536_USB_OPTION_REG_UOCMUX] =
(oc[GRUB_CS5536_USB_OPTION_REG_UOCMUX]

2
grub-core/bus/usb/ehci.c
View file

@ -218,7 +218,7 @@ enum
#define GRUB_EHCI_TERMINATE (1<<0)
#define GRUB_EHCI_TOGGLE ((grub_uint32_t) 1<<31)
#define GRUB_EHCI_TOGGLE (1<<31)
enum
{

4
grub-core/bus/usb/usbhub.c
View file

@ -82,7 +82,7 @@ grub_usb_hub_add_dev (grub_usb_controller_t controller,
if (i == GRUB_USBHUB_MAX_DEVICES)
{
grub_error (GRUB_ERR_IO, "can't assign address to USB device");
for (i = 0; i < GRUB_USB_MAX_CONF; i++)
for (i = 0; i < 8; i++)
grub_free (dev->config[i].descconf);
grub_free (dev);
return NULL;
@ -96,7 +96,7 @@ grub_usb_hub_add_dev (grub_usb_controller_t controller,
i, 0, 0, NULL);
if (err)
{
for (i = 0; i < GRUB_USB_MAX_CONF; i++)
for (i = 0; i < 8; i++)
grub_free (dev->config[i].descconf);
grub_free (dev);
return NULL;

97
grub-core/commands/acpi.c
View file

@ -38,20 +38,6 @@
GRUB_MOD_LICENSE ("GPLv3+");
enum
{
OPTION_EXCLUDE = 0,
OPTION_LOAD_ONLY,
OPTION_V1,
OPTION_V2,
OPTION_OEMID,
OPTION_OEMTABLE,
OPTION_OEMTABLEREV,
OPTION_OEMTABLECREATOR,
OPTION_OEMTABLECREATORREV,
OPTION_NO_EBDA
};
static const struct grub_arg_option options[] = {
{"exclude", 'x', 0,
N_("Don't load host tables specified by comma-separated list."),
@ -182,7 +168,7 @@ grub_acpi_create_ebda (void)
struct grub_acpi_rsdp_v10 *v1;
struct grub_acpi_rsdp_v20 *v2;
ebda = (grub_uint8_t *) (grub_addr_t) ((*((grub_uint16_t *) grub_absolute_pointer (0x40e))) << 4);
ebda = (grub_uint8_t *) (grub_addr_t) ((*((grub_uint16_t *)0x40e)) << 4);
grub_dprintf ("acpi", "EBDA @%p\n", ebda);
if (ebda)
ebda_kb_len = *(grub_uint16_t *) ebda;
@ -312,7 +298,7 @@ grub_acpi_create_ebda (void)
*target = 0;
grub_dprintf ("acpi", "Switching EBDA\n");
(*((grub_uint16_t *) grub_absolute_pointer (0x40e))) = ((grub_addr_t) targetebda) >> 4;
(*((grub_uint16_t *) 0x40e)) = ((grub_addr_t) targetebda) >> 4;
grub_dprintf ("acpi", "EBDA switched\n");
return GRUB_ERR_NONE;
@ -504,21 +490,21 @@ grub_cmd_acpi (struct grub_extcmd_context *ctxt, int argc, char **args)
if (rsdp)
{
grub_uint8_t *entry_ptr;
grub_uint32_t *entry_ptr;
char *exclude = 0;
char *load_only = 0;
char *ptr;
grub_size_t tbl_addr_size;
struct grub_acpi_table_header *table_head;
/* RSDT consists of header and an array of 32-bit pointers. */
struct grub_acpi_table_header *rsdt;
exclude = state[OPTION_EXCLUDE].set ? grub_strdup (state[OPTION_EXCLUDE].arg) : 0;
exclude = state[0].set ? grub_strdup (state[0].arg) : 0;
if (exclude)
{
for (ptr = exclude; *ptr; ptr++)
*ptr = grub_tolower (*ptr);
}
load_only = state[OPTION_LOAD_ONLY].set ? grub_strdup (state[OPTION_LOAD_ONLY].arg) : 0;
load_only = state[1].set ? grub_strdup (state[1].arg) : 0;
if (load_only)
{
for (ptr = load_only; *ptr; ptr++)
@ -528,32 +514,17 @@ grub_cmd_acpi (struct grub_extcmd_context *ctxt, int argc, char **args)
/* Set revision variables to replicate the same version as host. */
rev1 = ! rsdp->revision;
rev2 = rsdp->revision;
if (rev2 && ((struct grub_acpi_table_header *) (grub_addr_t) ((struct grub_acpi_rsdp_v20 *) rsdp)->xsdt_addr) != NULL)
{
/* XSDT consists of header and an array of 64-bit pointers. */
table_head = (struct grub_acpi_table_header *) (grub_addr_t) ((struct grub_acpi_rsdp_v20 *) rsdp)->xsdt_addr;
tbl_addr_size = sizeof (((struct grub_acpi_rsdp_v20 *) rsdp)->xsdt_addr);
}
else
{
/* RSDT consists of header and an array of 32-bit pointers. */
table_head = (struct grub_acpi_table_header *) (grub_addr_t) rsdp->rsdt_addr;
tbl_addr_size = sizeof (rsdp->rsdt_addr);
}
rsdt = (struct grub_acpi_table_header *) (grub_addr_t) rsdp->rsdt_addr;
/* Load host tables. */
for (entry_ptr = (grub_uint8_t *) (table_head + 1);
entry_ptr < (grub_uint8_t *) (((grub_uint8_t *) table_head) + table_head->length);
entry_ptr += tbl_addr_size)
for (entry_ptr = (grub_uint32_t *) (rsdt + 1);
entry_ptr < (grub_uint32_t *) (((grub_uint8_t *) rsdt)
+ rsdt->length);
entry_ptr++)
{
char signature[5];
struct efiemu_acpi_table *table;
struct grub_acpi_table_header *curtable;
if (tbl_addr_size == sizeof (rsdp->rsdt_addr))
curtable = (struct grub_acpi_table_header *) (grub_addr_t) *((grub_uint32_t *) entry_ptr);
else
curtable = (struct grub_acpi_table_header *) (grub_addr_t) *((grub_uint64_t *) entry_ptr);
struct grub_acpi_table_header *curtable
= (struct grub_acpi_table_header *) (grub_addr_t) *entry_ptr;
signature[4] = 0;
for (i = 0; i < 4;i++)
signature[i] = grub_tolower (curtable->signature[i]);
@ -637,26 +608,26 @@ grub_cmd_acpi (struct grub_extcmd_context *ctxt, int argc, char **args)
}
/* Does user specify versions to generate? */
if (state[OPTION_V1].set || state[OPTION_V2].set)
if (state[2].set || state[3].set)
{
rev1 = state[OPTION_V1].set;
if (state[OPTION_V2].set)
rev1 = state[2].set;
if (state[3].set)
rev2 = rev2 ? : 2;
else
rev2 = 0;
}
/* Does user override root header information? */
if (state[OPTION_OEMID].set)
grub_strncpy (root_oemid, state[OPTION_OEMID].arg, sizeof (root_oemid));
if (state[OPTION_OEMTABLE].set)
grub_strncpy (root_oemtable, state[OPTION_OEMTABLE].arg, sizeof (root_oemtable));
if (state[OPTION_OEMTABLEREV].set)
root_oemrev = grub_strtoul (state[OPTION_OEMTABLEREV].arg, 0, 0);
if (state[OPTION_OEMTABLECREATOR].set)
grub_strncpy (root_creator_id, state[OPTION_OEMTABLECREATOR].arg, sizeof (root_creator_id));
if (state[OPTION_OEMTABLECREATORREV].set)
root_creator_rev = grub_strtoul (state[OPTION_OEMTABLECREATORREV].arg, 0, 0);
if (state[4].set)
grub_strncpy (root_oemid, state[4].arg, sizeof (root_oemid));
if (state[5].set)
grub_strncpy (root_oemtable, state[5].arg, sizeof (root_oemtable));
if (state[6].set)
root_oemrev = grub_strtoul (state[6].arg, 0, 0);
if (state[7].set)
grub_strncpy (root_creator_id, state[7].arg, sizeof (root_creator_id));
if (state[8].set)
root_creator_rev = grub_strtoul (state[8].arg, 0, 0);
/* Load user tables */
for (i = 0; i < argc; i++)
@ -772,7 +743,7 @@ grub_cmd_acpi (struct grub_extcmd_context *ctxt, int argc, char **args)
acpi_tables = 0;
#if defined (__i386__) || defined (__x86_64__)
if (! state[OPTION_NO_EBDA].set)
if (! state[9].set)
{
grub_err_t err;
err = grub_acpi_create_ebda ();
@ -788,13 +759,13 @@ grub_cmd_acpi (struct grub_extcmd_context *ctxt, int argc, char **args)
#ifdef GRUB_MACHINE_EFI
{
static grub_guid_t acpi = GRUB_EFI_ACPI_TABLE_GUID;
static grub_guid_t acpi20 = GRUB_EFI_ACPI_20_TABLE_GUID;
struct grub_efi_guid acpi = GRUB_EFI_ACPI_TABLE_GUID;
struct grub_efi_guid acpi20 = GRUB_EFI_ACPI_20_TABLE_GUID;
grub_efi_system_table->boot_services->install_configuration_table (&acpi20,
grub_acpi_get_rsdpv2 ());
grub_efi_system_table->boot_services->install_configuration_table (&acpi,
grub_acpi_get_rsdpv1 ());
efi_call_2 (grub_efi_system_table->boot_services->install_configuration_table,
&acpi20, grub_acpi_get_rsdpv2 ());
efi_call_2 (grub_efi_system_table->boot_services->install_configuration_table,
&acpi, grub_acpi_get_rsdpv1 ());
}
#endif

138
grub-core/commands/bli.c
View file

@ -1,138 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2023 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*
* Implementation of the Boot Loader Interface.
*/
#include <grub/charset.h>
#include <grub/efi/api.h>
#include <grub/efi/disk.h>
#include <grub/efi/efi.h>
#include <grub/err.h>
#include <grub/extcmd.h>
#include <grub/gpt_partition.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/partition.h>
#include <grub/types.h>
GRUB_MOD_LICENSE ("GPLv3+");
#define MODNAME "bli"
static const grub_guid_t bli_vendor_guid = GRUB_EFI_VENDOR_BOOT_LOADER_INTERFACE_GUID;
static grub_err_t
get_part_uuid (const char *device_name, char **part_uuid)
{
grub_device_t device;
grub_err_t status = GRUB_ERR_NONE;
grub_disk_t disk = NULL;
struct grub_gpt_partentry entry;
device = grub_device_open (device_name);
if (device == NULL)
return grub_error (grub_errno, N_("cannot open device: %s"), device_name);
if (device->disk == NULL)
{
grub_dprintf ("bli", "%s is not a disk device, partuuid skipped\n", device_name);
*part_uuid = NULL;
grub_device_close (device);
return GRUB_ERR_NONE;
}
if (device->disk->partition == NULL)
{
grub_dprintf ("bli", "%s has no partition, partuuid skipped\n", device_name);
*part_uuid = NULL;
grub_device_close (device);
return GRUB_ERR_NONE;
}
disk = grub_disk_open (device->disk->name);
if (disk == NULL)
{
status = grub_error (grub_errno, N_("cannot open disk: %s"), device_name);
grub_device_close (device);
return status;
}
if (grub_strcmp (device->disk->partition->partmap->name, "gpt") != 0)
{
status = grub_error (GRUB_ERR_BAD_PART_TABLE,
N_("this is not a GPT partition table: %s"), device_name);
goto fail;
}
if (grub_disk_read (disk, device->disk->partition->offset,
device->disk->partition->index, sizeof (entry), &entry) != GRUB_ERR_NONE)
{
status = grub_error (grub_errno, N_("read error: %s"), device_name);
goto fail;
}
*part_uuid = grub_xasprintf ("%pG", &entry.guid);
if (*part_uuid == NULL)
status = grub_errno;
fail:
grub_disk_close (disk);
grub_device_close (device);
return status;
}
static grub_err_t
set_loader_device_part_uuid (void)
{
grub_efi_loaded_image_t *image;
char *device_name;
grub_err_t status = GRUB_ERR_NONE;
char *part_uuid = NULL;
image = grub_efi_get_loaded_image (grub_efi_image_handle);
if (image == NULL)
return grub_error (GRUB_ERR_BAD_DEVICE, N_("unable to find boot device"));
device_name = grub_efidisk_get_device_name (image->device_handle);
if (device_name == NULL)
return grub_error (GRUB_ERR_BAD_DEVICE, N_("unable to find boot device"));
status = get_part_uuid (device_name, &part_uuid);
if (status == GRUB_ERR_NONE && part_uuid)
status = grub_efi_set_variable_to_string ("LoaderDevicePartUUID", &bli_vendor_guid, part_uuid,
GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
GRUB_EFI_VARIABLE_RUNTIME_ACCESS);
else
grub_error (status, N_("unable to determine partition UUID of boot device"));
grub_free (part_uuid);
grub_free (device_name);
return status;
}
GRUB_MOD_INIT (bli)
{
grub_efi_set_variable_to_string ("LoaderInfo", &bli_vendor_guid, PACKAGE_STRING,
GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
GRUB_EFI_VARIABLE_RUNTIME_ACCESS);
set_loader_device_part_uuid ();
/* No error here is critical, other than being logged */
grub_print_error ();
}

10
grub-core/commands/blocklist.c
View file

@ -53,9 +53,9 @@ print_blocklist (grub_disk_addr_t sector, unsigned num,
}
/* Helper for grub_cmd_blocklist. */
static grub_err_t
static void
read_blocklist (grub_disk_addr_t sector, unsigned offset, unsigned length,
char *buf __attribute__ ((unused)), void *data)
void *data)
{
struct blocklist_ctx *ctx = data;
@ -70,7 +70,7 @@ read_blocklist (grub_disk_addr_t sector, unsigned offset, unsigned length,
}
if (!length)
return GRUB_ERR_NONE;
return;
print_blocklist (ctx->start_sector, ctx->num_sectors, 0, 0, ctx);
ctx->num_sectors = 0;
}
@ -87,7 +87,7 @@ read_blocklist (grub_disk_addr_t sector, unsigned offset, unsigned length,
}
if (!length)
return GRUB_ERR_NONE;
return;
if (length & (GRUB_DISK_SECTOR_SIZE - 1))
{
@ -103,8 +103,6 @@ read_blocklist (grub_disk_addr_t sector, unsigned offset, unsigned length,
ctx->start_sector = sector;
ctx->num_sectors = length >> GRUB_DISK_SECTOR_BITS;
}
return GRUB_ERR_NONE;
}
static grub_err_t

64
grub-core/commands/boot.c
View file

@ -27,20 +27,10 @@
GRUB_MOD_LICENSE ("GPLv3+");
static grub_err_t (*grub_loader_boot_func) (void *context);
static grub_err_t (*grub_loader_unload_func) (void *context);
static void *grub_loader_context;
static grub_err_t (*grub_loader_boot_func) (void);
static grub_err_t (*grub_loader_unload_func) (void);
static int grub_loader_flags;
struct grub_simple_loader_hooks
{
grub_err_t (*boot) (void);
grub_err_t (*unload) (void);
};
/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
static struct grub_simple_loader_hooks simple_loader_hooks;
struct grub_preboot
{
grub_err_t (*preboot_func) (int);
@ -54,29 +44,6 @@ static int grub_loader_loaded;
static struct grub_preboot *preboots_head = 0,
*preboots_tail = 0;
static grub_err_t
grub_simple_boot_hook (void *context)
{
struct grub_simple_loader_hooks *hooks;
hooks = (struct grub_simple_loader_hooks *) context;
return hooks->boot ();
}
static grub_err_t
grub_simple_unload_hook (void *context)
{
struct grub_simple_loader_hooks *hooks;
grub_err_t ret;
hooks = (struct grub_simple_loader_hooks *) context;
ret = hooks->unload ();
grub_memset (hooks, 0, sizeof (*hooks));
return ret;
}
int
grub_loader_is_loaded (void)
{
@ -143,45 +110,28 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
}
void
grub_loader_set_ex (grub_err_t (*boot) (void *context),
grub_err_t (*unload) (void *context),
void *context,
grub_loader_set (grub_err_t (*boot) (void),
grub_err_t (*unload) (void),
int flags)
{
if (grub_loader_loaded && grub_loader_unload_func)
grub_loader_unload_func (grub_loader_context);
grub_loader_unload_func ();
grub_loader_boot_func = boot;
grub_loader_unload_func = unload;
grub_loader_context = context;
grub_loader_flags = flags;
grub_loader_loaded = 1;
}
void
grub_loader_set (grub_err_t (*boot) (void),
grub_err_t (*unload) (void),
int flags)
{
grub_loader_set_ex (grub_simple_boot_hook,
grub_simple_unload_hook,
&simple_loader_hooks,
flags);
simple_loader_hooks.boot = boot;
simple_loader_hooks.unload = unload;
}
void
grub_loader_unset(void)
{
if (grub_loader_loaded && grub_loader_unload_func)
grub_loader_unload_func (grub_loader_context);
grub_loader_unload_func ();
grub_loader_boot_func = 0;
grub_loader_unload_func = 0;
grub_loader_context = 0;
grub_loader_loaded = 0;
}
@ -208,7 +158,7 @@ grub_loader_boot (void)
return err;
}
}
err = (grub_loader_boot_func) (grub_loader_context);
err = (grub_loader_boot_func) ();
for (cur = preboots_tail; cur; cur = cur->prev)
if (! err)

30
grub-core/commands/cmp.c
View file

@ -22,21 +22,14 @@
#include <grub/file.h>
#include <grub/mm.h>
#include <grub/command.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
GRUB_MOD_LICENSE ("GPLv3+");
#define BUFFER_SIZE 512
static const struct grub_arg_option options[] =
{
{0, 'v', 0, N_("Enable verbose output"), 0, 0},
{0, 0, 0, 0, 0, 0}
};
static grub_err_t
grub_cmd_cmp (grub_extcmd_context_t ctxt,
grub_cmd_cmp (grub_command_t cmd __attribute__ ((unused)),
int argc, char **args)
{
grub_ssize_t rd1, rd2;
@ -45,20 +38,19 @@ grub_cmd_cmp (grub_extcmd_context_t ctxt,
grub_file_t file2 = 0;
char *buf1 = 0;
char *buf2 = 0;
grub_err_t err = GRUB_ERR_TEST_FAILURE;
if (argc != 2)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
if (ctxt->state[0].set)
grub_printf_ (N_("Compare file `%s' with `%s':\n"), args[0], args[1]);
grub_printf_ (N_("Compare file `%s' with `%s':\n"), args[0],
args[1]);
file1 = grub_file_open (args[0], GRUB_FILE_TYPE_CMP);
file2 = grub_file_open (args[1], GRUB_FILE_TYPE_CMP);
if (! file1 || ! file2)
goto cleanup;
if (ctxt->state[0].set && (grub_file_size (file1) != grub_file_size (file2)))
if (grub_file_size (file1) != grub_file_size (file2))
grub_printf_ (N_("Files differ in size: %llu [%s], %llu [%s]\n"),
(unsigned long long) grub_file_size (file1), args[0],
(unsigned long long) grub_file_size (file2), args[1]);
@ -86,7 +78,6 @@ grub_cmd_cmp (grub_extcmd_context_t ctxt,
{
if (buf1[i] != buf2[i])
{
if (ctxt->state[0].set)
grub_printf_ (N_("Files differ at the offset %llu: 0x%x [%s], 0x%x [%s]\n"),
(unsigned long long) (i + pos), buf1[i],
args[0], buf2[i], args[1]);
@ -99,9 +90,7 @@ grub_cmd_cmp (grub_extcmd_context_t ctxt,
while (rd2);
/* TRANSLATORS: it's always exactly 2 files. */
if (ctxt->state[0].set)
grub_printf_ (N_("The files are identical.\n"));
err = GRUB_ERR_NONE;
}
cleanup:
@ -113,19 +102,18 @@ cleanup:
if (file2)
grub_file_close (file2);
return err;
return grub_errno;
}
static grub_extcmd_t cmd;
static grub_command_t cmd;
GRUB_MOD_INIT(cmp)
{
cmd = grub_register_extcmd ("cmp", grub_cmd_cmp, 0,
N_("FILE1 FILE2"), N_("Compare two files."),
options);
cmd = grub_register_command ("cmp", grub_cmd_cmp,
N_("FILE1 FILE2"), N_("Compare two files."));
}
GRUB_MOD_FINI(cmp)
{
grub_unregister_extcmd (cmd);
grub_unregister_command (cmd);
}

26
grub-core/commands/efi/efifwsetup.c
View file

@ -27,8 +27,6 @@
GRUB_MOD_LICENSE ("GPLv3+");
static grub_efi_boolean_t efifwsetup_is_supported (void);
static grub_err_t
grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
@ -38,14 +36,7 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
grub_efi_uint64_t os_indications = GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
grub_err_t status;
grub_size_t oi_size;
static grub_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
if (argc >= 1 && grub_strcmp(args[0], "--is-supported") == 0)
return !efifwsetup_is_supported ();
if (!efifwsetup_is_supported ())
return grub_error (GRUB_ERR_INVALID_COMMAND,
N_("reboot to firmware setup is not supported by the current firmware"));
grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
grub_efi_get_variable ("OsIndications", &global, &oi_size,
(void **) &old_os_indications);
@ -53,8 +44,6 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
if (old_os_indications != NULL && oi_size == sizeof (os_indications))
os_indications |= *old_os_indications;
grub_free (old_os_indications);
status = grub_efi_set_variable ("OsIndications", &global, &os_indications,
sizeof (os_indications));
if (status != GRUB_ERR_NONE)
@ -72,27 +61,26 @@ efifwsetup_is_supported (void)
{
grub_efi_uint64_t *os_indications_supported = NULL;
grub_size_t oi_size = 0;
static grub_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
grub_efi_boolean_t ret = 0;
grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size,
(void **) &os_indications_supported);
if (!os_indications_supported)
goto done;
return 0;
if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI)
ret = 1;
return 1;
done:
grub_free (os_indications_supported);
return ret;
return 0;
}
GRUB_MOD_INIT (efifwsetup)
{
if (efifwsetup_is_supported ())
cmd = grub_register_command ("fwsetup", grub_cmd_fwsetup, NULL,
N_("Reboot into firmware setup menu."));
}
GRUB_MOD_FINI (efifwsetup)

153
grub-core/commands/efi/efitextmode.c
View file

@ -1,153 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*
* Set/Get UEFI text output mode resolution.
*/
#include <grub/dl.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/efi/efi.h>
#include <grub/efi/api.h>
GRUB_MOD_LICENSE ("GPLv3+");
static grub_err_t
grub_efi_set_mode (grub_efi_simple_text_output_interface_t *o,
grub_efi_int32_t mode)
{
grub_efi_status_t status;
if (mode != o->mode->mode)
{
status = o->set_mode (o, mode);
if (status == GRUB_EFI_SUCCESS)
;
else if (status == GRUB_EFI_DEVICE_ERROR)
return grub_error (GRUB_ERR_BAD_DEVICE,
N_("device error: could not set requested mode"));
else if (status == GRUB_EFI_UNSUPPORTED)
return grub_error (GRUB_ERR_OUT_OF_RANGE,
N_("invalid mode: number not valid"));
else
return grub_error (GRUB_ERR_BAD_FIRMWARE,
N_("unexpected EFI error number: `%u'"),
(unsigned) status);
}
return GRUB_ERR_NONE;
}
static grub_err_t
grub_cmd_efitextmode (grub_command_t cmd __attribute__ ((unused)),
int argc, char **args)
{
grub_efi_simple_text_output_interface_t *o = grub_efi_system_table->con_out;
unsigned long mode;
const char *p = NULL;
grub_err_t err;
grub_efi_uintn_t columns, rows;
grub_efi_int32_t i;
if (o == NULL)
return grub_error (GRUB_ERR_BAD_DEVICE, N_("no UEFI output console interface"));
if (o->mode == NULL)
return grub_error (GRUB_ERR_BUG, N_("no mode struct for UEFI output console"));
if (argc > 2)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("at most two arguments expected"));
if (argc == 0)
{
grub_printf_ (N_("Available modes for console output device.\n"));
for (i = 0; i < o->mode->max_mode; i++)
if (GRUB_EFI_SUCCESS == o->query_mode (o, i, &columns, &rows))
grub_printf_ (N_(" [%" PRIuGRUB_EFI_UINT32_T "] Col %5"
PRIuGRUB_EFI_UINTN_T " Row %5" PRIuGRUB_EFI_UINTN_T
" %c\n"),
i, columns, rows, (i == o->mode->mode) ? '*' : ' ');
}
else if (argc == 1)
{
if (grub_strcmp (args[0], "min") == 0)
mode = 0;
else if (grub_strcmp (args[0], "max") == 0)
mode = o->mode->max_mode - 1;
else
{
mode = grub_strtoul (args[0], &p, 0);
if (*args[0] == '\0' || *p != '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("non-numeric or invalid mode `%s'"), args[0]);
}
if (mode < (unsigned long) o->mode->max_mode)
{
err = grub_efi_set_mode (o, (grub_efi_int32_t) mode);
if (err != GRUB_ERR_NONE)
return err;
}
else
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("invalid mode: `%lu' is greater than maximum mode `%lu'"),
mode, (unsigned long) o->mode->max_mode);
}
else if (argc == 2)
{
grub_efi_uintn_t u_columns, u_rows;
u_columns = (grub_efi_uintn_t) grub_strtoul (args[0], &p, 0);
if (*args[0] == '\0' || *p != '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("non-numeric or invalid columns number `%s'"), args[0]);
u_rows = (grub_efi_uintn_t) grub_strtoul (args[1], &p, 0);
if (*args[1] == '\0' || *p != '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("non-numeric or invalid rows number `%s'"), args[1]);
for (i = 0; i < o->mode->max_mode; i++)
if (GRUB_EFI_SUCCESS == o->query_mode (o, i, &columns, &rows))
if (u_columns == columns && u_rows == rows)
return grub_efi_set_mode (o, (grub_efi_int32_t) i);
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("no mode found with requested columns and rows"));
}
return GRUB_ERR_NONE;
}
static grub_command_t cmd;
GRUB_MOD_INIT (efitextmode)
{
cmd = grub_register_command ("efitextmode", grub_cmd_efitextmode,
N_("[min | max | <mode_num> | <cols> <rows>]"),
N_("Get or set EFI text mode."));
}
GRUB_MOD_FINI (efitextmode)
{
grub_unregister_command (cmd);
}

48
grub-core/commands/efi/loadbios.c
View file

@ -27,9 +27,9 @@
GRUB_MOD_LICENSE ("GPLv3+");
static grub_guid_t acpi_guid = GRUB_EFI_ACPI_TABLE_GUID;
static grub_guid_t acpi2_guid = GRUB_EFI_ACPI_20_TABLE_GUID;
static grub_guid_t smbios_guid = GRUB_EFI_SMBIOS_TABLE_GUID;
static grub_efi_guid_t acpi_guid = GRUB_EFI_ACPI_TABLE_GUID;
static grub_efi_guid_t acpi2_guid = GRUB_EFI_ACPI_20_TABLE_GUID;
static grub_efi_guid_t smbios_guid = GRUB_EFI_SMBIOS_TABLE_GUID;
#define EBDA_SEG_ADDR 0x40e
#define LOW_MEM_ADDR 0x413
@ -46,7 +46,7 @@ enable_rom_area (void)
grub_uint32_t *rom_ptr;
grub_pci_device_t dev = { .bus = 0, .device = 0, .function = 0};
rom_ptr = grub_absolute_pointer (VBIOS_ADDR);
rom_ptr = (grub_uint32_t *) VBIOS_ADDR;
if (*rom_ptr != BLANK_MEM)
{
grub_puts_ (N_("ROM image is present."));
@ -92,29 +92,47 @@ lock_rom_area (void)
static void
fake_bios_data (int use_rom)
{
unsigned i;
void *acpi, *smbios;
grub_uint16_t *ebda_seg_ptr, *low_mem_ptr;
ebda_seg_ptr = grub_absolute_pointer (EBDA_SEG_ADDR);
low_mem_ptr = grub_absolute_pointer (LOW_MEM_ADDR);
ebda_seg_ptr = (grub_uint16_t *) EBDA_SEG_ADDR;
low_mem_ptr = (grub_uint16_t *) LOW_MEM_ADDR;
if ((*ebda_seg_ptr) || (*low_mem_ptr))
return;
acpi = grub_efi_find_configuration_table (&acpi2_guid);
grub_dprintf ("efi", "ACPI2: %p\n", acpi);
if (!acpi) {
acpi = grub_efi_find_configuration_table (&acpi_guid);
grub_dprintf ("efi", "ACPI: %p\n", acpi);
}
acpi = 0;
smbios = 0;
for (i = 0; i < grub_efi_system_table->num_table_entries; i++)
{
grub_efi_packed_guid_t *guid =
&grub_efi_system_table->configuration_table[i].vendor_guid;
smbios = grub_efi_find_configuration_table (&smbios_guid);
if (! grub_memcmp (guid, &acpi2_guid, sizeof (grub_efi_guid_t)))
{
acpi = grub_efi_system_table->configuration_table[i].vendor_table;
grub_dprintf ("efi", "ACPI2: %p\n", acpi);
}
else if (! grub_memcmp (guid, &acpi_guid, sizeof (grub_efi_guid_t)))
{
void *t;
t = grub_efi_system_table->configuration_table[i].vendor_table;
if (! acpi)
acpi = t;
grub_dprintf ("efi", "ACPI: %p\n", t);
}
else if (! grub_memcmp (guid, &smbios_guid, sizeof (grub_efi_guid_t)))
{
smbios = grub_efi_system_table->configuration_table[i].vendor_table;
grub_dprintf ("efi", "SMBIOS: %p\n", smbios);
}
}
*ebda_seg_ptr = FAKE_EBDA_SEG;
*low_mem_ptr = (FAKE_EBDA_SEG >> 6);
/* *((grub_uint16_t *) (FAKE_EBDA_SEG << 4)) = 640 - *low_mem_ptr; */
*((grub_uint16_t *) (grub_absolute_pointer (FAKE_EBDA_SEG << 4))) = 640 - *low_mem_ptr;
*((grub_uint16_t *) (FAKE_EBDA_SEG << 4)) = 640 - *low_mem_ptr;
if (acpi)
grub_memcpy ((char *) ((FAKE_EBDA_SEG << 4) + 16), acpi, 1024 - 16);

25
grub-core/commands/efi/lsefi.c
View file

@ -29,9 +29,9 @@
GRUB_MOD_LICENSE ("GPLv3+");
static struct known_protocol
struct known_protocol
{
grub_guid_t guid;
grub_efi_guid_t guid;
const char *name;
} known_protocols[] =
{
@ -55,7 +55,6 @@ static struct known_protocol
{ GRUB_EFI_ABSOLUTE_POINTER_PROTOCOL_GUID, "absolute pointer" },
{ GRUB_EFI_DRIVER_BINDING_PROTOCOL_GUID, "EFI driver binding" },
{ GRUB_EFI_LOAD_FILE_PROTOCOL_GUID, "load file" },
{ GRUB_EFI_LOAD_FILE2_PROTOCOL_GUID, "load file2" },
{ GRUB_EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID, "simple FS" },
{ GRUB_EFI_TAPE_IO_PROTOCOL_GUID, "tape I/O" },
{ GRUB_EFI_UNICODE_COLLATION_PROTOCOL_GUID, "unicode collation" },
@ -96,7 +95,7 @@ grub_cmd_lsefi (grub_command_t cmd __attribute__ ((unused)),
grub_efi_handle_t handle = handles[i];
grub_efi_status_t status;
grub_efi_uintn_t num_protocols;
grub_packed_guid_t **protocols;
grub_efi_packed_guid_t **protocols;
grub_efi_device_path_t *dp;
grub_printf ("Handle %p\n", handle);
@ -108,9 +107,8 @@ grub_cmd_lsefi (grub_command_t cmd __attribute__ ((unused)),
grub_efi_print_device_path (dp);
}
status = grub_efi_system_table->boot_services->protocols_per_handle (handle,
&protocols,
&num_protocols);
status = efi_call_3 (grub_efi_system_table->boot_services->protocols_per_handle,
handle, &protocols, &num_protocols);
if (status != GRUB_EFI_SUCCESS) {
grub_printf ("Unable to retrieve protocols\n");
continue;
@ -124,7 +122,18 @@ grub_cmd_lsefi (grub_command_t cmd __attribute__ ((unused)),
if (k < ARRAY_SIZE (known_protocols))
grub_printf (" %s\n", known_protocols[k].name);
else
grub_printf (" %pG\n", protocols[j]);
grub_printf (" %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
protocols[j]->data1,
protocols[j]->data2,
protocols[j]->data3,
(unsigned) protocols[j]->data4[0],
(unsigned) protocols[j]->data4[1],
(unsigned) protocols[j]->data4[2],
(unsigned) protocols[j]->data4[3],
(unsigned) protocols[j]->data4[4],
(unsigned) protocols[j]->data4[5],
(unsigned) protocols[j]->data4[6],
(unsigned) protocols[j]->data4[7]);
}
}

22
grub-core/commands/efi/lsefisystab.c
View file

@ -29,7 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
struct guid_mapping
{
grub_guid_t guid;
grub_efi_guid_t guid;
const char *name;
};
@ -37,7 +37,6 @@ static const struct guid_mapping guid_mappings[] =
{
{ GRUB_EFI_ACPI_20_TABLE_GUID, "ACPI-2.0"},
{ GRUB_EFI_ACPI_TABLE_GUID, "ACPI-1.0"},
{ GRUB_EFI_CONFORMANCE_PROFILES_TABLE_GUID, "CONFORMANCE PROFILES"},
{ GRUB_EFI_CRC32_GUIDED_SECTION_EXTRACTION_GUID,
"CRC32 GUIDED SECTION EXTRACTION"},
{ GRUB_EFI_DEBUG_IMAGE_INFO_TABLE_GUID, "DEBUG IMAGE INFO"},
@ -45,7 +44,6 @@ static const struct guid_mapping guid_mappings[] =
{ GRUB_EFI_DXE_SERVICES_TABLE_GUID, "DXE SERVICES"},
{ GRUB_EFI_HCDP_TABLE_GUID, "HCDP"},
{ GRUB_EFI_HOB_LIST_GUID, "HOB LIST"},
{ GRUB_EFI_IMAGE_SECURITY_DATABASE_GUID, "IMAGE EXECUTION INFORMATION"},
{ GRUB_EFI_LZMA_CUSTOM_DECOMPRESS_GUID, "LZMA CUSTOM DECOMPRESS"},
{ GRUB_EFI_MEMORY_TYPE_INFORMATION_GUID, "MEMORY TYPE INFO"},
{ GRUB_EFI_MPS_TABLE_GUID, "MPS"},
@ -64,18 +62,12 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
const grub_efi_system_table_t *st = grub_efi_system_table;
const grub_efi_uint32_t major_rev = st->hdr.revision >> 16;
const grub_efi_uint32_t minor_rev_upper = (st->hdr.revision & 0xffff) / 10;
const grub_efi_uint32_t minor_rev_lower = (st->hdr.revision & 0xffff) % 10;
grub_efi_configuration_table_t *t;
unsigned int i;
grub_printf ("Address: %p\n", st);
grub_printf ("Signature: %016" PRIxGRUB_UINT64_T " revision: %u.%u",
st->hdr.signature, major_rev, minor_rev_upper);
if (minor_rev_lower)
grub_printf (".%u", minor_rev_lower);
grub_printf ("\n");
grub_printf ("Signature: %016" PRIxGRUB_UINT64_T " revision: %08x\n",
st->hdr.signature, st->hdr.revision);
{
char *vendor;
grub_uint16_t *vendor_utf16;
@ -102,11 +94,15 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
grub_printf ("%p ", t->vendor_table);
grub_printf ("%pG", &t->vendor_guid);
grub_printf ("%08x-%04x-%04x-",
t->vendor_guid.data1, t->vendor_guid.data2,
t->vendor_guid.data3);
for (j = 0; j < 8; j++)
grub_printf ("%02x", t->vendor_guid.data4[j]);
for (j = 0; j < ARRAY_SIZE (guid_mappings); j++)
if (grub_memcmp (&guid_mappings[j].guid, &t->vendor_guid,
sizeof (grub_guid_t)) == 0)
sizeof (grub_efi_guid_t)) == 0)
grub_printf (" %s", guid_mappings[j].name);
grub_printf ("\n");

18
grub-core/commands/efi/lssal.c
View file

@ -136,16 +136,22 @@ grub_cmd_lssal (struct grub_command *cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
static grub_guid_t guid = GRUB_EFI_SAL_TABLE_GUID;
void *table = grub_efi_find_configuration_table (&guid);
const grub_efi_system_table_t *st = grub_efi_system_table;
grub_efi_configuration_table_t *t = st->configuration_table;
unsigned int i;
grub_efi_packed_guid_t guid = GRUB_EFI_SAL_TABLE_GUID;
if (table == NULL)
for (i = 0; i < st->num_table_entries; i++)
{
grub_printf ("SAL not found\n");
if (grub_memcmp (&guid, &t->vendor_guid,
sizeof (grub_efi_packed_guid_t)) == 0)
{
disp_sal (t->vendor_table);
return GRUB_ERR_NONE;
}
disp_sal (table);
t++;
}
grub_printf ("SAL not found\n");
return GRUB_ERR_NONE;
}

32
grub-core/commands/efi/smbios.c
View file

@ -18,20 +18,44 @@
*/
#include <grub/smbios.h>
#include <grub/misc.h>
#include <grub/efi/efi.h>
#include <grub/efi/api.h>
struct grub_smbios_eps *
grub_machine_smbios_get_eps (void)
{
static grub_guid_t smbios_guid = GRUB_EFI_SMBIOS_TABLE_GUID;
unsigned i;
static grub_efi_packed_guid_t smbios_guid = GRUB_EFI_SMBIOS_TABLE_GUID;
return (struct grub_smbios_eps *) grub_efi_find_configuration_table (&smbios_guid);
for (i = 0; i < grub_efi_system_table->num_table_entries; i++)
{
grub_efi_packed_guid_t *guid =
&grub_efi_system_table->configuration_table[i].vendor_guid;
if (! grub_memcmp (guid, &smbios_guid, sizeof (grub_efi_packed_guid_t)))
return (struct grub_smbios_eps *)
grub_efi_system_table->configuration_table[i].vendor_table;
}
return 0;
}
struct grub_smbios_eps3 *
grub_machine_smbios_get_eps3 (void)
{
static grub_guid_t smbios3_guid = GRUB_EFI_SMBIOS3_TABLE_GUID;
unsigned i;
static grub_efi_packed_guid_t smbios3_guid = GRUB_EFI_SMBIOS3_TABLE_GUID;
return (struct grub_smbios_eps3 *) grub_efi_find_configuration_table (&smbios3_guid);
for (i = 0; i < grub_efi_system_table->num_table_entries; i++)
{
grub_efi_packed_guid_t *guid =
&grub_efi_system_table->configuration_table[i].vendor_guid;
if (! grub_memcmp (guid, &smbios3_guid, sizeof (grub_efi_packed_guid_t)))
return (struct grub_smbios_eps3 *)
grub_efi_system_table->configuration_table[i].vendor_table;
}
return 0;
}

121
grub-core/commands/efi/tpm.c
View file

@ -22,7 +22,6 @@
#include <grub/i18n.h>
#include <grub/efi/api.h>
#include <grub/efi/efi.h>
#include <grub/efi/cc.h>
#include <grub/efi/tpm.h>
#include <grub/mm.h>
#include <grub/tpm.h>
@ -30,9 +29,8 @@
typedef TCG_PCR_EVENT grub_tpm_event_t;
static grub_guid_t tpm_guid = EFI_TPM_GUID;
static grub_guid_t tpm2_guid = EFI_TPM2_GUID;
static grub_guid_t cc_measurement_guid = GRUB_EFI_CC_MEASUREMENT_PROTOCOL_GUID;
static grub_efi_guid_t tpm_guid = EFI_TPM_GUID;
static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID;
static grub_efi_handle_t *grub_tpm_handle;
static grub_uint8_t grub_tpm_version;
@ -53,7 +51,8 @@ grub_tpm1_present (grub_efi_tpm_protocol_t *tpm)
caps.Size = (grub_uint8_t) sizeof (caps);
status = tpm->status_check (tpm, &caps, &flags, &eventlog, &lastevent);
status = efi_call_5 (tpm->status_check, tpm, &caps, &flags, &eventlog,
&lastevent);
if (status != GRUB_EFI_SUCCESS || caps.TPMDeactivatedFlag
|| !caps.TPMPresentFlag)
@ -77,7 +76,7 @@ grub_tpm2_present (grub_efi_tpm2_protocol_t *tpm)
if (tpm2_present != -1)
return (grub_efi_boolean_t) tpm2_present;
status = tpm->get_capability (tpm, &caps);
status = efi_call_2 (tpm->get_capability, tpm, &caps);
if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
tpm2_present = 0;
@ -136,17 +135,17 @@ grub_efi_log_event_status (grub_efi_status_t status)
switch (status)
{
case GRUB_EFI_SUCCESS:
return GRUB_ERR_NONE;
return 0;
case GRUB_EFI_DEVICE_ERROR:
return grub_error (GRUB_ERR_IO, N_("command failed"));
return grub_error (GRUB_ERR_IO, N_("Command failed"));
case GRUB_EFI_INVALID_PARAMETER:
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid parameter"));
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
case GRUB_EFI_BUFFER_TOO_SMALL:
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("output buffer too small"));
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
case GRUB_EFI_NOT_FOUND:
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
default:
return grub_error (grub_is_tpm_fail_fatal () ? GRUB_ERR_UNKNOWN_DEVICE : GRUB_ERR_NONE, N_("unknown TPM error"));
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
}
}
@ -176,10 +175,10 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
event->PCRIndex = pcr;
event->EventType = EV_IPL;
event->EventSize = grub_strlen (description) + 1;
grub_strcpy ((char *) event->Event, description);
grub_memcpy (event->Event, description, event->EventSize);
algorithm = TCG_ALG_SHA;
status = tpm->log_extend_event (tpm, (grub_addr_t) buf, (grub_uint64_t) size,
status = efi_call_7 (tpm->log_extend_event, tpm, (grub_addr_t) buf, (grub_uint64_t) size,
algorithm, event, &eventnum, &lastevent);
grub_free (event);
@ -213,59 +212,15 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
event->Header.EventType = EV_IPL;
event->Size =
sizeof (*event) - sizeof (event->Event) + grub_strlen (description) + 1;
grub_strcpy ((char *) event->Event, description);
grub_memcpy (event->Event, description, grub_strlen (description) + 1);
status = tpm->hash_log_extend_event (tpm, 0, (grub_addr_t) buf,
status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (grub_addr_t) buf,
(grub_uint64_t) size, event);
grub_free (event);
return grub_efi_log_event_status (status);
}
static void
grub_cc_log_event (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
grub_efi_cc_event_t *event;
grub_efi_status_t status;
grub_efi_cc_protocol_t *cc;
grub_efi_cc_mr_index_t mr;
cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL);
if (cc == NULL)
return;
status = cc->map_pcr_to_mr_index (cc, pcr, &mr);
if (status != GRUB_EFI_SUCCESS)
{
grub_efi_log_event_status (status);
return;
}
event = grub_zalloc (sizeof (grub_efi_cc_event_t) +
grub_strlen (description) + 1);
if (event == NULL)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate CC event buffer"));
return;
}
event->Header.HeaderSize = sizeof (grub_efi_cc_event_header_t);
event->Header.HeaderVersion = GRUB_EFI_CC_EVENT_HEADER_VERSION;
event->Header.MrIndex = mr;
event->Header.EventType = EV_IPL;
event->Size = sizeof (*event) + grub_strlen (description) + 1;
grub_strcpy ((char *) event->Event, description);
status = cc->hash_log_extend_event (cc, 0,
(grub_efi_physical_address_t)(grub_addr_t) buf,
(grub_efi_uint64_t) size, event);
grub_free (event);
if (status != GRUB_EFI_SUCCESS)
grub_efi_log_event_status (status);
}
grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
@ -273,8 +228,6 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
grub_efi_handle_t tpm_handle;
grub_efi_uint8_t protocol_version;
grub_cc_log_event(buf, size, pcr, description);
if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
return 0;
@ -286,49 +239,3 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
else
return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
}
int
grub_tpm_present (void)
{
grub_efi_handle_t tpm_handle;
grub_efi_uint8_t protocol_version;
grub_efi_cc_protocol_t *cc;
/*
* When confidential computing measurement protocol is enabled
* we assume the TPM is present.
*/
cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL);
if (cc != NULL)
return 1;
if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
return 0;
if (protocol_version == 1)
{
grub_efi_tpm_protocol_t *tpm;
tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
if (!tpm)
{
grub_dprintf ("tpm", "Cannot open TPM protocol\n");
return 0;
}
return grub_tpm1_present (tpm);
}
else
{
grub_efi_tpm2_protocol_t *tpm;
tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
if (!tpm)
{
grub_dprintf ("tpm", "Cannot open TPM protocol\n");
return 0;
}
return grub_tpm2_present (tpm);
}
}

3
grub-core/commands/extcmd.c
View file

@ -49,9 +49,6 @@ grub_extcmd_dispatcher (struct grub_command *cmd, int argc, char **args,
}
state = grub_arg_list_alloc (ext, argc, args);
if (state == NULL)
return grub_errno;
if (grub_arg_parse (ext, argc, args, state, &new_args, &new_argc))
{
context.state = state;

23
grub-core/commands/file.c
View file

@ -25,10 +25,10 @@
#include <grub/i18n.h>
#include <grub/file.h>
#include <grub/elf.h>
#include <grub/efi/efi.h>
#include <grub/xen_file.h>
#include <grub/efi/pe32.h>
#include <grub/arm/linux.h>
#include <grub/arm64/linux.h>
#include <grub/i386/linux.h>
#include <grub/xnu.h>
#include <grub/machoload.h>
@ -306,8 +306,6 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
elf = grub_elf_file (file, file->name);
if (elf == NULL)
break;
if (elf->ehdr.ehdr32.e_type != grub_cpu_to_le16_compile_time (ET_EXEC)
|| elf->ehdr.ehdr32.e_ident[EI_DATA] != ELFDATA2LSB)
break;
@ -393,7 +391,7 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
}
case IS_ARM_LINUX:
{
struct linux_arch_kernel_header lh;
struct linux_arm_kernel_header lh;
if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
break;
@ -414,24 +412,13 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
}
case IS_ARM64_LINUX:
{
struct linux_arch_kernel_header lh;
struct linux_arm64_kernel_header lh;
if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
break;
/*
* The PE/COFF header can be anywhere in the file. Load it from the correct
* offset if it is not where it is expected.
*/
if ((grub_uint8_t *) &lh + lh.hdr_offset != (grub_uint8_t *) &lh.pe_image_header)
{
if (grub_file_seek (file, lh.hdr_offset) == (grub_off_t) -1
|| grub_file_read (file, &lh.pe_image_header, sizeof (struct grub_pe_image_header))
!= sizeof (struct grub_pe_image_header))
return grub_error (GRUB_ERR_FILE_READ_ERROR, "failed to read COFF image header");
}
if (lh.pe_image_header.coff_header.machine == grub_cpu_to_le16_compile_time (GRUB_PE32_MACHINE_ARM64))
if (lh.magic ==
grub_cpu_to_le32_compile_time (GRUB_LINUX_ARM64_MAGIC_SIGNATURE))
{
ret = 1;
break;

2
grub-core/commands/help.c
View file

@ -135,8 +135,6 @@ grub_cmd_help (grub_extcmd_context_t ctxt __attribute__ ((unused)), int argc,
}
}
grub_printf ("\n\nTo enable less(1)-like paging, \"set pager=1\".\n");
return 0;
}

5
grub-core/commands/hexdump.c
View file

@ -24,7 +24,6 @@
#include <grub/lib/hexdump.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -52,11 +51,7 @@ grub_cmd_hexdump (grub_extcmd_context_t ctxt, int argc, char **args)
length = (state[1].set) ? grub_strtoul (state[1].arg, 0, 0) : 256;
if (!grub_strcmp (args[0], "(mem)"))
{
if (grub_is_lockdown() == GRUB_LOCKDOWN_ENABLED)
return grub_error (GRUB_ERR_ACCESS_DENIED, N_("memory reading is disabled in lockdown mode"));
hexdump (skip, (char *) (grub_addr_t) skip, length);
}
else if ((args[0][0] == '(') && (args[0][namelen - 1] == ')'))
{
grub_disk_t disk;

6
grub-core/commands/i386/cmostest.c
View file

@ -104,13 +104,13 @@ static grub_command_t cmd, cmd_clean, cmd_set;
GRUB_MOD_INIT(cmostest)
{
cmd = grub_register_command_lockdown ("cmostest", grub_cmd_cmostest,
cmd = grub_register_command ("cmostest", grub_cmd_cmostest,
N_("BYTE:BIT"),
N_("Test bit at BYTE:BIT in CMOS."));
cmd_clean = grub_register_command_lockdown ("cmosclean", grub_cmd_cmosclean,
cmd_clean = grub_register_command ("cmosclean", grub_cmd_cmosclean,
N_("BYTE:BIT"),
N_("Clear bit at BYTE:BIT in CMOS."));
cmd_set = grub_register_command_lockdown ("cmosset", grub_cmd_cmosset,
cmd_set = grub_register_command ("cmosset", grub_cmd_cmosset,
N_("BYTE:BIT"),
/* TRANSLATORS: A bit may be either set (1) or clear (0). */
N_("Set bit at BYTE:BIT in CMOS."));

8
grub-core/commands/i386/pc/drivemap.c
View file

@ -31,6 +31,9 @@
GRUB_MOD_LICENSE ("GPLv3+");
/* Real mode IVT slot (seg:off far pointer) for interrupt 0x13. */
static grub_uint32_t *const int13slot = (grub_uint32_t *) (4 * 0x13);
/* Remember to update enum opt_idxs accordingly. */
static const struct grub_arg_option options[] = {
/* TRANSLATORS: In this file "mapping" refers to a change GRUB makes so if
@ -277,8 +280,6 @@ install_int13_handler (int noret __attribute__ ((unused)))
grub_uint8_t *handler_base = 0;
/* Address of the map within the deployed bundle. */
int13map_node_t *handler_map;
/* Real mode IVT slot (seg:off far pointer) for interrupt 0x13. */
grub_uint32_t *int13slot = (grub_uint32_t *) grub_absolute_pointer (4 * 0x13);
int i;
int entries = 0;
@ -353,9 +354,6 @@ install_int13_handler (int noret __attribute__ ((unused)))
static grub_err_t
uninstall_int13_handler (void)
{
/* Real mode IVT slot (seg:off far pointer) for interrupt 0x13. */
grub_uint32_t *int13slot = (grub_uint32_t *) grub_absolute_pointer (4 * 0x13);
if (! grub_drivemap_oldhandler)
return GRUB_ERR_NONE;

12
grub-core/commands/i386/pc/sendkey.c
View file

@ -216,12 +216,12 @@ static grub_err_t
grub_sendkey_postboot (void)
{
/* For convention: pointer to flags. */
grub_uint32_t *flags = grub_absolute_pointer (0x417);
grub_uint32_t *flags = (grub_uint32_t *) 0x417;
*flags = oldflags;
*((volatile char *) grub_absolute_pointer (0x41a)) = 0x1e;
*((volatile char *) grub_absolute_pointer (0x41c)) = 0x1e;
*((char *) 0x41a) = 0x1e;
*((char *) 0x41c) = 0x1e;
return GRUB_ERR_NONE;
}
@ -231,13 +231,13 @@ static grub_err_t
grub_sendkey_preboot (int noret __attribute__ ((unused)))
{
/* For convention: pointer to flags. */
grub_uint32_t *flags = grub_absolute_pointer (0x417);
grub_uint32_t *flags = (grub_uint32_t *) 0x417;
oldflags = *flags;
/* Set the sendkey. */
*((volatile char *) grub_absolute_pointer (0x41a)) = 0x1e;
*((volatile char *) grub_absolute_pointer (0x41c)) = keylen + 0x1e;
*((char *) 0x41a) = 0x1e;
*((char *) 0x41c) = keylen + 0x1e;
grub_memcpy ((char *) 0x41e, sendkey, 0x20);
/* Transform "any ctrl" to "right ctrl" flag. */

25
grub-core/commands/i386/rdmsr.c
View file

@ -26,7 +26,7 @@
#include <grub/extcmd.h>
#include <grub/i18n.h>
#include <grub/i386/cpuid.h>
#include <grub/i386/msr.h>
#include <grub/i386/rdmsr.h>
GRUB_MOD_LICENSE("GPLv3+");
@ -42,16 +42,27 @@ static const struct grub_arg_option options[] =
static grub_err_t
grub_cmd_msr_read (grub_extcmd_context_t ctxt, int argc, char **argv)
{
grub_err_t err;
grub_uint32_t addr;
grub_uint32_t manufacturer[3], max_cpuid, a, b, c, features, addr;
grub_uint64_t value;
const char *ptr;
char buf[sizeof("1122334455667788")];
err = grub_cpu_is_msr_supported ();
/*
* The CPUID instruction should be used to determine whether MSRs
* are supported. (CPUID.01H:EDX[5] = 1)
*/
if (! grub_cpu_is_cpuid_supported ())
return grub_error (GRUB_ERR_BUG, N_("unsupported instruction"));
if (err != GRUB_ERR_NONE)
return grub_error (err, N_("RDMSR is unsupported"));
grub_cpuid (0, max_cpuid, manufacturer[0], manufacturer[2], manufacturer[1]);
if (max_cpuid < 1)
return grub_error (GRUB_ERR_BUG, N_("unsupported instruction"));
grub_cpuid (1, a, b, c, features);
if (!(features & (1 << 5)))
return grub_error (GRUB_ERR_BUG, N_("unsupported instruction"));
if (argc != 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
@ -65,7 +76,7 @@ grub_cmd_msr_read (grub_extcmd_context_t ctxt, int argc, char **argv)
if (*ptr != '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid argument"));
value = grub_rdmsr (addr);
value = grub_msr_read (addr);
if (ctxt->state[0].set)
{

25
grub-core/commands/i386/wrmsr.c
View file

@ -27,7 +27,7 @@
#include <grub/lockdown.h>
#include <grub/i18n.h>
#include <grub/i386/cpuid.h>
#include <grub/i386/msr.h>
#include <grub/i386/wrmsr.h>
GRUB_MOD_LICENSE("GPLv3+");
@ -36,15 +36,26 @@ static grub_command_t cmd_write;
static grub_err_t
grub_cmd_msr_write (grub_command_t cmd __attribute__ ((unused)), int argc, char **argv)
{
grub_err_t err;
grub_uint32_t addr;
grub_uint32_t manufacturer[3], max_cpuid, a, b, c, features, addr;
grub_uint64_t value;
const char *ptr;
err = grub_cpu_is_msr_supported ();
/*
* The CPUID instruction should be used to determine whether MSRs
* are supported. (CPUID.01H:EDX[5] = 1)
*/
if (!grub_cpu_is_cpuid_supported ())
return grub_error (GRUB_ERR_BUG, N_("unsupported instruction"));
if (err != GRUB_ERR_NONE)
return grub_error (err, N_("WRMSR is unsupported"));
grub_cpuid (0, max_cpuid, manufacturer[0], manufacturer[2], manufacturer[1]);
if (max_cpuid < 1)
return grub_error (GRUB_ERR_BUG, N_("unsupported instruction"));
grub_cpuid (1, a, b, c, features);
if (!(features & (1 << 5)))
return grub_error (GRUB_ERR_BUG, N_("unsupported instruction"));
if (argc != 2)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
@ -66,7 +77,7 @@ grub_cmd_msr_write (grub_command_t cmd __attribute__ ((unused)), int argc, char
if (*ptr != '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid argument"));
grub_wrmsr (addr, value);
grub_msr_write (addr, value);
return GRUB_ERR_NONE;
}

117
grub-core/commands/ieee1275/ibmvtpm.c
View file

@ -1,117 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Free Software Foundation, Inc.
* Copyright (C) 2022 IBM Corporation
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*
* IBM vTPM support code.
*/
#include <grub/err.h>
#include <grub/types.h>
#include <grub/tpm.h>
#include <grub/ieee1275/ieee1275.h>
#include <grub/ieee1275/tpm.h>
#include <grub/mm.h>
#include <grub/misc.h>
static int
ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex,
grub_uint32_t eventtype,
const char *description,
grub_size_t description_size,
void *buf, grub_size_t size)
{
struct tpm_2hash_ext_log
{
struct grub_ieee1275_common_hdr common;
grub_ieee1275_cell_t method;
grub_ieee1275_cell_t ihandle;
grub_ieee1275_cell_t size;
grub_ieee1275_cell_t buf;
grub_ieee1275_cell_t description_size;
grub_ieee1275_cell_t description;
grub_ieee1275_cell_t eventtype;
grub_ieee1275_cell_t pcrindex;
grub_ieee1275_cell_t catch_result;
grub_ieee1275_cell_t rc;
};
struct tpm_2hash_ext_log args;
INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2);
args.method = (grub_ieee1275_cell_t) "2hash-ext-log";
args.ihandle = grub_ieee1275_tpm_ihandle;
args.pcrindex = pcrindex;
args.eventtype = eventtype;
args.description = (grub_ieee1275_cell_t) description;
args.description_size = description_size;
args.buf = (grub_ieee1275_cell_t) buf;
args.size = (grub_ieee1275_cell_t) size;
if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
return -1;
/*
* catch_result is set if firmware does not support 2hash-ext-log
* rc is GRUB_IEEE1275_CELL_FALSE (0) on failure
*/
if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE)
return -1;
return 0;
}
static grub_err_t
tpm2_log_event (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
static int error_displayed = 0;
int rc;
rc = ibmvtpm_2hash_ext_log (pcr, EV_IPL,
description, grub_strlen(description) + 1,
buf, size);
if (rc && !error_displayed)
{
error_displayed++;
return grub_error (GRUB_ERR_BAD_DEVICE,
"2HASH-EXT-LOG failed: Firmware is likely too old.\n");
}
return GRUB_ERR_NONE;
}
grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
pcr, size, description);
if (grub_ieee1275_tpm_ihandle != GRUB_IEEE1275_IHANDLE_INVALID)
return tpm2_log_event (buf, size, pcr, description);
return GRUB_ERR_NONE;
}
int
grub_tpm_present (void)
{
/*
* Call tpm_init() "late" rather than from GRUB_MOD_INIT() so that device nodes
* can be found.
*/
return grub_ieee1275_tpm_init() == GRUB_ERR_NONE;
}

1
grub-core/commands/legacycfg.c
View file

@ -198,6 +198,7 @@ legacy_file (const char *filename)
const char **args = grub_malloc (sizeof (args[0]));
if (!args)
{
grub_file_close (file);
grub_free (suffix);
grub_free (entrysrc);
return grub_errno;

8
grub-core/commands/loadenv.c
View file

@ -352,16 +352,16 @@ struct grub_cmd_save_env_ctx
};
/* Store blocklists in a linked list. */
static grub_err_t
static void
save_env_read_hook (grub_disk_addr_t sector, unsigned offset, unsigned length,
char *buf __attribute__ ((unused)), void *data)
void *data)
{
struct grub_cmd_save_env_ctx *ctx = data;
struct blocklist *block;
block = grub_malloc (sizeof (*block));
if (! block)
return GRUB_ERR_NONE;
return;
block->sector = sector;
block->offset = offset;
@ -374,8 +374,6 @@ save_env_read_hook (grub_disk_addr_t sector, unsigned offset, unsigned length,
ctx->tail = block;
if (! ctx->head)
ctx->head = block;
return GRUB_ERR_NONE;
}
static grub_err_t

117
grub-core/commands/ls.c
View file

@ -87,44 +87,37 @@ grub_ls_list_devices (int longlist)
struct grub_ls_list_files_ctx
{
char *dirname;
char *filename;
int all;
int human;
int longlist;
int print_dirhdr;
};
/* Helper for grub_ls_list_files. */
static int
print_file (const char *filename, const struct grub_dirhook_info *info,
print_files (const char *filename, const struct grub_dirhook_info *info,
void *data)
{
struct grub_ls_list_files_ctx *ctx = data;
if (ctx->all || filename[0] != '.')
grub_printf ("%s%s ", filename, info->dir ? "/" : "");
return 0;
}
/* Helper for grub_ls_list_files. */
static int
print_files_long (const char *filename, const struct grub_dirhook_info *info,
void *data)
{
char *pathname = NULL;
struct grub_ls_list_files_ctx *ctx = data;
if ((! ctx->all) && (filename[0] == '.'))
return 0;
if ((ctx->filename != NULL) && (grub_strcmp (filename, ctx->filename) != 0))
return 0;
if (ctx->print_dirhdr)
{
grub_printf ("%s:\n", ctx->dirname);
ctx->print_dirhdr = 0;
}
if (! ctx->longlist)
{
if (ctx->filename != NULL)
grub_xputs (ctx->dirname);
grub_printf ("%s%s ", filename, info->dir ? "/" : "");
return 0;
}
if (! info->dir)
{
grub_file_t file;
char *pathname;
if (ctx->dirname[grub_strlen (ctx->dirname) - 1] == '/')
pathname = grub_xasprintf ("%s%s", ctx->dirname, filename);
@ -138,19 +131,20 @@ print_file (const char *filename, const struct grub_dirhook_info *info,
should be reported as directories. */
file = grub_file_open (pathname, GRUB_FILE_TYPE_GET_SIZE
| GRUB_FILE_TYPE_NO_DECOMPRESS);
if (file)
if (! file)
{
grub_errno = 0;
grub_free (pathname);
return 0;
}
if (! ctx->human)
grub_printf ("%-12llu", (unsigned long long) file->size);
else
grub_printf ("%-12s", grub_get_human_size (file->size,
GRUB_HUMAN_SIZE_SHORT));
grub_file_close (file);
}
else
grub_xputs ("????????????");
grub_errno = GRUB_ERR_NONE;
grub_free (pathname);
}
else
grub_printf ("%-12s", _("DIR"));
@ -171,22 +165,13 @@ print_file (const char *filename, const struct grub_dirhook_info *info,
datetime.day, datetime.hour,
datetime.minute, datetime.second);
}
/*
* Only print the full path when listing a file path given as an argument
* to ls, i.e. when ctx->filename != NULL. File listings that are printed
* due to showing the contents of a directory do not need a full path because
* the full path to the directory will have already been printed.
*/
grub_printf ("%s%s\n", (ctx->filename != NULL) ? pathname : filename,
info->dir ? "/" : "");
grub_free (pathname);
grub_printf ("%s%s\n", filename, info->dir ? "/" : "");
return 0;
}
static grub_err_t
grub_ls_list_files (char *dirname, int longlist, int all, int human, int dirhdr)
grub_ls_list_files (char *dirname, int longlist, int all, int human)
{
char *device_name;
grub_fs_t fs;
@ -231,38 +216,44 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human, int dirhdr)
{
struct grub_ls_list_files_ctx ctx = {
.dirname = dirname,
.filename = NULL,
.all = all,
.human = human,
.longlist = longlist,
.print_dirhdr = dirhdr
.human = human
};
(fs->fs_dir) (dev, path, print_file, &ctx);
if (longlist)
(fs->fs_dir) (dev, path, print_files_long, &ctx);
else
(fs->fs_dir) (dev, path, print_files, &ctx);
if (grub_errno == GRUB_ERR_BAD_FILE_TYPE
&& path[grub_strlen (path) - 1] != '/')
{
/*
* Reset errno as it is currently set, but will cause subsequent code
* to think there is an error.
*/
grub_errno = GRUB_ERR_NONE;
/* PATH might be a regular file. */
ctx.print_dirhdr = 0;
ctx.filename = grub_strrchr (dirname, '/');
if (ctx.filename == NULL)
goto fail;
++(ctx.filename);
char *p;
grub_file_t file;
struct grub_dirhook_info info;
grub_errno = 0;
ctx.dirname = grub_strndup (dirname, ctx.filename - dirname);
if (ctx.dirname == NULL)
file = grub_file_open (dirname, GRUB_FILE_TYPE_GET_SIZE
| GRUB_FILE_TYPE_NO_DECOMPRESS);
if (! file)
goto fail;
(fs->fs_dir) (dev, ctx.dirname + (path - dirname), print_file, &ctx);
grub_file_close (file);
grub_free (ctx.dirname);
p = grub_strrchr (dirname, '/') + 1;
dirname = grub_strndup (dirname, p - dirname);
if (! dirname)
goto fail;
all = 1;
grub_memset (&info, 0, sizeof (info));
if (longlist)
print_files_long (p, &info, &ctx);
else
print_files (p, &info, &ctx);
grub_free (dirname);
}
if (grub_errno == GRUB_ERR_NONE)
@ -277,7 +268,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human, int dirhdr)
grub_free (device_name);
return GRUB_ERR_NONE;
return 0;
}
static grub_err_t
@ -290,10 +281,10 @@ grub_cmd_ls (grub_extcmd_context_t ctxt, int argc, char **args)
grub_ls_list_devices (state[0].set);
else
for (i = 0; i < argc; i++)
grub_ls_list_files (args[i], state[0].set, state[2].set, state[1].set,
argc > 1);
grub_ls_list_files (args[i], state[0].set, state[2].set,
state[1].set);
return GRUB_ERR_NONE;
return 0;
}
static grub_extcmd_t cmd;

6
grub-core/commands/macbless.c
View file

@ -220,10 +220,12 @@ GRUB_MOD_INIT(macbless)
{
cmd = grub_register_command ("mactelbless", grub_cmd_macbless,
N_("FILE"),
N_("Bless FILE of HFS or HFS+ partition for intel macs."));
N_
("Bless FILE of HFS or HFS+ partition for intel macs."));
cmd_ppc =
grub_register_command ("macppcbless", grub_cmd_macbless, N_("DIR"),
N_("Bless DIR of HFS or HFS+ partition for PPC macs."));
N_
("Bless DIR of HFS or HFS+ partition for PPC macs."));
}
GRUB_MOD_FINI(macbless)

15
grub-core/commands/memrw.c
View file

@ -122,19 +122,16 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
cmd_read_byte =
grub_register_extcmd_lockdown ("read_byte", grub_cmd_read, 0,
N_("ADDR"),
N_("Read 8-bit value from ADDR."),
grub_register_extcmd ("read_byte", grub_cmd_read, 0,
N_("ADDR"), N_("Read 8-bit value from ADDR."),
options);
cmd_read_word =
grub_register_extcmd_lockdown ("read_word", grub_cmd_read, 0,
N_("ADDR"),
N_("Read 16-bit value from ADDR."),
grub_register_extcmd ("read_word", grub_cmd_read, 0,
N_("ADDR"), N_("Read 16-bit value from ADDR."),
options);
cmd_read_dword =
grub_register_extcmd_lockdown ("read_dword", grub_cmd_read, 0,
N_("ADDR"),
N_("Read 32-bit value from ADDR."),
grub_register_extcmd ("read_dword", grub_cmd_read, 0,
N_("ADDR"), N_("Read 32-bit value from ADDR."),
options);
cmd_write_byte =
grub_register_command_lockdown ("write_byte", grub_cmd_write,

152
grub-core/commands/memtools.c
View file

@ -1,152 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Free Software Foundation, Inc.
* Copyright (C) 2022 IBM Corporation
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <grub/dl.h>
#include <grub/misc.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/memory.h>
#include <grub/mm.h>
GRUB_MOD_LICENSE ("GPLv3+");
static grub_err_t
grub_cmd_lsmem (grub_command_t cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
#ifndef GRUB_MACHINE_EMU
grub_mm_dump (0);
#endif
return 0;
}
static grub_err_t
grub_cmd_lsfreemem (grub_command_t cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
#ifndef GRUB_MACHINE_EMU
grub_mm_dump_free ();
#endif
return 0;
}
static grub_err_t
grub_cmd_stress_big_allocs (grub_command_t cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
int i, max_mb, blocks_alloced;
void *mem;
void **blocklist;
grub_printf ("Test 1: increasingly sized allocs to 1GB block\n");
for (i = 1; i < 1024; i++)
{
grub_printf ("%4d MB . ", i);
mem = grub_malloc (i * 1024 * 1024);
if (mem == NULL)
{
grub_printf ("failed\n");
break;
}
else
grub_free (mem);
if (i % 7 == 0)
grub_printf ("\n");
}
max_mb = i - 1;
grub_printf ("\nMax sized allocation we did was %d MB\n", max_mb);
grub_printf ("\nTest 2: 1MB at a time, max 4GB\n");
blocklist = grub_calloc (4096, sizeof (void *));
for (i = 0; i < 4096; i++)
{
blocklist[i] = grub_malloc (1024 * 1024);
if (blocklist[i] == NULL)
{
grub_printf ("Ran out of memory at iteration %d\n", i);
break;
}
}
blocks_alloced = i;
for (i = 0; i < blocks_alloced; i++)
grub_free (blocklist[i]);
grub_printf ("\nTest 3: 1MB aligned 900kB + 100kB\n");
/* grub_mm_debug=1;*/
for (i = 0; i < 4096; i += 2)
{
blocklist[i] = grub_memalign (1024 * 1024, 900 * 1024);
if (blocklist[i] == NULL)
{
grub_printf ("Failed big allocation, iteration %d\n", i);
blocks_alloced = i;
break;
}
blocklist[i + 1] = grub_malloc (100 * 1024);
if (blocklist[i + 1] == NULL)
{
grub_printf ("Failed small allocation, iteration %d\n", i);
blocks_alloced = i + 1;
break;
}
grub_printf (".");
}
for (i = 0; i < blocks_alloced; i++)
grub_free (blocklist[i]);
grub_free (blocklist);
#if defined(__powerpc__)
grub_printf ("\nA reboot may now be required.\n");
#endif
grub_errno = GRUB_ERR_NONE;
return GRUB_ERR_NONE;
}
static grub_command_t cmd_lsmem, cmd_lsfreemem, cmd_sba;
GRUB_MOD_INIT (memtools)
{
cmd_lsmem = grub_register_command ("lsmem", grub_cmd_lsmem,
0, N_("List free and allocated memory blocks."));
cmd_lsfreemem = grub_register_command ("lsfreemem", grub_cmd_lsfreemem,
0, N_("List free memory blocks."));
cmd_sba = grub_register_command ("stress_big_allocs", grub_cmd_stress_big_allocs,
0, N_("Stress test large allocations."));
}
GRUB_MOD_FINI (memtools)
{
grub_unregister_command (cmd_lsmem);
grub_unregister_command (cmd_lsfreemem);
grub_unregister_command (cmd_sba);
}

15
grub-core/commands/minicmd.c
View file

@ -29,10 +29,6 @@
#include <grub/command.h>
#include <grub/i18n.h>
#ifdef GRUB_MACHINE_EFI
#include <grub/cryptodisk.h>
#endif
GRUB_MOD_LICENSE ("GPLv3+");
/* cat FILE */
@ -171,7 +167,7 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)),
{
grub_dl_dep_t dep;
grub_printf ("%s\t%" PRIuGRUB_UINT64_T "\t\t", mod->name, mod->ref_count);
grub_printf ("%s\t%d\t\t", mod->name, mod->ref_count);
for (dep = mod->dep; dep; dep = dep->next)
{
if (dep != mod->dep)
@ -191,13 +187,6 @@ grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char *argv[] __attribute__ ((unused)))
{
#ifdef GRUB_MACHINE_EFI
/*
* The "exit" command is often used to launch the next boot application.
* So, erase the secrets.
*/
grub_cryptodisk_erasesecrets ();
#endif
grub_exit ();
/* Not reached. */
}
@ -214,7 +203,7 @@ GRUB_MOD_INIT(minicmd)
grub_register_command ("help", grub_mini_cmd_help,
0, N_("Show this message."));
cmd_dump =
grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
grub_register_command ("dump", grub_mini_cmd_dump,
N_("ADDR [SIZE]"), N_("Show memory contents."));
cmd_rmmod =
grub_register_command ("rmmod", grub_mini_cmd_rmmod,

2
grub-core/commands/parttool.c
View file

@ -315,7 +315,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
switch (curarg->type)
{
case GRUB_PARTTOOL_ARG_BOOL:
pargs[curarg - ptool->args].b
pargs[curarg - ptool->args].bool
= (args[j][grub_strlen (curarg->name)] != '-');
break;

2
grub-core/commands/pgp.c
View file

@ -1010,8 +1010,6 @@ GRUB_MOD_INIT(pgp)
GRUB_MOD_FINI(pgp)
{
grub_register_variable_hook ("check_signatures", NULL, NULL);
grub_env_unset ("check_signatures");
grub_verifier_unregister (&grub_pubkey_verifier);
grub_unregister_extcmd (cmd);
grub_unregister_extcmd (cmd_trust);

43
grub-core/commands/probe.c
View file

@ -119,21 +119,19 @@ grub_cmd_probe (grub_extcmd_context_t ctxt, int argc, char **args)
if (grub_strcmp(dev->disk->partition->partmap->name, "gpt") == 0)
{
struct grub_gpt_partentry entry;
grub_guid_t *guid;
grub_gpt_part_guid_t *guid;
if (grub_disk_read(disk, p->offset, p->index, sizeof(entry), &entry))
{
grub_error_push ();
grub_disk_close (disk);
grub_device_close (dev);
grub_error_pop ();
return grub_errno;
}
guid = &entry.guid;
guid->data1 = grub_le_to_cpu32 (guid->data1);
guid->data2 = grub_le_to_cpu16 (guid->data2);
guid->data3 = grub_le_to_cpu16 (guid->data3);
grub_snprintf (val, sizeof(val), "%pG", guid);
grub_snprintf (val, sizeof(val),
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
grub_le_to_cpu32 (guid->data1),
grub_le_to_cpu16 (guid->data2),
grub_le_to_cpu16 (guid->data3),
guid->data4[0], guid->data4[1], guid->data4[2],
guid->data4[3], guid->data4[4], guid->data4[5],
guid->data4[6], guid->data4[7]);
}
else if (grub_strcmp(dev->disk->partition->partmap->name, "msdos") == 0)
{
@ -155,12 +153,7 @@ grub_cmd_probe (grub_extcmd_context_t ctxt, int argc, char **args)
}
fs = grub_fs_probe (dev);
if (! fs)
{
grub_error_push ();
grub_device_close (dev);
grub_error_pop ();
return grub_errno;
}
if (state[3].set)
{
if (state[0].set)
@ -174,23 +167,14 @@ grub_cmd_probe (grub_extcmd_context_t ctxt, int argc, char **args)
{
char *uuid;
if (! fs->fs_uuid)
{
grub_device_close (dev);
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("%s does not support UUIDs"), fs->name);
}
err = fs->fs_uuid (dev, &uuid);
if (err)
{
grub_device_close (dev);
return err;
}
if (! uuid)
{
grub_device_close (dev);
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("%s does not support UUIDs"), fs->name);
}
if (state[0].set)
grub_env_set (state[0].arg, uuid);
@ -204,25 +188,16 @@ grub_cmd_probe (grub_extcmd_context_t ctxt, int argc, char **args)
{
char *label;
if (! fs->fs_label)
{
grub_device_close (dev);
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("filesystem `%s' does not support labels"),
fs->name);
}
err = fs->fs_label (dev, &label);
if (err)
{
grub_device_close (dev);
return err;
}
if (! label)
{
grub_device_close (dev);
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("filesystem `%s' does not support labels"),
fs->name);
}
if (state[0].set)
grub_env_set (state[0].arg, label);

54
grub-core/commands/read.c
View file

@ -23,29 +23,21 @@
#include <grub/env.h>
#include <grub/term.h>
#include <grub/types.h>
#include <grub/extcmd.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
static const struct grub_arg_option options[] =
{
{"silent", 's', 0, N_("Do not echo input"), 0, 0},
{0, 0, 0, 0, 0, 0}
};
static char *
grub_getline (int silent)
grub_getline (void)
{
grub_size_t i;
int i;
char *line;
char *tmp;
int c;
grub_size_t alloc_size;
char c;
i = 0;
line = grub_malloc (1 + sizeof('\0'));
line = grub_malloc (1 + i + sizeof('\0'));
if (! line)
return NULL;
@ -55,23 +47,11 @@ grub_getline (int silent)
if ((c == '\n') || (c == '\r'))
break;
if (!grub_isprint (c))
continue;
line[i] = (char) c;
if (!silent)
line[i] = c;
if (grub_isprint (c))
grub_printf ("%c", c);
if (grub_add (i, 1, &i))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
return NULL;
}
if (grub_add (i, 1 + sizeof('\0'), &alloc_size))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
return NULL;
}
tmp = grub_realloc (line, alloc_size);
i++;
tmp = grub_realloc (line, 1 + i + sizeof('\0'));
if (! tmp)
{
grub_free (line);
@ -85,11 +65,9 @@ grub_getline (int silent)
}
static grub_err_t
grub_cmd_read (grub_extcmd_context_t ctxt, int argc, char **args)
grub_cmd_read (grub_command_t cmd __attribute__ ((unused)), int argc, char **args)
{
struct grub_arg_list *state = ctxt->state;
char *line = grub_getline (state[0].set);
char *line = grub_getline ();
if (! line)
return grub_errno;
if (argc > 0)
@ -99,16 +77,16 @@ grub_cmd_read (grub_extcmd_context_t ctxt, int argc, char **args)
return 0;
}
static grub_extcmd_t cmd;
static grub_command_t cmd;
GRUB_MOD_INIT(read)
{
cmd = grub_register_extcmd ("read", grub_cmd_read, 0,
N_("[-s] [ENVVAR]"),
N_("Set variable with user input."), options);
cmd = grub_register_command ("read", grub_cmd_read,
N_("[ENVVAR]"),
N_("Set variable with user input."));
}
GRUB_MOD_FINI(read)
{
grub_unregister_extcmd (cmd);
grub_unregister_command (cmd);
}

2
grub-core/commands/regexp.c
View file

@ -36,7 +36,7 @@ static const struct grub_arg_option options[] =
groups with parentheses. These groups are
then numbered and you can save some of
them in variables. In other programs
those components are often referenced with
those components aree often referenced with
back slash, e.g. \1. Compare
sed -e 's,\([a-z][a-z]*\),lowercase=\1,g'
The whole matching component is saved in VARNAME, not its number.

85
grub-core/commands/search.c
View file

@ -47,48 +47,13 @@ struct search_ctx
{
const char *key;
const char *var;
enum search_flags flags;
int no_floppy;
char **hints;
unsigned nhints;
int count;
int is_cache;
};
static bool
is_unencrypted_disk (grub_disk_t disk)
{
grub_command_t cmd;
char *disk_str;
int disk_str_len;
int res;
if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
return false; /* This is (crypto) disk. */
if (disk->dev->id == GRUB_DISK_DEVICE_DISKFILTER_ID)
{
char opt[] = "--quiet";
char *args[2];
cmd = grub_command_find ("cryptocheck");
if (cmd == NULL) /* No diskfilter module loaded for some reason. */
return true;
disk_str_len = grub_strlen (disk->name) + 2 + 1;
disk_str = grub_malloc (disk_str_len);
if (disk_str == NULL) /* Something is wrong, better report as unencrypted. */
return true;
grub_snprintf (disk_str, disk_str_len, "(%s)", disk->name);
args[0] = opt;
args[1] = disk_str;
res = cmd->func (cmd, 2, args);
grub_free (disk_str);
return (res != GRUB_ERR_NONE) ? true : false; /* GRUB_ERR_NONE for encrypted. */
}
return true;
}
/* Helper for FUNC_NAME. */
static int
iterate_device (const char *name, void *data)
@ -97,49 +62,9 @@ iterate_device (const char *name, void *data)
int found = 0;
/* Skip floppy drives when requested. */
if (ctx->flags & SEARCH_FLAGS_NO_FLOPPY &&
if (ctx->no_floppy &&
name[0] == 'f' && name[1] == 'd' && name[2] >= '0' && name[2] <= '9')
return 0;
/* Limit to EFI disks when requested. */
if (ctx->flags & SEARCH_FLAGS_EFIDISK_ONLY)
{
grub_device_t dev;
dev = grub_device_open (name);
if (dev == NULL)
{
grub_errno = GRUB_ERR_NONE;
return 0;
}
if (dev->disk == NULL || dev->disk->dev->id != GRUB_DISK_DEVICE_EFIDISK_ID)
{
grub_device_close (dev);
grub_errno = GRUB_ERR_NONE;
return 0;
}
grub_device_close (dev);
}
/* Limit to encrypted disks when requested. */
if (ctx->flags & SEARCH_FLAGS_CRYPTODISK_ONLY)
{
grub_device_t dev;
dev = grub_device_open (name);
if (dev == NULL)
{
grub_errno = GRUB_ERR_NONE;
return 0;
}
if (dev->disk == NULL || is_unencrypted_disk (dev->disk) == true)
{
grub_device_close (dev);
grub_errno = GRUB_ERR_NONE;
return 0;
}
grub_device_close (dev);
}
return 1;
#ifdef DO_SEARCH_FS_UUID
#define compare_fn grub_strcasecmp
@ -336,13 +261,13 @@ try (struct search_ctx *ctx)
}
void
FUNC_NAME (const char *key, const char *var, enum search_flags flags,
FUNC_NAME (const char *key, const char *var, int no_floppy,
char **hints, unsigned nhints)
{
struct search_ctx ctx = {
.key = key,
.var = var,
.flags = flags,
.no_floppy = no_floppy,
.hints = hints,
.nhints = nhints,
.count = 0,

25
grub-core/commands/search_wrap.c
View file

@ -40,8 +40,6 @@ static const struct grub_arg_option options[] =
N_("Set a variable to the first device found."), N_("VARNAME"),
ARG_TYPE_STRING},
{"no-floppy", 'n', 0, N_("Do not probe any floppy drive."), 0, 0},
{"efidisk-only", 0, 0, N_("Only probe EFI disks."), 0, 0},
{"cryptodisk-only", 0, 0, N_("Only probe encrypted disks."), 0, 0},
{"hint", 'h', GRUB_ARG_OPTION_REPEATABLE,
N_("First try the device HINT. If HINT ends in comma, "
"also try subpartitions"), N_("HINT"), ARG_TYPE_STRING},
@ -75,8 +73,6 @@ enum options
SEARCH_FS_UUID,
SEARCH_SET,
SEARCH_NO_FLOPPY,
SEARCH_EFIDISK_ONLY,
SEARCH_CRYPTODISK_ONLY,
SEARCH_HINT,
SEARCH_HINT_IEEE1275,
SEARCH_HINT_BIOS,
@ -93,7 +89,6 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
const char *id = 0;
int i = 0, j = 0, nhints = 0;
char **hints = NULL;
enum search_flags flags = SEARCH_FLAGS_NONE;
if (state[SEARCH_HINT].set)
for (i = 0; state[SEARCH_HINT].args[i]; i++)
@ -185,21 +180,15 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
goto out;
}
if (state[SEARCH_NO_FLOPPY].set)
flags |= SEARCH_FLAGS_NO_FLOPPY;
if (state[SEARCH_EFIDISK_ONLY].set)
flags |= SEARCH_FLAGS_EFIDISK_ONLY;
if (state[SEARCH_CRYPTODISK_ONLY].set)
flags |= SEARCH_FLAGS_CRYPTODISK_ONLY;
if (state[SEARCH_LABEL].set)
grub_search_label (id, var, flags, hints, nhints);
grub_search_label (id, var, state[SEARCH_NO_FLOPPY].set,
hints, nhints);
else if (state[SEARCH_FS_UUID].set)
grub_search_fs_uuid (id, var, flags, hints, nhints);
grub_search_fs_uuid (id, var, state[SEARCH_NO_FLOPPY].set,
hints, nhints);
else if (state[SEARCH_FILE].set)
grub_search_fs_file (id, var, flags, hints, nhints);
grub_search_fs_file (id, var, state[SEARCH_NO_FLOPPY].set,
hints, nhints);
else
grub_error (GRUB_ERR_INVALID_COMMAND, "unspecified search type");
@ -215,7 +204,7 @@ GRUB_MOD_INIT(search)
cmd =
grub_register_extcmd ("search", grub_cmd_search,
GRUB_COMMAND_FLAG_EXTRACTOR | GRUB_COMMAND_ACCEPT_DASH,
N_("[-f|-l|-u|-s|-n] [--cryptodisk-only] [--hint HINT [--hint HINT] ...]"
N_("[-f|-l|-u|-s|-n] [--hint HINT [--hint HINT] ...]"
" NAME"),
N_("Search devices by file, filesystem label"
" or filesystem UUID."

1
grub-core/commands/setpci.c
View file

@ -311,6 +311,7 @@ grub_cmd_setpci (grub_extcmd_context_t ctxt, int argc, char **argv)
write_mask = grub_strtoul (ptr, &ptr, 16);
if (grub_errno)
return grub_errno;
write_mask = 0xffffffff;
}
regwrite &= write_mask;
}

21
grub-core/commands/test.c
View file

@ -29,9 +29,6 @@
GRUB_MOD_LICENSE ("GPLv3+");
/* Set a limit on recursion to avoid stack overflow. */
#define MAX_TEST_RECURSION_DEPTH 100
/* A simple implementation for signed numbers. */
static int
grub_strtosl (char *arg, const char ** const end, int base)
@ -153,7 +150,7 @@ get_fileinfo (char *path, struct test_parse_ctx *ctx)
/* Parse a test expression starting from *argn. */
static int
test_parse (char **args, int *argn, int argc, int *depth)
test_parse (char **args, int *argn, int argc)
{
struct test_parse_ctx ctx = {
.and = 1,
@ -390,24 +387,13 @@ test_parse (char **args, int *argn, int argc, int *depth)
if (grub_strcmp (args[*argn], ")") == 0)
{
(*argn)++;
if (*depth > 0)
(*depth)--;
return ctx.or || ctx.and;
}
/* Recursively invoke if parenthesis. */
if (grub_strcmp (args[*argn], "(") == 0)
{
(*argn)++;
if (++(*depth) > MAX_TEST_RECURSION_DEPTH)
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("max recursion depth exceeded"));
depth--;
return ctx.or || ctx.and;
}
update_val (test_parse (args, argn, argc, depth), &ctx);
update_val (test_parse (args, argn, argc), &ctx);
continue;
}
@ -442,12 +428,11 @@ grub_cmd_test (grub_command_t cmd __attribute__ ((unused)),
int argc, char **args)
{
int argn = 0;
int depth = 0;
if (argc >= 1 && grub_strcmp (args[argc - 1], "]") == 0)
argc--;
return test_parse (args, &argn, argc, &depth) ? GRUB_ERR_NONE
return test_parse (args, &argn, argc) ? GRUB_ERR_NONE
: grub_error (GRUB_ERR_TEST_FAILURE, N_("false"));
}

4
grub-core/commands/testload.c
View file

@ -32,11 +32,10 @@
GRUB_MOD_LICENSE ("GPLv3+");
/* Helper for grub_cmd_testload. */
static grub_err_t
static void
read_progress (grub_disk_addr_t sector __attribute__ ((unused)),
unsigned offset __attribute__ ((unused)),
unsigned len,
char *buf __attribute__ ((unused)),
void *data __attribute__ ((unused)))
{
for (; len >= GRUB_DISK_SECTOR_SIZE; len -= GRUB_DISK_SECTOR_SIZE)
@ -44,7 +43,6 @@ read_progress (grub_disk_addr_t sector __attribute__ ((unused)),
if (len)
grub_xputs (".");
grub_refresh ();
return GRUB_ERR_NONE;
}
static grub_err_t

34
grub-core/commands/tpm.c
View file

@ -36,29 +36,13 @@ grub_tpm_verify_init (grub_file_t io,
{
*context = io->name;
*flags |= GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
/*
* The loopback image is mapped as a disk allowing it to function like
* a block device. However, we measure files read from the block device
* not the device itself. For example, we don't measure block devices like
* hd0 disk directly. This process is crucial to prevent out-of-memory
* errors as loopback images are inherently large.
*/
if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_LOOPBACK)
*flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
return GRUB_ERR_NONE;
}
static grub_err_t
grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
{
grub_err_t status = grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
if (status == GRUB_ERR_NONE)
return GRUB_ERR_NONE;
grub_dprintf ("tpm", "Measuring buffer failed: %d\n", status);
return grub_is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
}
static grub_err_t
@ -90,11 +74,7 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
GRUB_STRING_PCR, description);
grub_free (description);
if (status == GRUB_ERR_NONE)
return GRUB_ERR_NONE;
grub_dprintf ("tpm", "Measuring string %s failed: %d\n", str, status);
return grub_is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
return status;
}
struct grub_file_verifier grub_tpm_verifier = {
@ -106,20 +86,10 @@ struct grub_file_verifier grub_tpm_verifier = {
GRUB_MOD_INIT (tpm)
{
/*
* Even though this now calls ibmvtpm's grub_tpm_present() from GRUB_MOD_INIT(),
* it does seem to call it late enough in the initialization sequence so
* that whatever discovered "device nodes" before this GRUB_MOD_INIT() is
* called, enables the ibmvtpm driver to see the device nodes.
*/
if (!grub_tpm_present())
return;
grub_verifier_register (&grub_tpm_verifier);
}
GRUB_MOD_FINI (tpm)
{
if (!grub_tpm_present())
return;
grub_verifier_unregister (&grub_tpm_verifier);
}

127
grub-core/commands/tpm2_key_protector/args.c
View file

@ -1,127 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Microsoft Corporation
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/err.h>
#include <grub/mm.h>
#include <grub/misc.h>
#include "tpm2_args.h"
grub_err_t
grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs,
grub_uint8_t *pcr_count)
{
char *current_pcr = value;
char *next_pcr;
const char *pcr_end;
grub_uint64_t pcr;
grub_uint8_t i;
if (grub_strlen (value) == 0)
return GRUB_ERR_BAD_ARGUMENT;
*pcr_count = 0;
for (i = 0; i < TPM_MAX_PCRS; i++)
{
next_pcr = grub_strchr (current_pcr, ',');
if (next_pcr == current_pcr)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("empty entry in PCR list"));
if (next_pcr != NULL)
*next_pcr = '\0';
pcr = grub_strtoul (current_pcr, &pcr_end, 10);
if (*current_pcr == '\0' || *pcr_end != '\0')
return grub_error (GRUB_ERR_BAD_NUMBER, N_("entry '%s' in PCR list is not a number"), current_pcr);
if (pcr > TPM_MAX_PCRS - 1)
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("entry %llu in PCR list is too large to be a PCR number, PCR numbers range from 0 to %u"), (unsigned long long)pcr, TPM_MAX_PCRS - 1);
pcrs[i] = (grub_uint8_t) pcr;
++(*pcr_count);
if (next_pcr == NULL)
break;
current_pcr = next_pcr + 1;
if (*current_pcr == '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("trailing comma at the end of PCR list"));
}
if (i == TPM_MAX_PCRS)
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("too many PCRs in PCR list, the maximum number of PCRs is %u"), TPM_MAX_PCRS);
return GRUB_ERR_NONE;
}
grub_err_t
grub_tpm2_protector_parse_asymmetric (const char *value,
grub_srk_type_t *srk_type)
{
if (grub_strcasecmp (value, "ECC") == 0 ||
grub_strcasecmp (value, "ECC_NIST_P256") == 0)
{
srk_type->type = TPM_ALG_ECC;
srk_type->detail.ecc_curve = TPM_ECC_NIST_P256;
}
else if (grub_strcasecmp (value, "RSA") == 0 ||
grub_strcasecmp (value, "RSA2048") == 0)
{
srk_type->type = TPM_ALG_RSA;
srk_type->detail.rsa_bits = 2048;
}
else
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("value '%s' is not a valid asymmetric key type"), value);
return GRUB_ERR_NONE;
}
grub_err_t
grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID_t *bank)
{
if (grub_strcasecmp (value, "SHA1") == 0)
*bank = TPM_ALG_SHA1;
else if (grub_strcasecmp (value, "SHA256") == 0)
*bank = TPM_ALG_SHA256;
else if (grub_strcasecmp (value, "SHA384") == 0)
*bank = TPM_ALG_SHA384;
else if (grub_strcasecmp (value, "SHA512") == 0)
*bank = TPM_ALG_SHA512;
else
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("value '%s' is not a valid PCR bank"), value);
return GRUB_ERR_NONE;
}
grub_err_t
grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE_t *handle)
{
grub_uint64_t num;
const char *str_end;
num = grub_strtoul (value, &str_end, 0);
if (*value == '\0' || *str_end != '\0')
return grub_error (GRUB_ERR_BAD_NUMBER, N_("TPM handle value '%s' is not a number"), value);
if (num > GRUB_UINT_MAX)
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("value %llu is too large to be a TPM handle, TPM handles are unsigned 32-bit integers"), (unsigned long long)num);
*handle = (TPM_HANDLE_t) num;
return GRUB_ERR_NONE;
}

1496
grub-core/commands/tpm2_key_protector/module.c
View file

File diff suppressed because it is too large Load diff

36
grub-core/commands/tpm2_key_protector/tpm2.h
View file

@ -1,36 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Microsoft Corporation
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GRUB_TPM2_TPM2_HEADER
#define GRUB_TPM2_TPM2_HEADER 1
#include <tss2_types.h>
#include <tss2_structs.h>
#include <tpm2_cmd.h>
/* Well-Known Windows SRK handle */
#define TPM2_SRK_HANDLE 0x81000001
struct tpm2_sealed_key {
TPM2B_PUBLIC_t public;
TPM2B_PRIVATE_t private;
};
typedef struct tpm2_sealed_key tpm2_sealed_key_t;
#endif /* ! GRUB_TPM2_TPM2_HEADER */

49
grub-core/commands/tpm2_key_protector/tpm2_args.h
View file

@ -1,49 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Microsoft Corporation
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GRUB_TPM2_INTERNAL_ARGS_HEADER
#define GRUB_TPM2_INTERNAL_ARGS_HEADER 1
#include <grub/err.h>
#include "tpm2.h"
struct grub_srk_type
{
TPMI_ALG_PUBLIC_t type;
union {
TPM_KEY_BITS_t rsa_bits;
TPM_ECC_CURVE_t ecc_curve;
} detail;
};
typedef struct grub_srk_type grub_srk_type_t;
extern grub_err_t
grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs, grub_uint8_t *pcr_count);
extern grub_err_t
grub_tpm2_protector_parse_asymmetric (const char *value, grub_srk_type_t *srk_type);
extern grub_err_t
grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID_t *bank);
extern grub_err_t
grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE_t *handle);
#endif /* ! GRUB_TPM2_INTERNAL_ARGS_HEADER */

49
grub-core/commands/tpm2_key_protector/tpm2key.asn
View file

@ -1,49 +0,0 @@
--
-- GRUB: GRand Unified Bootloader
-- Copyright (C) 2024 Free Software Foundation, Inc.
--
-- GRUB is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- GRUB is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with GRUB. If not, see <http://www.gnu.org/licenses/>.
--
-- This file describes TPM 2.0 Key File format for libtasn1.
-- To generate tpm2key_asn1_tab.c: asn1Parser tpm2key.asn
--
TPM2KEY {}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
TPMPolicy ::= SEQUENCE {
CommandCode [0] EXPLICIT INTEGER,
CommandPolicy [1] EXPLICIT OCTET STRING
}
TPMAuthPolicy ::= SEQUENCE {
Name [0] EXPLICIT UTF8String OPTIONAL,
Policy [1] EXPLICIT SEQUENCE OF TPMPolicy
}
TPMKey ::= SEQUENCE {
type OBJECT IDENTIFIER,
emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
secret [2] EXPLICIT OCTET STRING OPTIONAL,
authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
description [4] EXPLICIT UTF8String OPTIONAL,
rsaParent [5] EXPLICIT BOOLEAN OPTIONAL,
parent INTEGER,
pubkey OCTET STRING,
privkey OCTET STRING
}
END

499
grub-core/commands/tpm2_key_protector/tpm2key.c
View file

@ -1,499 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2023 SUSE LLC
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/list.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <tss2_buffer.h>
#include "tpm2key.h"
extern asn1_static_node tpm2key_asn1_tab[];
const char *sealed_key_oid = "2.23.133.10.1.5";
static int
asn1_allocate_and_read (asn1_node node, const char *name, void **content, grub_size_t *content_size)
{
grub_uint8_t *tmpstr = NULL;
int tmpstr_size = 0;
int ret;
if (content == NULL)
return ASN1_MEM_ERROR;
ret = asn1_read_value (node, name, NULL, &tmpstr_size);
if (ret != ASN1_MEM_ERROR)
return ret;
tmpstr = grub_malloc (tmpstr_size);
if (tmpstr == NULL)
return ASN1_MEM_ERROR;
ret = asn1_read_value (node, name, tmpstr, &tmpstr_size);
if (ret != ASN1_SUCCESS)
return ret;
*content = tmpstr;
*content_size = tmpstr_size;
return ASN1_SUCCESS;
}
static int
asn1_read_uint32 (asn1_node node, const char *name, grub_uint32_t *out)
{
grub_uint32_t tmp = 0;
grub_uint8_t *ptr;
void *data = NULL;
grub_size_t data_size;
int ret;
ret = asn1_allocate_and_read (node, name, &data, &data_size);
if (ret != ASN1_SUCCESS)
return ret;
/*
* ASN.1 INTEGER is encoded in the following format:
*
* TAG LENGTH OCTECTS
*
* The integer TAG is 02 and LENGTH is the number of followed OCTECTS in
* big endian. For example:
*
* 0x1: 02 01 01
* 0xabcd: 02 02 ab cd
*
* To decribe 0x1, it only takes 1 octect, so LENGTH is 0x01 and the
* octect is 0x01. On the other hand, 0xabcd requires 2 octects: 'ab" and
* 'cd', so LENGTH is 0x02.
*
* This function only expects a uint32 integer, so it rejects any integer
* containing more than 4 octects.
*/
if (data_size > 4)
{
ret = ASN1_MEM_ERROR;
goto error;
}
/* Copy the octects into 'tmp' to make it a big-endian uint32 */
ptr = (grub_uint8_t *) &tmp + (4 - data_size);
grub_memcpy (ptr, data, data_size);
/* Convert the big-endian integer to host uint32 */
tmp = grub_be_to_cpu32 (tmp);
*out = tmp;
error:
if (data)
grub_free (data);
return ret;
}
grub_err_t
grub_tpm2key_start_parsing (asn1_node *parsed_tpm2key, void *data, grub_size_t size)
{
asn1_node tpm2key;
asn1_node tpm2key_asn1 = NULL;
void *type_oid = NULL;
grub_size_t type_oid_size = 0;
void *empty_auth = NULL;
grub_size_t empty_auth_size = 0;
int tmp_size = 0;
int ret;
grub_err_t err;
/*
* TPMKey ::= SEQUENCE {
* type OBJECT IDENTIFIER,
* emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
* policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
* secret [2] EXPLICIT OCTET STRING OPTIONAL,
* authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
* description [4] EXPLICIT UTF8String OPTIONAL,
* rsaParent [5] EXPLICIT BOOLEAN OPTIONAL,
* parent INTEGER,
* pubkey OCTET STRING,
* privkey OCTET STRING
* }
*/
ret = asn1_array2tree (tpm2key_asn1_tab, &tpm2key_asn1, NULL);
if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to parse TPM2KEY ASN.1 array");
ret = asn1_create_element (tpm2key_asn1, "TPM2KEY.TPMKey", &tpm2key);
if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to create TPM2KEY.TPMKey");
ret = asn1_der_decoding (&tpm2key, data, size, NULL);
if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to decode TPM2KEY DER");
/* Check if 'type' is Sealed Key or not */
ret = asn1_allocate_and_read (tpm2key, "type", &type_oid, &type_oid_size);
if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a valid TPM2KEY file");
if (grub_memcmp (sealed_key_oid, type_oid, type_oid_size) != 0)
{
err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a valid TPM2KEY file");
goto error;
}
/* 'emptyAuth' must be 'TRUE' since we don't support password authorization */
ret = asn1_allocate_and_read (tpm2key, "emptyAuth", &empty_auth, &empty_auth_size);
if (ret != ASN1_SUCCESS || grub_strncmp ("TRUE", empty_auth, empty_auth_size) != 0)
{
err = grub_error (GRUB_ERR_BAD_ARGUMENT, "emptyAuth not TRUE");
goto error;
}
/* 'secret' should not be in a sealed key */
ret = asn1_read_value (tpm2key, "secret", NULL, &tmp_size);
if (ret != ASN1_ELEMENT_NOT_FOUND)
{
err = grub_error (GRUB_ERR_BAD_ARGUMENT, "\"secret\" not allowed for Sealed Key");
goto error;
}
*parsed_tpm2key = tpm2key;
err = GRUB_ERR_NONE;
error:
grub_free (type_oid);
grub_free (empty_auth);
return err;
}
void
grub_tpm2key_end_parsing (asn1_node tpm2key)
{
asn1_delete_structure (&tpm2key);
tpm2key = NULL;
}
grub_err_t
grub_tpm2key_get_rsaparent (asn1_node tpm2key, grub_uint8_t *rsaparent)
{
void *bool_str = NULL;
grub_size_t bool_str_size = 0;
int ret;
if (rsaparent == NULL)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "NULL pointer detected");
if (tpm2key == NULL)
return grub_error (GRUB_ERR_READ_ERROR, "invalid parent node");
ret = asn1_allocate_and_read (tpm2key, "rsaParent", &bool_str, &bool_str_size);
if (ret == ASN1_SUCCESS)
{
if (grub_strncmp ("TRUE", bool_str, bool_str_size) == 0)
*rsaparent = 1;
else
*rsaparent = 0;
}
else if (ret == ASN1_ELEMENT_NOT_FOUND)
*rsaparent = 0;
else
return grub_error (GRUB_ERR_READ_ERROR, "failed to retrieve rsaParent");
grub_free (bool_str);
return GRUB_ERR_NONE;
}
grub_err_t
grub_tpm2key_get_parent (asn1_node tpm2key, grub_uint32_t *parent)
{
int ret;
if (parent == NULL)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "NULL pointer detected");
if (tpm2key == NULL)
return grub_error (GRUB_ERR_READ_ERROR, "invalid parent node");
ret = asn1_read_uint32 (tpm2key, "parent", parent);
if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_READ_ERROR, "failed to retrieve parent");
return GRUB_ERR_NONE;
}
static grub_err_t
tpm2key_get_octstring (asn1_node tpm2key, const char *name, void **data, grub_size_t *size)
{
int ret;
if (name == NULL || data == NULL || size == NULL)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid parameter(s)");
if (tpm2key == NULL)
return grub_error (GRUB_ERR_READ_ERROR, "invalid %s node", name);
ret = asn1_allocate_and_read (tpm2key, name, data, size);
if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_READ_ERROR, "failed to retrieve %s", name);
return GRUB_ERR_NONE;
}
grub_err_t
grub_tpm2key_get_pubkey (asn1_node tpm2key, void **data, grub_size_t *size)
{
return tpm2key_get_octstring (tpm2key, "pubkey", data, size);
}
grub_err_t
grub_tpm2key_get_privkey (asn1_node tpm2key, void **data, grub_size_t *size)
{
return tpm2key_get_octstring (tpm2key, "privkey", data, size);
}
/*
* The maximum and minimum number of elements for 'policy' and 'authPolicy' sequences
*
* Although there is no limit for the number of sequences elements, we set the upper
* bound to 99 to make it easier to implement the code.
*
* Any 'policy' or 'authPolicy' contains more than 99 commands/policies would become
* extremely complex to manage so it is impractical to support such use case.
*/
#define TPM2KEY_ELEMENTS_MAX 99
#define TPM2KEY_ELEMENTS_MIN 1
/*
* The string to fetch 'Policy' from 'authPolicy':
* authPolicy.?XX.Policy
*/
#define AUTHPOLICY_POL_MAX_STR "authPolicy.?XX.Policy"
#define AUTHPOLICY_POL_MAX (sizeof (AUTHPOLICY_POL_MAX_STR))
/*
* Expected strings for CommandCode and CommandPolicy:
* policy.?XX.CommandCode
* policy.?XX.CommandPolicy
* authPolicy.?XX.Policy.?YY.CommandCode
* authPolicy.?XX.Policy.?YY.CommandPolicy
*/
#define CMD_CODE_MAX_STR AUTHPOLICY_POL_MAX_STR".?YY.CommandCode"
#define CMD_POL_MAX_STR AUTHPOLICY_POL_MAX_STR".?YY.CommandPolicy"
#define CMD_CODE_MAX (sizeof (CMD_CODE_MAX_STR))
#define CMD_POL_MAX (sizeof (CMD_POL_MAX_STR))
static int
tpm2key_get_policy_seq (asn1_node tpm2key, const char *prefix,
tpm2key_policy_t *policy_seq)
{
tpm2key_policy_t tmp_seq = NULL;
tpm2key_policy_t policy = NULL;
int policy_n;
char cmd_code[CMD_CODE_MAX];
char cmd_pol[CMD_POL_MAX];
grub_size_t cmd_policy_len;
int i;
int ret;
ret = asn1_number_of_elements (tpm2key, prefix, &policy_n);
if (ret != ASN1_SUCCESS)
return ret;
/*
* Limit the number of policy commands to two digits (99)
* Although there is no upper bound for the number of policy commands,
* in practice, it takes one or two policy commands to unseal the key,
* so the 99 commands limit is more than enough.
*/
if (policy_n > TPM2KEY_ELEMENTS_MAX || policy_n < TPM2KEY_ELEMENTS_MIN)
return ASN1_VALUE_NOT_VALID;
/*
* Iterate the policy commands backwards since grub_list_push() prepends
* the item into the list.
*/
for (i = policy_n; i >= 1; i--) {
policy = grub_zalloc (sizeof (struct tpm2key_policy));
if (policy == NULL)
{
ret = ASN1_MEM_ALLOC_ERROR;
goto error;
}
grub_snprintf (cmd_code, CMD_CODE_MAX, "%s.?%d.CommandCode", prefix, i);
grub_snprintf (cmd_pol, CMD_POL_MAX, "%s.?%d.CommandPolicy", prefix, i);
/* CommandCode [0] EXPLICIT INTEGER */
ret = asn1_read_uint32 (tpm2key, cmd_code, &policy->cmd_code);
if (ret != ASN1_SUCCESS)
return ret;
/* CommandPolicy [1] EXPLICIT OCTET STRING */
ret = tpm2key_get_octstring (tpm2key, cmd_pol, &policy->cmd_policy,
&cmd_policy_len);
if (ret != ASN1_SUCCESS)
{
goto error;
}
else if (cmd_policy_len > GRUB_TPM2_BUFFER_CAPACITY)
{
/*
* CommandPolicy is the marshalled parameters for the TPM command so
* it should not be larger than the maximum TPM2 buffer.
*/
ret = ASN1_VALUE_NOT_VALID;
goto error;
}
policy->cmd_policy_len = (grub_uint16_t)cmd_policy_len;
/* Prepend the policy command into the sequence */
grub_list_push (GRUB_AS_LIST_P (&tmp_seq), GRUB_AS_LIST (policy));
}
*policy_seq = tmp_seq;
return ASN1_SUCCESS;
error:
if (policy != NULL)
{
grub_free (policy->cmd_policy);
grub_free (policy);
}
grub_tpm2key_free_policy_seq (tmp_seq);
return ret;
}
grub_err_t
grub_tpm2key_get_policy_seq (asn1_node tpm2key, tpm2key_policy_t *policy_seq)
{
int ret;
ret = tpm2key_get_policy_seq (tpm2key, "policy", policy_seq);
if (ret == ASN1_ELEMENT_NOT_FOUND)
{
/* "policy" is optional, so it may not be available */
*policy_seq = NULL;
return GRUB_ERR_NONE;
}
else if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_READ_ERROR, "failed to retrieve policy");
return GRUB_ERR_NONE;
}
void
grub_tpm2key_free_policy_seq (tpm2key_policy_t policy_seq)
{
tpm2key_policy_t policy;
tpm2key_policy_t next;
if (policy_seq == NULL)
return;
FOR_LIST_ELEMENTS_SAFE (policy, next, policy_seq)
{
grub_free (policy->cmd_policy);
grub_free (policy);
}
}
grub_err_t
grub_tpm2key_get_authpolicy_seq (asn1_node tpm2key, tpm2key_authpolicy_t *authpol_seq)
{
tpm2key_authpolicy_t tmp_seq = NULL;
tpm2key_authpolicy_t authpol = NULL;
int authpol_n;
char authpol_pol[AUTHPOLICY_POL_MAX];
int i;
int ret;
grub_err_t err;
ret = asn1_number_of_elements (tpm2key, "authPolicy", &authpol_n);
if (ret == ASN1_ELEMENT_NOT_FOUND)
{
/* "authPolicy" is optional, so it may not be available */
*authpol_seq = NULL;
return GRUB_ERR_NONE;
}
else if (ret != ASN1_SUCCESS)
return grub_error (GRUB_ERR_READ_ERROR, "failed to retrieve authPolicy");
/* Limit the number of authPolicy elements to two digits (99) */
if (authpol_n > TPM2KEY_ELEMENTS_MAX || authpol_n < TPM2KEY_ELEMENTS_MIN)
return grub_error (GRUB_ERR_OUT_OF_RANGE, "invalid number of authPolicy elements");
/*
* Iterate the authPolicy elements backwards since grub_list_push() prepends
* the item into the list.
*/
for (i = authpol_n; i >= 1; i--) {
authpol = grub_zalloc (sizeof (struct tpm2key_authpolicy));
if (authpol == NULL)
{
err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate memory for authPolicy");
goto error;
}
grub_snprintf (authpol_pol, AUTHPOLICY_POL_MAX, "authPolicy.?%d.Policy", i);
ret = tpm2key_get_policy_seq (tpm2key, authpol_pol, &authpol->policy_seq);
if (ret != ASN1_SUCCESS)
{
err = grub_error (GRUB_ERR_READ_ERROR, "failed to retrieve policy from authPolicy");
goto error;
}
/* Prepend the authPolicy element into the sequence */
grub_list_push (GRUB_AS_LIST_P (&tmp_seq), GRUB_AS_LIST (authpol));
}
*authpol_seq = tmp_seq;
return GRUB_ERR_NONE;
error:
if (authpol != NULL)
{
grub_tpm2key_free_policy_seq (authpol->policy_seq);
grub_free (authpol);
}
grub_tpm2key_free_authpolicy_seq (tmp_seq);
return err;
}
void
grub_tpm2key_free_authpolicy_seq (tpm2key_authpolicy_t authpol_seq)
{
tpm2key_authpolicy_t authpol;
tpm2key_authpolicy_t next;
if (authpol_seq == NULL)
return;
FOR_LIST_ELEMENTS_SAFE (authpol, next, authpol_seq)
{
grub_tpm2key_free_policy_seq (authpol->policy_seq);
grub_free (authpol);
}
}

87
grub-core/commands/tpm2_key_protector/tpm2key.h
View file

@ -1,87 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2023 SUSE LLC
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GRUB_TPM2_TPM2KEY_HEADER
#define GRUB_TPM2_TPM2KEY_HEADER 1
#include <grub/types.h>
#include <libtasn1.h>
/*
* TPMPolicy ::= SEQUENCE {
* CommandCode [0] EXPLICIT INTEGER,
* CommandPolicy [1] EXPLICIT OCTET STRING
* }
*/
struct tpm2key_policy {
struct tpm2key_policy *next;
struct tpm2key_policy **prev;
grub_uint32_t cmd_code;
void *cmd_policy;
grub_uint16_t cmd_policy_len;
};
typedef struct tpm2key_policy *tpm2key_policy_t;
/*
* TPMAuthPolicy ::= SEQUENCE {
* Name [0] EXPLICIT UTF8String OPTIONAL,
* Policy [1] EXPLICIT SEQUENCE OF TPMPolicy
* }
*
* Name is not a necessary part to unseal the key. Ignore it.
*/
struct tpm2key_authpolicy {
struct tpm2key_authpolicy *next;
struct tpm2key_authpolicy **prev;
/* char *name; */
tpm2key_policy_t policy_seq;
};
typedef struct tpm2key_authpolicy *tpm2key_authpolicy_t;
extern grub_err_t
grub_tpm2key_start_parsing (asn1_node *parsed_tpm2key, void *data, grub_size_t size);
extern void
grub_tpm2key_end_parsing (asn1_node tpm2key);
extern grub_err_t
grub_tpm2key_get_rsaparent (asn1_node tpm2key, grub_uint8_t *rsaparent);
extern grub_err_t
grub_tpm2key_get_parent (asn1_node tpm2key, grub_uint32_t *parent);
extern grub_err_t
grub_tpm2key_get_pubkey (asn1_node tpm2key, void **data, grub_size_t *size);
extern grub_err_t
grub_tpm2key_get_privkey (asn1_node tpm2key, void **data, grub_size_t *size);
extern grub_err_t
grub_tpm2key_get_policy_seq (asn1_node tpm2key, tpm2key_policy_t *policy_seq);
extern void
grub_tpm2key_free_policy_seq (tpm2key_policy_t policy_seq);
extern grub_err_t
grub_tpm2key_get_authpolicy_seq (asn1_node tpm2key, tpm2key_authpolicy_t *authpol_seq);
extern void
grub_tpm2key_free_authpolicy_seq (tpm2key_authpolicy_t authpol_seq);
#endif /* GRUB_TPM2_TPM2KEY_HEADER */

63
grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c
View file

@ -1,63 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* This file is generated by 'asn1Parser tpm2key.asn' and the '#include'
* headers are replaced with the ones in grub2.
* - 'grub/mm.h' for the definition of 'NULL'
* - 'libtasn1.h' for the definition of 'asn1_static_node'
*/
#include <grub/mm.h>
#include <libtasn1.h>
const asn1_static_node tpm2key_asn1_tab[] = {
{ "TPM2KEY", 536875024, NULL },
{ NULL, 1073741836, NULL },
{ "TPMPolicy", 1610612741, NULL },
{ "CommandCode", 1610620931, NULL },
{ NULL, 2056, "0"},
{ "CommandPolicy", 536879111, NULL },
{ NULL, 2056, "1"},
{ "TPMAuthPolicy", 1610612741, NULL },
{ "Name", 1610637346, NULL },
{ NULL, 2056, "0"},
{ "Policy", 536879115, NULL },
{ NULL, 1073743880, "1"},
{ NULL, 2, "TPMPolicy"},
{ "TPMKey", 536870917, NULL },
{ "type", 1073741836, NULL },
{ "emptyAuth", 1610637316, NULL },
{ NULL, 2056, "0"},
{ "policy", 1610637323, NULL },
{ NULL, 1073743880, "1"},
{ NULL, 2, "TPMPolicy"},
{ "secret", 1610637319, NULL },
{ NULL, 2056, "2"},
{ "authPolicy", 1610637323, NULL },
{ NULL, 1073743880, "3"},
{ NULL, 2, "TPMAuthPolicy"},
{ "description", 1610637346, NULL },
{ NULL, 2056, "4"},
{ "rsaParent", 1610637316, NULL },
{ NULL, 2056, "5"},
{ "parent", 1073741827, NULL },
{ "pubkey", 1073741831, NULL },
{ "privkey", 7, NULL },
{ NULL, 0, NULL }
};

5
grub-core/commands/videoinfo.c
View file

@ -191,11 +191,6 @@ grub_cmd_videoinfo (grub_command_t cmd __attribute__ ((unused)),
/* Don't worry about errors. */
grub_errno = GRUB_ERR_NONE;
}
else if (id != GRUB_VIDEO_DRIVER_NONE)
{
grub_puts_ (N_(" A video driver is active, cannot initialize this driver until it is deactivated\n"));
continue;
}
else
{
if (adapter->init ())

16
grub-core/disk/ahci.c
View file

@ -152,7 +152,8 @@ struct grub_ahci_device
static grub_err_t
grub_ahci_readwrite_real (struct grub_ahci_device *dev,
struct grub_disk_ata_pass_through_parms *parms, int reset);
struct grub_disk_ata_pass_through_parms *parms,
int spinup, int reset);
enum
@ -572,7 +573,7 @@ grub_ahci_pciinit (grub_pci_device_t dev,
/* struct grub_disk_ata_pass_through_parms parms2;
grub_memset (&parms2, 0, sizeof (parms2));
parms2.taskfile.cmd = 8;
grub_ahci_readwrite_real (dev, &parms2, 1);*/
grub_ahci_readwrite_real (dev, &parms2, 1, 1);*/
}
endtime = grub_get_time_ms () + 32000;
@ -907,14 +908,15 @@ grub_ahci_reset_port (struct grub_ahci_device *dev, int force)
dev->hba->ports[dev->port].sata_error = dev->hba->ports[dev->port].sata_error;
grub_memset (&parms2, 0, sizeof (parms2));
parms2.taskfile.cmd = 8;
return grub_ahci_readwrite_real (dev, &parms2, 1);
return grub_ahci_readwrite_real (dev, &parms2, 1, 1);
}
return GRUB_ERR_NONE;
}
static grub_err_t
grub_ahci_readwrite_real (struct grub_ahci_device *dev,
struct grub_disk_ata_pass_through_parms *parms, int reset)
struct grub_disk_ata_pass_through_parms *parms,
int spinup, int reset)
{
struct grub_pci_dma_chunk *bufc;
grub_uint64_t endtime;
@ -1036,7 +1038,7 @@ grub_ahci_readwrite_real (struct grub_ahci_device *dev,
grub_dprintf ("ahci", "AHCI tfd = %x\n",
dev->hba->ports[dev->port].task_file_data);
endtime = grub_get_time_ms () + 20000;
endtime = grub_get_time_ms () + (spinup ? 20000 : 20000);
while ((dev->hba->ports[dev->port].command_issue & 1))
if (grub_get_time_ms () > endtime ||
(dev->hba->ports[dev->port].intstatus & GRUB_AHCI_HBA_PORT_IS_FATAL_MASK))
@ -1095,9 +1097,9 @@ grub_ahci_readwrite_real (struct grub_ahci_device *dev,
static grub_err_t
grub_ahci_readwrite (grub_ata_t disk,
struct grub_disk_ata_pass_through_parms *parms,
int spinup __attribute__((__unused__)))
int spinup)
{
return grub_ahci_readwrite_real (disk->data, parms, 0);
return grub_ahci_readwrite_real (disk->data, parms, spinup, 0);
}
static grub_err_t

9
grub-core/disk/ata.c
View file

@ -112,10 +112,10 @@ grub_ata_identify (struct grub_ata *dev)
return grub_atapi_identify (dev);
info64 = grub_malloc (GRUB_DISK_SECTOR_SIZE);
if (info64 == NULL)
return grub_errno;
info32 = (grub_uint32_t *) info64;
info16 = (grub_uint16_t *) info64;
if (! info16)
return grub_errno;
grub_memset (&parms, 0, sizeof (parms));
parms.buffer = info16;
@ -181,7 +181,10 @@ grub_ata_identify (struct grub_ata *dev)
if (secsize & (secsize - 1) || !secsize
|| secsize > 1048576)
secsize = 256;
dev->log_sector_size = grub_log2ull (secsize) + 1;
for (dev->log_sector_size = 0;
(1U << dev->log_sector_size) < secsize;
dev->log_sector_size++);
dev->log_sector_size++;
}
else
dev->log_sector_size = 9;

721
grub-core/disk/cryptodisk.c
View file

@ -17,7 +17,6 @@
*/
#include <grub/cryptodisk.h>
#include <grub/env.h>
#include <grub/mm.h>
#include <grub/misc.h>
#include <grub/dl.h>
@ -27,8 +26,6 @@
#include <grub/file.h>
#include <grub/procfs.h>
#include <grub/partition.h>
#include <grub/key_protector.h>
#include <grub/safemath.h>
#ifdef GRUB_UTIL
#include <grub/emu/hostdisk.h>
@ -38,42 +35,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
grub_cryptodisk_dev_t grub_cryptodisk_list;
enum
{
OPTION_UUID,
OPTION_ALL,
OPTION_BOOT,
OPTION_PASSWORD,
OPTION_KEYFILE,
OPTION_KEYFILE_OFFSET,
OPTION_KEYFILE_SIZE,
OPTION_HEADER,
OPTION_PROTECTOR
};
static const struct grub_arg_option options[] =
{
{"uuid", 'u', 0, N_("Mount by UUID."), 0, 0},
/* TRANSLATORS: It's still restricted to cryptodisks only. */
{"all", 'a', 0, N_("Mount all."), 0, 0},
{"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
{"password", 'p', 0, N_("Password to open volumes."), 0, ARG_TYPE_STRING},
{"key-file", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
{"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
{"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
{"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
{"protector", 'P', GRUB_ARG_OPTION_REPEATABLE,
N_("Unlock volume(s) using key protector(s)."), 0, ARG_TYPE_STRING},
{0, 0, 0, 0, 0, 0}
};
struct cryptodisk_read_hook_ctx
{
grub_file_t hdr_file;
grub_disk_addr_t part_start;
};
typedef struct cryptodisk_read_hook_ctx *cryptodisk_read_hook_ctx_t;
/* Our irreducible polynom is x^128+x^7+x^2+x+1. Lowest byte of it is: */
#define GF_POLYNOM 0x87
static inline int GF_PER_SECTOR (const struct grub_cryptodisk *dev)
@ -268,7 +238,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
: grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
for (i = 0; i < len; i += (1U << log_sector_size))
{
grub_size_t sz = ((dev->cipher->cipher->blocksize
+ sizeof (grub_uint32_t) - 1)
@ -708,7 +678,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
{
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid, sizeof (dev->uuid)) == 0)
if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
break;
}
else
@ -724,31 +694,16 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
if (!dev)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
disk->log_sector_size = dev->log_sector_size;
#ifdef GRUB_UTIL
if (dev->cheat)
{
grub_uint64_t cheat_dev_size;
unsigned int cheat_log_sector_size;
if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd))
dev->cheat_fd = grub_util_fd_open (dev->cheat, GRUB_UTIL_FD_O_RDONLY);
if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd))
return grub_error (GRUB_ERR_IO, N_("cannot open `%s': %s"),
dev->cheat, grub_util_fd_strerror ());
/* Use the sector size and count of the cheat device. */
cheat_dev_size = grub_util_get_fd_size (dev->cheat_fd, dev->cheat, &cheat_log_sector_size);
if (cheat_dev_size == -1)
{
const char *errmsg = grub_util_fd_strerror ();
grub_util_fd_close (dev->cheat_fd);
dev->cheat_fd = GRUB_UTIL_FD_INVALID;
return grub_error (GRUB_ERR_IO, N_("failed to query size of device `%s': %s"),
dev->cheat, errmsg);
}
dev->log_sector_size = cheat_log_sector_size;
dev->total_sectors = cheat_dev_size >> cheat_log_sector_size;
}
#endif
@ -762,7 +717,6 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
}
disk->data = dev;
disk->log_sector_size = dev->log_sector_size;
disk->total_sectors = dev->total_sectors;
disk->max_agglomerate = GRUB_DISK_MAX_MAX_AGGLOMERATE;
disk->id = dev->id;
@ -934,7 +888,10 @@ grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
{
newdev->source = grub_strdup (name);
if (!newdev->source)
{
grub_free (newdev);
return grub_errno;
}
newdev->id = last_cryptodisk_id++;
newdev->source_id = source->id;
@ -951,7 +908,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
{
grub_cryptodisk_t dev;
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
if (grub_uuidcasecmp (dev->uuid, uuid, sizeof (dev->uuid)) == 0)
if (grub_strcasecmp (dev->uuid, uuid) == 0)
return dev;
return NULL;
}
@ -1026,6 +983,9 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
#endif
static int check_boot, have_it;
static char *search_uuid;
static void
cryptodisk_close (grub_cryptodisk_t dev)
{
@ -1036,277 +996,39 @@ cryptodisk_close (grub_cryptodisk_t dev)
}
static grub_err_t
cryptodisk_read_hook (grub_disk_addr_t sector, unsigned offset,
unsigned length, char *buf, void *data)
grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
{
cryptodisk_read_hook_ctx_t ctx = data;
if (ctx->hdr_file == NULL)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("header file not found"));
if (grub_file_seek (ctx->hdr_file,
((sector - ctx->part_start) * GRUB_DISK_SECTOR_SIZE) + offset)
== (grub_off_t) -1)
return grub_errno;
if (grub_file_read (ctx->hdr_file, buf, length) != (grub_ssize_t) length)
{
if (grub_errno == GRUB_ERR_NONE)
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("header file too small"));
return grub_errno;
}
return GRUB_ERR_NONE;
}
static grub_cryptodisk_t
grub_cryptodisk_scan_device_real (const char *name,
grub_disk_t source,
grub_cryptomount_args_t cargs)
{
grub_err_t ret = GRUB_ERR_NONE;
grub_err_t err;
grub_cryptodisk_t dev;
grub_cryptodisk_dev_t cr;
int i;
struct cryptodisk_read_hook_ctx read_hook_data = {0};
int askpass = 0;
char *part = NULL;
dev = grub_cryptodisk_get_by_source_disk (source);
if (dev)
return dev;
if (cargs->hdr_file != NULL)
{
/*
* Set read hook to read header from a file instead of the source disk.
* Disk read hooks are executed after the data has been read from the
* disk. This is okay, because the read hook is given the read buffer
* before its sent back to the caller. In this case, the hook can then
* overwrite the data read from the disk device with data from the
* header file sent in as the read hook data. This is transparent to the
* read caller. Since the callers of this function have just opened the
* source disk, there are no current read hooks, so there's no need to
* save/restore them nor consider if they should be called or not.
*
* This hook assumes that the header is at the start of the volume, which
* is not the case for some formats (eg. GELI). It also can only be used
* with formats where the detached header file can be written to the
* first blocks of the volume and the volume could still be unlocked.
* So the header file can not be formatted differently from the on-disk
* header. If these assumpts are not met, detached header file processing
* must be specially handled in the cryptodisk backend module.
*
* This hook needs only be set once and will be called potentially many
* times by a backend. This is fine because of the assumptions mentioned
* and the read hook reads from absolute offsets and is stateless.
*/
read_hook_data.part_start = grub_partition_get_start (source->partition);
read_hook_data.hdr_file = cargs->hdr_file;
source->read_hook = cryptodisk_read_hook;
source->read_hook_data = (void *) &read_hook_data;
}
return GRUB_ERR_NONE;
FOR_CRYPTODISK_DEVS (cr)
{
/*
* Loop through each cryptodisk backend that is registered (ie. loaded).
* If the scan returns NULL, then the backend being tested does not
* recognize the source disk, so move on to the next backend.
*/
dev = cr->scan (source, cargs);
dev = cr->scan (source, search_uuid, check_boot);
if (grub_errno)
goto error_no_close;
return grub_errno;
if (!dev)
continue;
break;
}
if (dev == NULL)
err = cr->recover_key (source, dev);
if (err)
{
grub_error (GRUB_ERR_BAD_MODULE,
"no cryptodisk module can handle this device");
goto error_no_close;
}
if (cargs->protectors)
{
for (i = 0; cargs->protectors[i]; i++)
{
if (cargs->key_cache[i].invalid)
continue;
if (cargs->key_cache[i].key == NULL)
{
ret = grub_key_protector_recover_key (cargs->protectors[i],
&cargs->key_cache[i].key,
&cargs->key_cache[i].key_len);
if (ret != GRUB_ERR_NONE)
{
if (grub_errno)
{
grub_print_error ();
grub_errno = GRUB_ERR_NONE;
}
grub_dprintf ("cryptodisk",
"failed to recover a key from key protector "
"%s, will not try it again for any other "
"disks, if any, during this invocation of "
"cryptomount\n",
cargs->protectors[i]);
cargs->key_cache[i].invalid = 1;
continue;
}
}
cargs->key_data = cargs->key_cache[i].key;
cargs->key_len = cargs->key_cache[i].key_len;
ret = cr->recover_key (source, dev, cargs);
if (ret != GRUB_ERR_NONE)
{
/* Reset key data to trigger the passphrase prompt later */
cargs->key_data = NULL;
cargs->key_len = 0;
part = grub_partition_get_name (source->partition);
grub_dprintf ("cryptodisk",
"recovered a key from key protector %s but it "
"failed to unlock %s%s%s (%s)\n",
cargs->protectors[i], source->name,
source->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"), dev->uuid);
grub_free (part);
continue;
}
else
{
ret = grub_cryptodisk_insert (dev, name, source);
if (ret != GRUB_ERR_NONE)
goto error;
#ifndef GRUB_UTIL
grub_cli_set_auth_needed ();
#endif
goto cleanup;
}
}
part = grub_partition_get_name (source->partition);
grub_error (GRUB_ERR_ACCESS_DENIED,
N_("no key protector provided a usable key for %s%s%s (%s)"),
source->name, source->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"), dev->uuid);
grub_free (part);
}
if (cargs->key_len)
{
ret = cr->recover_key (source, dev, cargs);
if (ret != GRUB_ERR_NONE)
goto error;
}
else
{
/* Get the passphrase from the user, if no key data. */
unsigned long tries = 3;
const char *tries_env;
/*
* Print the error from key protectors and clear grub_errno.
*
* Since '--protector' cannot coexist with '--password' and
* '--key-file', in case key protectors fail, only
* "cargs->key_len == 0" is expected, so cryptomount falls back
* here to request the passphrase.
*
* To avoid the error from key protectors stops the further code,
* print the error to notify the user why key protectors fail and
* clear grub_errno to have a fresh start.
*/
if (grub_errno != GRUB_ERR_NONE)
{
grub_print_error ();
grub_errno = GRUB_ERR_NONE;
}
askpass = 1;
cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
if (cargs->key_data == NULL)
goto error_no_close;
tries_env = grub_env_get ("cryptodisk_passphrase_tries");
if (tries_env != NULL && tries_env[0] != '\0')
{
unsigned long tries_env_val;
const char *p;
tries_env_val = grub_strtoul (tries_env, &p, 0);
if (*p == '\0' && tries_env_val != ~0UL)
tries = tries_env_val;
else
grub_printf_ (N_("Invalid cryptodisk_passphrase_tries value `%s'. Defaulting to %lu.\n"),
tries_env,
tries);
}
for (; tries > 0; tries--)
{
part = grub_partition_get_name (source->partition);
grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
source->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"),
dev->uuid);
grub_free (part);
if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
{
grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
goto error;
}
cargs->key_len = grub_strlen ((char *) cargs->key_data);
ret = cr->recover_key (source, dev, cargs);
if (ret == GRUB_ERR_NONE)
break;
if (ret != GRUB_ERR_ACCESS_DENIED || tries == 1)
goto error;
grub_puts_ (N_("Invalid passphrase."));
/*
* Since recover_key() calls a function that returns grub_errno,
* a leftover error value from a previously rejected passphrase
* will trigger a phantom failure. We therefore clear it before
* trying a new passphrase.
*/
grub_errno = GRUB_ERR_NONE;
}
}
ret = grub_cryptodisk_insert (dev, name, source);
if (ret != GRUB_ERR_NONE)
goto error;
goto cleanup;
error:
cryptodisk_close (dev);
error_no_close:
dev = NULL;
cleanup:
if (cargs->hdr_file != NULL)
source->read_hook = NULL;
if (askpass)
{
grub_memset (cargs->key_data, 0, cargs->key_len);
cargs->key_len = 0;
grub_free (cargs->key_data);
return err;
}
return dev;
grub_cryptodisk_insert (dev, name, source);
have_it = 1;
return GRUB_ERR_NONE;
}
return GRUB_ERR_NONE;
}
#ifdef GRUB_UTIL
@ -1318,7 +1040,6 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
grub_cryptodisk_t dev;
grub_cryptodisk_dev_t cr;
grub_disk_t source;
struct grub_cryptomount_args cargs = {0};
/* Try to open disk. */
source = grub_disk_open (sourcedev);
@ -1335,7 +1056,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
FOR_CRYPTODISK_DEVS (cr)
{
dev = cr->scan (source, &cargs);
dev = cr->scan (source, search_uuid, check_boot);
if (grub_errno)
return grub_errno;
if (!dev)
@ -1359,13 +1080,10 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
static int
grub_cryptodisk_scan_device (const char *name,
void *data)
void *data __attribute__ ((unused)))
{
int ret = 0;
grub_err_t err;
grub_disk_t source;
grub_cryptodisk_t dev;
grub_cryptomount_args_t cargs = data;
grub_errno = GRUB_ERR_NONE;
/* Try to open disk. */
source = grub_disk_open (name);
@ -1375,220 +1093,64 @@ grub_cryptodisk_scan_device (const char *name,
return 0;
}
dev = grub_cryptodisk_scan_device_real (name, source, cargs);
if (dev)
{
ret = (cargs->search_uuid != NULL
&& grub_uuidcasecmp (cargs->search_uuid, dev->uuid, sizeof (dev->uuid)) == 0);
goto cleanup;
}
err = grub_cryptodisk_scan_device_real (name, source);
/*
* Do not print error when err is GRUB_ERR_BAD_MODULE to avoid many unhelpful
* error messages.
*/
if (grub_errno == GRUB_ERR_BAD_MODULE)
grub_error_pop ();
if (cargs->search_uuid != NULL)
/* Push error onto stack to save for cryptomount. */
grub_error_push ();
else
grub_print_error ();
cleanup:
grub_disk_close (source);
return ret;
}
static void
grub_cryptodisk_clear_key_cache (struct grub_cryptomount_args *cargs)
{
int i;
if (cargs->key_cache == NULL || cargs->protectors == NULL)
return;
for (i = 0; cargs->protectors[i]; i++)
{
if (cargs->key_cache[i].key)
grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len);
grub_free (cargs->key_cache[i].key);
}
grub_free (cargs->key_cache);
if (err)
grub_print_error ();
return have_it && search_uuid ? 1 : 0;
}
static grub_err_t
grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
{
struct grub_arg_list *state = ctxt->state;
struct grub_cryptomount_args cargs = {0};
if (argc < 1 && !state[OPTION_ALL].set && !state[OPTION_BOOT].set)
if (argc < 1 && !state[1].set && !state[2].set)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
if (grub_cryptodisk_list == NULL)
return grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk modules loaded");
if (state[OPTION_PASSWORD].set && state[OPTION_PROTECTOR].set) /* password and key protector */
return grub_error (GRUB_ERR_BAD_ARGUMENT,
"a password and a key protector cannot both be set");
if (state[OPTION_KEYFILE].set && state[OPTION_PROTECTOR].set) /* key file and key protector */
return grub_error (GRUB_ERR_BAD_ARGUMENT,
"a key file and a key protector cannot both be set");
if (state[OPTION_PASSWORD].set) /* password */
have_it = 0;
if (state[0].set)
{
cargs.key_data = (grub_uint8_t *) state[OPTION_PASSWORD].arg;
cargs.key_len = grub_strlen (state[OPTION_PASSWORD].arg);
}
if (state[OPTION_KEYFILE].set) /* keyfile */
{
const char *p = NULL;
grub_file_t keyfile;
unsigned long long keyfile_offset = 0, keyfile_size = 0;
if (state[OPTION_KEYFILE_OFFSET].set) /* keyfile-offset */
{
grub_errno = GRUB_ERR_NONE;
keyfile_offset = grub_strtoull (state[OPTION_KEYFILE_OFFSET].arg, &p, 0);
if (state[OPTION_KEYFILE_OFFSET].arg[0] == '\0' || *p != '\0')
return grub_error (grub_errno,
N_("non-numeric or invalid keyfile offset `%s'"),
state[OPTION_KEYFILE_OFFSET].arg);
}
if (state[OPTION_KEYFILE_SIZE].set) /* keyfile-size */
{
grub_errno = GRUB_ERR_NONE;
keyfile_size = grub_strtoull (state[OPTION_KEYFILE_SIZE].arg, &p, 0);
if (state[OPTION_KEYFILE_SIZE].arg[0] == '\0' || *p != '\0')
return grub_error (grub_errno,
N_("non-numeric or invalid keyfile size `%s'"),
state[OPTION_KEYFILE_SIZE].arg);
if (keyfile_size == 0)
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("key file size is 0"));
if (keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
return grub_error (GRUB_ERR_OUT_OF_RANGE,
N_("key file size exceeds maximum (%d)"),
GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
}
keyfile = grub_file_open (state[OPTION_KEYFILE].arg,
GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY);
if (keyfile == NULL)
return grub_errno;
if (keyfile_offset > keyfile->size)
return grub_error (GRUB_ERR_OUT_OF_RANGE,
N_("Keyfile offset, %llu, is greater than "
"keyfile size, %llu"),
keyfile_offset, (unsigned long long) keyfile->size);
if (grub_file_seek (keyfile, (grub_off_t) keyfile_offset) == (grub_off_t) -1)
return grub_errno;
if (keyfile_size != 0)
{
if (keyfile_size > (keyfile->size - keyfile_offset))
return grub_error (GRUB_ERR_FILE_READ_ERROR,
N_("keyfile is too small: requested %llu bytes,"
" but the file only has %" PRIuGRUB_UINT64_T
" bytes left at offset %llu"),
keyfile_size,
(grub_off_t) (keyfile->size - keyfile_offset),
keyfile_offset);
cargs.key_len = keyfile_size;
}
else
cargs.key_len = keyfile->size - keyfile_offset;
cargs.key_data = grub_malloc (cargs.key_len);
if (cargs.key_data == NULL)
return GRUB_ERR_OUT_OF_MEMORY;
if (grub_file_read (keyfile, cargs.key_data, cargs.key_len) != (grub_ssize_t) cargs.key_len)
return grub_error (GRUB_ERR_FILE_READ_ERROR, (N_("failed to read key file")));
}
if (state[OPTION_HEADER].set) /* header */
{
if (state[OPTION_UUID].set)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("cannot use UUID lookup with detached header"));
cargs.hdr_file = grub_file_open (state[OPTION_HEADER].arg,
GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER);
if (cargs.hdr_file == NULL)
return grub_errno;
}
if (state[OPTION_PROTECTOR].set) /* key protector(s) */
{
cargs.key_cache = grub_calloc (state[OPTION_PROTECTOR].set, sizeof (*cargs.key_cache));
if (cargs.key_cache == NULL)
return grub_error (GRUB_ERR_OUT_OF_MEMORY,
"no memory for key protector key cache");
cargs.protectors = state[OPTION_PROTECTOR].args;
}
if (state[OPTION_UUID].set) /* uuid */
{
int found_uuid;
grub_cryptodisk_t dev;
dev = grub_cryptodisk_get_by_uuid (args[0]);
if (dev)
{
grub_cryptodisk_clear_key_cache (&cargs);
grub_dprintf ("cryptodisk",
"already mounted as crypto%lu\n", dev->id);
return GRUB_ERR_NONE;
}
cargs.check_boot = state[OPTION_BOOT].set;
cargs.search_uuid = args[0];
found_uuid = grub_device_iterate (&grub_cryptodisk_scan_device, &cargs);
grub_cryptodisk_clear_key_cache (&cargs);
check_boot = state[2].set;
search_uuid = args[0];
grub_device_iterate (&grub_cryptodisk_scan_device, NULL);
search_uuid = NULL;
if (found_uuid)
if (!have_it)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found");
return GRUB_ERR_NONE;
else if (grub_errno == GRUB_ERR_NONE)
{
/*
* Try to pop the next error on the stack. If there is not one, then
* no device matched the given UUID.
*/
grub_error_pop ();
if (grub_errno == GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found, perhaps a needed disk or cryptodisk module is not loaded");
}
return grub_errno;
}
else if (state[OPTION_ALL].set || (argc == 0 && state[OPTION_BOOT].set)) /* -a|-b */
else if (state[1].set || (argc == 0 && state[2].set))
{
cargs.check_boot = state[OPTION_BOOT].set;
grub_device_iterate (&grub_cryptodisk_scan_device, &cargs);
grub_cryptodisk_clear_key_cache (&cargs);
search_uuid = NULL;
check_boot = state[2].set;
grub_device_iterate (&grub_cryptodisk_scan_device, NULL);
search_uuid = NULL;
return GRUB_ERR_NONE;
}
else
{
grub_err_t err;
grub_disk_t disk;
grub_cryptodisk_t dev;
char *diskname;
char *disklast = NULL;
grub_size_t len;
cargs.check_boot = state[OPTION_BOOT].set;
search_uuid = NULL;
check_boot = state[2].set;
diskname = args[0];
len = grub_strlen (diskname);
if (len && diskname[0] == '(' && diskname[len - 1] == ')')
@ -1601,7 +1163,6 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
disk = grub_disk_open (diskname);
if (!disk)
{
grub_cryptodisk_clear_key_cache (&cargs);
if (disklast)
*disklast = ')';
return grub_errno;
@ -1612,20 +1173,18 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
{
grub_dprintf ("cryptodisk", "already mounted as crypto%lu\n", dev->id);
grub_disk_close (disk);
grub_cryptodisk_clear_key_cache (&cargs);
if (disklast)
*disklast = ')';
return GRUB_ERR_NONE;
}
dev = grub_cryptodisk_scan_device_real (diskname, disk, &cargs);
grub_cryptodisk_clear_key_cache (&cargs);
err = grub_cryptodisk_scan_device_real (diskname, disk);
grub_disk_close (disk);
if (disklast)
*disklast = ')';
return (dev == NULL) ? grub_errno : GRUB_ERR_NONE;
return err;
}
}
@ -1656,70 +1215,40 @@ static char *
luks_script_get (grub_size_t *sz)
{
grub_cryptodisk_t i;
grub_size_t size = 0, mul;
grub_size_t size = 0;
char *ptr, *ret;
*sz = 0;
for (i = cryptodisk_list; i != NULL; i = i->next)
if (grub_strcmp (i->modname, "luks") == 0 ||
grub_strcmp (i->modname, "luks2") == 0)
if (grub_strcmp (i->modname, "luks") == 0)
{
/*
* Add space in the line for (in order) spaces, cipher mode, cipher IV
* mode, sector offset, sector size and the trailing newline. This is
* an upper bound on the size of this data. There are 15 extra bytes
* in an earlier version of this code that are unaccounted for. It is
* left in the calculations in case it is needed. At worst, its short-
* lived wasted space.
*
* 60 = 5 + 5 + 8 + 20 + 6 + 1 + 15
*/
if (grub_add (size, grub_strlen (i->modname), &size) ||
grub_add (size, sizeof ("_mount") + 60, &size) ||
grub_add (size, grub_strlen (i->uuid), &size) ||
grub_add (size, grub_strlen (i->cipher->cipher->name), &size) ||
grub_mul (i->keysize, 2, &mul) ||
grub_add (size, mul, &size))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining size of luks script");
return 0;
}
size += sizeof ("luks_mount ");
size += grub_strlen (i->uuid);
size += grub_strlen (i->cipher->cipher->name);
size += 54;
if (i->essiv_hash)
{
if (grub_add (size, grub_strlen (i->essiv_hash->name), &size))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining size of luks script");
return 0;
}
}
}
if (grub_add (size, 1, &size))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining size of luks script");
return 0;
size += grub_strlen (i->essiv_hash->name);
size += i->keysize * 2;
}
ret = grub_malloc (size);
ret = grub_malloc (size + 1);
if (!ret)
return 0;
ptr = ret;
for (i = cryptodisk_list; i != NULL; i = i->next)
if (grub_strcmp (i->modname, "luks") == 0 ||
grub_strcmp (i->modname, "luks2") == 0)
if (grub_strcmp (i->modname, "luks") == 0)
{
unsigned j;
const char *iptr;
ptr = grub_stpcpy (ptr, i->modname);
ptr = grub_stpcpy (ptr, "_mount ");
ptr = grub_stpcpy (ptr, "luks_mount ");
ptr = grub_stpcpy (ptr, i->uuid);
*ptr++ = ' ';
ptr += grub_snprintf (ptr, 21, "%" PRIxGRUB_OFFSET, i->offset_sectors);
*ptr++ = ' ';
ptr += grub_snprintf (ptr, 7, "%u", 1 << i->log_sector_size);
*ptr++ = ' ';
grub_snprintf (ptr, 21, "%" PRIuGRUB_UINT64_T " ", i->offset_sectors);
while (*ptr)
ptr++;
for (iptr = i->cipher->cipher->name; *iptr; iptr++)
*ptr++ = grub_tolower (*iptr);
switch (i->mode)
@ -1776,114 +1305,6 @@ luks_script_get (grub_size_t *sz)
return ret;
}
#ifdef GRUB_MACHINE_EFI
grub_err_t
grub_cryptodisk_challenge_password (void)
{
grub_cryptodisk_t cr_dev;
for (cr_dev = cryptodisk_list; cr_dev != NULL; cr_dev = cr_dev->next)
{
grub_cryptodisk_dev_t cr;
grub_disk_t source = NULL;
grub_err_t ret = GRUB_ERR_NONE;
grub_cryptodisk_t dev = NULL;
char *part = NULL;
struct grub_cryptomount_args cargs = {0};
cargs.check_boot = 0;
cargs.search_uuid = cr_dev->uuid;
source = grub_disk_open (cr_dev->source);
if (source == NULL)
{
ret = grub_errno;
goto error_out;
}
FOR_CRYPTODISK_DEVS (cr)
{
dev = cr->scan (source, &cargs);
if (grub_errno)
{
ret = grub_errno;
goto error_out;
}
if (dev == NULL)
continue;
break;
}
if (dev == NULL)
{
ret = grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk module can handle this device");
goto error_out;
}
part = grub_partition_get_name (source->partition);
grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
source->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"), cr_dev->uuid);
grub_free (part);
cargs.key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
if (cargs.key_data == NULL)
{
ret = grub_errno;
goto error_out;
}
if (!grub_password_get ((char *) cargs.key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
{
ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
goto error_out;
}
cargs.key_len = grub_strlen ((char *) cargs.key_data);
ret = cr->recover_key (source, dev, &cargs);
error_out:
grub_disk_close (source);
if (dev != NULL)
cryptodisk_close (dev);
if (cargs.key_data)
{
grub_memset (cargs.key_data, 0, cargs.key_len);
grub_free (cargs.key_data);
}
return ret;
}
return GRUB_ERR_NONE;
}
void
grub_cryptodisk_erasesecrets (void)
{
grub_cryptodisk_t i;
grub_uint8_t *buf;
buf = grub_zalloc (GRUB_CRYPTODISK_MAX_KEYLEN);
if (buf == NULL)
grub_fatal ("grub_cryptodisk_erasesecrets: cannot allocate memory");
for (i = cryptodisk_list; i != NULL; i = i->next)
if (grub_cryptodisk_setkey (i, buf, i->keysize))
grub_fatal ("grub_cryptodisk_erasesecrets: cannot erase secrets for %s", i->source);
else
grub_printf ("Erased crypto secrets for %s\n", i->source);
/*
* Unfortunately, there is no way to "force unmount" a given disk, it may
* have mounted "child" disks as well, e.g., an LVM volume. So, this
* function MUST be called when there is no way back, e.g., when exiting.
* Otherwise, subsequent read calls for a cryptodisk will return garbage.
*/
grub_free (buf);
}
#endif /* GRUB_MACHINE_EFI */
struct grub_procfs_entry luks_script =
{
.name = "luks_script",
@ -1896,19 +1317,13 @@ GRUB_MOD_INIT (cryptodisk)
{
grub_disk_dev_register (&grub_cryptodisk_dev);
cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
N_("[ [-p password] | [-k keyfile"
" [-O keyoffset] [-S keysize] ] ] [-H file]"
" [-P protector [-P protector ...]]"
" <SOURCE|-u UUID|-a|-b>"),
N_("SOURCE|-u UUID|-a|-b"),
N_("Mount a crypto device."), options);
grub_procfs_register ("luks_script", &luks_script);
}
GRUB_MOD_FINI (cryptodisk)
{
#ifdef GRUB_MACHINE_EFI
grub_cryptodisk_erasesecrets ();
#endif
grub_disk_dev_unregister (&grub_cryptodisk_dev);
cryptodisk_cleanup ();
grub_unregister_extcmd (cmd);

175
grub-core/disk/diskfilter.c
View file

@ -20,12 +20,10 @@
#include <grub/dl.h>
#include <grub/disk.h>
#include <grub/mm.h>
#include <grub/command.h>
#include <grub/err.h>
#include <grub/misc.h>
#include <grub/diskfilter.h>
#include <grub/partition.h>
#include <grub/safemath.h>
#ifdef GRUB_UTIL
#include <grub/i18n.h>
#include <grub/util/misc.h>
@ -228,27 +226,14 @@ scan_devices (const char *arname)
int need_rescan;
for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++)
{
/* look up the crytodisk devices first */
for (p = grub_disk_dev_list; p; p = p->next)
if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID && p->disk_iterate)
if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID
&& p->disk_iterate)
{
if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
return;
if (arname && is_lv_readable (find_lv (arname), 1))
return;
break;
}
/* check the devices other than crytodisk */
for (p = grub_disk_dev_list; p; p = p->next)
if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID && p->disk_iterate)
{
if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
return;
if (arname && is_lv_readable (find_lv (arname), 1))
return;
}
}
scan_depth = 0;
@ -315,8 +300,6 @@ grub_diskfilter_memberlist (grub_disk_t disk)
grub_disk_dev_t p;
struct grub_diskfilter_vg *vg;
struct grub_diskfilter_lv *lv2 = NULL;
struct grub_diskfilter_segment *seg;
unsigned int i, j;
if (!lv->vg->pvs)
return NULL;
@ -348,52 +331,27 @@ grub_diskfilter_memberlist (grub_disk_t disk)
}
}
for (i = 0, seg = lv->segments; i < lv->segment_count; i++, seg++)
for (j = 0; j < seg->node_count; ++j)
if (seg->nodes[j].pv != NULL)
for (pv = lv->vg->pvs; pv; pv = pv->next)
{
pv = seg->nodes[j].pv;
if (pv->disk == NULL)
if (!pv->disk)
{
/*
* TRANSLATORS: This message kicks in during the detection of
* which modules needs to be included in core image. This happens
* in the case of degraded RAID and means that autodetection may
* fail to include some of modules. It's an installation time
* message, not runtime message.
*/
/* TRANSLATORS: This message kicks in during the detection of
which modules needs to be included in core image. This happens
in the case of degraded RAID and means that autodetection may
fail to include some of modules. It's an installation time
message, not runtime message. */
grub_util_warn (_("Couldn't find physical volume `%s'."
" Some modules may be missing from core image."),
pv->name);
continue;
}
for (tmp = list; tmp != NULL; tmp = tmp->next)
if (!grub_strcmp (tmp->disk->name, pv->disk->name))
break;
if (tmp != NULL)
continue;
tmp = grub_malloc (sizeof (*tmp));
if (tmp == NULL)
goto fail;
tmp->disk = pv->disk;
tmp->next = list;
list = tmp;
}
return list;
fail:
while (list != NULL)
{
tmp = list;
list = list->next;
grub_free (tmp);
}
return NULL;
}
void
@ -735,7 +693,7 @@ read_segment (struct grub_diskfilter_segment *seg, grub_disk_addr_t sector,
case GRUB_DISKFILTER_RAID6:
{
grub_disk_addr_t read_sector;
grub_uint64_t b, p, n, disknr;
grub_uint64_t b, p, n, disknr, e;
/* n = 1 for level 4 and 5, 2 for level 6. */
n = seg->type / 3;
@ -785,6 +743,7 @@ read_segment (struct grub_diskfilter_segment *seg, grub_disk_addr_t sector,
if (read_size > size)
read_size = size;
e = 0;
/* Reset read error. */
if (grub_errno == GRUB_ERR_READ_ERROR
|| grub_errno == GRUB_ERR_UNKNOWN_DEVICE)
@ -798,6 +757,7 @@ read_segment (struct grub_diskfilter_segment *seg, grub_disk_addr_t sector,
if ((err) && (err != GRUB_ERR_READ_ERROR
&& err != GRUB_ERR_UNKNOWN_DEVICE))
return err;
e++;
if (err)
{
@ -981,6 +941,8 @@ grub_diskfilter_vg_register (struct grub_diskfilter_vg *vg)
for (lv = vg->lvs; lv; lv = lv->next)
{
grub_err_t err;
/* RAID 1 and single-disk RAID 0 don't use a chunksize but code
assumes one so set one. */
for (i = 0; i < lv->segment_count; i++)
@ -992,10 +954,6 @@ grub_diskfilter_vg_register (struct grub_diskfilter_vg *vg)
&& lv->segments[i].stripe_size == 0)
lv->segments[i].stripe_size = 64;
}
}
for (lv = vg->lvs; lv; lv = lv->next)
{
grub_err_t err;
err = validate_lv(lv);
if (err)
@ -1056,18 +1014,11 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
{
struct grub_diskfilter_vg *array;
int i;
grub_size_t j, sz;
grub_size_t j;
grub_uint64_t totsize;
struct grub_diskfilter_pv *pv;
grub_err_t err;
/* We choose not to support more than the specified number of disks. */
if (nmemb < 1 || nmemb > GRUB_MDRAID_MAX_DISKS)
{
grub_free (uuid);
return NULL;
}
switch (level)
{
case 1:
@ -1157,11 +1108,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
}
array->lvs->vg = array;
if (grub_mul (uuidlen, 2, &sz) ||
grub_add (sz, sizeof ("mduuid/"), &sz))
goto fail;
array->lvs->idname = grub_malloc (sz);
array->lvs->idname = grub_malloc (sizeof ("mduuid/") + 2 * uuidlen);
if (!array->lvs->idname)
goto fail;
@ -1189,9 +1136,6 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
array->lvs->segments->raid_member_size = disk_size;
array->lvs->segments->nodes
= grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0]));
if (array->lvs->segments->nodes == NULL)
goto fail;
array->lvs->segments->stripe_size = stripe_size;
for (i = 0; i < nmemb; i++)
{
@ -1378,86 +1322,6 @@ grub_diskfilter_get_pv_from_disk (grub_disk_t disk,
}
#endif
static int
grub_diskfilter_check_pvs_encrypted (grub_disk_t disk, int *pvs_cnt)
{
struct grub_diskfilter_lv *lv = disk->data;
struct grub_diskfilter_pv *pv;
*pvs_cnt = 0;
if (lv->vg->pvs)
for (pv = lv->vg->pvs; pv; pv = pv->next)
{
(*pvs_cnt)++;
if (pv->disk == NULL)
{
/* Can be a partially activated VG, bail out. */
return GRUB_ERR_TEST_FAILURE;
}
if (pv->disk->dev->id != GRUB_DISK_DEVICE_CRYPTODISK_ID)
{
/* All backing devices must be cryptodisks, stop. */
return GRUB_ERR_TEST_FAILURE;
}
}
return GRUB_ERR_NONE;
}
static grub_err_t
grub_cmd_cryptocheck (grub_command_t cmd __attribute__ ((unused)),
int argc, char **args)
{
grub_disk_t disk;
int check_pvs_res;
int namelen;
int pvs_cnt;
int opt_quiet = 0;
if (argc == 2)
{
if (grub_strcmp (args[0], "--quiet") == 0)
{
opt_quiet = 1;
argc--;
args++;
}
else
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unrecognized option: %s"), args[0]);
}
if (argc != 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("disk name expected"));
namelen = grub_strlen (args[0]);
if (namelen > 2 && (args[0][0] == '(') && (args[0][namelen - 1] == ')'))
args[0][namelen - 1] = 0;
else
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("invalid disk: %s"),
args[0]);
if (!is_valid_diskfilter_name (&args[0][1]))
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("unrecognized disk: %s"),
&args[0][1]);
disk = grub_disk_open (&args[0][1]);
if (disk == NULL)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("no such disk: %s"),
&args[0][1]);
check_pvs_res = grub_diskfilter_check_pvs_encrypted (disk, &pvs_cnt);
grub_disk_close (disk);
if (!opt_quiet)
grub_printf ("%s is %sencrypted (%d pv%s examined)\n", &args[0][1],
(check_pvs_res == GRUB_ERR_NONE) ? "" : "un",
pvs_cnt,
(pvs_cnt > 1) ? "s" : "");
return check_pvs_res;
}
static struct grub_disk_dev grub_diskfilter_dev =
{
.name = "diskfilter",
@ -1474,21 +1338,14 @@ static struct grub_disk_dev grub_diskfilter_dev =
.next = 0
};
static grub_command_t cmd;
GRUB_MOD_INIT(diskfilter)
{
grub_disk_dev_register (&grub_diskfilter_dev);
cmd = grub_register_command ("cryptocheck", grub_cmd_cryptocheck,
N_("[--quiet] DEVICE"),
N_("Check if a logical volume resides on encrypted disks."));
}
GRUB_MOD_FINI(diskfilter)
{
grub_disk_dev_unregister (&grub_diskfilter_dev);
if (cmd != NULL)
grub_unregister_command (cmd);
free_array ();
}

30
grub-core/disk/efi/efidisk.c
View file

@ -37,7 +37,7 @@ struct grub_efidisk_data
};
/* GUID. */
static grub_guid_t block_io_guid = GRUB_EFI_BLOCK_IO_GUID;
static grub_efi_guid_t block_io_guid = GRUB_EFI_BLOCK_IO_GUID;
static struct grub_efidisk_data *fd_devices;
static struct grub_efidisk_data *hd_devices;
@ -319,7 +319,7 @@ name_devices (struct grub_efidisk_data *devices)
== GRUB_EFI_VENDOR_MEDIA_DEVICE_PATH_SUBTYPE)
{
grub_efi_vendor_device_path_t *vendor = (grub_efi_vendor_device_path_t *) dp;
static const grub_guid_t apple = GRUB_EFI_VENDOR_APPLE_GUID;
const struct grub_efi_guid apple = GRUB_EFI_VENDOR_APPLE_GUID;
if (vendor->header.length == sizeof (*vendor)
&& grub_memcmp (&vendor->vendor_guid, &apple,
@ -523,7 +523,9 @@ grub_efidisk_open (const char *name, struct grub_disk *disk)
if (m->block_size & (m->block_size - 1) || !m->block_size)
return grub_error (GRUB_ERR_IO, "invalid sector size %d",
m->block_size);
disk->log_sector_size = grub_log2ull (m->block_size);
for (disk->log_sector_size = 0;
(1U << disk->log_sector_size) < m->block_size;
disk->log_sector_size++);
disk->data = d;
grub_dprintf ("efidisk", "opening %s succeeded\n", name);
@ -551,19 +553,8 @@ grub_efidisk_readwrite (struct grub_disk *disk, grub_disk_addr_t sector,
d = disk->data;
bio = d->block_io;
/*
* If IoAlign is > 1, it should represent the required alignment. However,
* some UEFI implementations seem to report IoAlign=2 but require 2^IoAlign.
* Some implementation seem to require alignment despite not reporting any
* specific requirements.
*
* Make sure to use buffers which are at least aligned to block size.
*/
if (bio->media->io_align < bio->media->block_size)
io_align = bio->media->block_size;
else
io_align = bio->media->io_align;
/* Set alignment to 1 if 0 specified */
io_align = bio->media->io_align ? bio->media->io_align : 1;
num_bytes = size << disk->log_sector_size;
if ((grub_addr_t) buf & (io_align - 1))
@ -579,10 +570,9 @@ grub_efidisk_readwrite (struct grub_disk *disk, grub_disk_addr_t sector,
aligned_buf = buf;
}
status = (wr ? bio->write_blocks : bio->read_blocks) (bio, bio->media->media_id,
(grub_efi_uint64_t) sector,
(grub_efi_uintn_t) num_bytes,
aligned_buf);
status = efi_call_5 ((wr ? bio->write_blocks : bio->read_blocks), bio,
bio->media->media_id, (grub_efi_uint64_t) sector,
(grub_efi_uintn_t) num_bytes, aligned_buf);
if ((grub_addr_t) buf & (io_align - 1))
{

47
grub-core/disk/geli.c
View file

@ -135,6 +135,8 @@ const char *algorithms[] = {
[0x16] = "aes"
};
#define MAX_PASSPHRASE 256
static gcry_err_code_t
geli_rekey (struct grub_cryptodisk *dev, grub_uint64_t zoneno)
{
@ -240,7 +242,8 @@ grub_util_get_geli_uuid (const char *dev)
#endif
static grub_cryptodisk_t
geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
configure_ciphers (grub_disk_t disk, const char *check_uuid,
int boot_only)
{
grub_cryptodisk_t newdev;
struct grub_geli_phdr header;
@ -252,10 +255,6 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
grub_disk_addr_t sector;
grub_err_t err;
/* Detached headers are not implemented yet */
if (cargs->hdr_file != NULL)
return NULL;
if (2 * GRUB_MD_SHA256->mdlen + 1 > GRUB_CRYPTODISK_MAX_UUID_LENGTH)
return NULL;
@ -292,7 +291,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
return NULL;
}
if (cargs->check_boot && !(grub_le_to_cpu32 (header.flags) & GRUB_GELI_FLAGS_BOOT))
if (boot_only && !(grub_le_to_cpu32 (header.flags) & GRUB_GELI_FLAGS_BOOT))
{
grub_dprintf ("geli", "not a boot volume\n");
return NULL;
@ -305,9 +304,9 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
return NULL;
}
if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, uuid, sizeof (uuid)) != 0)
if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
{
grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid);
grub_dprintf ("geli", "%s != %s\n", uuid, check_uuid);
return NULL;
}
@ -380,7 +379,9 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
newdev->hash = GRUB_MD_SHA512;
newdev->iv_hash = GRUB_MD_SHA256;
newdev->log_sector_size = grub_log2ull (grub_le_to_cpu32 (header.sector_size));
for (newdev->log_sector_size = 0;
(1U << newdev->log_sector_size) < grub_le_to_cpu32 (header.sector_size);
newdev->log_sector_size++);
if (grub_le_to_cpu32 (header.version) >= 5)
{
@ -397,7 +398,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
}
static grub_err_t
geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_args_t cargs)
recover_key (grub_disk_t source, grub_cryptodisk_t dev)
{
grub_size_t keysize;
grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
@ -405,15 +406,14 @@ geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_ar
grub_uint8_t verify_key[GRUB_CRYPTO_MAX_MDLEN];
grub_uint8_t zero[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
grub_uint8_t geli_cipher_key[64];
char passphrase[MAX_PASSPHRASE] = "";
unsigned i;
gcry_err_code_t gcry_err;
struct grub_geli_phdr header;
char *tmp;
grub_disk_addr_t sector;
grub_err_t err;
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
return grub_error (GRUB_ERR_BUG, "cipher block is too long");
@ -434,12 +434,23 @@ geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_ar
grub_puts_ (N_("Attempting to decrypt master key..."));
/* Get the passphrase from the user. */
tmp = NULL;
if (source->partition)
tmp = grub_partition_get_name (source->partition);
grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
source->partition ? "," : "", tmp ? : "",
dev->uuid);
grub_free (tmp);
if (!grub_password_get (passphrase, MAX_PASSPHRASE))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
/* Calculate the PBKDF2 of the user supplied passphrase. */
if (grub_le_to_cpu32 (header.niter) != 0)
{
grub_uint8_t pbkdf_key[64];
gcry_err = grub_crypto_pbkdf2 (dev->hash, cargs->key_data,
cargs->key_len,
gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
grub_strlen (passphrase),
header.salt,
sizeof (header.salt),
grub_le_to_cpu32 (header.niter),
@ -462,7 +473,7 @@ geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_ar
return grub_crypto_gcry_error (GPG_ERR_OUT_OF_MEMORY);
grub_crypto_hmac_write (hnd, header.salt, sizeof (header.salt));
grub_crypto_hmac_write (hnd, cargs->key_data, cargs->key_len);
grub_crypto_hmac_write (hnd, passphrase, grub_strlen (passphrase));
gcry_err = grub_crypto_hmac_fini (hnd, geomkey);
if (gcry_err)
@ -569,8 +580,8 @@ geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_cryptomount_ar
}
struct grub_cryptodisk_dev geli_crypto = {
.scan = geli_scan,
.recover_key = geli_recover_key
.scan = configure_ciphers,
.recover_key = recover_key
};
GRUB_MOD_INIT (geli)

2
grub-core/disk/host.c
View file

@ -20,8 +20,8 @@
/* When using the disk, make a reference to this module. Otherwise
the user will end up with a useless module :-). */
#include <config-util.h>
#include <config.h>
#include <config-util.h>
#include <grub/dl.h>
#include <grub/disk.h>

15
grub-core/disk/i386/pc/biosdisk.c
View file

@ -367,7 +367,7 @@ grub_biosdisk_open (const char *name, grub_disk_t disk)
if (version)
{
struct grub_biosdisk_drp *drp
= (struct grub_biosdisk_drp *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR);
= (struct grub_biosdisk_drp *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR;
/* Clear out the DRP. */
grub_memset (drp, 0, sizeof (*drp));
@ -388,7 +388,11 @@ grub_biosdisk_open (const char *name, grub_disk_t disk)
&& !(drp->bytes_per_sector & (drp->bytes_per_sector - 1))
&& drp->bytes_per_sector >= 512
&& drp->bytes_per_sector <= 16384)
disk->log_sector_size = grub_log2ull (drp->bytes_per_sector);
{
for (disk->log_sector_size = 0;
(1 << disk->log_sector_size) < drp->bytes_per_sector;
disk->log_sector_size++);
}
}
}
}
@ -471,7 +475,7 @@ grub_biosdisk_rw (int cmd, grub_disk_t disk,
struct grub_biosdisk_dap *dap;
dap = (struct grub_biosdisk_dap *) (GRUB_MEMORY_MACHINE_SCRATCH_ADDR
+ (GRUB_DISK_MAX_LBA_SECTORS
+ (data->sectors
<< disk->log_sector_size));
dap->length = sizeof (*dap);
dap->reserved = 0;
@ -561,9 +565,6 @@ get_safe_sectors (grub_disk_t disk, grub_disk_addr_t sector)
struct grub_biosdisk_data *data = disk->data;
grub_uint32_t sectors = data->sectors;
if (data->flags & GRUB_BIOSDISK_FLAG_LBA)
sectors = GRUB_DISK_MAX_LBA_SECTORS;
/* OFFSET = SECTOR % SECTORS */
grub_divmod64 (sector, sectors, &offset);
@ -653,7 +654,7 @@ grub_disk_biosdisk_fini (void)
GRUB_MOD_INIT(biosdisk)
{
struct grub_biosdisk_cdrp *cdrp
= (struct grub_biosdisk_cdrp *) grub_absolute_pointer (GRUB_MEMORY_MACHINE_SCRATCH_ADDR);
= (struct grub_biosdisk_cdrp *) GRUB_MEMORY_MACHINE_SCRATCH_ADDR;
grub_uint8_t boot_drive;
if (grub_disk_firmware_is_tainted)

55
grub-core/disk/ieee1275/obdisk.c
View file

@ -26,7 +26,6 @@
#include <grub/mm.h>
#include <grub/scsicmd.h>
#include <grub/time.h>
#include <grub/safemath.h>
#include <grub/ieee1275/ieee1275.h>
#include <grub/ieee1275/obdisk.h>
@ -129,17 +128,9 @@ count_commas (const char *src)
static char *
decode_grub_devname (const char *name)
{
char *devpath;
char *devpath = grub_malloc (grub_strlen (name) + 1);
char *p, c;
grub_size_t sz;
if (grub_add (grub_strlen (name), 1, &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of device name"));
return NULL;
}
devpath = grub_malloc (sz);
if (devpath == NULL)
return NULL;
@ -165,20 +156,12 @@ static char *
encode_grub_devname (const char *path)
{
char *encoding, *optr;
grub_size_t sz;
if (path == NULL)
return NULL;
if (grub_add (sizeof (IEEE1275_DEV) + 1, count_commas (path), &sz) ||
grub_add (sz, grub_strlen (path), &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining encoding size"));
grub_print_error ();
return NULL;
}
encoding = grub_malloc (sz);
encoding = grub_malloc (sizeof (IEEE1275_DEV) + count_commas (path) +
grub_strlen (path) + 1);
if (encoding == NULL)
{
@ -413,22 +396,8 @@ canonicalise_disk (const char *devname)
real_unit_str_len = grub_strlen (op->name) + sizeof (IEEE1275_DISK_ALIAS)
+ grub_strlen (real_unit_address);
if (grub_add (grub_strlen (op->name), sizeof (IEEE1275_DISK_ALIAS), &real_unit_str_len) ||
grub_add (real_unit_str_len, grub_strlen (real_unit_address), &real_unit_str_len))
{
grub_free (parent);
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of canonical name"));
grub_print_error ();
return NULL;
}
real_canon = grub_malloc (real_unit_str_len);
if (real_canon == NULL)
{
grub_free (parent);
grub_print_error ();
return NULL;
}
grub_snprintf (real_canon, real_unit_str_len, "%s/disk@%s",
op->name, real_unit_address);
@ -444,7 +413,6 @@ canonicalise_disk (const char *devname)
static struct disk_dev *
add_canon_disk (const char *cname)
{
grub_size_t sz;
struct disk_dev *dev;
dev = grub_zalloc (sizeof (struct disk_dev));
@ -460,18 +428,13 @@ add_canon_disk (const char *cname)
* arguments and allows a client program to open
* the entire (raw) disk. Any disk label is ignored.
*/
if (grub_add (grub_strlen (cname), sizeof (":nolabel"), &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while appending :nolabel to end of canonical name");
goto failed;
}
dev->raw_name = grub_malloc (sz);
dev->raw_name = grub_malloc (grub_strlen (cname) + sizeof (":nolabel"));
if (dev->raw_name == NULL)
goto failed;
grub_snprintf (dev->raw_name, sz, "%s:nolabel", cname);
grub_snprintf (dev->raw_name, grub_strlen (cname) + sizeof (":nolabel"),
"%s:nolabel", cname);
}
/*
@ -1060,7 +1023,11 @@ grub_obdisk_open (const char *name, grub_disk_t disk)
dev->num_blocks = GRUB_DISK_SIZE_UNKNOWN;
if (dev->block_size != 0)
dev->log_sector_size = grub_log2ull (dev->block_size);
{
for (dev->log_sector_size = 0;
(1U << dev->log_sector_size) < dev->block_size;
dev->log_sector_size++);
}
else
dev->log_sector_size = 9;

68
grub-core/disk/ieee1275/ofdisk.c
View file

@ -24,7 +24,6 @@
#include <grub/ieee1275/ofdisk.h>
#include <grub/i18n.h>
#include <grub/time.h>
#include <grub/safemath.h>
static char *last_devpath;
static grub_ieee1275_ihandle_t last_ihandle;
@ -81,7 +80,6 @@ ofdisk_hash_add_real (char *devpath)
struct ofdisk_hash_ent **head = &ofdisk_hash[ofdisk_hash_fn(devpath)];
const char *iptr;
char *optr;
grub_size_t sz;
p = grub_zalloc (sizeof (*p));
if (!p)
@ -89,14 +87,8 @@ ofdisk_hash_add_real (char *devpath)
p->devpath = devpath;
if (grub_mul (grub_strlen (p->devpath), 2, &sz) ||
grub_add (sz, sizeof ("ieee1275/"), &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of device path"));
return NULL;
}
p->grub_devpath = grub_malloc (sz);
p->grub_devpath = grub_malloc (sizeof ("ieee1275/")
+ 2 * grub_strlen (p->devpath));
if (!p->grub_devpath)
{
@ -106,13 +98,7 @@ ofdisk_hash_add_real (char *devpath)
if (! grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_PARTITION_0))
{
if (grub_add (grub_strlen (p->devpath), 3, &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of an open path"));
return NULL;
}
p->open_path = grub_malloc (sz);
p->open_path = grub_malloc (grub_strlen (p->devpath) + 3);
if (!p->open_path)
{
grub_free (p->grub_devpath);
@ -238,7 +224,6 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
args;
char *buf, *bufptr;
unsigned i;
grub_size_t sz;
if (grub_ieee1275_open (alias->path, &ihandle))
return;
@ -258,19 +243,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
return;
}
if (grub_add (grub_strlen (alias->path), 32, &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while creating buffer for vscsi");
grub_ieee1275_close (ihandle);
return;
}
buf = grub_malloc (sz);
buf = grub_malloc (grub_strlen (alias->path) + 32);
if (!buf)
{
grub_ieee1275_close (ihandle);
return;
}
bufptr = grub_stpcpy (buf, alias->path);
for (i = 0; i < args.nentries; i++)
@ -312,15 +287,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
grub_uint64_t *table;
grub_uint16_t table_size;
grub_ieee1275_ihandle_t ihandle;
grub_size_t sz;
if (grub_add (grub_strlen (alias->path), sizeof ("/disk@7766554433221100"), &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while creating buffer for sas_ioa");
return;
}
buf = grub_malloc (sz);
buf = grub_malloc (grub_strlen (alias->path) +
sizeof ("/disk@7766554433221100"));
if (!buf)
return;
bufptr = grub_stpcpy (buf, alias->path);
@ -458,17 +427,9 @@ grub_ofdisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data,
static char *
compute_dev_path (const char *name)
{
char *devpath;
char *devpath = grub_malloc (grub_strlen (name) + 3);
char *p, c;
grub_size_t sz;
if (grub_add (grub_strlen (name), 3, &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of device path"));
return NULL;
}
devpath = grub_malloc (sz);
if (!devpath)
return NULL;
@ -555,7 +516,11 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
return err;
}
if (block_size != 0)
disk->log_sector_size = grub_log2ull (block_size);
{
for (disk->log_sector_size = 0;
(1U << disk->log_sector_size) < block_size;
disk->log_sector_size++);
}
else
disk->log_sector_size = 9;
}
@ -664,7 +629,6 @@ insert_bootpath (void)
char *bootpath;
grub_ssize_t bootpath_size;
char *type;
grub_size_t sz;
if (grub_ieee1275_get_property_length (grub_ieee1275_chosen, "bootpath",
&bootpath_size)
@ -675,13 +639,7 @@ insert_bootpath (void)
return;
}
if (grub_add (bootpath_size, 64, &sz))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining bootpath size"));
return;
}
bootpath = (char *) grub_malloc (sz);
bootpath = (char *) grub_malloc ((grub_size_t) bootpath_size + 64);
if (! bootpath)
{
grub_print_error ();

73
grub-core/disk/key_protector.c
View file

@ -1,73 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Microsoft Corporation
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/dl.h>
#include <grub/list.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/key_protector.h>
GRUB_MOD_LICENSE ("GPLv3+");
struct grub_key_protector *grub_key_protectors = NULL;
grub_err_t
grub_key_protector_register (struct grub_key_protector *protector)
{
if (protector == NULL || protector->name == NULL || protector->name[0] == '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid key protector for registration");
if (grub_key_protectors != NULL &&
grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors), protector->name) != NULL)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Key protector '%s' already registered", protector->name);
grub_list_push (GRUB_AS_LIST_P (&grub_key_protectors), GRUB_AS_LIST (protector));
return GRUB_ERR_NONE;
}
grub_err_t
grub_key_protector_unregister (struct grub_key_protector *protector)
{
if (protector == NULL)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid key protector for unregistration");
grub_list_remove (GRUB_AS_LIST (protector));
return GRUB_ERR_NONE;
}
grub_err_t
grub_key_protector_recover_key (const char *protector, grub_uint8_t **key,
grub_size_t *key_size)
{
struct grub_key_protector *kp = NULL;
if (grub_key_protectors == NULL)
return grub_error (GRUB_ERR_OUT_OF_RANGE, "No key protector registered");
if (protector == NULL || protector[0] == '\0')
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid key protector");
kp = grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors), protector);
if (kp == NULL)
return grub_error (GRUB_ERR_OUT_OF_RANGE, "Key protector '%s' not found", protector);
return kp->recover_key (key, key_size);
}

207
grub-core/disk/ldm.c
View file

@ -136,7 +136,7 @@ msdos_has_ldm_partition (grub_disk_t dsk)
return has_ldm;
}
static const grub_guid_t ldm_type = GRUB_GPT_PARTITION_TYPE_LDM;
static const grub_gpt_part_guid_t ldm_type = GRUB_GPT_PARTITION_TYPE_LDM;
/* Helper for gpt_ldm_sector. */
static int
@ -179,36 +179,6 @@ gpt_ldm_sector (grub_disk_t dsk)
return sector;
}
static void
free_pv (struct grub_diskfilter_pv *pv)
{
if (pv == NULL)
return;
grub_free (pv->internal_id);
grub_free (pv->id.uuid);
grub_free (pv);
}
static void
free_lv (struct grub_diskfilter_lv *lv)
{
if (lv == NULL)
return;
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv->fullname);
if (lv->segments)
{
unsigned int i;
for (i = 0; i < lv->segment_count; i++)
grub_free (lv->segments[i].nodes);
grub_free (lv->segments);
}
grub_free (lv);
}
static struct grub_diskfilter_vg *
make_vg (grub_disk_t disk,
const struct grub_ldm_label *label)
@ -226,8 +196,12 @@ make_vg (grub_disk_t disk,
vg->name = grub_malloc (LDM_NAME_STRLEN + 1);
vg->uuid = grub_malloc (LDM_GUID_STRLEN + 1);
if (! vg->uuid || !vg->name)
goto fail1;
{
grub_free (vg->uuid);
grub_free (vg->name);
grub_free (vg);
return NULL;
}
grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN);
grub_memcpy (vg->name, label->group_name, LDM_NAME_STRLEN);
vg->name[LDM_NAME_STRLEN] = 0;
@ -246,7 +220,6 @@ make_vg (grub_disk_t disk,
struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
/ sizeof (struct grub_ldm_vblk)];
unsigned i;
grub_size_t sz;
err = grub_disk_read (disk, cursec, 0,
sizeof(vblk), &vblk);
if (err)
@ -278,16 +251,10 @@ make_vg (grub_disk_t disk,
grub_free (pv);
goto fail2;
}
if (grub_add (ptr[0], 2, &sz))
{
grub_free (pv);
goto fail2;
}
pv->internal_id = grub_malloc (sz);
pv->internal_id = grub_malloc (ptr[0] + 2);
if (!pv->internal_id)
{
free_pv (pv);
grub_free (pv);
goto fail2;
}
grub_memcpy (pv->internal_id, ptr, (grub_size_t) ptr[0] + 1);
@ -297,7 +264,7 @@ make_vg (grub_disk_t disk,
if (ptr + *ptr + 1 >= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_pv (pv);
grub_free (pv);
goto fail2;
}
/* ptr = name. */
@ -305,23 +272,11 @@ make_vg (grub_disk_t disk,
if (ptr + *ptr + 1
>= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_pv (pv);
grub_free (pv);
goto fail2;
}
pv->id.uuidlen = *ptr;
if (grub_add (pv->id.uuidlen, 1, &sz))
{
free_pv (pv);
goto fail2;
}
pv->id.uuid = grub_malloc (sz);
if (pv->id.uuid == NULL)
{
free_pv (pv);
goto fail2;
}
pv->id.uuid = grub_malloc (pv->id.uuidlen + 1);
grub_memcpy (pv->id.uuid, ptr + 1, pv->id.uuidlen);
pv->id.uuid[pv->id.uuidlen] = 0;
@ -367,7 +322,7 @@ make_vg (grub_disk_t disk,
lv->segments = grub_zalloc (sizeof (*lv->segments));
if (!lv->segments)
{
free_lv (lv);
grub_free (lv);
goto fail2;
}
lv->segments->start_extent = 0;
@ -378,25 +333,20 @@ make_vg (grub_disk_t disk,
sizeof (*lv->segments->nodes));
if (!lv->segments->nodes)
{
free_lv (lv);
grub_free (lv);
goto fail2;
}
ptr = vblk[i].dynamic;
if (ptr + *ptr + 1 >= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv);
goto fail2;
}
if (grub_add (ptr[0], 2, &sz))
{
free_lv (lv);
goto fail2;
}
lv->internal_id = grub_malloc (sz);
lv->internal_id = grub_malloc ((grub_size_t) ptr[0] + 2);
if (!lv->internal_id)
{
free_lv (lv);
grub_free (lv);
goto fail2;
}
grub_memcpy (lv->internal_id, ptr, ptr[0] + 1);
@ -406,18 +356,20 @@ make_vg (grub_disk_t disk,
if (ptr + *ptr + 1 >= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv);
goto fail2;
}
if (grub_add (*ptr, 1, &sz))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv);
goto fail2;
}
lv->name = grub_malloc (sz);
if (!lv->name)
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv);
goto fail2;
}
grub_memcpy (lv->name, ptr + 1, *ptr);
@ -426,28 +378,36 @@ make_vg (grub_disk_t disk,
vg->uuid, lv->name);
if (!lv->fullname)
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
ptr += *ptr + 1;
if (ptr + *ptr + 1
>= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
/* ptr = volume type. */
ptr += *ptr + 1;
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
/* ptr = flags. */
ptr += *ptr + 1;
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
@ -456,13 +416,17 @@ make_vg (grub_disk_t disk,
/* ptr = number of children. */
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
ptr += *ptr + 1;
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
@ -472,7 +436,9 @@ make_vg (grub_disk_t disk,
|| ptr + *ptr + 1>= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_lv (lv);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv);
goto fail2;
}
lv->size = read_int (ptr + 1, *ptr);
@ -489,7 +455,6 @@ make_vg (grub_disk_t disk,
struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
/ sizeof (struct grub_ldm_vblk)];
unsigned i;
grub_size_t sz;
err = grub_disk_read (disk, cursec, 0,
sizeof(vblk), &vblk);
if (err)
@ -522,18 +487,12 @@ make_vg (grub_disk_t disk,
ptr = vblk[i].dynamic;
if (ptr + *ptr + 1 >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (comp);
goto fail2;
}
if (grub_add (ptr[0], 2, &sz))
{
free_lv (comp);
goto fail2;
}
comp->internal_id = grub_malloc (sz);
comp->internal_id = grub_malloc ((grub_size_t) ptr[0] + 2);
if (!comp->internal_id)
{
free_lv (comp);
grub_free (comp);
goto fail2;
}
grub_memcpy (comp->internal_id, ptr, ptr[0] + 1);
@ -542,14 +501,16 @@ make_vg (grub_disk_t disk,
ptr += *ptr + 1;
if (ptr + *ptr + 1 >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
/* ptr = name. */
ptr += *ptr + 1;
if (ptr + *ptr + 1 >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
/* ptr = state. */
@ -559,7 +520,8 @@ make_vg (grub_disk_t disk,
ptr += 4;
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
@ -567,14 +529,16 @@ make_vg (grub_disk_t disk,
ptr += *ptr + 1;
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
ptr += 8 + 8;
if (ptr + *ptr + 1 >= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
for (lv = vg->lvs; lv; lv = lv->next)
@ -585,7 +549,8 @@ make_vg (grub_disk_t disk,
}
if (!lv)
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
continue;
}
comp->size = lv->size;
@ -597,7 +562,8 @@ make_vg (grub_disk_t disk,
sizeof (*comp->segments));
if (!comp->segments)
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
}
@ -608,7 +574,8 @@ make_vg (grub_disk_t disk,
comp->segments = grub_malloc (sizeof (*comp->segments));
if (!comp->segments)
{
free_lv (comp);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
comp->segments->start_extent = 0;
@ -623,21 +590,27 @@ make_vg (grub_disk_t disk,
}
else
{
free_lv (comp);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
ptr += *ptr + 1;
ptr++;
if (!(vblk[i].flags & 0x10))
{
free_lv (comp);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
|| ptr + *ptr + 1 >= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
comp->segments->stripe_size = read_int (ptr + 1, *ptr);
@ -645,16 +618,20 @@ make_vg (grub_disk_t disk,
if (ptr + *ptr + 1 >= vblk[i].dynamic
+ sizeof (vblk[i].dynamic))
{
free_lv (comp);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
comp->segments->node_count = read_int (ptr + 1, *ptr);
comp->segments->node_alloc = comp->segments->node_count;
comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
sizeof (*comp->segments->nodes));
if (comp->segments->nodes == NULL)
if (!lv->segments->nodes)
{
free_lv (comp);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
}
@ -662,18 +639,25 @@ make_vg (grub_disk_t disk,
if (lv->segments->node_alloc == lv->segments->node_count)
{
void *t;
grub_size_t sz;
if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
{
free_lv (comp);
grub_free (comp->segments->nodes);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
t = grub_realloc (lv->segments->nodes, sz);
if (!t)
{
free_lv (comp);
grub_free (comp->segments->nodes);
grub_free (comp->segments);
grub_free (comp->internal_id);
grub_free (comp);
goto fail2;
}
lv->segments->nodes = t;
@ -813,10 +797,7 @@ make_vg (grub_disk_t disk,
comp->segments[comp->segment_count].nodes
= grub_malloc (sizeof (*comp->segments[comp->segment_count].nodes));
if (!comp->segments[comp->segment_count].nodes)
{
grub_free (comp->segments);
goto fail2;
}
comp->segments[comp->segment_count].nodes[0] = part;
comp->segment_count++;
}
@ -831,19 +812,25 @@ make_vg (grub_disk_t disk,
struct grub_diskfilter_pv *pv, *next_pv;
for (lv = vg->lvs; lv; lv = next_lv)
{
next_lv = lv->next;
free_lv (lv);
unsigned i;
for (i = 0; i < lv->segment_count; i++)
grub_free (lv->segments[i].nodes);
next_lv = lv->next;
grub_free (lv->segments);
grub_free (lv->internal_id);
grub_free (lv->name);
grub_free (lv->fullname);
grub_free (lv);
}
for (pv = vg->pvs; pv; pv = next_pv)
{
next_pv = pv->next;
free_pv (pv);
grub_free (pv->id.uuid);
grub_free (pv);
}
}
fail1:
grub_free (vg->uuid);
grub_free (vg->name);
grub_free (vg);
return NULL;
}

28
grub-core/disk/loopback.c
View file

@ -24,7 +24,6 @@
#include <grub/mm.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -34,7 +33,6 @@ struct grub_loopback
grub_file_t file;
struct grub_loopback *next;
unsigned long id;
grub_uint64_t refcnt;
};
static struct grub_loopback *loopback_list;
@ -45,7 +43,6 @@ static const struct grub_arg_option options[] =
/* TRANSLATORS: The disk is simply removed from the list of available ones,
not wiped, avoid to scare user. */
{"delete", 'd', 0, N_("Delete the specified loopback drive."), 0, 0},
{"decompress", 'D', 0, N_("Transparently decompress backing file."), 0, 0},
{0, 0, 0, 0, 0, 0}
};
@ -66,8 +63,6 @@ delete_loopback (const char *name)
if (! dev)
return grub_error (GRUB_ERR_BAD_DEVICE, "device not found");
if (dev->refcnt > 0)
return grub_error (GRUB_ERR_STILL_REFERENCED, "device still referenced");
/* Remove the device from the list. */
*prev = dev->next;
@ -84,7 +79,6 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args)
{
struct grub_arg_list *state = ctxt->state;
grub_file_t file;
enum grub_file_type type = GRUB_FILE_TYPE_LOOPBACK;
struct grub_loopback *newdev;
grub_err_t ret;
@ -95,9 +89,6 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args)
if (state[0].set)
return delete_loopback (args[0]);
if (!state[1].set)
type |= GRUB_FILE_TYPE_NO_DECOMPRESS;
if (argc < 2)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@ -106,7 +97,8 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args)
if (grub_strcmp (newdev->devname, args[0]) == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name already exists");
file = grub_file_open (args[1], type);
file = grub_file_open (args[1], GRUB_FILE_TYPE_LOOPBACK
| GRUB_FILE_TYPE_NO_DECOMPRESS);
if (! file)
return grub_errno;
@ -124,7 +116,6 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args)
newdev->file = file;
newdev->id = last_id++;
newdev->refcnt = 0;
/* Add the new entry to the list. */
newdev->next = loopback_list;
@ -166,9 +157,6 @@ grub_loopback_open (const char *name, grub_disk_t disk)
if (! dev)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device");
if (grub_add (dev->refcnt, 1, &dev->refcnt))
grub_fatal ("Reference count overflow");
/* Use the filesize for the disk size, round up to a complete sector. */
if (dev->file->size != GRUB_FILE_SIZE_UNKNOWN)
disk->total_sectors = ((dev->file->size + GRUB_DISK_SECTOR_SIZE - 1)
@ -186,15 +174,6 @@ grub_loopback_open (const char *name, grub_disk_t disk)
return 0;
}
static void
grub_loopback_close (grub_disk_t disk)
{
struct grub_loopback *dev = disk->data;
if (grub_sub (dev->refcnt, 1, &dev->refcnt))
grub_fatal ("Reference count underflow");
}
static grub_err_t
grub_loopback_read (grub_disk_t disk, grub_disk_addr_t sector,
grub_size_t size, char *buf)
@ -237,7 +216,6 @@ static struct grub_disk_dev grub_loopback_dev =
.id = GRUB_DISK_DEVICE_LOOPBACK_ID,
.disk_iterate = grub_loopback_iterate,
.disk_open = grub_loopback_open,
.disk_close = grub_loopback_close,
.disk_read = grub_loopback_read,
.disk_write = grub_loopback_write,
.next = 0
@ -248,7 +226,7 @@ static grub_extcmd_t cmd;
GRUB_MOD_INIT(loopback)
{
cmd = grub_register_extcmd ("loopback", grub_cmd_loopback, 0,
N_("[-d] [-D] DEVICENAME FILE."),
N_("[-d] DEVICENAME FILE."),
/* TRANSLATORS: The file itself is not destroyed
or transformed into drive. */
N_("Make a virtual drive from a file."), options);

56
grub-core/disk/luks.c
View file

@ -29,6 +29,8 @@
GRUB_MOD_LICENSE ("GPLv3+");
#define MAX_PASSPHRASE 256
#define LUKS_KEY_ENABLED 0x00AC71F3
/* On disk LUKS header */
@ -63,16 +65,20 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
grub_size_t blocknumbers);
static grub_cryptodisk_t
luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
configure_ciphers (grub_disk_t disk, const char *check_uuid,
int check_boot)
{
grub_cryptodisk_t newdev;
const char *iptr;
struct grub_luks_phdr header;
char *optr;
char uuid[sizeof (header.uuid) + 1];
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
char hashspec[sizeof (header.hashSpec) + 1];
grub_err_t err;
if (cargs->check_boot)
if (check_boot)
return NULL;
/* Read the LUKS header. */
@ -89,9 +95,19 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
|| grub_be_to_cpu16 (header.version) != 1)
return NULL;
if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0)
grub_memset (uuid, 0, sizeof (uuid));
optr = uuid;
for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
iptr++)
{
grub_dprintf ("luks", "%s != %s\n", header.uuid, cargs->search_uuid);
if (*iptr != '-')
*optr++ = *iptr;
}
*optr = 0;
if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
{
grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
return NULL;
}
@ -110,7 +126,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
newdev->source_disk = NULL;
newdev->log_sector_size = GRUB_LUKS1_LOG_SECTOR_SIZE;
newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors;
grub_memcpy (newdev->uuid, header.uuid, sizeof (header.uuid));
grub_memcpy (newdev->uuid, uuid, sizeof (uuid));
newdev->modname = "luks";
/* Configure the hash used for the AF splitter and HMAC. */
@ -130,26 +146,24 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
return NULL;
}
COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid));
COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
return newdev;
}
static grub_err_t
luks_recover_key (grub_disk_t source,
grub_cryptodisk_t dev,
grub_cryptomount_args_t cargs)
grub_cryptodisk_t dev)
{
struct grub_luks_phdr header;
grub_size_t keysize;
grub_uint8_t *split_key = NULL;
char passphrase[MAX_PASSPHRASE] = "";
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
unsigned i;
grub_size_t length;
grub_err_t err;
grub_size_t max_stripes = 1;
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
char *tmp;
err = grub_disk_read (source, 0, 0, sizeof (header), &header);
if (err)
@ -169,6 +183,20 @@ luks_recover_key (grub_disk_t source,
if (!split_key)
return grub_errno;
/* Get the passphrase from the user. */
tmp = NULL;
if (source->partition)
tmp = grub_partition_get_name (source->partition);
grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
source->partition ? "," : "", tmp ? : "",
dev->uuid);
grub_free (tmp);
if (!grub_password_get (passphrase, MAX_PASSPHRASE))
{
grub_free (split_key);
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
}
/* Try to recover master key from each active keyslot. */
for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
{
@ -183,8 +211,8 @@ luks_recover_key (grub_disk_t source,
grub_dprintf ("luks", "Trying keyslot %d\n", i);
/* Calculate the PBKDF2 of the user supplied passphrase. */
gcry_err = grub_crypto_pbkdf2 (dev->hash, cargs->key_data,
cargs->key_len,
gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
grub_strlen (passphrase),
header.keyblock[i].passwordSalt,
sizeof (header.keyblock[i].passwordSalt),
grub_be_to_cpu32 (header.keyblock[i].
@ -284,7 +312,7 @@ luks_recover_key (grub_disk_t source,
}
struct grub_cryptodisk_dev luks_crypto = {
.scan = luks_scan,
.scan = configure_ciphers,
.recover_key = luks_recover_key
};

101
grub-core/disk/luks2.c
View file

@ -26,7 +26,6 @@
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
#include <grub/safemath.h>
#include <base64.h>
#include <json.h>
@ -36,6 +35,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define LUKS_MAGIC_1ST "LUKS\xBA\xBE"
#define LUKS_MAGIC_2ND "SKUL\xBA\xBE"
#define MAX_PASSPHRASE 256
enum grub_luks2_kdf_type
{
LUKS2_KDF_TYPE_ARGON2I,
@ -347,12 +348,14 @@ luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
}
static grub_cryptodisk_t
luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
{
grub_cryptodisk_t cryptodisk;
grub_luks2_header_t header;
char uuid[sizeof (header.uuid) + 1];
grub_size_t i, j;
if (cargs->check_boot)
if (check_boot)
return NULL;
if (luks2_read_header (disk, &header))
@ -361,57 +364,39 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
return NULL;
}
if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0)
{
grub_dprintf ("luks2", "%s != %s\n", header.uuid, cargs->search_uuid);
for (i = 0, j = 0; i < sizeof (header.uuid); i++)
if (header.uuid[i] != '-')
uuid[j++] = header.uuid[i];
uuid[j] = '\0';
if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
return NULL;
}
cryptodisk = grub_zalloc (sizeof (*cryptodisk));
if (!cryptodisk)
return NULL;
COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid));
grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid));
COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid));
grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid));
cryptodisk->modname = "luks2";
return cryptodisk;
}
static grub_err_t
luks2_base64_decode (const char *in, grub_size_t inlen, grub_uint8_t *decoded, idx_t *decodedlen)
{
grub_size_t unescaped_len = 0;
char *unescaped = NULL;
bool successful;
if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) != GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not unescape Base64 string"));
successful = base64_decode (unescaped, unescaped_len, (char *) decoded, decodedlen);
grub_free (unescaped);
if (!successful)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not decode Base64 string"));
return GRUB_ERR_NONE;
}
static grub_err_t
luks2_verify_key (grub_luks2_digest_t *d, grub_uint8_t *candidate_key,
grub_size_t candidate_key_len)
{
grub_uint8_t candidate_digest[GRUB_CRYPTODISK_MAX_KEYLEN];
grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN], salt[GRUB_CRYPTODISK_MAX_KEYLEN];
idx_t saltlen = sizeof (salt), digestlen = sizeof (digest);
grub_size_t saltlen = sizeof (salt), digestlen = sizeof (digest);
const gcry_md_spec_t *hash;
gcry_err_code_t gcry_ret;
/* Decode both digest and salt */
if (luks2_base64_decode (d->digest, grub_strlen (d->digest),
digest, &digestlen) != GRUB_ERR_NONE)
if (!base64_decode (d->digest, grub_strlen (d->digest), (char *)digest, &digestlen))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest");
if (luks2_base64_decode (d->salt, grub_strlen (d->salt),
salt, &saltlen) != GRUB_ERR_NONE)
if (!base64_decode (d->salt, grub_strlen (d->salt), (char *)salt, &saltlen))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest salt");
/* Configure the hash used for the digest. */
@ -443,14 +428,14 @@ luks2_decrypt_key (grub_uint8_t *out_key,
grub_uint8_t area_key[GRUB_CRYPTODISK_MAX_KEYLEN];
grub_uint8_t salt[GRUB_CRYPTODISK_MAX_KEYLEN];
grub_uint8_t *split_key = NULL;
idx_t saltlen = sizeof (salt);
grub_size_t saltlen = sizeof (salt);
char cipher[32], *p;
const gcry_md_spec_t *hash;
gcry_err_code_t gcry_ret;
grub_err_t ret;
if (luks2_base64_decode (k->kdf.salt, grub_strlen (k->kdf.salt),
salt, &saltlen) != GRUB_ERR_NONE)
if (!base64_decode (k->kdf.salt, grub_strlen (k->kdf.salt),
(char *)salt, &saltlen))
{
ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid keyslot salt");
goto err;
@ -557,11 +542,11 @@ luks2_decrypt_key (grub_uint8_t *out_key,
static grub_err_t
luks2_recover_key (grub_disk_t source,
grub_cryptodisk_t crypt,
grub_cryptomount_args_t cargs)
grub_cryptodisk_t crypt)
{
grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN];
char cipher[32], *json_header = NULL, *ptr;
char passphrase[MAX_PASSPHRASE], cipher[32];
char *json_header = NULL, *part = NULL, *ptr;
grub_size_t candidate_key_len = 0, json_idx, size;
grub_luks2_header_t header;
grub_luks2_keyslot_t keyslot;
@ -570,21 +555,12 @@ luks2_recover_key (grub_disk_t source,
gcry_err_code_t gcry_ret;
grub_json_t *json = NULL, keyslots;
grub_err_t ret;
grub_size_t sz;
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
ret = luks2_read_header (source, &header);
if (ret)
return ret;
grub_puts_ (N_("Attempting to decrypt master key..."));
if (grub_sub (grub_be_to_cpu64 (header.hdr_size), sizeof (header), &sz))
return grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while calculating json header size");
json_header = grub_zalloc (sz);
json_header = grub_zalloc (grub_be_to_cpu64 (header.hdr_size) - sizeof (header));
if (!json_header)
return GRUB_ERR_OUT_OF_MEMORY;
@ -605,6 +581,18 @@ luks2_recover_key (grub_disk_t source,
goto err;
}
/* Get the passphrase from the user. */
if (source->partition)
part = grub_partition_get_name (source->partition);
grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
source->partition ? "," : "", part ? : "",
crypt->uuid);
if (!grub_password_get (passphrase, MAX_PASSPHRASE))
{
ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
goto err;
}
if (grub_json_getvalue (&keyslots, json, "keyslots") ||
grub_json_getsize (&size, &keyslots))
{
@ -624,21 +612,12 @@ luks2_recover_key (grub_disk_t source,
/* Try all keyslot */
for (json_idx = 0; json_idx < size; json_idx++)
{
char indexstr[21]; /* log10(2^64) ~ 20, plus NUL character. */
typeof (source->total_sectors) max_crypt_sectors = 0;
grub_errno = GRUB_ERR_NONE;
ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, json_idx);
if (ret)
{
/*
* luks2_get_keyslot() can fail for a variety of reasons that do not
* necessarily mean the next keyslot should not be tried (e.g. a new
* kdf type). So always try the next slot.
*/
grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T "\n", keyslot.idx);
continue;
}
goto err;
if (grub_errno != GRUB_ERR_NONE)
grub_dprintf ("luks2", "Ignoring unhandled error %d from luks2_get_keyslot\n", grub_errno);
@ -737,7 +716,7 @@ luks2_recover_key (grub_disk_t source,
}
ret = luks2_decrypt_key (candidate_key, source, crypt, &keyslot,
cargs->key_data, cargs->key_len);
(const grub_uint8_t *) passphrase, grub_strlen (passphrase));
if (ret)
{
grub_dprintf ("luks2", "Decryption with keyslot \"%" PRIuGRUB_UINT64_T "\" failed: %s\n",
@ -753,12 +732,11 @@ luks2_recover_key (grub_disk_t source,
continue;
}
grub_snprintf (indexstr, sizeof (indexstr) - 1, "%" PRIuGRUB_UINT64_T, keyslot.idx);
/*
* TRANSLATORS: It's a cryptographic key slot: one element of an array
* where each element is either empty or holds a key.
*/
grub_printf_ (N_("Slot \"%s\" opened\n"), indexstr);
grub_printf_ (N_("Slot \"%" PRIuGRUB_UINT64_T "\" opened\n"), keyslot.idx);
candidate_key_len = keyslot.key_size;
break;
@ -789,6 +767,7 @@ luks2_recover_key (grub_disk_t source,
}
err:
grub_free (part);
grub_free (json_header);
grub_json_free (json);
return ret;

295
grub-core/disk/lvm.c
View file

@ -34,11 +34,12 @@
GRUB_MOD_LICENSE ("GPLv3+");
struct ignored_feature_lv
struct cache_lv
{
struct grub_diskfilter_lv *lv;
char *cache_pool;
char *origin;
struct ignored_feature_lv *next;
struct cache_lv *next;
};
@ -104,29 +105,30 @@ grub_lvm_check_flag (const char *p, const char *str, const char *flag)
}
static void
grub_lvm_free_ignored_feature_lvs (struct ignored_feature_lv *ignored_feature_lvs)
grub_lvm_free_cache_lvs (struct cache_lv *cache_lvs)
{
struct ignored_feature_lv *ignored_feature;
struct cache_lv *cache;
while ((ignored_feature = ignored_feature_lvs))
while ((cache = cache_lvs))
{
ignored_feature_lvs = ignored_feature_lvs->next;
cache_lvs = cache_lvs->next;
if (ignored_feature->lv)
if (cache->lv)
{
unsigned int i;
for (i = 0; i < ignored_feature->lv->segment_count; ++i)
if (ignored_feature->lv->segments)
grub_free (ignored_feature->lv->segments[i].nodes);
grub_free (ignored_feature->lv->segments);
grub_free (ignored_feature->lv->fullname);
grub_free (ignored_feature->lv->idname);
grub_free (ignored_feature->lv->name);
for (i = 0; i < cache->lv->segment_count; ++i)
if (cache->lv->segments)
grub_free (cache->lv->segments[i].nodes);
grub_free (cache->lv->segments);
grub_free (cache->lv->fullname);
grub_free (cache->lv->idname);
grub_free (cache->lv->name);
}
grub_free (ignored_feature->lv);
grub_free (ignored_feature->origin);
grub_free (ignored_feature);
grub_free (cache->lv);
grub_free (cache->origin);
grub_free (cache->cache_pool);
grub_free (cache);
}
}
@ -288,7 +290,7 @@ grub_lvm_detect (grub_disk_t disk,
p = q = (char *)ptr;
if (grub_add (ptr, (grub_size_t) grub_le_to_cpu64 (rlocn->size), &ptr))
if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr))
goto error_parsing_metadata;
mda_end = (char *)ptr;
@ -323,7 +325,7 @@ grub_lvm_detect (grub_disk_t disk,
if (! vg)
{
struct ignored_feature_lv *ignored_feature_lvs = NULL;
struct cache_lv *cache_lvs = NULL;
/* First time we see this volume group. We've to create the
whole volume group structure. */
@ -368,8 +370,6 @@ grub_lvm_detect (grub_disk_t disk,
break;
pv = grub_zalloc (sizeof (*pv));
if (pv == NULL)
goto fail4;
q = p;
while (*q != ' ' && q < mda_end)
q++;
@ -379,8 +379,6 @@ grub_lvm_detect (grub_disk_t disk,
s = q - p;
pv->name = grub_malloc (s + 1);
if (pv->name == NULL)
goto pvs_fail_noname;
grub_memcpy (pv->name, p, s);
pv->name[s] = '\0';
@ -453,8 +451,6 @@ grub_lvm_detect (grub_disk_t disk,
break;
lv = grub_zalloc (sizeof (*lv));
if (lv == NULL)
goto fail4;
q = p;
while (*q != ' ' && q < mda_end)
@ -549,8 +545,6 @@ grub_lvm_detect (grub_disk_t disk,
goto lvs_fail;
}
lv->segments = grub_calloc (lv->segment_count, sizeof (*seg));
if (lv->segments == NULL)
goto lvs_fail;
seg = lv->segments;
for (i = 0; i < lv->segment_count; i++)
@ -618,8 +612,6 @@ grub_lvm_detect (grub_disk_t disk,
seg->nodes = grub_calloc (seg->node_count,
sizeof (*stripe));
if (seg->nodes == NULL)
goto lvs_segment_fail;
stripe = seg->nodes;
p = grub_strstr (p, "stripes = [");
@ -679,9 +671,8 @@ grub_lvm_detect (grub_disk_t disk,
goto lvs_segment_fail;
}
seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0]));
if (seg->nodes == NULL)
goto lvs_segment_fail;
seg->nodes = grub_zalloc (sizeof (seg->nodes[0])
* seg->node_count);
p = grub_strstr (p, "mirrors = [");
if (p == NULL)
@ -769,9 +760,8 @@ grub_lvm_detect (grub_disk_t disk,
}
}
seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0]));
if (seg->nodes == NULL)
goto lvs_segment_fail;
seg->nodes = grub_zalloc (sizeof (seg->nodes[0])
* seg->node_count);
p = grub_strstr (p, "raids = [");
if (p == NULL)
@ -817,98 +807,108 @@ grub_lvm_detect (grub_disk_t disk,
seg->nodes[seg->node_count - 1].name = tmp;
}
}
/*
* Cache and integrity LVs have extra parts that
* we can ignore for our read-only access.
*/
else if (grub_strncmp (p, "cache\"", sizeof ("cache\"") - 1) == 0 ||
grub_strncmp (p, "cache+CACHE_USES_CACHEVOL\"", sizeof ("cache+CACHE_USES_CACHEVOL\"") - 1) == 0 ||
grub_strncmp (p, "integrity\"", sizeof ("integrity\"") - 1) == 0)
else if (grub_memcmp (p, "cache\"",
sizeof ("cache\"") - 1) == 0)
{
struct ignored_feature_lv *ignored_feature = NULL;
struct cache_lv *cache = NULL;
char *p2, *p3;
grub_size_t sz;
#ifdef GRUB_UTIL
p2 = grub_strchr (p, '"');
if (p2)
*p2 = '\0';
grub_util_info ("Ignoring extra metadata type '%s' for %s", p, lv->name);
if (p2)
*p2 ='"';
#endif
ignored_feature = grub_zalloc (sizeof (*ignored_feature));
if (!ignored_feature)
goto ignored_feature_lv_fail;
ignored_feature->lv = grub_zalloc (sizeof (*ignored_feature->lv));
if (!ignored_feature->lv)
goto ignored_feature_lv_fail;
grub_memcpy (ignored_feature->lv, lv, sizeof (*ignored_feature->lv));
cache = grub_zalloc (sizeof (*cache));
if (!cache)
goto cache_lv_fail;
cache->lv = grub_zalloc (sizeof (*cache->lv));
if (!cache->lv)
goto cache_lv_fail;
grub_memcpy (cache->lv, lv, sizeof (*cache->lv));
if (lv->fullname)
{
ignored_feature->lv->fullname = grub_strdup (lv->fullname);
if (!ignored_feature->lv->fullname)
goto ignored_feature_lv_fail;
cache->lv->fullname = grub_strdup (lv->fullname);
if (!cache->lv->fullname)
goto cache_lv_fail;
}
if (lv->idname)
{
ignored_feature->lv->idname = grub_strdup (lv->idname);
if (!ignored_feature->lv->idname)
goto ignored_feature_lv_fail;
cache->lv->idname = grub_strdup (lv->idname);
if (!cache->lv->idname)
goto cache_lv_fail;
}
if (lv->name)
{
ignored_feature->lv->name = grub_strdup (lv->name);
if (!ignored_feature->lv->name)
goto ignored_feature_lv_fail;
cache->lv->name = grub_strdup (lv->name);
if (!cache->lv->name)
goto cache_lv_fail;
}
skip_lv = 1;
p2 = grub_strstr (p, "origin = \"");
p2 = grub_strstr (p, "cache_pool = \"");
if (!p2)
goto ignored_feature_lv_fail;
goto cache_lv_fail;
p2 = grub_strchr (p2, '"');
if (!p2)
goto ignored_feature_lv_fail;
goto cache_lv_fail;
p3 = ++p2;
if (p3 == mda_end)
goto ignored_feature_lv_fail;
goto cache_lv_fail;
p3 = grub_strchr (p3, '"');
if (!p3)
goto ignored_feature_lv_fail;
goto cache_lv_fail;
sz = p3 - p2;
ignored_feature->origin = grub_malloc (sz + 1);
if (!ignored_feature->origin)
goto ignored_feature_lv_fail;
grub_memcpy (ignored_feature->origin, p2, sz);
ignored_feature->origin[sz] = '\0';
cache->cache_pool = grub_malloc (sz + 1);
if (!cache->cache_pool)
goto cache_lv_fail;
grub_memcpy (cache->cache_pool, p2, sz);
cache->cache_pool[sz] = '\0';
ignored_feature->next = ignored_feature_lvs;
ignored_feature_lvs = ignored_feature;
p2 = grub_strstr (p, "origin = \"");
if (!p2)
goto cache_lv_fail;
p2 = grub_strchr (p2, '"');
if (!p2)
goto cache_lv_fail;
p3 = ++p2;
if (p3 == mda_end)
goto cache_lv_fail;
p3 = grub_strchr (p3, '"');
if (!p3)
goto cache_lv_fail;
sz = p3 - p2;
cache->origin = grub_malloc (sz + 1);
if (!cache->origin)
goto cache_lv_fail;
grub_memcpy (cache->origin, p2, sz);
cache->origin[sz] = '\0';
cache->next = cache_lvs;
cache_lvs = cache;
break;
ignored_feature_lv_fail:
if (ignored_feature)
cache_lv_fail:
if (cache)
{
grub_free (ignored_feature->origin);
if (ignored_feature->lv)
grub_free (cache->origin);
grub_free (cache->cache_pool);
if (cache->lv)
{
grub_free (ignored_feature->lv->fullname);
grub_free (ignored_feature->lv->idname);
grub_free (ignored_feature->lv->name);
grub_free (cache->lv->fullname);
grub_free (cache->lv->idname);
grub_free (cache->lv->name);
}
grub_free (ignored_feature->lv);
grub_free (ignored_feature);
grub_free (cache->lv);
grub_free (cache);
}
grub_lvm_free_ignored_feature_lvs (ignored_feature_lvs);
grub_lvm_free_cache_lvs (cache_lvs);
goto fail4;
}
else
@ -917,7 +917,7 @@ grub_lvm_detect (grub_disk_t disk,
char *p2;
p2 = grub_strchr (p, '"');
if (p2)
*p2 = '\0';
*p2 = 0;
grub_util_info ("unknown LVM type %s", p);
if (p2)
*p2 ='"';
@ -961,68 +961,10 @@ grub_lvm_detect (grub_disk_t disk,
}
}
{
struct ignored_feature_lv *ignored_feature;
for (ignored_feature = ignored_feature_lvs; ignored_feature; ignored_feature = ignored_feature->next)
{
struct grub_diskfilter_lv *lv;
for (lv = vg->lvs; lv; lv = lv->next)
if (grub_strcmp (lv->name, ignored_feature->origin) == 0)
break;
if (lv)
{
ignored_feature->lv->segments = grub_calloc (lv->segment_count, sizeof (*lv->segments));
if (!ignored_feature->lv->segments)
{
grub_lvm_free_ignored_feature_lvs (ignored_feature_lvs);
goto fail4;
}
grub_memcpy (ignored_feature->lv->segments, lv->segments, lv->segment_count * sizeof (*lv->segments));
for (i = 0; i < lv->segment_count; ++i)
{
struct grub_diskfilter_node *nodes = lv->segments[i].nodes;
grub_size_t node_count = lv->segments[i].node_count;
ignored_feature->lv->segments[i].nodes = grub_calloc (node_count, sizeof (*nodes));
if (!ignored_feature->lv->segments[i].nodes)
{
for (j = 0; j < i; ++j)
grub_free (ignored_feature->lv->segments[j].nodes);
grub_free (ignored_feature->lv->segments);
ignored_feature->lv->segments = NULL;
grub_lvm_free_ignored_feature_lvs (ignored_feature_lvs);
goto fail4;
}
grub_memcpy (ignored_feature->lv->segments[i].nodes, nodes, node_count * sizeof (*nodes));
}
if (ignored_feature->lv->segments)
{
ignored_feature->lv->segment_count = lv->segment_count;
ignored_feature->lv->vg = vg;
ignored_feature->lv->next = vg->lvs;
vg->lvs = ignored_feature->lv;
ignored_feature->lv = NULL;
}
}
else
{
#ifdef GRUB_UTIL
grub_util_info ("Couldn't find LVM part of ignored feature on %s", ignored_feature->origin);
#endif
}
}
}
/* Match LVs. Must be done after cache and integrity are found. */
/* Match lvs. */
{
struct grub_diskfilter_lv *lv1;
struct grub_diskfilter_lv *lv2;
for (lv1 = vg->lvs; lv1; lv1 = lv1->next)
for (i = 0; i < lv1->segment_count; i++)
for (j = 0; j < lv1->segments[i].node_count; j++)
@ -1047,9 +989,60 @@ grub_lvm_detect (grub_disk_t disk,
lv1->segments[i].nodes[j].lv = lv2;
}
}
}
grub_lvm_free_ignored_feature_lvs (ignored_feature_lvs);
{
struct cache_lv *cache;
for (cache = cache_lvs; cache; cache = cache->next)
{
struct grub_diskfilter_lv *lv;
for (lv = vg->lvs; lv; lv = lv->next)
if (grub_strcmp (lv->name, cache->origin) == 0)
break;
if (lv)
{
cache->lv->segments = grub_calloc (lv->segment_count, sizeof (*lv->segments));
if (!cache->lv->segments)
{
grub_lvm_free_cache_lvs (cache_lvs);
goto fail4;
}
grub_memcpy (cache->lv->segments, lv->segments, lv->segment_count * sizeof (*lv->segments));
for (i = 0; i < lv->segment_count; ++i)
{
struct grub_diskfilter_node *nodes = lv->segments[i].nodes;
grub_size_t node_count = lv->segments[i].node_count;
cache->lv->segments[i].nodes = grub_calloc (node_count, sizeof (*nodes));
if (!cache->lv->segments[i].nodes)
{
for (j = 0; j < i; ++j)
grub_free (cache->lv->segments[j].nodes);
grub_free (cache->lv->segments);
cache->lv->segments = NULL;
grub_lvm_free_cache_lvs (cache_lvs);
goto fail4;
}
grub_memcpy (cache->lv->segments[i].nodes, nodes, node_count * sizeof (*nodes));
}
if (cache->lv->segments)
{
cache->lv->segment_count = lv->segment_count;
cache->lv->vg = vg;
cache->lv->next = vg->lvs;
vg->lvs = cache->lv;
cache->lv = NULL;
}
}
}
}
grub_lvm_free_cache_lvs (cache_lvs);
if (grub_diskfilter_vg_register (vg))
goto fail4;
}

78
grub-core/disk/mdraid1x_linux.c
View file

@ -23,7 +23,6 @@
#include <grub/err.h>
#include <grub/misc.h>
#include <grub/diskfilter.h>
#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -104,9 +103,6 @@ struct grub_raid_super_1x
#define WriteMostly1 1 /* Mask for writemostly flag in above devflags. */
#define GRUB_MD_SECTOR_SHIFT 9 /* Follow Linux kernel v6.8. */
#define GRUB_MD_SECTOR_SIZE (1 << GRUB_MD_SECTOR_SHIFT)
static struct grub_diskfilter_vg *
grub_mdraid_detect (grub_disk_t disk,
struct grub_diskfilter_pv_id *id,
@ -133,7 +129,6 @@ grub_mdraid_detect (grub_disk_t disk,
grub_uint32_t level;
struct grub_diskfilter_vg *array;
char *uuid;
grub_uint64_t sb_sz, data_end, sb_end;
if (size == GRUB_DISK_SIZE_UNKNOWN && minor_version == 0)
continue;
@ -159,79 +154,6 @@ grub_mdraid_detect (grub_disk_t disk,
|| grub_le_to_cpu64 (sb.super_offset) != sector)
continue;
/*
* The first check follows the Linux kernel's data_size
* validation from v6.8-rc5.
*/
if (grub_le_to_cpu64 (sb.data_size) < 10 ||
grub_le_to_cpu64 (sb.raid_disks) > GRUB_MDRAID_MAX_DISKS)
{
grub_dprintf ("mdraid1x", "Corrupted superblock\n");
return NULL;
}
/*
* Total size of superblock: 256 bytes plus 2 bytes per device
* in the array.
*/
sb_sz = sizeof (struct grub_raid_super_1x) + grub_le_to_cpu64 (sb.raid_disks) * 2;
if (grub_add (grub_le_to_cpu64 (sb.super_offset),
(ALIGN_UP(sb_sz, GRUB_MD_SECTOR_SIZE) >> GRUB_MD_SECTOR_SHIFT), &sb_end))
{
grub_dprintf ("mdraid1x", "Invalid superblock end.\n");
return NULL;
}
if (grub_add (grub_le_to_cpu64 (sb.data_offset),
grub_le_to_cpu64 (sb.data_size), &data_end))
{
grub_dprintf ("mdraid1x", "Invalid data end.\n");
return NULL;
}
/* In minor versions 1 and 2, superblock is positioned before data. */
if (minor_version)
{
if (grub_le_to_cpu64 (sb.data_offset) < sb_end)
{
grub_dprintf ("mdraid1x",
"The superblock either overlaps with the data "
"or is behind it.\n");
return NULL;
}
if (data_end > size)
{
grub_dprintf ("mdraid1x",
"The data region ends at %" PRIuGRUB_UINT64_T ", "
"past the end of the disk (%" PRIuGRUB_UINT64_T ")\n",
data_end, size);
return NULL;
}
}
else
{
/* In minor version 0, superblock is at the end of the device. */
if (grub_le_to_cpu64 (sb.super_offset) < data_end)
{
grub_dprintf ("mdraid1x",
"The data either overlaps with the superblock "
"or is behind it.\n");
return NULL;
}
if (sb_end > size)
{
grub_dprintf ("mdraid1x",
"The superblock region ends at "
"%" PRIuGRUB_UINT64_T ", past the end of "
"the disk (%" PRIuGRUB_UINT64_T ")\n",
sb_end, size);
return NULL;
}
}
if (sb.major_version != grub_cpu_to_le32_compile_time (1))
/* Unsupported version. */
return NULL;

9
grub-core/disk/memdisk.c
View file

@ -23,7 +23,6 @@
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/types.h>
#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -97,14 +96,8 @@ GRUB_MOD_INIT(memdisk)
grub_dprintf ("memdisk", "Found memdisk image at %p\n", memdisk_orig_addr);
if (grub_sub (header->size, sizeof (struct grub_module_header), &memdisk_size))
{
grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while obtaining memdisk size");
return;
}
memdisk_size = header->size - sizeof (struct grub_module_header);
memdisk_addr = grub_malloc (memdisk_size);
if (memdisk_addr == NULL)
return;
grub_dprintf ("memdisk", "Copying memdisk image to dynamic memory\n");
grub_memmove (memdisk_addr, memdisk_orig_addr, memdisk_size);

463
grub-core/disk/plainmount.c
View file

@ -1,463 +0,0 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
/* plaimount.c - Open device encrypted in plain mode. */
#include <grub/cryptodisk.h>
#include <grub/dl.h>
#include <grub/err.h>
#include <grub/extcmd.h>
#include <grub/partition.h>
#include <grub/file.h>
#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
#define PLAINMOUNT_DEFAULT_SECTOR_SIZE 512
#define PLAINMOUNT_DEFAULT_UUID "109fea84-a6b7-34a8-4bd1-1c506305a400"
enum PLAINMOUNT_OPTION
{
OPTION_HASH,
OPTION_CIPHER,
OPTION_KEY_SIZE,
OPTION_SECTOR_SIZE,
OPTION_PASSWORD,
OPTION_KEYFILE,
OPTION_KEYFILE_OFFSET,
OPTION_UUID
};
static const struct grub_arg_option options[] =
{
/* TRANSLATORS: It's still restricted to this module only. */
{"hash", 'h', 0, N_("Password hash"), 0, ARG_TYPE_STRING},
{"cipher", 'c', 0, N_("Password cipher"), 0, ARG_TYPE_STRING},
{"key-size", 's', 0, N_("Key size (in bits)"), 0, ARG_TYPE_INT},
{"sector-size", 'S', 0, N_("Device sector size"), 0, ARG_TYPE_INT},
{"password", 'p', 0, N_("Password (key)"), 0, ARG_TYPE_STRING},
{"keyfile", 'd', 0, N_("Keyfile path"), 0, ARG_TYPE_STRING},
{"keyfile-offset", 'O', 0, N_("Keyfile offset"), 0, ARG_TYPE_INT},
{"uuid", 'u', 0, N_("Set device UUID"), 0, ARG_TYPE_STRING},
{0, 0, 0, 0, 0, 0}
};
/* Cryptodisk setkey() function wrapper */
static grub_err_t
plainmount_setkey (grub_cryptodisk_t dev, grub_uint8_t *key,
grub_size_t size)
{
gcry_err_code_t code = grub_cryptodisk_setkey (dev, key, size);
if (code != GPG_ERR_NO_ERROR)
{
grub_dprintf ("plainmount", "failed to set cipher key with code: %d\n", code);
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot set specified key"));
}
return GRUB_ERR_NONE;
}
/* Configure cryptodisk uuid */
static void plainmount_set_uuid (grub_cryptodisk_t dev, const char *user_uuid)
{
grub_size_t pos = 0;
/* Size of user_uuid is checked in main func */
if (user_uuid != NULL)
grub_strcpy (dev->uuid, user_uuid);
else
{
/*
* Set default UUID. Last digits start from 1 and are incremented for
* each new plainmount device by snprintf().
*/
grub_snprintf (dev->uuid, sizeof (dev->uuid) - 1, "%36lx", dev->id + 1);
while (dev->uuid[++pos] == ' ');
grub_memcpy (dev->uuid, PLAINMOUNT_DEFAULT_UUID, pos);
}
COMPILE_TIME_ASSERT (sizeof (dev->uuid) >= sizeof (PLAINMOUNT_DEFAULT_UUID));
}
/* Configure cryptodevice sector size (-S option) */
static grub_err_t
plainmount_configure_sectors (grub_cryptodisk_t dev, grub_disk_t disk,
grub_size_t sector_size)
{
dev->total_sectors = grub_disk_native_sectors (disk);
if (dev->total_sectors == GRUB_DISK_SIZE_UNKNOWN)
return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot determine disk %s size"),
disk->name);
/* Convert size to sectors */
dev->log_sector_size = grub_log2ull (sector_size);
dev->total_sectors = grub_convert_sector (dev->total_sectors,
GRUB_DISK_SECTOR_BITS,
dev->log_sector_size);
if (dev->total_sectors == 0)
return grub_error (GRUB_ERR_BAD_DEVICE,
N_("cannot set specified sector size on disk %s"),
disk->name);
grub_dprintf ("plainmount", "log_sector_size=%d, total_sectors=%"
PRIuGRUB_UINT64_T"\n", dev->log_sector_size, dev->total_sectors);
return GRUB_ERR_NONE;
}
/* Hashes a password into a key and stores it with the cipher. */
static grub_err_t
plainmount_configure_password (grub_cryptodisk_t dev, const char *hash,
grub_uint8_t *key_data, grub_size_t key_size,
grub_size_t password_size)
{
grub_uint8_t *derived_hash, *dh;
char *p;
unsigned int round, i, len, size;
grub_size_t alloc_size, sz;
grub_err_t err = GRUB_ERR_NONE;
/* Support none (plain) hash */
if (grub_strcmp (hash, "plain") == 0)
{
dev->hash = NULL;
return err;
}
/* Hash argument was checked at main func */
dev->hash = grub_crypto_lookup_md_by_name (hash);
len = dev->hash->mdlen;
alloc_size = grub_max (password_size, key_size);
/*
* Allocate buffer for the password and for an added prefix character
* for each hash round ('alloc_size' may not be a multiple of 'len').
*/
if (grub_add (alloc_size, (alloc_size / len), &sz) ||
grub_add (sz, 1, &sz))
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while allocating size of password buffer"));
p = grub_zalloc (sz);
derived_hash = grub_zalloc (GRUB_CRYPTODISK_MAX_KEYLEN * 2);
if (p == NULL || derived_hash == NULL)
{
err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory");
goto fail;
}
dh = derived_hash;
/*
* Hash password. Adapted from cryptsetup.
* https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/lib/crypt_plain.c
*/
for (round = 0, size = alloc_size; size; round++, dh += len, size -= len)
{
for (i = 0; i < round; i++)
p[i] = 'A';
grub_memcpy (p + i, (char*) key_data, password_size);
if (len > size)
len = size;
grub_crypto_hash (dev->hash, dh, p, password_size + round);
}
grub_memcpy (key_data, derived_hash, key_size);
fail:
grub_free (p);
grub_free (derived_hash);
return err;
}
/* Read key material from keyfile */
static grub_err_t
plainmount_configure_keyfile (char *keyfile, grub_uint8_t *key_data,
grub_size_t key_size, grub_size_t keyfile_offset)
{
grub_file_t g_keyfile = grub_file_open (keyfile, GRUB_FILE_TYPE_NONE);
if (g_keyfile == NULL)
return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("cannot open keyfile %s"),
keyfile);
if (grub_file_seek (g_keyfile, keyfile_offset) == (grub_off_t) - 1)
return grub_error (GRUB_ERR_FILE_READ_ERROR,
N_("cannot seek keyfile at offset %"PRIuGRUB_SIZE),
keyfile_offset);
if (key_size > (g_keyfile->size - keyfile_offset))
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Specified key size (%"
PRIuGRUB_SIZE") is too small for keyfile size (%"
PRIuGRUB_UINT64_T") and offset (%"PRIuGRUB_SIZE")"),
key_size, g_keyfile->size, keyfile_offset);
if (grub_file_read (g_keyfile, key_data, key_size) != (grub_ssize_t) key_size)
return grub_error (GRUB_ERR_FILE_READ_ERROR, N_("error reading key file"));
return GRUB_ERR_NONE;
}
/* Plainmount command entry point */
static grub_err_t
grub_cmd_plainmount (grub_extcmd_context_t ctxt, int argc, char **args)
{
struct grub_arg_list *state = ctxt->state;
grub_cryptodisk_t dev = NULL;
grub_disk_t disk = NULL;
const gcry_md_spec_t *gcry_hash;
char *diskname, *disklast = NULL, *cipher, *mode, *hash, *keyfile, *uuid;
grub_size_t len, key_size, sector_size, keyfile_offset = 0, password_size = 0;
grub_err_t err;
const char *p;
grub_uint8_t *key_data;
if (argc < 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("device name required"));
/* Check whether required arguments are specified */
if (!state[OPTION_CIPHER].set || !state[OPTION_KEY_SIZE].set)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "cipher and key size must be set");
if (!state[OPTION_HASH].set && !state[OPTION_KEYFILE].set)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "hash algorithm must be set");
/* Check hash */
if (!state[OPTION_KEYFILE].set)
{
gcry_hash = grub_crypto_lookup_md_by_name (state[OPTION_HASH].arg);
if (!gcry_hash)
return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("couldn't load hash %s"),
state[OPTION_HASH].arg);
if (gcry_hash->mdlen > GRUB_CRYPTODISK_MAX_KEYLEN)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("hash length %"PRIuGRUB_SIZE" exceeds maximum %d bits"),
gcry_hash->mdlen * GRUB_CHAR_BIT,
GRUB_CRYPTODISK_MAX_KEYLEN * GRUB_CHAR_BIT);
}
/* Check cipher mode */
if (!grub_strchr (state[OPTION_CIPHER].arg,'-'))
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("invalid cipher mode, must be of format cipher-mode"));
/* Check password size */
if (state[OPTION_PASSWORD].set && grub_strlen (state[OPTION_PASSWORD].arg) >
GRUB_CRYPTODISK_MAX_PASSPHRASE)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("password exceeds maximium size"));
/* Check uuid length */
if (state[OPTION_UUID].set && grub_strlen (state[OPTION_UUID].arg) >
GRUB_CRYPTODISK_MAX_UUID_LENGTH - 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("specified UUID exceeds maximum size"));
if (state[OPTION_UUID].set && grub_strlen (state[OPTION_UUID].arg) == 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("specified UUID too short"));
/* Parse plainmount arguments */
grub_errno = GRUB_ERR_NONE;
keyfile_offset = state[OPTION_KEYFILE_OFFSET].set ?
grub_strtoull (state[OPTION_KEYFILE_OFFSET].arg, &p, 0) : 0;
if (state[OPTION_KEYFILE_OFFSET].set &&
(state[OPTION_KEYFILE_OFFSET].arg[0] == '\0' || *p != '\0' ||
grub_errno != GRUB_ERR_NONE))
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unrecognized keyfile offset"));
sector_size = state[OPTION_SECTOR_SIZE].set ?
grub_strtoull (state[OPTION_SECTOR_SIZE].arg, &p, 0) :
PLAINMOUNT_DEFAULT_SECTOR_SIZE;
if (state[OPTION_SECTOR_SIZE].set && (state[OPTION_SECTOR_SIZE].arg[0] == '\0' ||
*p != '\0' || grub_errno != GRUB_ERR_NONE))
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unrecognized sector size"));
/* Check key size */
key_size = grub_strtoull (state[OPTION_KEY_SIZE].arg, &p, 0);
if (state[OPTION_KEY_SIZE].arg[0] == '\0' || *p != '\0' ||
grub_errno != GRUB_ERR_NONE)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unrecognized key size"));
if ((key_size % GRUB_CHAR_BIT) != 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("key size is not multiple of %d bits"), GRUB_CHAR_BIT);
key_size = key_size / GRUB_CHAR_BIT;
if (key_size > GRUB_CRYPTODISK_MAX_KEYLEN)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("key size %"PRIuGRUB_SIZE" exceeds maximum %d bits"),
key_size * GRUB_CHAR_BIT,
GRUB_CRYPTODISK_MAX_KEYLEN * GRUB_CHAR_BIT);
/* Check disk sector size */
if (sector_size < GRUB_DISK_SECTOR_SIZE)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("sector size -S must be at least %d"),
GRUB_DISK_SECTOR_SIZE);
if ((sector_size & (sector_size - 1)) != 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("sector size -S %"PRIuGRUB_SIZE" is not power of 2"),
sector_size);
/* Allocate all stuff here */
hash = state[OPTION_HASH].set ? grub_strdup (state[OPTION_HASH].arg) : NULL;
cipher = grub_strdup (state[OPTION_CIPHER].arg);
keyfile = state[OPTION_KEYFILE].set ?
grub_strdup (state[OPTION_KEYFILE].arg) : NULL;
dev = grub_zalloc (sizeof *dev);
key_data = grub_zalloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
uuid = state[OPTION_UUID].set ? grub_strdup (state[OPTION_UUID].arg) : NULL;
if ((state[OPTION_HASH].set && hash == NULL) || cipher == NULL || dev == NULL ||
(state[OPTION_KEYFILE].set && keyfile == NULL) || key_data == NULL ||
(state[OPTION_UUID].set && uuid == NULL))
{
err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory");
goto fail;
}
/* Copy user password from -p option */
if (state[OPTION_PASSWORD].set)
{
/*
* Password from the '-p' option is limited to C-string.
* Arbitrary data keys are supported via keyfiles.
*/
password_size = grub_strlen (state[OPTION_PASSWORD].arg);
grub_strcpy ((char*) key_data, state[OPTION_PASSWORD].arg);
}
/* Set cipher mode (tested above) */
mode = grub_strchr (cipher,'-');
*mode++ = '\0';
/* Check cipher */
err = grub_cryptodisk_setcipher (dev, cipher, mode);
if (err != GRUB_ERR_NONE)
{
if (err == GRUB_ERR_FILE_NOT_FOUND)
err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid cipher %s"), cipher);
else if (err == GRUB_ERR_BAD_ARGUMENT)
err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid mode %s"), mode);
else
err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid cipher %s or mode %s"),
cipher, mode);
goto fail;
}
/* Open SOURCE disk */
diskname = args[0];
len = grub_strlen (diskname);
if (len && diskname[0] == '(' && diskname[len - 1] == ')')
{
disklast = &diskname[len - 1];
*disklast = '\0';
diskname++;
}
disk = grub_disk_open (diskname);
if (disk == NULL)
{
if (disklast)
*disklast = ')';
err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot open disk %s"), diskname);
goto fail;
}
/* Get password from console */
if (!state[OPTION_KEYFILE].set && key_data[0] == '\0')
{
char *part = grub_partition_get_name (disk->partition);
grub_printf_ (N_("Enter passphrase for %s%s%s: "), disk->name,
disk->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"));
grub_free (part);
if (!grub_password_get ((char*) key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE - 1))
{
err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("error reading password"));
goto fail;
}
/*
* Password from interactive console is limited to C-string.
* Arbitrary data keys are supported via keyfiles.
*/
password_size = grub_strlen ((char*) key_data);
}
/* Warn if hash and keyfile are both provided */
if (state[OPTION_KEYFILE].set && state[OPTION_HASH].arg)
grub_printf_ (N_("warning: hash is ignored if keyfile is specified\n"));
/* Warn if -p option is specified with keyfile */
if (state[OPTION_PASSWORD].set && state[OPTION_KEYFILE].set)
grub_printf_ (N_("warning: password specified with -p option "
"is ignored if keyfile is provided\n"));
/* Warn of -O is provided without keyfile */
if (state[OPTION_KEYFILE_OFFSET].set && !state[OPTION_KEYFILE].set)
grub_printf_ (N_("warning: keyfile offset option -O "
"specified without keyfile option -d\n"));
grub_dprintf ("plainmount", "parameters: cipher=%s, hash=%s, key_size=%"
PRIuGRUB_SIZE ", keyfile=%s, keyfile offset=%" PRIuGRUB_SIZE "\n",
cipher, hash, key_size, keyfile, keyfile_offset);
err = plainmount_configure_sectors (dev, disk, sector_size);
if (err != GRUB_ERR_NONE)
goto fail;
/* Configure keyfile or password */
if (state[OPTION_KEYFILE].set)
err = plainmount_configure_keyfile (keyfile, key_data, key_size, keyfile_offset);
else
err = plainmount_configure_password (dev, hash, key_data, key_size, password_size);
if (err != GRUB_ERR_NONE)
goto fail;
err = plainmount_setkey (dev, key_data, key_size);
if (err != GRUB_ERR_NONE)
goto fail;
err = grub_cryptodisk_insert (dev, diskname, disk);
if (err != GRUB_ERR_NONE)
goto fail;
dev->modname = "plainmount";
dev->source_disk = disk;
plainmount_set_uuid (dev, uuid);
fail:
grub_free (hash);
grub_free (cipher);
grub_free (keyfile);
grub_free (key_data);
grub_free (uuid);
if (err != GRUB_ERR_NONE && disk != NULL)
grub_disk_close (disk);
if (err != GRUB_ERR_NONE)
grub_free (dev);
return err;
}
static grub_extcmd_t cmd;
GRUB_MOD_INIT (plainmount)
{
cmd = grub_register_extcmd ("plainmount", grub_cmd_plainmount, 0,
N_("-c cipher -s key-size [-h hash] [-S sector-size]"
" [-o offset] [-p password] [-u uuid] "
" [[-d keyfile] [-O keyfile offset]] <SOURCE>"),
N_("Open partition encrypted in plain mode."),
options);
}
GRUB_MOD_FINI (plainmount)
{
grub_unregister_extcmd (cmd);
}

4
grub-core/disk/scsi.c
View file

@ -620,7 +620,9 @@ grub_scsi_open (const char *name, grub_disk_t disk)
grub_free (scsi);
return grub_errno;
}
disk->log_sector_size = grub_log2ull (scsi->blocksize);
for (disk->log_sector_size = 0;
(1U << disk->log_sector_size) < scsi->blocksize;
disk->log_sector_size++);
grub_dprintf ("scsi", "last_block=%" PRIuGRUB_UINT64_T ", blocksize=%u\n",
scsi->last_block, scsi->blocksize);

4
grub-core/disk/uboot/ubootdisk.c
View file

@ -186,7 +186,9 @@ uboot_disk_open (const char *name, struct grub_disk *disk)
if (d->block_size == 0)
return grub_error (GRUB_ERR_IO, "no block size");
disk->log_sector_size = grub_log2ull (d->block_size);
for (disk->log_sector_size = 0;
(1U << disk->log_sector_size) < d->block_size;
disk->log_sector_size++);
grub_dprintf ("ubootdisk", "(%s) blocksize=%d, log_sector_size=%d\n",
disk->name, d->block_size, disk->log_sector_size);

4
grub-core/disk/xen/xendisk.c
View file

@ -113,7 +113,9 @@ grub_virtdisk_open (const char *name, grub_disk_t disk)
|| secsize > GRUB_XEN_PAGE_SIZE)
return grub_error (GRUB_ERR_IO, "unsupported sector size %d", secsize);
disk->log_sector_size = grub_log2ull (secsize);
for (disk->log_sector_size = 0;
(1U << disk->log_sector_size) < secsize; disk->log_sector_size++);
disk->total_sectors >>= disk->log_sector_size - 9;
return GRUB_ERR_NONE;

10
grub-core/efiemu/i386/loadcore64.c
View file

@ -121,14 +121,10 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs,
return err;
break;
default:
{
char rel_info[17]; /* log16(2^64) = 16, plus NUL. */
grub_snprintf (rel_info, sizeof (rel_info) - 1, "%" PRIxGRUB_UINT64_T,
ELF_R_TYPE (rel->r_info));
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("relocation 0x%s is not implemented yet"), rel_info);
}
N_("relocation 0x%" PRIxGRUB_UINT64_T
" is not implemented yet"),
ELF_R_TYPE (rel->r_info));
}
}
}

Some files were not shown because too many files have changed in this diff Show more